Updates from: 08/20/2021 03:21:50
Service Microsoft Docs article Related commit history on GitHub Change details
active-directory-b2c Add Sign Up And Sign In Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/add-sign-up-and-sign-in-policy.md
Previously updated : 06/07/2021 Last updated : 08/17/2021
The sign-up and sign-in user flow handles both sign-up and sign-in experiences w
1. In the Azure portal, search for and select **Azure AD B2C**. 1. Under **Policies**, select **User flows**, and then select **New user flow**.
- ![User flows page in portal with New user flow button highlighted](./media/add-sign-up-and-sign-in-policy/signup-signin-user-flow.png)
+ ![User flows page in portal with New user flow button highlighted](./media/add-sign-up-and-sign-in-policy/sign-up-sign-in-user-flow.png)
1. On the **Create a user flow** page, select the **Sign up and sign in** user flow.
active-directory-b2c Age Gating https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/age-gating.md
Previously updated : 03/09/2021 Last updated : 08/17/2021 zone_pivot_groups: b2c-policy-type
Azure AD B2C uses the information that the user enters to identify whether they'
To use age gating in a user flow, you need to configure your tenant to have extra properties.
+1. Use [this link](https://portal.azure.com/?Microsoft_AAD_B2CAdmin_agegatingenabled=true#blade/Microsoft_AAD_B2CAdmin/TenantManagementMenuBlade/overview) to try the age gating preview.
1. Make sure you're using the directory that contains your Azure AD B2C tenant by selecting the **Directory + subscription** filter in the top menu. Select the directory that contains your tenant. 1. Select **All services** in the top-left corner of the Azure portal, search for and select **Azure AD B2C**. 1. Select **Properties** for your tenant in the menu on the left.
active-directory-b2c Cookie Definitions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/cookie-definitions.md
Previously updated : 01/23/2020 Last updated : 08/12/2021
active-directory-b2c Embedded Login https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/embedded-login.md
Previously updated : 03/21/2021 Last updated : 08/17/2021 zone_pivot_groups: b2c-policy-type
-# Embedded sign-in experience
+# Embedded sing-up or sign-in experience
[!INCLUDE [active-directory-b2c-choose-user-flow-or-custom-policy](../../includes/active-directory-b2c-choose-user-flow-or-custom-policy.md)]
zone_pivot_groups: b2c-policy-type
::: zone pivot="b2c-custom-policy"
-For a simpler sign-in experience, you can avoid redirecting users to a separate sign-in page or generating a pop-up window. By using the inline frame element `<iframe>`, you can embed the Azure AD B2C sign-in user interface directly into your web application.
+For a simpler sing-up or sign-in experience, you can avoid redirecting users to a separate sing-up or sign-in page, or generating a pop-up window. By using the inline frame &lt;iframe&gt; HTML element, you can embed the Azure AD B2C sign-in user interface directly into your web application.
+
+> [!TIP]
+> Use the &lt;iframe&gt; HTML element to embed the [sign-up or sign-in](add-sign-up-and-sign-in-policy.md), [edit profile](add-profile-editing-policy.md), or [change password](add-password-change-policy.md) custom policies into your web or single page app.
[!INCLUDE [b2c-public-preview-feature](../../includes/active-directory-b2c-public-preview.md)]
The inline frame element `<iframe>` is used to embed a document in an HTML5 web
When using iframe, consider the following: -- Embedded sign-in supports local accounts only. Most social identity providers (for example, Google and Facebook) block their sign-in pages from being rendered in inline frames.
+- Embedded sign-up or sign-in supports local accounts only. Most social identity providers (for example, Google and Facebook) block their sign-in pages from being rendered in inline frames.
- Because Azure AD B2C session cookies within an iframe are considered third-party cookies, certain browsers (for example Safari or Chrome in incognito mode) either block or clear these cookies, resulting in an undesirable user experience. To prevent this issue, make sure your application domain name and your Azure AD B2C domain have the *same origin*. To use the same origin, [enable custom domains](custom-domain.md) for Azure AD B2C tenant, then configure your web app with the same origin. For example, an application hosted on 'https://app.contoso.com' has the same origin as Azure AD B2C running on 'https://login.contoso.com'. ## Prerequisites
active-directory-b2c Enable Authentication Android App https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/enable-authentication-android-app.md
Last updated 07/06/2021 -+ # Enable authentication in your own Android application using Azure Active Directory B2C
active-directory-b2c Identity Provider Apple Id https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/identity-provider-apple-id.md
Previously updated : 03/22/2021 Last updated : 08/17/2021
To enable sign-in for users with an Apple ID in Azure Active Directory B2C (Azur
1. Enter a **Description** 1. Enter the **Bundle ID**, such as `com.contoso.azure-ad-b2c`. 1. For **Capabilities**, select **Sign in with Apple** from the capabilities list.
- 1. Take note of your App ID Prefix (Team ID) from this step. You'll need it later.
+ 1. Take note of your **Team ID** (App ID Prefix) from this step. You'll need it later.
1. Select **Continue** and then **Register**. 1. From the menu, select **Certificates, IDs, & Profiles**, and then select **(+)**. 1. For **Register a New Identifier**, select **Services IDs**, and then select **Continue**. 1. For **Register a Services ID**: 1. Enter a **Description**. The description is shown to the user on the consent screen.
- 1. Enter the **Identifier**, such as `com.consoto.azure-ad-b2c-service`. The identifier is your client ID for the OpenID Connect flow.
+ 1. Enter the **Identifier**, such as `com.consoto.azure-ad-b2c-service`. Take note of your **Service ID** identifier. The identifier is your **Client ID** for the OpenID Connect flow.
1. Select **Continue**, and then select **Register**. 1. From **Identifiers**, select the identifier you created. 1. Select **Sign In with Apple**, and then select **Configure**.
To enable sign-in for users with an Apple ID in Azure Active Directory B2C (Azur
1. Type a **Key Name**. 1. Select **Sign in with Apple**, and then select **Configure**. 1. For the **Primary App ID**, select the app you created previously, and the select **Save**.
- 1. Select **Configure**, and then select **Register** to finish the key registration process.
+ 1. Select **Configure**, and then select **Register** to finish the key registration process. Take note of the **Key ID**. This key is required when you configure user flows.
1. For **Download Your Key**, select **Download** to download a .p8 file that contains your key.
To enable sign-in for users with an Apple ID in Azure Active Directory B2C (Azur
1. Select the **Directory + subscription** filter in the top menu and choose the directory that contains your Azure AD B2C tenant. 1. Under **Azure services**, select **Azure AD B2C**. Or use the search box to find and select **Azure AD B2C**. 1. Select **Identity providers**, then select **Apple (Preview)**.
-1. Enter a **Name**. For example, *Apple*.
+1. For the **Name**, enter **Sign in with Apple**.
1. Enter the **Apple developer ID (Team ID)**.
-1. Enter the **Apple service ID (client ID)**.
-1. Enter the **Apple key ID**.
+1. Enter the **Apple service ID (Client ID)**.
+1. Enter the **Apple key ID** from step [Creating an Apple client secret](#creating-an-apple-client-secret).
1. Select and upload the **Apple certificate data**. 1. Select **Save**.
To enable sign-in for users with an Apple ID in Azure Active Directory B2C (Azur
> - Sign in with Apple requires the Admin to renew their client secret every 6 months. > - During the public preview of this feature, you'll need to manually renew the Apple client secret if it expires. A warning will appear in advance on Apple identity providers Configure social IDP page, but we recommend you set your own reminder. > - If you need to renew the secret, open Azure AD B2C in the Azure portal, go to **Identity providers** > **Apple**, and select **Renew secret**.
+> - Follow the guidelines how to [offer Sign in with Apple button](#customize-your-user-interface).
## Add the Apple identity provider to a user flow
Use the .p8 file you downloaded previously to sign the client secret into a JWT
1. Make an HTTP `POST` request, and provide the following information: - **appleTeamId**: Your Apple Developer Team ID
- - **appleServiceId**: The Apple Service ID (also the client ID)
+ - **appleServiceId**: The Apple Service ID (client ID)
- **p8key**: The PEM format key. You can obtain this by opening the .p8 file in a text editor and copying everything between `--BEGIN PRIVATE KEY--` and `--END PRIVATE KEY--` without line breaks.
You need to store the client secret that you previously recorded in your Azure A
> - Sign in with Apple requires the Admin to renew their client secret every 6 months. > - You'll need to manually renew the Apple client secret if it expires and store the new value in the policy key. > - We recommend you set your own reminder within 6 months to generate a new client secret.
+> - Follow the guidelines how to [offer Sign in with Apple button](#customize-your-user-interface).
## Configure Apple as an identity provider
You can define an Apple ID as a claims provider by adding it to the **ClaimsProv
<DisplayName>Apple</DisplayName> <TechnicalProfiles> <TechnicalProfile Id="Apple-OIDC">
- <DisplayName>Apple</DisplayName>
+ <DisplayName>Sign in with Apple</DisplayName>
<Protocol Name="OpenIdConnect" /> <Metadata> <Item Key="ProviderName">apple</Item>
You can define an Apple ID as a claims provider by adding it to the **ClaimsProv
<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="socialIdpAuthentication" AlwaysUseDefaultValue="true" /> <OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="user.name.firstName"/> <OutputClaim ClaimTypeReferenceId="surname" PartnerClaimType="user.name.lastName"/>
- <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="user.email"/>
+ <OutputClaim ClaimTypeReferenceId="email" />
</OutputClaims> <OutputClaimsTransformations> <OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName"/>
You can define an Apple ID as a claims provider by adding it to the **ClaimsProv
If the sign-in process is successful, your browser is redirected to `https://jwt.ms`, which displays the contents of the token returned by Azure AD B2C. ::: zone-end+
+## Customize your user interface
+
+Follow the guidelines how to [offer Sign in with Apple](https://developer.apple.com/design/human-interface-guidelines/sign-in-with-apple/overview/introduction/). Apple provides several **Sign in with Apple** buttons you can use to let people set up an account and sign in. If necessary, create a custom button to offer Sign in with Apple. Learn how to [display a Sign in with Apple button](https://developer.apple.com/design/human-interface-guidelines/sign-in-with-apple/overview/buttons/).
+
+To align with the Apple user interface guidelines:
+
+- [Customize the user interface with HTML templates](customize-ui-with-html.md)
+- [Localize](language-customization.md) the identity provider name.
+
active-directory-b2c Partner Azure Web Application Firewall https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/partner-azure-web-application-firewall.md
+
+ Title: Tutorial to configure Azure Active Directory B2C with Azure Web Application Firewall
+
+description: Tutorial to configure Azure Active Directory B2C with Azure Web application firewall to protect your applications from malicious attacks
+++++++ Last updated : 08/17/2021++++
+# Tutorial: Configure Azure Web Application Firewall with Azure Active Directory B2C
+
+In this sample tutorial, learn how to enable [Azure Web Application Firewall (WAF)](https://azure.microsoft.com/services/web-application-firewall/#overview) solution for Azure Active Directory (AD) B2C tenant with custom domain. Azure WAF provides centralized protection of your web applications from common exploits and vulnerabilities.
+
+## Prerequisites
+
+To get started, you'll need:
+
+- An Azure subscription ΓÇô If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
+
+- [An Azure AD B2C tenant](tutorial-create-tenant.md) ΓÇô The authorization server, responsible for verifying the userΓÇÖs credentials using the custom policies defined in the tenant. It's also known as the identity provider.
+
+- [Azure Front Door (AFD)](https://docs.microsoft.com/azure/frontdoor/) ΓÇô Responsible for enabling custom domains for Azure AD B2C tenant.
+
+- [Azure WAF](https://azure.microsoft.com/services/web-application-firewall/#overview) ΓÇô Manages all traffic that is sent to the authorization server.
+
+## Azure AD B2C setup
+
+To use custom domains in Azure AD B2C, it's required to use custom domain feature provided by AFD. Learn how to [enable Azure AD B2C custom domains](https://docs.microsoft.com/azure/active-directory-b2c/custom-domain?pivots=b2c-user-flow).
+
+After custom domain for Azure AD B2C is successfully configured using AFD, [test the custom domain](https://docs.microsoft.com/azure/active-directory-b2c/custom-domain?pivots=b2c-custom-policy#test-your-custom-domain) before proceeding further.
+
+## Onboard with Azure WAF
+
+To enable Azure WAF, configure a WAF policy and associate that policy to the AFD for protection.
+
+### Create a WAF policy
+
+Create a basic WAF policy with managed Default Rule Set (DRS) in the [Azure portal](https://portal.azure.com).
+
+1. Go to the [Azure portal](https://portal.azure.com). Select **Create a resource** and then search for Azure WAF. Select **Azure Web Application Firewall (WAF)** > **Create**.
+
+2. Go to the **Create a WAF policy** page, select the **Basics** tab. Enter the following information, accept the defaults for the remaining settings.
+
+| Value | Description |
+|:--|:-|
+| Policy for | Global WAF (Front Door)|
+| Front Door SKU | Select between Basic, Standard, or Premium SKU |
+|Subscription | Select your Front Door subscription name |
+| Resource group | Select your Front Door resource group name |
+| Policy name | Enter a unique name for your WAF policy |
+| Policy state | Set as Enabled |
+| Policy mode | Set as Detection |
+
+3. Select **Review + create**
+
+4. Go to the **Association** tab of the Create a WAF policy page, select + **Associate a Front Door profile**, enter the following settings
+
+| Value | Description |
+|:-|:|
+| Front Door | Select your Front Door name associated with Azure AD B2C custom domain |
+| Domains | Select the Azure AD B2C custom domains you want to associate the WAF policy to|
+
+5. Select **Add**.
+
+6. Select **Review + create**, then select **Create**.
+
+### Change policy mode from detection to prevention
+
+When a WAF policy is created, by default the policy is in Detection mode. In Detection mode, WAF doesn't block any requests, instead, requests matching the WAF rules are logged in the WAF logs. For more information about WAF logging, see [Azure WAF monitoring and logging](https://docs.microsoft.com/azure/web-application-firewall/afds/waf-front-door-monitor).
+
+The sample query shows all the requests that were blocked by the WAF policy in the past 24 hours. The details include, rule name, request data, action taken by the policy, and the policy mode.
+
+![Image shows the blocked requests](./media/partner-azure-web-application-firewall/blocked-requests-query.png)
+
+![Image shows the blocked requests details](./media/partner-azure-web-application-firewall/blocked-requests-details.png)
+
+It's recommended that you let the WAF capture requests in Detection mode. Review the WAF logs to determine if there are any rules in the policy that are causing false positive results. Then after [exclude the WAF rules based on the WAF logs](https://docs.microsoft.com/azure/web-application-firewall/afds/waf-front-door-exclusion#define-exclusion-based-on-web-application-firewall-logs).
+
+To see WAF in action, use Switch to prevention mode to change from Detection to Prevention mode. All requests that match the rules defined in the Default Rule Set (DRS) are blocked and logged in the WAF logs.
+
+![Image shows the switch to prevention mode](./media/partner-azure-web-application-firewall/switch-to-prevention-mode.png)
+
+In case you want to switch back to the detection mode, you can do so by using Switch to detection mode option.
+
+![Image shows the switch to detection mode](./media/partner-azure-web-application-firewall/switch-to-detection-mode.png)
+
+## Next steps
+
+- [Azure WAF monitoring and logging](https://docs.microsoft.com/azure/web-application-firewall/afds/waf-front-door-monitor/)
+
+- [WAF with Front Door service exclusion lists](https://docs.microsoft.com/azure/web-application-firewall/afds/waf-front-door-exclusion/)
active-directory-b2c Partner Gallery https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/partner-gallery.md
Microsoft partners with the following ISVs for Web Application Firewall (WAF).
| ISV partner | Description and integration walkthroughs | |:-|:--| | ![Screenshot of Akamai logo](./medi) allows fine grained manipulation of traffic to protect and secure your identity infrastructure against malicious attacks. |
+| ![Screenshot of Azure WAF logo](./medi) provides centralized protection of your web applications from common exploits and vulnerabilities. |
![Screenshot of Cloudflare logo](./medi) is a WAF provider that helps organizations protect against malicious attacks that aim to exploit vulnerabilities such as SQLi, and XSS. |
active-directory-b2c Phone Authentication User Flows https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/phone-authentication-user-flows.md
Previously updated : 04/22/2021 Last updated : 08/17/2021
Here's an example showing how to add phone sign-up to a new user flow.
3. In the Azure portal, search for and select **Azure AD B2C**. 4. Under **Policies**, select **User flows**, and then select **New user flow**.
- ![User flows page in portal with New user flow button highlighted](./media/phone-authentication-user-flows/signup-signin-user-flow.png)
+ ![User flows page in portal with New user flow button highlighted](./media/phone-authentication-user-flows/sign-up-sign-in-user-flow.png)
5. On the **Create a user flow** page, select the **Sign up and sign in** user flow.
active-directory-b2c Tutorial Create User Flows https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/tutorial-create-user-flows.md
Previously updated : 08/05/2021 Last updated : 08/17/2021 zone_pivot_groups: b2c-policy-type
A user flow lets you determine how users interact with your application when the
::: zone pivot="b2c-user-flow" > [!IMPORTANT]
-> We've changed the way we reference user flow versions. Previously, we offered V1 (production-ready) versions, and V1.1 and V2 (preview) versions. Now, we've consolidated user flows into two versions: **Recommended** user flows with the latest features, and **Standard (Legacy)** user flows. In the public cloud, all legacy preview user flows (V1.1 and V2) are on a path to deprecation by **August 1, 2021**. For details, see [User flow versions in Azure AD B2C](user-flow-versions.md). *These changes apply to the Azure public cloud only. Other environments will continue to use [legacy user flow versioning](user-flow-versions-legacy.md).*
+> We've changed the way we reference user flow versions. Previously, we offered V1 (production-ready) versions, and V1.1 and V2 (preview) versions. Now, we've consolidated user flows into two versions: **Recommended** user flows with the latest features, and **Standard (Legacy)** user flows. All legacy preview user flows (V1.1 and V2) are deprecated. For details, see [User flow versions in Azure AD B2C](user-flow-versions.md). *These changes apply to the Azure public cloud only. Other environments will continue to use [legacy user flow versioning](user-flow-versions-legacy.md).*
::: zone-end ## Prerequisites
The sign-up and sign-in user flow handles both sign-up and sign-in experiences w
1. In the Azure portal, search for and select **Azure AD B2C**. 1. Under **Policies**, select **User flows**, and then select **New user flow**.
- ![User flows page in portal with New user flow button highlighted](./media/tutorial-create-user-flows/signup-signin-user-flow.png)
+ ![User flows page in portal with New user flow button highlighted](./media/tutorial-create-user-flows/sign-up-sign-in-user-flow.png)
1. On the **Create a user flow** page, select the **Sign up and sign in** user flow.
active-directory-b2c User Flow Versions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/user-flow-versions.md
Previously updated : 04/22/2021 Last updated : 08/17/2021
User flows in Azure Active Directory B2C (Azure AD B2C) help you to set up commo
>- **Recommended** user flows are the generally available, next-generation user flows with the latest features. They combine all the features of the legacy **V1**, **V1.1**, and **V2** versions. Going forward, **Recommended** user flows will be maintained and updated. Once you move to these new recommended user flows, you'll have access to new features as they're released. >- **Standard (Legacy)** user flows, previously known as **V1**, are legacy user flows. Unless you have a specific business need, we don't recommend using these versions of user flows because they won't be maintained or updated. >
->All legacy preview user flows (V1.1 and V2) are on a path to deprecation by **August 1, 2021**. Wherever possible, we highly recommend that you [switch to the **Recommended** versions](#how-to-switch-to-a-recommended-user-flow) as soon as possible so you can always take advantage of the latest features and updates. *These changes apply to the Azure public cloud only. Other environments will continue to use [legacy user flow versioning](user-flow-versions-legacy.md).*
+>In the public cloud, all legacy preview user flows (V1.1 and V2) are deprecated. *These changes apply to the Azure public cloud only. Other environments will continue to use [legacy user flow versioning](user-flow-versions-legacy.md).*
## Recommended user flows
If you're using a legacy V2 or V1.1 user flow, your application won't be affecte
### Will Microsoft still support my legacy V2 or V1.1 user flow policy?
-In the public cloud, all legacy preview user flows (V1.1 and V2) are on a path to deprecation by August 1, 2021. Wherever possible, we highly recommend that you [switch to the **Recommended** versions](#how-to-switch-to-a-recommended-user-flow) as soon as possible so you can always take advantage of the latest features and updates. *These changes apply to the Azure public cloud only. Other environments will continue to use [legacy user flow versioning](user-flow-versions-legacy.md).*
+In the public cloud, all legacy preview user flows (V1.1 and V2) are deprecated. *These changes apply to the Azure public cloud only. Other environments will continue to use [legacy user flow versioning](user-flow-versions-legacy.md).*
active-directory Application Proxy Integrate With Power Bi https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/app-proxy/application-proxy-integrate-with-power-bi.md
Last updated 04/28/2021 + # Enable remote access to Power BI Mobile with Azure Active Directory Application Proxy
active-directory Application Proxy Secure Api Access https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/app-proxy/application-proxy-secure-api-access.md
Last updated 05/06/2021 + # Secure access to on-premises APIs with Azure Active Directory Application Proxy
active-directory What Is Application Proxy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/app-proxy/what-is-application-proxy.md
Last updated 04/27/2021 + # Using Azure AD Application Proxy to publish on-premises apps for remote users
active-directory How To Migrate Mfa Server To Azure Mfa https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/authentication/how-to-migrate-mfa-server-to-azure-mfa.md
Check with the service provider for supported product versions and their capabil
- Users must register for Azure AD MFA prior to using the NPS extension. Otherwise, the extension fails to authenticate the user, which can generate help desk calls. - When the NPS extension invokes MFA, the MFA request is sent to the user's default MFA method. - Because the sign-in happens on 3rd party applications, it is unlikely that the user will see visual notification that MFA is required and that a request has been sent to their device.
- - During the MFA requirement, the user must have access to their default authentication method to complete the MFA requirement.
+ - During the MFA requirement, the user must have access to their default authentication method to complete the MFA requirement. They cannot choose an alternative method. Their default authentication method will be used even if it's been disabled in the tenant authentication methods and MFA policies.
- Users can change their default MFA method in the Security Info page (aka.ms/mysecurityinfo). - Available MFA methods for RADIUS clients are controlled by the client systems sending the RADIUS access requests. - MFA methods that require user input after they enter a password can only be used with systems that support access-challenge responses with RADIUS. Input methods might include OTP, hardware OATH tokens or the Microsoft Authenticator application.
Others might include:
- The Cisco VPN supports both RADIUS and [SAML authentication for SSO](../saas-apps/cisco-anyconnect.md). - By moving from RADIUS authentication to SAML, you can integrate the Cisco VPN without deploying the NPS extension. - All VPNs
- - We recommend federating your VPN as a SAML app if possible. This will allow you to use Conditional Access. For more information, see a [list of VPN vendors that are integrated into the Azure AD](../manage-apps/secure-hybrid-access.md#sha-through-vpn-and-sdp-applications) App gallery.
+ - We recommend federating your VPN as a SAML app if possible. This will allow you to use Conditional Access. For more information, see a [list of VPN vendors that are integrated into the Azure AD](../manage-apps/secure-hybrid-access.md#secure-hybrid-access-through-azure-ad-partner-integrations) App gallery.
### Resources for deploying NPS
active-directory Howto Authentication Sms Signin https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/authentication/howto-authentication-sms-signin.md
Previously updated : 06/09/2021 Last updated : 08/18/2021
To complete this article, you need the following resources and privileges:
* You need *global administrator* privileges in your Azure AD tenant to enable SMS-based authentication. * Each user that's enabled in the text message authentication method policy must be licensed, even if they don't use it. Each enabled user must have one of the following Azure AD, EMS, Microsoft 365 licenses: * [Microsoft 365 F1 or F3][m365-firstline-workers-licensing]
+ * [Azure Active Directory Premium P1 or P2][azure-ad-pricing]
* [Enterprise Mobility + Security (EMS) E3 or E5][ems-licensing] or [Microsoft 365 E3 or E5][m365-licensing] * [Office 365 F3][o365-f3]
If you receive an error when you try to set a phone number for a user account in
[m365-licensing]: https://www.microsoft.com/microsoft-365/compare-microsoft-365-enterprise-plans [o365-f1]: https://www.microsoft.com/microsoft-365/business/office-365-f1?market=af [o365-f3]: https://www.microsoft.com/microsoft-365/business/office-365-f3?activetab=pivot%3aoverviewtab
+[azure-ad-pricing]: https://www.microsoft.com/security/business/identity-access-management/azure-ad-pricing
active-directory Howto Mfa Nps Extension https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/authentication/howto-mfa-nps-extension.md
Previously updated : 07/07/2021 Last updated : 08/17/2021
Additionally, connectivity to the following URLs is required to complete the [se
* *https:\//provisioningapi.microsoftonline.com* * *https:\//aadcdn.msauth.net* * *https:\//www.powershellgallery.com*
+* *https:\//go.microsoft.com*
* *https:\//aadcdn.msftauthimages.net* ## Prepare your environment
active-directory Concept Conditional Access Cloud Apps https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/conditional-access/concept-conditional-access-cloud-apps.md
Administrators can select published authentication contexts in their Conditional
For more information about authentication context use in applications, see the following articles. -- [Microsoft Information Protection sensitivity labels to protect SharePoint sites](/microsoft-365/compliance/sensitivity-labels-teams-groups-sites?view=o365-worldwide#more-information-about-the-dependencies-for-the-authentication-context-option)
+- [Microsoft Information Protection sensitivity labels to protect SharePoint sites](/microsoft-365/compliance/sensitivity-labels-teams-groups-sites?view=o365-worldwide#more-information-about-the-dependencies-for-the-authentication-context-option&preserve-view=true)
- [Microsoft Cloud App Security](/cloud-app-security/session-policy-aad?branch=pr-en-us-2082#require-step-up-authentication-authentication-context) - [Custom applications](../develop/developer-guide-conditional-access-authentication-context.md)
active-directory Concept Continuous Access Evaluation https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/conditional-access/concept-continuous-access-evaluation.md
-+ # Continuous access evaluation
active-directory Accounts Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/accounts-overview.md
ms.devlang: java Last updated 09/14/2019 -+
active-directory Apple Sso Plugin https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/apple-sso-plugin.md
Previously updated : 09/15/2020 Last updated : 08/10/2021 -+ # Microsoft Enterprise SSO plug-in for Apple devices (preview)
Your organization likely uses the Authenticator app for scenarios like multifact
Use the following parameters to configure the Microsoft Enterprise SSO plug-in for apps that don't use a Microsoft identity platform library.
-To provide a list of specific apps, use these parameters:
+#### Enable SSO for all managed apps
+
+- **Key**: `Enable_SSO_On_All_ManagedApps`
+- **Type**: `Integer`
+- **Value**: 1 or 0 .
+
+When this flag is on (its value is set to `1`), all MDM-managed apps not in the `AppBlockList` may participate in SSO.
+
+#### Enable SSO for specific apps
- **Key**: `AppAllowList` - **Type**: `String` - **Value**: Comma-delimited list of application bundle IDs for the applications that are allowed to participate in SSO. - **Example**: `com.contoso.workapp, com.contoso.travelapp`
-To provide a list of prefixes, use these parameters:
+>[!NOTE]
+> Safari and Safari View Service are allowed to participate in SSO by default. Can be configured *not* to participate in SSO by adding the bundle IDs of Safari and Safari View Service in AppBlockList.
+> iOS Bundle IDs : [com.apple.mobilesafari, com.apple.SafariViewService] , macOS BundleID : com.apple.Safari
+
+#### Enable SSO for all apps with a specific bundle ID prefix
- **Key**: `AppPrefixAllowList` - **Type**: `String` - **Value**: Comma-delimited list of application bundle ID prefixes for the applications that are allowed to participate in SSO. This parameter allows all apps that start with a particular prefix to participate in SSO. - **Example**: `com.contoso., com.fabrikam.`
-[Consented apps](./application-consent-experience.md) that the MDM admin allows to participate in SSO can silently get a token for the end user. So add only trusted applications to the allowlist.
+#### Disable SSO for specific apps
+
+- **Key**: `AppBlockList`
+- **Type**: `String`
+- **Value**: Comma-delimited list of application bundle IDs for the applications that are allowed not to participate in SSO.
+- **Example**: `com.contoso.studyapp, com.contoso.travelapp`
+
+To *disable* SSO for Safari or Safari View Service, you must explicitly do so by adding their bundle IDs to the `AppBlockList`:
+
+- iOS: `com.apple.mobilesafari`, `com.apple.SafariViewService`
+- macOS: `com.apple.Safari`
+
+#### Enable SSO through cookies for a specific application
+
+Some apps that have advanced network settings might experience unexpected issues when they're enabled for SSO. For example, you might see an error indicating that a network request was canceled or interrupted.
+
+If your users have problems signing in to an application even after you've enabled it through the other settings, try adding it to the `AppCookieSSOAllowList` to resolve the issues.
+
+- **Key**: `AppCookieSSOAllowList`
+- **Type**: `String`
+- **Value**: Comma-delimited list of application bundle ID prefixes for the applications that are allowed to participate in the SSO. All apps that start with the listed prefixes will be allowed to participate in SSO.
+- **Example**: `com.contoso.myapp1, com.fabrikam.myapp2`
+
+**Other requirements**: To enable SSO for applications by using `AppCookieSSOAllowList`, you must also add their bundle ID prefixes `AppPrefixAllowList`.
+
+Try this configuration only for applications that have unexpected sign-in failures.
+
+#### Summary of keys
+
+| Key | Type | Value |
+|--|--|--|
+| `Enable_SSO_On_All_ManagedApps` | Integer | `1` to enable SSO for all managed apps, `0` to disable SSO for all managed apps. |
+| `AppAllowList` | String<br/>*(comma-delimited list)* | Bundle IDs of applications allowed to participate in SSO. |
+| `AppBlockList` | String<br/>*(comma-delimited list)* | Bundle IDs of applications not allowed to participate in SSO. |
+| `AppPrefixAllowList` | String<br/>*(comma-delimited list)* | Bundle ID prefixes of applications allowed to participate in SSO. |
+| `AppCookieSSOAllowList` | String<br/>*(comma-delimited list)* | Bundle ID prefixes of applications allowed to participate in SSO but that use special network settings and have trouble with SSO using the other settings. Apps you add to `AppCookieSSOAllowList` must also be added to `AppPrefixAllowList`. |
+
+#### Settings for common scenarios
+
+- *Scenario*: I want to enable SSO for most managed applications, but not for all of them.
+
+ | Key | Value |
+ | -- | -- |
+ | `Enable_SSO_On_All_ManagedApps` | `1` |
+ | `AppBlockList` | The bundle IDs (comma-delimited list) of the apps you want to prevent from participating in SSO. |
+
+- *Scenario* I want to disable SSO for Safari, which is enabled by default, but enable SSO for all managed apps.
+
+ | Key | Value |
+ | -- | -- |
+ | `Enable_SSO_On_All_ManagedApps` | `1` |
+ | `AppBlockList` | The bundle IDs (comma-delimited list) of the Safari apps you want to prevent from participating in SSO.<br/><li>For iOS: `com.apple.mobilesafari`, `com.apple.SafariViewService`<br/><li>For macOS: `com.apple.Safari` |
+
+- *Scenario*: I want to enable SSO on all managed apps and few unmanaged apps, but disable SSO for a few other apps.
+
+ | Key | Value |
+ | -- | -- |
+ | `Enable_SSO_On_All_ManagedApps` | `1` |
+ | `AppAllowList` | The bundle IDs (comma-delimited list) of the apps you want to enable for participation in for SSO. |
+ | `AppBlockList` | The bundle IDs (comma-delimited list) of the apps you want to prevent from participating in SSO. |
->[!NOTE]
-> You don't need to add applications that use MSAL or ASWebAuthenticationSession to the list of apps that can participate in SSO. Those applications are enabled by default.
##### Find app bundle identifiers on iOS devices
Enabling the `disable_explicit_app_prompt` flag restricts the ability of both na
We recommend enabling this flag to get a consistent experience across all apps. It's disabled by default.
-#### Enable SSO through cookies for a specific application
-
-A few apps might be incompatible with the SSO extension. Specifically, apps that have advanced network settings might experience unexpected issues when they're enabled for SSO. For example, you might see an error indicating that network request was canceled or interrupted.
-
-If you have problems signing in by using the method described in the [Applications that don't use MSAL](#applications-that-dont-use-msal) section, try an alternative configuration. Use these parameters to configure the plug-in:
--- **Key**: `AppCookieSSOAllowList`-- **Type**: `String`-- **Value**: Comma-delimited list of application bundle ID prefixes for the applications that are allowed to participate in the SSO. All apps that start with the listed prefixes will be allowed to participate in SSO.-- **Example**: `com.contoso.myapp1, com.fabrikam.myapp2`-
-Applications enabled for the SSO by using this setup need to be added to both `AppCookieSSOAllowList` and `AppPrefixAllowList`.
-
-Try this configuration only for applications that have unexpected sign-in failures.
- #### Use Intune for simplified configuration You can use Intune as your MDM service to ease configuration of the Microsoft Enterprise SSO plug-in. For example, you can use Intune to enable the plug-in and add old apps to an allowlist so they get SSO.
active-directory Authentication Flows App Scenarios https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/authentication-flows-app-scenarios.md
Last updated 03/03/2020 -+ #Customer intent: As an app developer, I want to learn about authentication flows and application scenarios so I can create applications protected by the Microsoft identity platform.
active-directory Consent Framework https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/consent-framework.md
Last updated 10/21/2020 + # Azure Active Directory consent framework
active-directory Customize Webviews https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/customize-webviews.md
Last updated 08/28/2019 -+ # How to: Customize browsers and WebViews for iOS/macOS
active-directory Developer Support Help Options https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/developer-support-help-options.md
Last updated 03/09/2021 + # Support and help options for developers
active-directory Howto Get List Of All Active Directory Auth Library Apps https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/howto-get-list-of-all-active-directory-auth-library-apps.md
Last updated 07/22/2021 -+ # Customer intent: As an application developer / IT admin, I need to know / identify which of my apps are using ADAL.
active-directory Howto V2 Keychain Objc https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/howto-v2-keychain-objc.md
Last updated 08/28/2019 -+ # Configure keychain
active-directory Identity Platform Integration Checklist https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/identity-platform-integration-checklist.md
Last updated 05/08/2020 -+ #Customer intent: As an application developer, I want to learn about best practices so I can integrate my application with the Microsoft identity platform.
active-directory Identity Videos https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/identity-videos.md
Last updated 08/03/2020 -+
active-directory Migrate Adal Msal Java https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/migrate-adal-msal-java.md
Last updated 11/04/2019 -+ #Customer intent: As an Java application developer, I want to learn how to migrate my v1 ADAL app to v2 MSAL.
active-directory Migrate Android Adal Msal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/migrate-android-adal-msal.md
Last updated 10/14/2020 -+ # Customer intent: As an Android application developer, I want to learn how to migrate my v1 ADAL app to v2 MSAL.
active-directory Migrate Objc Adal Msal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/migrate-objc-adal-msal.md
Last updated 08/28/2019 -+ #Customer intent: As an application developer, I want to learn about the differences between the Objective-C ADAL and MSAL for iOS and macOS libraries so I can migrate my applications to MSAL for iOS and macOS.
active-directory Migrate Python Adal Msal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/migrate-python-adal-msal.md
Last updated 11/11/2019 -+ #Customer intent: As a Python application developer, I want to learn how to migrate my v1 ADAL app to v2 MSAL.
active-directory Mobile Sso Support Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/mobile-sso-support-overview.md
Last updated 10/14/2020 ++ #Customer intent: As an app developer, I want to know how to implement an app that supports single sign-on and app protection policies using the Microsoft identity platform and integrating with Azure Active Directory.
active-directory Msal Client Application Configuration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/msal-client-application-configuration.md
Last updated 11/20/2020 -+ #Customer intent: As an application developer, I want to learn about the types of client applications so I can decide if this platform meets my app development needs.
active-directory Msal Client Applications https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/msal-client-applications.md
Last updated 04/25/2019 -+ #Customer intent: As an application developer, I want to learn about the types of client apps so I can decide if this platform meets my app development requirements.
active-directory Msal Compare Msal Js And Adal Js https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/msal-compare-msal-js-and-adal-js.md
Last updated 07/06/2021 + #Customer intent: As an application developer, I want to learn how to change the code in my JavaScript application from using ADAL.js as its authentication library to MSAL.js.
active-directory Msal Js Sso https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/msal-js-sso.md
Last updated 04/24/2019 -+ #Customer intent: As an application developer, I want to learn about enabling single sign on experiences with MSAL.js library so I can decide if this platform meets my application development needs and requirements.
active-directory Msal Migration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/msal-migration.md
Last updated 07/22/2021 -+ # Customer intent: As an application developer, I want to learn about MSAL library so I can migrate my ADAL applications to MSAL.
active-directory Msal Net Differences Adal Net https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/msal-net-differences-adal-net.md
Last updated 06/09/2021 -+ #Customer intent: As an application developer, I want to learn about the differences between the ADAL.NET and MSAL.NET libraries so I can migrate my applications to MSAL.NET.
active-directory Msal Net Migration Android Broker https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/msal-net-migration-android-broker.md
Last updated 08/31/2020 -+ #Customer intent: As an application developer, I want to learn how to migrate my Xamarin Android applications that use Microsoft Authenticator from ADAL.NET to MSAL.NET.
active-directory Msal Net Migration Confidential Client https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/msal-net-migration-confidential-client.md
Last updated 06/08/2021 -+ #Customer intent: As an application developer, I want to migrate my confidential client app from ADAL.NET to MSAL.NET.
active-directory Msal Net Migration Ios Broker https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/msal-net-migration-ios-broker.md
Last updated 09/08/2019 -+ #Customer intent: As an application developer, I want to learn how to migrate my iOS applications that use Microsoft Authenticator from ADAL.NET to MSAL.NET.
active-directory Msal Net Migration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/msal-net-migration.md
Last updated 06/08/2021 -+ #Customer intent: As an application developer, I want to learn why and how to migrate from ADAL.NET and MSAL.NET or Microsoft.Identity.Web libraries.
active-directory Msal Net Token Cache Serialization https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/msal-net-token-cache-serialization.md
Last updated 06/25/2021 -+ #Customer intent: As an application developer, I want to learn about token cache serialization so I can have fine-grained control of the proxy.
active-directory Msal Net Use Brokers With Xamarin Apps https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/msal-net-use-brokers-with-xamarin-apps.md
Last updated 09/08/2019 -+ #Customer intent: As an application developer, I want to learn how to use brokers with my Xamarin iOS or Android application and MSAL.NET.
active-directory Msal Net Web Browsers https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/msal-net-web-browsers.md
Last updated 05/18/2020 -+ #Customer intent: As an application developer, I want to learn about web browsers MSAL.NET so I can decide if this platform meets my application development needs and requirements.
active-directory Msal Net Xamarin Ios Considerations https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/msal-net-xamarin-ios-considerations.md
Last updated 09/09/2020 -+ #Customer intent: As an application developer, I want to learn about considerations for using Xamarin iOS and MSAL.NET.
active-directory Msal Node Migration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/msal-node-migration.md
Last updated 04/26/2021 + #Customer intent: As an application developer, I want to learn how to change the code in my Node.js application from using ADAL as its authentication library to MSAL.
active-directory Msal Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/msal-overview.md
Last updated 07/22/2021 -+ #Customer intent: As an application developer, I want to learn about the Microsoft Authentication Library so I can decide if this platform meets my application development needs and requirements.
active-directory Msal Python Adfs Support https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/msal-python-adfs-support.md
Last updated 11/23/2019 -+ #Customer intent: As an application developer, I want to learn about AD FS support in MSAL for Python so I can decide if this platform meets my application development needs and requirements.
active-directory Msal V1 App Scopes https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/msal-v1-app-scopes.md
Last updated 11/25/2019 -+ #Customer intent: As an application developer, I want to learn scopes for a v1.0 application so I can decide if this platform meets my application development needs and requirements.
active-directory Quickstart V2 Android https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/quickstart-v2-android.md
Last updated 10/15/2019 -+ #Customer intent: As an application developer, I want to learn how Android native apps can call protected APIs that require login and access tokens using the Microsoft identity platform.
active-directory Redirect Uris Ios https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/redirect-uris-ios.md
Last updated 08/28/2019 -+ #Customer intent: As an application developer, I want to learn about how to use redirect URIs.
active-directory Reference Breaking Changes https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/reference-breaking-changes.md
Last updated 6/4/2021 -+ # What's new for authentication?
active-directory Registration Config Sso How To https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/registration-config-sso-how-to.md
-+ Last updated 07/15/2019
active-directory Scenario Desktop Acquire Token https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/scenario-desktop-acquire-token.md
Last updated 01/06/2021 -+ #Customer intent: As an application developer, I want to know how to write a desktop app that calls web APIs by using the Microsoft identity platform.
active-directory Scenario Mobile App Registration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/scenario-mobile-app-registration.md
-+ Previously updated : 05/07/2019 Last updated : 08/18/2021
Most mobile applications use interactive authentication. If your app uses this f
### Audience for Integrated Windows authentication, username-password, and B2C
-If you have a Universal Windows Platform (UWP) app, you can use Integrated Windows authentication to sign in users. To use Integrated Windows authentication or username-password authentication, your application needs to sign in users in your own line-of-business (LOB) developer tenant. In an independent software vendor (ISV) scenario, your application can sign in users in Azure Active Directory organizations. These authentication flows aren't supported for Microsoft personal accounts.
+If you have a Universal Windows Platform (UWP) app, you can use Integrated Windows authentication (IWA) to sign in users. To use IWA or username-password authentication, your application needs to sign in users in your own line-of-business (LOB) developer tenant. In an independent software vendor (ISV) scenario, your application can sign in users in Azure Active Directory organizations. These authentication flows aren't supported for Microsoft personal accounts.
You can also sign in users by using social identities that pass a B2C authority and policy. To use this method, you can use only interactive authentication and username-password authentication. Username-password authentication is currently supported only on Xamarin.iOS, Xamarin.Android, and UWP.
However, identify your application as a public client application. To do so:
## API permissions
-Mobile applications call APIs on behalf of the signed-in user. Your app needs to request delegated permissions. These permissions are also called scopes. Depending on the experience that you want, you can request delegated permissions statically through the Azure portal. Or you can request them dynamically at runtime.
+Mobile applications call APIs for the signed-in user. Your app needs to request delegated permissions. These permissions are also called scopes. Depending on the experience that you want, you can request delegated permissions statically through the Azure portal. Or you can request them dynamically at runtime.
By statically registering permissions, you allow administrators to easily approve your app. Static registration is recommended.
active-directory Scenario Token Exchange Saml Oauth https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/scenario-token-exchange-saml-oauth.md
Last updated 12/08/2020 + # Microsoft identity platform token exchange scenarios with SAML and OIDC/OAuth
active-directory Single Multi Account https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/single-multi-account.md
Last updated 09/26/2019 -+
active-directory Sso Between Adal Msal Apps Macos Ios https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/sso-between-adal-msal-apps-macos-ios.md
Last updated 08/28/2019 -+ # How to: SSO between ADAL and MSAL apps on macOS and iOS
active-directory Tutorial V2 Android https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/tutorial-v2-android.md
Last updated 11/26/2019 -+ # Tutorial: Sign in users and call the Microsoft Graph API from an Android application
active-directory Tutorial V2 Aspnet Daemon Web App https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/tutorial-v2-aspnet-daemon-web-app.md
Last updated 12/10/2019 -+ #Customer intent: As an application developer, I want to know how to set up OpenId Connect authentication in a web application built using Node.js with Express.
active-directory Tutorial V2 Ios https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/tutorial-v2-ios.md
Last updated 09/18/2020 -+ # Tutorial: Sign in users and call Microsoft Graph from an iOS or macOS app
active-directory V2 Permissions And Consent https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/v2-permissions-and-consent.md
Last updated 07/06/2021 -+ # Permissions and consent in the Microsoft identity platform
active-directory Whats New Docs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/whats-new-docs.md
+ # Microsoft identity platform docs: What's new
active-directory Howto Vm Sign In Azure Ad Windows https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/devices/howto-vm-sign-in-azure-ad-windows.md
Previously updated : 06/30/2021 Last updated : 08/19/2021
For more information on how to use Azure RBAC to manage access to your Azure sub
## Using Conditional Access
-You can enforce Conditional Access policies such as multi-factor authentication or user sign-in risk check before authorizing access to Windows VMs in Azure that are enabled with Azure AD sign in. To apply Conditional Access policy, you must select the "Azure Windows VM Sign-In" app from the cloud apps or actions assignment option and then use Sign-in risk as a condition and/or
+You can enforce Conditional Access policies such as multi-factor authentication or user sign-in risk check before authorizing access to Windows VMs in Azure that are enabled with Azure AD sign in. To apply Conditional Access policy, you must select the "**Azure Windows VM Sign-In**" app from the cloud apps or actions assignment option and then use Sign-in risk as a condition and/or
require multi-factor authentication as a grant access control. > [!NOTE] > If you use "Require multi-factor authentication" as a grant access control for requesting access to the "Azure Windows VM Sign-In" app, then you must supply multi-factor authentication claim as part of the client that initiates the RDP session to the target Windows VM in Azure. The only way to achieve this on a Windows 10 client is to use Windows Hello for Business PIN or biometric authentication with the RDP client. Support for biometric authentication was added to the RDP client in Windows 10 version 1809. Remote desktop using Windows Hello for Business authentication is only available for deployments that use cert trust model and currently not available for key trust model. > [!WARNING]
-> Per-user Enabled/Enforced Azure AD Multi-Factor Authentication is not supported for VM sign-in.
+> Per-user Enabled/Enforced Azure AD Multi-Factor Authentication is not supported for VM Sign-In.
## Log in using Azure AD credentials to a Windows VM
If you see the following error message when you initiate a remote desktop connec
If you have configured a Conditional Access policy that requires multi-factor authentication (MFA) before you can access the resource, then you need to ensure that the Windows 10 PC initiating the remote desktop connection to your VM signs in using a strong authentication method such as Windows Hello. If you do not use a strong authentication method for your remote desktop connection, you will see the previous error.
-If you have not deployed Windows Hello for Business and if that is not an option for now, you can exclude MFA requirement by configuring Conditional Access policy that excludes "Azure Windows VM Sign-In" app from the list of cloud apps that require MFA. To learn more about Windows Hello for Business, see [Windows Hello for Business Overview](/windows/security/identity-protection/hello-for-business/hello-identity-verification).
+- Your credentials did not work.
+
+![Your credentials did not work](./media/howto-vm-sign-in-azure-ad-windows/your-credentials-did-not-work.png)
+
+> [!WARNING]
+> Per-user Enabled/Enforced Azure AD Multi-Factor Authentication is not supported for VM Sign-In. This setting causes Sign-in to fail with ΓÇ£Your credentials do not work.ΓÇ¥ error message.
+
+You can resolve the above issue by removing the per user MFA setting, by following these steps:
+
+```
+
+# Get StrongAuthenticationRequirements configure on a user
+(Get-MsolUser -UserPrincipalName username@contoso.com).StrongAuthenticationRequirements
+
+# Clear StrongAuthenticationRequirements from a user
+$mfa = @()
+Set-MsolUser -UserPrincipalName username@contoso.com -StrongAuthenticationRequirements $mfa
+
+# Verify StrongAuthenticationRequirements are cleared from the user
+(Get-MsolUser -UserPrincipalName username@contoso.com).StrongAuthenticationRequirements
+
+```
+
+If you have not deployed Windows Hello for Business and if that is not an option for now, you can exclude MFA requirement by configuring Conditional Access policy that excludes "**Azure Windows VM Sign-In**" app from the list of cloud apps that require MFA. To learn more about Windows Hello for Business, see [Windows Hello for Business Overview](/windows/security/identity-protection/hello-for-business/hello-identity-verification).
> [!NOTE] > Windows Hello for Business PIN authentication with RDP has been supported by Windows 10 for several versions, however support for Biometric authentication with RDP was added in Windows 10 version 1809. Using Windows Hello for Business authentication during RDP is only available for deployments that use cert trust model and currently not available for key trust model.
active-directory Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/devices/overview.md
# What is a device identity?
-A [device identity](/graph/api/resources/device?view=graph-rest-1.0) is an object in Azure Active Directory (Azure AD). This device object is similar to users, groups, or applications. A device identity gives administrators information they can use when making access or configuration decisions.
+A [device identity](/graph/api/resources/device?view=graph-rest-1.0&preserve-view=true) is an object in Azure Active Directory (Azure AD). This device object is similar to users, groups, or applications. A device identity gives administrators information they can use when making access or configuration decisions.
![Devices displayed in Azure AD Devices blade](./media/overview/azure-active-directory-devices-all-devices.png)
active-directory Troubleshoot Hybrid Join Windows Current https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/devices/troubleshoot-hybrid-join-windows-current.md
Use Event Viewer logs to locate the phase and errorcode for the join failures.
| Server error code | Server error message | Possible reasons | Resolution | | | | | |
-| DirectoryError | AADSTS90002: Tenant <UUID> not found. This error may happen if there are no active subscriptions for the tenant. Check with your subscription administrator. | Tenant ID in SCP object is incorrect | Ensure SCP object is configured with the correct Azure AD tenant ID and active subscriptions and present in the tenant. |
+| DirectoryError | AADSTS90002: Tenant `UUID` not found. This error may happen if there are no active subscriptions for the tenant. Check with your subscription administrator. | Tenant ID in SCP object is incorrect | Ensure SCP object is configured with the correct Azure AD tenant ID and active subscriptions and present in the tenant. |
| DirectoryError | The device object by the given ID is not found. | Expected error for sync join. The device object has not synced from AD to Azure AD | Wait for the Azure AD Connect sync to complete and the next join attempt after sync completion will resolve the issue | | AuthenticationError | The verification of the target computer's SID | The certificate on the Azure AD device doesn't match the certificate used to sign the blob during the sync join. This error typically means sync hasnΓÇÖt completed yet. | Wait for the Azure AD Connect sync to complete and the next join attempt after sync completion will resolve the issue |
Resolution :
-**AADSTS50034: The user account <Account> does not exist in the <tenant id> directory**
+**AADSTS50034: The user account `Account` does not exist in the `tenant id` directory**
Reason: - AAD is unable to find the user account in the tenant.
Resolution:
3. For Fiddler traces accept the certificate requests that will pop up. 4. The wizard will prompt you for a password to safeguard your trace files. Provide a password. 5. Finally, open the folder where all the logs collected are stored. It is typically in a folder like
- %LOCALAPPDATA%\ElevatedDiagnostics\<numbers>
+ %LOCALAPPDATA%\ElevatedDiagnostics\numbers
7. Contact support with contents of latest.cab, which contains all the collected logs. **Network traces**
active-directory Licensing Service Plan Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/enterprise-users/licensing-service-plan-reference.md
Previously updated : 8/11/2021 Last updated : 8/19/2021
When managing licenses in [the Azure portal](https://portal.azure.com/#blade/Mic
- **Service plans included (friendly names)**: A list of service plans (friendly names) in the product that correspond to the string ID and GUID >[!NOTE]
->This information last updated on August 11th, 2021.
+>This information last updated on August 19th, 2021.
| Product name | String ID | GUID | Service plans included | Service plans included (friendly names) | | | | | | |
+| Advanced Communications | ADV_COMMS | e4654015-5daf-4a48-9b37-4f309dddd88b | TEAMS_ADVCOMMS (604ec28a-ae18-4bc6-91b0-11da94504ba9) | Microsoft 365 Advanced Communications (604ec28a-ae18-4bc6-91b0-11da94504ba9) |
| AI Builder Capacity add-on | CDSAICAPACITY | d2dea78b-507c-4e56-b400-39447f4738f8 | CDSAICAPACITY (a7c70a41-5e02-4271-93e6-d9b4184d83f5)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318) | AI Builder capacity add-on (a7c70a41-5e02-4271-93e6-d9b4184d83f5)<br/>Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318) | | APP CONNECT IW | SPZA_IW | 8f0c5670-4e56-4892-b06d-91c085d7004f | SPZA (0bfc98ed-1dbc-4a97-b246-701754e48b17)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318) | APP CONNECT (0bfc98ed-1dbc-4a97-b246-701754e48b17)<br/>EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318) | | Microsoft 365 Audio Conferencing | MCOMEETADV | 0c266dff-15dd-4b49-8397-2bb16070ed52 | MCOMEETADV (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40) | Microsoft 365 Audio Conferencing (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40) |
When managing licenses in [the Azure portal](https://portal.azure.com/#blade/Mic
| COMMON AREA PHONE | MCOCAP | 295a8eb0-f78d-45c7-8b5b-1eed5ed02dff | MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c) | MICROSOFT 365 PHONE SYSTEM (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>MICROSOFT TEAMS (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c) | | Common Area Phone for GCC | MCOCAP_GOV | b1511558-69bd-4e1b-8270-59ca96dba0f3 | MCOEV_GOV (db23fce2-a974-42ef-9002-d78dd42a0f22)<br/>TEAMS_GOV (304767db-7d23-49e8-a945-4a7eb65f9f28)<br/>MCOSTANDARD_GOV (a31ef4a2-f787-435e-8335-e47eb0cafc94) | Microsoft 365 Phone System for Government (db23fce2-a974-42ef-9002-d78dd42a0f22)<br/>Microsoft Teams for Government (304767db-7d23-49e8-a945-4a7eb65f9f28)<br/>Skype for Business Online (Plan 2) for Government (a31ef4a2-f787-435e-8335-e47eb0cafc94) | | COMMUNICATIONS CREDITS | MCOPSTNC | 47794cd0-f0e5-45c5-9033-2eb6b5fc84e0 | MCOPSTNC (505e180f-f7e0-4b65-91d4-00d670bbd18c) | COMMUNICATIONS CREDITS (505e180f-f7e0-4b65-91d4-00d670bbd18c) |
+| Dynamics 365 - Additional Database Storage (Qualified Offer) | CRMSTORAGE | 328dc228-00bc-48c6-8b09-1fbc8bc3435d | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>CRMSTORAGE (77866113-0f3e-4e6e-9666-b1e25c6f99b0) | Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Microsoft Dynamics CRM Online Storage Add-On (77866113-0f3e-4e6e-9666-b1e25c6f99b0) |
+| Dynamics 365 - Additional Production Instance (Qualified Offer) | CRMINSTANCE | 9d776713-14cb-4697-a21d-9a52455c738a | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>CRMINSTANCE (eeea837a-c885-4167-b3d5-ddde30cbd85f) | Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Microsoft Dynamics CRM Online Instance (eeea837a-c885-4167-b3d5-ddde30cbd85f) |
+| Dynamics 365 - Additional Non-Production Instance (Qualified Offer) | CRMTESTINSTANCE | e06abcc2-7ec5-4a79-b08b-d9c282376f72 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/> CRMTESTINSTANCE (a98b7619-66c7-4885-bdfc-1d9c8c3d279f) | Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Microsoft Dynamics CRM Online Additional Test Instance (a98b7619-66c7-4885-bdfc-1d9c8c3d279f) |
+| Dynamics 365 Asset Management Addl Assets | DYN365_ASSETMANAGEMENT | 673afb9d-d85b-40c2-914e-7bf46cd5cd75 | D365_AssetforSCM (90467813-5b40-40d4-835c-abd48009b1d9)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318) | Asset Maintenance Add-in (90467813-5b40-40d4-835c-abd48009b1d9)<br/>Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318) |
+| Dynamics 365 Business Central for IWs | PROJECT_MADEIRA_PREVIEW_IW_SKU | 6a4a1628-9b9a-424d-bed5-4118f0ede3fd | PROJECT_MADEIRA_PREVIEW_IW (3f2afeed-6fb5-4bf9-998f-f2912133aead)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318) | Dynamics 365 Business Central for IWs (3f2afeed-6fb5-4bf9-998f-f2912133aead)<br/>Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318) |
+| Dynamics 365 Customer Engagement Plan | DYN365_ENTERPRISE_PLAN1 | ea126fc5-a19e-42e2-a731-da9d437bffcf | D365_CSI_EMBED_CE (1412cdc1-d593-4ad1-9050-40c30ad0b023)<br/>DYN365_ENTERPRISE_P1 (d56f3deb-50d8-465a-bedb-f079817ccac1)<br/>D365_ProjectOperations (69f07c66-bee4-4222-b051-195095efee5b)<br/>D365_ProjectOperationsCDS (18fa3aba-b085-4105-87d7-55617b8585e6)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>FLOW_DYN_P2 (b650d915-9886-424b-a08d-633cede56f57)<br/>FLOW_DYN_APPS (7e6d7d78-73de-46ba-83b1-6d25117334ba)<br/>Forms_Pro_CE (97f29a83-1a20-44ff-bf48-5e4ad11f3e51)<br/>NBENTERPRISE (03acaee3-9492-4f40-aed4-bcb6b32981b6)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>POWERAPPS_DYN_P2 (0b03f40b-c404-40c3-8651-2aceb74365fa)<br/>PROJECT_FOR_PROJECT_OPERATIONS (0a05d977-a21a-45b2-91ce-61c240dbafa2)<br/>PROJECT_CLIENT_SUBSCRIPTION (fafd7243-e5c1-4a3a-9e40-495efcb1d3c3)<br/>SHAREPOINT_PROJECT (fe71d6c3-a2ea-4499-9778-da042bf08063)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72) | Dynamics 365 Customer Service Insights for CE Plan (1412cdc1-d593-4ad1-9050-40c30ad0b023)<br/>Dynamics 365 P1 (d56f3deb-50d8-465a-bedb-f079817ccac1)<br/>Dynamics 365 Project Operations (69f07c66-bee4-4222-b051-195095efee5b)<br/>Dynamics 365 Project Operations CDS (18fa3aba-b085-4105-87d7-55617b8585e6)<br/>Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Flow for Dynamics 365 (b650d915-9886-424b-a08d-633cede56f57)<br/>Flow for Dynamics 365 (7e6d7d78-73de-46ba-83b1-6d25117334ba)<br/>Microsoft Dynamics 365 Customer Voice for Customer Engagement Plan (97f29a83-1a20-44ff-bf48-5e4ad11f3e51)<br/>Microsoft Social Engagement Enterprise (03acaee3-9492-4f40-aed4-bcb6b32981b6)<br/>Office for the web (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>Power Apps for Dynamics 365 (0b03f40b-c404-40c3-8651-2aceb74365fa)<br/>Project for Project Operations (0a05d977-a21a-45b2-91ce-61c240dbafa2)<br/>Project Online Desktop Client (fafd7243-e5c1-4a3a-9e40-495efcb1d3c3)<br/>Project Online Service (fe71d6c3-a2ea-4499-9778-da042bf08063)<br/>SharePoint (Plan 2) (5dbe027f-2339-4123-9542-606e4d348a72) |
| DYNAMICS 365 CUSTOMER ENGAGEMENT PLAN ENTERPRISE EDITION | DYN365_ENTERPRISE_PLAN1 | ea126fc5-a19e-42e2-a731-da9d437bffcf | DYN365_ENTERPRISE_P1 (d56f3deb-50d8-465a-bedb-f079817ccac1)<br/>FLOW_DYN_P2 (b650d915-9886-424b-a08d-633cede56f57)<br/>NBENTERPRISE (03acaee3-9492-4f40-aed4-bcb6b32981b6)<br/>POWERAPPS_DYN_P2 (0b03f40b-c404-40c3-8651-2aceb74365fa)<br/>PROJECT_CLIENT_SUBSCRIPTION (fafd7243-e5c1-4a3a-9e40-495efcb1d3c3)<br/>SHAREPOINT_PROJECT (fe71d6c3-a2ea-4499-9778-da042bf08063)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014) | MICROSOFT SOCIAL ENGAGEMENT - SERVICE DISCONTINUATION (03acaee3-9492-4f40-aed4-bcb6b32981b6)<br/>POWERAPPS FOR DYNAMICS 365 (0b03f40b-c404-40c3-8651-2aceb74365fa)<br/>SHAREPOINT ONLINE (PLAN 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>FLOW FOR DYNAMICS 365 (b650d915-9886-424b-a08d-633cede56f57)<br/>DYNAMICS 365 CUSTOMER ENGAGEMENT PLAN (d56f3deb-50d8-465a-bedb-f079817ccac1)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>PROJECT ONLINE DESKTOP CLIENT (fafd7243-e5c1-4a3a-9e40-495efcb1d3c3)<br/>PROJECT ONLINE SERVICE (fe71d6c3-a2ea-4499-9778-da042bf08063) |
+| Dynamics 365 Customer Service Insights Trial | DYN365_AI_SERVICE_INSIGHTS | 61e6bd70-fbdb-4deb-82ea-912842f39431 | DYN365_AI_SERVICE_INSIGHTS (4ade5aa6-5959-4d2c-bf0a-f4c9e2cc00f2) |Dynamics 365 AI for Customer Service Trial (4ade5aa6-5959-4d2c-bf0a-f4c9e2cc00f2) |
+| Dynamics 365 Customer Voice Trial | FORMS_PRO | bc946dac-7877-4271-b2f7-99d2db13cd2c | DYN365_CDS_FORMS_PRO (363430d1-e3f7-43bc-b07b-767b6bb95e4b)<br/>FORMS_PRO (17efdd9f-c22c-4ad8-b48e-3b1f3ee1dc9a)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>FORMS_PLAN_E5 (e212cbc7-0961-4c40-9825-01117710dcb1)<br/>FLOW_FORMS_PRO (57a0746c-87b8-4405-9397-df365a9db793) | Common Data Service (363430d1-e3f7-43bc-b07b-767b6bb95e4b)<br/>Dynamics 365 Customer Voice (17efdd9f-c22c-4ad8-b48e-3b1f3ee1dc9a)<br/>Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Microsoft Forms (Plan E5) (e212cbc7-0961-4c40-9825-01117710dcb1)<br/>Power Automate for Dynamics 365 Customer Voice (57a0746c-87b8-4405-9397-df365a9db793) |
+| Dynamics 365 Enterprise Edition - Additional Portal (Qualified Offer) | CRM_ONLINE_PORTAL | a4bfb28e-becc-41b0-a454-ac680dc258d3 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>CRM_ONLINE_PORTAL (1d4e9cb1-708d-449c-9f71-943aa8ed1d6a) | Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Microsoft Dynamics CRM Online - Portal Add-On (1d4e9cb1-708d-449c-9f71-943aa8ed1d6a) |
| DYNAMICS 365 FOR CUSTOMER SERVICE ENTERPRISE EDITION | DYN365_ENTERPRISE_CUSTOMER_SERVICE | 749742bf-0d37-4158-a120-33567104deeb | DYN365_ENTERPRISE_CUSTOMER_SERVICE (99340b49-fb81-4b1e-976b-8f2ae8e9394f)<br/>FLOW_DYN_APPS (7e6d7d78-73de-46ba-83b1-6d25117334ba)<br/>NBENTERPRISE (03acaee3-9492-4f40-aed4-bcb6b32981b6)<br/>POWERAPPS_DYN_APPS (874fc546-6efe-4d22-90b8-5c4e7aa59f4b)<br/>PROJECT_ESSENTIALS (1259157c-8581-4875-bca7-2ffb18c51bda)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014) |MICROSOFT SOCIAL ENGAGEMENT - SERVICE DISCONTINUATION (03acaee3-9492-4f40-aed4-bcb6b32981b6)<br/>PROJECT ONLINE ESSENTIALS (1259157c-8581-4875-bca7-2ffb18c51bda)<br/>SHAREPOINT ONLINE (PLAN 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>FLOW FOR DYNAMICS 365 (7e6d7d78-73de-46ba-83b1-6d25117334ba)<br/>POWERAPPS FOR DYNAMICS 365 (874fc546-6efe-4d22-90b8-5c4e7aa59f4b)<br/>DYNAMICS 365 FOR CUSTOMER SERVICE (99340b49-fb81-4b1e-976b-8f2ae8e9394f)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014) | | DYNAMICS 365 FOR FINANCIALS BUSINESS EDITION | DYN365_FINANCIALS_BUSINESS_SKU | cc13a803-544e-4464-b4e4-6d6169a138fa | DYN365_FINANCIALS_BUSINESS (920656a2-7dd8-4c83-97b6-a356414dbd36)<br/>FLOW_DYN_APPS (7e6d7d78-73de-46ba-83b1-6d25117334ba)<br/>POWERAPPS_DYN_APPS (874fc546-6efe-4d22-90b8-5c4e7aa59f4b) |FLOW FOR DYNAMICS 365 (7e6d7d78-73de-46ba-83b1-6d25117334ba)<br/>POWERAPPS FOR DYNAMICS 365 (874fc546-6efe-4d22-90b8-5c4e7aa59f4b)<br/>DYNAMICS 365 FOR FINANCIALS (920656a2-7dd8-4c83-97b6-a356414dbd36) | | DYNAMICS 365 FOR SALES AND CUSTOMER SERVICE ENTERPRISE EDITION | DYN365_ENTERPRISE_SALES_CUSTOMERSERVICE | 8edc2cf8-6438-4fa9-b6e3-aa1660c640cc | DYN365_ENTERPRISE_P1 (d56f3deb-50d8-465a-bedb-f079817ccac1)<br/>FLOW_DYN_APPS (7e6d7d78-73de-46ba-83b1-6d25117334ba)<br/>NBENTERPRISE (03acaee3-9492-4f40-aed4-bcb6b32981b6)<br/>POWERAPPS_DYN_APPS (874fc546-6efe-4d22-90b8-5c4e7aa59f4b)<br/>PROJECT_ESSENTIALS (1259157c-8581-4875-bca7-2ffb18c51bda)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014) |DYNAMICS 365 CUSTOMER ENGAGEMENT PLAN (d56f3deb-50d8-465a-bedb-f079817ccac1)<br/>FLOW FOR DYNAMICS 365 (7e6d7d78-73de-46ba-83b1-6d25117334ba)<br/>MICROSOFT SOCIAL ENGAGEMENT - SERVICE DISCONTINUATION (03acaee3-9492-4f40-aed4-bcb6b32981b6)<br/>POWERAPPS FOR DYNAMICS 365 (874fc546-6efe-4d22-90b8-5c4e7aa59f4b)<br/>PROJECT ONLINE ESSENTIALS (1259157c-8581-4875-bca7-2ffb18c51bda)<br/>SHAREPOINT ONLINE (PLAN 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014) | | DYNAMICS 365 FOR SALES ENTERPRISE EDITION | DYN365_ENTERPRISE_SALES | 1e1a282c-9c54-43a2-9310-98ef728faace | DYN365_ENTERPRISE_SALES (2da8e897-7791-486b-b08f-cc63c8129df7)<br/>FLOW_DYN_APPS (7e6d7d78-73de-46ba-83b1-6d25117334ba)<br/>NBENTERPRISE (03acaee3-9492-4f40-aed4-bcb6b32981b6)<br/>POWERAPPS_DYN_APPS (874fc546-6efe-4d22-90b8-5c4e7aa59f4b)<br/>PROJECT_ESSENTIALS (1259157c-8581-4875-bca7-2ffb18c51bda)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014) | DYNAMICS 365 FOR SALES (2da8e897-7791-486b-b08f-cc63c8129df7)<br/>FLOW FOR DYNAMICS 365 (7e6d7d78-73de-46ba-83b1-6d25117334ba)<br/>MICROSOFT SOCIAL ENGAGEMENT - SERVICE DISCONTINUATION (03acaee3-9492-4f40-aed4-bcb6b32981b6)<br/>POWERAPPS FOR DYNAMICS 365 (874fc546-6efe-4d22-90b8-5c4e7aa59f4b)<br/>PROJECT ONLINE ESSENTIALS (1259157c-8581-4875-bca7-2ffb18c51bda)<br/>SHAREPOINT ONLINE (PLAN 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014) | | DYNAMICS 365 FOR SUPPLY CHAIN MANAGEMENT | DYN365_SCM | f2e48cb3-9da0-42cd-8464-4a54ce198ad0 | DYN365_CDS_SUPPLYCHAINMANAGEMENT (b6a8b974-2956-4e14-ae81-f0384c363528)<br/>DYN365_REGULATORY_SERVICE (c7657ae3-c0b0-4eed-8c1d-6a7967bd9c65)<br/>D365_SCM (1224eae4-0d91-474a-8a52-27ec96a63fe7)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>FLOW_DYN_APPS (7e6d7d78-73de-46ba-83b1-6d25117334ba)<br/>POWERAPPS_DYN_APPS (874fc546-6efe-4d22-90b8-5c4e7aa59f4b) | COMMON DATA SERVICE FOR DYNAMICS 365 SUPPLY CHAIN MANAGEMENT (b6a8b974-2956-4e14-ae81-f0384c363528)<br/>DYNAMICS 365 FOR FINANCE AND OPERATIONS, ENTERPRISE EDITION - REGULATORY SERVICE (c7657ae3-c0b0-4eed-8c1d-6a7967bd9c65)<br/>DYNAMICS 365 FOR SUPPLY CHAIN MANAGEMENT (1224eae4-0d91-474a-8a52-27ec96a63fe7)<br/>EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>FLOW FOR DYNAMICS 365 (7e6d7d78-73de-46ba-83b1-6d25117334ba)<br/>POWERAPPS FOR DYNAMICS 365 (874fc546-6efe-4d22-90b8-5c4e7aa59f4b) |
+| Dynamics 365 for Talent | SKU_Dynamics_365_for_HCM_Trial | 3a256e9a-15b6-4092-b0dc-82993f4debc6 | DYN365_CDS_DYN_APPS (2d925ad8-2479-4bd8-bb76-5b80f1d48935)<br/>Dynamics_365_Hiring_Free_PLAN (f815ac79-c5dd-4bcc-9b78-d97f7b817d0d)<br/>Dynamics_365_Onboarding_Free_PLAN (300b8114-8555-4313-b861-0c115d820f50)<br/>Dynamics_365_for_HCM_Trial (5ed38b64-c3b7-4d9f-b1cd-0de18c9c4331)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>FLOW_DYN_APPS (7e6d7d78-73de-46ba-83b1-6d25117334ba)<br/>POWERAPPS_DYN_APPS (874fc546-6efe-4d22-90b8-5c4e7aa59f4b) | Common Data Service (2d925ad8-2479-4bd8-bb76-5b80f1d48935)<br/>Dynamics 365 for Talent: Attract (f815ac79-c5dd-4bcc-9b78-d97f7b817d0d)<br/>Dynamics 365 for Talent: Onboard (300b8114-8555-4313-b861-0c115d820f50)<br/>Dynamics 365 for HCM Trial (5ed38b64-c3b7-4d9f-b1cd-0de18c9c4331)<br/>Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Flow for Dynamics 365 (7e6d7d78-73de-46ba-83b1-6d25117334ba)<br/> PowerApps for Dynamics 365 (874fc546-6efe-4d22-90b8-5c4e7aa59f4b) |
| DYNAMICS 365 FOR TEAM MEMBERS ENTERPRISE EDITION | DYN365_ENTERPRISE_TEAM_MEMBERS | 8e7a3d30-d97d-43ab-837c-d7701cef83dc | DYN365_Enterprise_Talent_Attract_TeamMember (643d201a-9884-45be-962a-06ba97062e5e)<br/>DYN365_Enterprise_Talent_Onboard_TeamMember (f2f49eef-4b3f-4853-809a-a055c6103fe0)<br/>DYN365_ENTERPRISE_TEAM_MEMBERS (6a54b05e-4fab-40e7-9828-428db3b336fa)<br/>DYNAMICS_365_FOR_OPERATIONS_TEAM_MEMBERS (f5aa7b45-8a36-4cd1-bc37-5d06dea98645)<br/>Dynamics_365_for_Retail_Team_members (c0454a3d-32b5-4740-b090-78c32f48f0ad)<br/>Dynamics_365_for_Talent_Team_members (d5156635-0704-4f66-8803-93258f8b2678)<br/>FLOW_DYN_TEAM (1ec58c70-f69c-486a-8109-4b87ce86e449)<br/>POWERAPPS_DYN_TEAM (52e619e2-2730-439a-b0d3-d09ab7e8b705)<br/>PROJECT_ESSENTIALS (1259157c-8581-4875-bca7-2ffb18c51bda)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014) | DYNAMICS 365 FOR TALENT - ATTRACT EXPERIENCE TEAM MEMBER (643d201a-9884-45be-962a-06ba97062e5e)<br/>DYNAMICS 365 FOR TALENT - ONBOARD EXPERIENCE (f2f49eef-4b3f-4853-809a-a055c6103fe0)<br/>DYNAMICS 365 FOR TEAM MEMBERS (6a54b05e-4fab-40e7-9828-428db3b336fa)<br/>DYNAMICS 365 FOR OPERATIONS TEAM MEMBERS (f5aa7b45-8a36-4cd1-bc37-5d06dea98645)<br/>DYNAMICS 365 FOR RETAIL TEAM MEMBERS (c0454a3d-32b5-4740-b090-78c32f48f0ad)<br/>DYNAMICS 365 FOR TALENT TEAM MEMBERS (d5156635-0704-4f66-8803-93258f8b2678)<br/>FLOW FOR DYNAMICS 365 (1ec58c70-f69c-486a-8109-4b87ce86e449)<br/>POWERAPPS FOR DYNAMICS 365 (52e619e2-2730-439a-b0d3-d09ab7e8b705)<br/>PROJECT ONLINE ESSENTIALS (1259157c-8581-4875-bca7-2ffb18c51bda)<br/>SHAREPOINT ONLINE (PLAN 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014) |
+| Dynamics 365 Operations ΓÇô Device | Dynamics_365_for_Operations_Devices | 3bbd44ed-8a70-4c07-9088-6232ddbd5ddd | DYN365_RETAIL_DEVICE (ceb28005-d758-4df7-bb97-87a617b93d6c)<br/>Dynamics_365_for_OperationsDevices (2c9fb43e-915a-4d61-b6ca-058ece89fd66)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318) | Dynamics 365 for Retail Device (ceb28005-d758-4df7-bb97-87a617b93d6c)<br/>Dynamics 365 for Operations Devices (2c9fb43e-915a-4d61-b6ca-058ece89fd66)<br/>Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318) |
+| Dynamics 365 Operations - Sandbox Tier 2:Standard Acceptance Testing | Dynamics_365_for_Operations_Sandbox_Tier2_SKU | e485d696-4c87-4aac-bf4a-91b2fb6f0fa7 | Dynamics_365_for_Operations_Sandbox_Tier2 (d8ba6fb2-c6b1-4f07-b7c8-5f2745e36b54)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318) | Dynamics 365 for Operations non-production multi-box instance for standard acceptance testing (Tier 2) (d8ba6fb2-c6b1-4f07-b7c8-5f2745e36b54)<br/>Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318) |
+| Dynamics 365 Operations - Sandbox Tier 4:Standard Performance Testing | Dynamics_365_for_Operations_Sandbox_Tier4_SKU | f7ad4bca-7221-452c-bdb6-3e6089f25e06 | Dynamics_365_for_Operations_Sandbox_Tier4 (f6b5efb1-1813-426f-96d0-9b4f7438714f)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318) | Dynamics 365 for Operations, Enterprise Edition - Sandbox Tier 4:Standard Performance Testing (f6b5efb1-1813-426f-96d0-9b4f7438714f)<br/>Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318) |
| DYNAMICS 365 P1 TRIAL FOR INFORMATION WORKERS | DYN365_ENTERPRISE_P1_IW | 338148b6-1b11-4102-afb9-f92b6cdc0f8d | DYN365_ENTERPRISE_P1_IW (056a5f80-b4e0-4983-a8be-7ad254a113c9)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318) | DYNAMICS 365 P1 TRIAL FOR INFORMATION WORKERS (056a5f80-b4e0-4983-a8be-7ad254a113c9)<br/>EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318) | | Dynamics 365 Remote Assist | MICROSOFT_REMOTE_ASSIST | 7a551360-26c4-4f61-84e6-ef715673e083 | CDS_REMOTE_ASSIST (0850ebb5-64ee-4d3a-a3e1-5a97213653b5)<br/>MICROSOFT_REMOTE_ASSIST (4f4c7800-298a-4e22-8867-96b17850d4dd)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929) | Common Data Service for Remote Assist (0850ebb5-64ee-4d3a-a3e1-5a97213653b5)<br/>Microsoft Remote Assist (4f4c7800-298a-4e22-8867-96b17850d4dd)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929) | | Dynamics 365 Remote Assist HoloLens | MICROSOFT_REMOTE_ASSIST_HOLOLENS | e48328a2-8e98-4484-a70f-a99f8ac9ec89 | CDS_REMOTE_ASSIST (0850ebb5-64ee-4d3a-a3e1-5a97213653b5)<br/>MICROSOFT_REMOTE_ASSIST (4f4c7800-298a-4e22-8867-96b17850d4dd)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929) | Common Data Service for Remote Assist (0850ebb5-64ee-4d3a-a3e1-5a97213653b5)<br/>Microsoft Remote Assist (4f4c7800-298a-4e22-8867-96b17850d4dd)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929) |
When managing licenses in [the Azure portal](https://portal.azure.com/#blade/Mic
| ENTERPRISE MOBILITY + SECURITY E5 | EMSPREMIUM | b05e124f-c7cc-45a0-a6aa-8cf78c946968 | AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>AAD_PREMIUM_P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>RMS_S_PREMIUM2 (5689bec4-755d-4753-8b61-40975025187c)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>ADALLOM_S_STANDALONE (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>ATA (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5) | AZURE ACTIVE DIRECTORY PREMIUM P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>AZURE ACTIVE DIRECTORY PREMIUM P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>AZURE INFORMATION PROTECTION PREMIUM P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>AZURE INFORMATION PROTECTION PREMIUM P2 (5689bec4-755d-4753-8b61-40975025187c)<br/>EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>MICROSOFT AZURE ACTIVE DIRECTORY RIGHTS (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>MICROSOFT AZURE MULTI-FACTOR AUTHENTICATION (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>MICROSOFT CLOUD APP SECURITY (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>MICROSOFT DEFENDER FOR IDENTITY (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>MICROSOFT INTUNE (c1ec4a95-1f05-45b3-a911-aa3fa01094f5) | | Enterprise Mobility + Security G3 GCC | EMS_GOV | c793db86-5237-494e-9b11-dcd4877c2c8c | AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>ADALLOM_S_DISCOVERY (932ad362-64a8-4783-9106-97849a1a30b9)<br/>EXCHANGE_S_FOUNDATION_GOV (922ba911-5694-4e99-a794-73aed9bfeec8)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5) | Azure Active Directory Premium P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>Azure Information Protection Premium P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>Cloud App Security Discovery (932ad362-64a8-4783-9106-97849a1a30b9)<br/>Exchange Foundation for Government (922ba911-5694-4e99-a794-73aed9bfeec8)<br/>Microsoft Azure Active Directory Rights (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Microsoft Azure Multi-Factor Authentication (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5) | | Enterprise Mobility + Security G5 GCC | EMSPREMIUM_GOV | 8a180c2b-f4cf-4d44-897c-3d32acc4a60b | AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>AAD_PREMIUM_P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>RMS_S_PREMIUM2 (5689bec4-755d-4753-8b61-40975025187c)<br/>EXCHANGE_S_FOUNDATION_GOV (922ba911-5694-4e99-a794-73aed9bfeec8)<br/>RMS_S_ENTERPRISE) (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>ADALLOM_S_STANDALONE (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>ATA (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5) |Azure Active Directory Premium P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>Azure Active Directory Premium P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>Azure Information Protection Premium P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>Azure Information Protection Premium P2 (5689bec4-755d-4753-8b61-40975025187c)<br/>Exchange Foundation for Government (922ba911-5694-4e99-a794-73aed9bfeec8)<br/>Microsoft Azure Active Directory Rights (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Microsoft Azure Multi-Factor Authentication (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>Microsoft Cloud App Security (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>Microsoft Defender for Identity (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5) |
-| EXCHANGE ONLINE (PLAN 1) | EXCHANGESTANDARD | 4b9405b0-7788-4568-add1-99614e613b69 | EXCHANGE_S_STANDARD (9aaf7827-d63c-4b61-89c3-182f06f82e5c) | EXCHANGE ONLINE (PLAN 1) (9aaf7827-d63c-4b61-89c3-182f06f82e5c)|
+| Exchange Online (Plan 1) | EXCHANGESTANDARD | 4b9405b0-7788-4568-add1-99614e613b69 | EXCHANGE_S_STANDARD (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>BPOS_S_TODO_1 (5e62787c-c316-451f-b873-1d05acd4d12c) | Exchange Online (Plan 1) (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>Mobile Device Management for Office 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>To-Do (Plan 1) (5e62787c-c316-451f-b873-1d05acd4d12c) |
| EXCHANGE ONLINE (PLAN 2) | EXCHANGEENTERPRISE | 19ec0d23-8335-4cbd-94ac-6050e30712fa | EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0) | EXCHANGE ONLINE (PLAN 2) (efb87545-963c-4e0d-99df-69c6916d9eb0) | | EXCHANGE ONLINE ARCHIVING FOR EXCHANGE ONLINE | EXCHANGEARCHIVE_ADDON | ee02fd1b-340e-4a4b-b355-4a514e4c8943 | EXCHANGE_S_ARCHIVE_ADDON (176a09a6-7ec5-4039-ac02-b2791c6ba793) | EXCHANGE ONLINE ARCHIVING FOR EXCHANGE ONLINE (176a09a6-7ec5-4039-ac02-b2791c6ba793) | | EXCHANGE ONLINE ARCHIVING FOR EXCHANGE SERVER | EXCHANGEARCHIVE | 90b5e015-709a-4b8b-b08e-3200f994494c | EXCHANGE_S_ARCHIVE (da040e0a-b393-4bea-bb76-928b3fa1cf5a) | EXCHANGE ONLINE ARCHIVING FOR EXCHANGE SERVER (da040e0a-b393-4bea-bb76-928b3fa1cf5a) |
When managing licenses in [the Azure portal](https://portal.azure.com/#blade/Mic
| EXCHANGE ONLINE KIOSK | EXCHANGEDESKLESS | 80b2d799-d2ba-4d2a-8842-fb0d0f3a4b82 | EXCHANGE_S_DESKLESS (4a82b400-a79f-41a4-b4e2-e94f5787b113) | EXCHANGE ONLINE KIOSK (4a82b400-a79f-41a4-b4e2-e94f5787b113) | | EXCHANGE ONLINE POP | EXCHANGETELCO | cb0a98a8-11bc-494c-83d9-c1b1ac65327e | EXCHANGE_B_STANDARD (90927877-dcff-4af6-b346-2332c0b15bb7) | EXCHANGE ONLINE POP (90927877-dcff-4af6-b346-2332c0b15bb7) | | INTUNE | INTUNE_A | 061f9ace-7d42-4136-88ac-31dc755f143f | INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5) | MICROSOFT INTUNE (c1ec4a95-1f05-45b3-a911-aa3fa01094f5) |
+| Microsoft Dynamics AX7 User Trial | AX7_USER_TRIAL | fcecd1f9-a91e-488d-a918-a96cdb6ce2b0 | ERP_TRIAL_INSTANCE (e2f705fd-2468-4090-8c58-fad6e6b1e724)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318) | Dynamics 365 Operations Trial Environment (e2f705fd-2468-4090-8c58-fad6e6b1e724)<br/>Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318) |
| Microsoft 365 A1 | M365EDU_A1 | b17653a4-2443-4e8c-a550-18249dda78bb | AAD_EDU (3a3976ce-de18-4a87-a78e-5e9245e252df)<br/>INTUNE_EDU (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>WINDOWS_STORE (a420f25f-a7b3-4ff5-a9d0-5d58f73b537d) | Azure Active Directory for Education (3a3976ce-de18-4a87-a78e-5e9245e252df)<br/>Intune for Education (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>Windows Store Service (a420f25f-a7b3-4ff5-a9d0-5d58f73b537d) | | MICROSOFT 365 A3 FOR FACULTY | M365EDU_A3_FACULTY | 4b590615-0888-425a-a965-b3bf7789848d | AAD_BASIC_EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>ADALLOM_S_DISCOVERY (932ad362-64a8-4783-9106-97849a1a30b9)<br/>EducationAnalyticsP1 (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW_O365_P2 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>MYANALYTICS_P2 (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>INTUNE_EDU (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>OFFICE_FORMS_PLAN_2 (9b5de886-f035-4ff2-b3d8-c9127bea3620)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>KAIZALA_O365_P3 (aebd3021-9f8f-4bf8-bbe3-0ed2f4f047a1)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_E3 (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MINECRAFT_EDUCATION_EDITION (4c246bbc-f513-4311-beff-eba54c353256)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>ADALLOM_S_O365 (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>SHAREPOINTWAC_EDU (e03c7e47-402c-463c-ab25-949079bedb21)<br/>POWERAPPS_O365_P2 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>SCHOOL_DATA_SYNC_P2 (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SHAREPOINTENTERPRISE_EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_2 (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>WHITEBOARD_PLAN2 (94a54592-cd8b-425e-87c6-97868b000b91)<br/>Virtualization Rights for Windows 10 (E3/E5+VDA) (e7c91390-7625-45be-94e0-e16907e03118)<br/>YAMMER_EDU (2078e8df-cff6-4290-98cb-5408261a760a) | Azure Active Directory Basic for EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>Azure Active Directory Premium P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>Azure Information Protection Premium P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>Azure Rights Management (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Cloud App Security Discovery (932ad362-64a8-4783-9106-97849a1a30b9)<br/>Education Analytics (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>Exchange Online (Plan 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Flow for Office 365 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>Information Protection for Office 365 - Standard (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>Insights by MyAnalytics (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>Intune for Education (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>Microsoft Azure Multi-Factor Authentication (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>Microsoft Bookings (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>Microsoft Forms (Plan 2) (9b5de886-f035-4ff2-b3d8-c9127bea3620)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>Microsoft Kaizala Pro Plan 3 (aebd3021-9f8f-4bf8-bbe3-0ed2f4f047a1)<br/>Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>Microsoft Search (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Microsoft StaffHub (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>Microsoft Stream for O365 E3 SKU (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Minecraft Education Edition (4c246bbc-f513-4311-beff-eba54c353256)<br/>Mobile Device Management for Office 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>Office 365 Advanced Security Management (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>Office 365 ProPlus (43de0ff5-c92c-492b-9116-175376d08c38)<br/>Office for the web (Education) (e03c7e47-402c-463c-ab25-949079bedb21)<br/>PowerApps for Office 365 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>School Data Sync (Plan 2) (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SharePoint Plan 2 for EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>Sway (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>To-Do (Plan 2) (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>Whiteboard (Plan 2) (94a54592-cd8b-425e-87c6-97868b000b91)<br/>Windows 10 Enterprise (New) (e7c91390-7625-45be-94e0-e16907e03118)<br/>Yammer for Academic (2078e8df-cff6-4290-98cb-5408261a760a) | | MICROSOFT 365 A3 FOR STUDENTS | M365EDU_A3_STUDENT | 7cfd9a2b-e110-4c39-bf20-c6a3f36a3121 | AAD_BASIC_EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>ADALLOM_S_DISCOVERY (932ad362-64a8-4783-9106-97849a1a30b9)<br/>EducationAnalyticsP1 (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW_O365_P2 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>MYANALYTICS_P2 (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>INTUNE_EDU (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>OFFICE_FORMS_PLAN_2 (9b5de886-f035-4ff2-b3d8-c9127bea3620)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>KAIZALA_O365_P3 (aebd3021-9f8f-4bf8-bbe3-0ed2f4f047a1)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_E3 (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MINECRAFT_EDUCATION_EDITION (4c246bbc-f513-4311-beff-eba54c353256)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>ADALLOM_S_O365 (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>SHAREPOINTWAC_EDU (e03c7e47-402c-463c-ab25-949079bedb21)<br/>POWERAPPS_O365_P2 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>SCHOOL_DATA_SYNC_P2 (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SHAREPOINTENTERPRISE_EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_2 (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>WHITEBOARD_PLAN2 (94a54592-cd8b-425e-87c6-97868b000b91)<br/>Virtualization Rights for Windows 10 (E3/E5+VDA) (e7c91390-7625-45be-94e0-e16907e03118)<br/>YAMMER_EDU (2078e8df-cff6-4290-98cb-5408261a760a) | Azure Active Directory Basic for EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>Azure Active Directory Premium P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>Azure Information Protection Premium P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>Azure Rights Management (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Cloud App Security Discovery (932ad362-64a8-4783-9106-97849a1a30b9)<br/>Education Analytics (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>Exchange Online (Plan 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Flow for Office 365 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>Information Protection for Office 365 - Standard (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>Insights by MyAnalytics (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>Intune for Education (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>Microsoft Azure Multi-Factor Authentication (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>Microsoft Bookings (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>Microsoft Forms (Plan 2) (9b5de886-f035-4ff2-b3d8-c9127bea3620)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>Microsoft Kaizala Pro Plan 3 (aebd3021-9f8f-4bf8-bbe3-0ed2f4f047a1)<br/>Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>Microsoft Search (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Microsoft StaffHub (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>Microsoft Stream for O365 E3 SKU (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Minecraft Education Edition (4c246bbc-f513-4311-beff-eba54c353256)<br/>Mobile Device Management for Office 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>Office 365 Advanced Security Management (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>Office 365 ProPlus (43de0ff5-c92c-492b-9116-175376d08c38)<br/>Office for the web (Education) (e03c7e47-402c-463c-ab25-949079bedb21)<br/>PowerApps for Office 365 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>School Data Sync (Plan 2) (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SharePoint Plan 2 for EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>Sway (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>To-Do (Plan 2) (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>Whiteboard (Plan 2) (94a54592-cd8b-425e-87c6-97868b000b91)<br/>Windows 10 Enterprise (New) (e7c91390-7625-45be-94e0-e16907e03118)<br/>Yammer for Academic (2078e8df-cff6-4290-98cb-5408261a760a) |
When managing licenses in [the Azure portal](https://portal.azure.com/#blade/Mic
| Microsoft 365 E5 Security | IDENTITY_THREAT_PROTECTION | 26124093-3d78-432b-b5dc-48bf992543d5 | AAD_PREMIUM_P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>ATA (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>ADALLOM_S_STANDALONE (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>WINDEFATP (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>ATP_ENTERPRISE (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>THREAT_INTELLIGENCE (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>SAFEDOCS (bf6f5520-59e3-4f82-974b-7dbbc4fd27c7) | Azure Active Directory Premium P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>Azure Advanced Threat Protection (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>Microsoft Cloud App Security (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>MICROSOFT DEFENDER FOR ENDPOINT (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>Microsoft Defender for Office 365 (Plan 1) (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>Microsoft Defender for Office 365 (Plan 2) (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>Office 365 SafeDocs (bf6f5520-59e3-4f82-974b-7dbbc4fd27c7) | | Microsoft 365 E5 Security for EMS E5 | IDENTITY_THREAT_PROTECTION_FOR_EMS_E5 | 44ac31e7-2999-4304-ad94-c948886741d4 | WINDEFATP (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>ATP_ENTERPRISE (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>THREAT_INTELLIGENCE (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>SAFEDOCS (bf6f5520-59e3-4f82-974b-7dbbc4fd27c7) | MICROSOFT DEFENDER FOR ENDPOINT (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>Microsoft Defender for Office 365 (Plan 1) (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>Microsoft Defender for Office 365 (Plan 2) (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>Office 365 SafeDocs (bf6f5520-59e3-4f82-974b-7dbbc4fd27c7) | | Microsoft 365 F1 | M365_F1 | 44575883-256e-4a79-9da4-ebe9acabe2b2 | AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>RMS_S_ENTERPRISE_GOV (6a76346d-5d6e-4051-9fe3-ed3f312b5597)<br/>ADALLOM_S_DISCOVERY (932ad362-64a8-4783-9106-97849a1a30b9)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>STREAM_O365_K (3ffba0d2-38e5-4d5e-8ec0-98f2b05c09d9)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>SHAREPOINTDESKLESS (902b47e5-dcb2-4fdc-858b-c63a90a2bdb9)<br/>MCOIMP (afc06cb0-b4f4-4473-8286-d644f70d8faf)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | Azure Active Directory Premium P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>Azure Information Protection Premium P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>Azure Rights Management (6a76346d-5d6e-4051-9fe3-ed3f312b5597)<br/>Cloud App Security Discovery (932ad362-64a8-4783-9106-97849a1a30b9)<br/>Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Microsoft Azure Multi-Factor Authentication (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>Microsoft Stream for O365 K SKU (3ffba0d2-38e5-4d5e-8ec0-98f2b05c09d9)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Mobile Device Management for Office 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>SharePoint Online Kiosk (902b47e5-dcb2-4fdc-858b-c63a90a2bdb9)<br/>Skype for Business Online (Plan 1) (afc06cb0-b4f4-4473-8286-d644f70d8faf)<br/>Yammer Enterprise (7547a3fe-08ee-4ccb-b430-5077c5041653) |
-| Microsoft 365 F3 | SPE_F1 | 66b55226-6b4f-492c-910c-a3b7a3c9d993 | AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>ADALLOM_S_DISCOVERY (932ad362-64a8-4783-9106-97849a1a30b9)<br/>EXCHANGE_S_DESKLESS (4a82b400-a79f-41a4-b4e2-e94f5787b113)<br/>FLOW_O365_S1 (bd91b1a4-9f94-4ecf-b45b-3a65e5c8128a)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>FORMS_PLAN_K (f07046bd-2a3c-4b96-b0be-dea79d7cbfb8)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>KAIZALA_O365_P1 (73b2a583-6a59-42e3-8e83-54db46bc3278)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_K (3ffba0d2-38e5-4d5e-8ec0-98f2b05c09d9)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>OFFICEMOBILE_SUBSCRIPTION (c63d4d19-e8cb-460e-b37c-4d6c34603745)<br/>POWERAPPS_O365_S1 (e0287f9f-e222-4f98-9a83-f379e249159a)<br/>SHAREPOINTDESKLESS (902b47e5-dcb2-4fdc-858b-c63a90a2bdb9)<br/>MCOIMP (afc06cb0-b4f4-4473-8286-d644f70d8faf)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_FIRSTLINE (80873e7a-cd2a-4e67-b061-1b5381a676a5)<br/>WHITEBOARD_FIRSTLINE1 (36b29273-c6d0-477a-aca6-6fbe24f538e3)<br/>WIN10_ENT_LOC_F1 (e041597c-9c7f-4ed9-99b0-2663301576f7)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | Azure Active Directory Premium P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>Azure Information Protection Premium P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>Azure Rights Management (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Cloud App Security Discovery (932ad362-64a8-4783-9106-97849a1a30b9)<br/>Exchange Online Kiosk (4a82b400-a79f-41a4-b4e2-e94f5787b113)<br/>Flow for Office 365 K1 (bd91b1a4-9f94-4ecf-b45b-3a65e5c8128a)<br/>Microsoft Azure Multi-Factor Authentication (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>Microsoft Forms (Plan F1) (f07046bd-2a3c-4b96-b0be-dea79d7cbfb8)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>Microsoft Kaizala Pro Plan 1 (73b2a583-6a59-42e3-8e83-54db46bc3278)<br/>Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>Microsoft Search (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Microsoft StaffHub (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>Microsoft Stream for O365 K SKU (3ffba0d2-38e5-4d5e-8ec0-98f2b05c09d9)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Mobile Device Management for Office 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>Office for the web (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>Office Mobile Apps for Office 365 (c63d4d19-e8cb-460e-b37c-4d6c34603745)<br/>PowerApps for Office 365 K1 (e0287f9f-e222-4f98-9a83-f379e249159a)<br/>SharePoint Online Kiosk (902b47e5-dcb2-4fdc-858b-c63a90a2bdb9)<br/>Skype for Business Online (Plan 1) (afc06cb0-b4f4-4473-8286-d644f70d8faf)<br/>Sway (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>To-Do (Firstline) (80873e7a-cd2a-4e67-b061-1b5381a676a5)<br/>Whiteboard (Firstline) (36b29273-c6d0-477a-aca6-6fbe24f538e3)<br/>Windows 10 Enterprise E3 (local only) (e041597c-9c7f-4ed9-99b0-2663301576f7)<br/>Yammer Enterprise (7547a3fe-08ee-4ccb-b430-5077c5041653) |
+| Microsoft 365 F3 | SPE_F1 | 66b55226-6b4f-492c-910c-a3b7a3c9d993 | AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>ADALLOM_S_DISCOVERY (932ad362-64a8-4783-9106-97849a1a30b9)<br/>DYN365_CDS_O365_F1 (ca6e61ec-d4f4-41eb-8b88-d96e0e14323f)<br/>CDS_O365_F1 (90db65a7-bf11-4904-a79f-ef657605145b)<br/>EXCHANGE_S_DESKLESS (4a82b400-a79f-41a4-b4e2-e94f5787b113)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>FORMS_PLAN_K (f07046bd-2a3c-4b96-b0be-dea79d7cbfb8)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>KAIZALA_O365_P1 (73b2a583-6a59-42e3-8e83-54db46bc3278)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_K (3ffba0d2-38e5-4d5e-8ec0-98f2b05c09d9)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>OFFICEMOBILE_SUBSCRIPTION (c63d4d19-e8cb-460e-b37c-4d6c34603745)<br/>POWERAPPS_O365_S1 (e0287f9f-e222-4f98-9a83-f379e249159a)<br/>FLOW_O365_S1 (bd91b1a4-9f94-4ecf-b45b-3a65e5c8128a)<br/>POWER_VIRTUAL_AGENTS_O365_F1 (ba2fdb48-290b-4632-b46a-e4ecc58ac11a)<br/>PROJECT_O365_F3 (7f6f28c2-34bb-4d4b-be36-48ca2e77e1ec)<br/>SHAREPOINTDESKLESS (902b47e5-dcb2-4fdc-858b-c63a90a2bdb9)<br/>MCOIMP (afc06cb0-b4f4-4473-8286-d644f70d8faf)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_FIRSTLINE (80873e7a-cd2a-4e67-b061-1b5381a676a5)<br/>UNIVERSAL_PRINT_01 (795f6fe0-cc4d-4773-b050-5dde4dc704c9)<br/>WHITEBOARD_FIRSTLINE1 (36b29273-c6d0-477a-aca6-6fbe24f538e3)<br/>WIN10_ENT_LOC_F1 (e041597c-9c7f-4ed9-99b0-2663301576f7)<br/>WINDOWSUPDATEFORBUSINESS_DEPLOYMENTSERVICE (7bf960f6-2cd9-443a-8046-5dbff9558365)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | Azure Active Directory Premium P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>Azure Information Protection Premium P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>Cloud App Security Discovery (932ad362-64a8-4783-9106-97849a1a30b9)<br/>Common Data Service - O365 F1 (ca6e61ec-d4f4-41eb-8b88-d96e0e14323f)<br/>Common Data Service for Teams_F1 (90db65a7-bf11-4904-a79f-ef657605145b)<br/>Exchange Online Kiosk (4a82b400-a79f-41a4-b4e2-e94f5787b113)<br/>Microsoft Azure Active Directory Rights (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Microsoft Azure Multi-Factor Authentication (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>Microsoft Bookings (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>Microsoft Forms (Plan F1) (f07046bd-2a3c-4b96-b0be-dea79d7cbfb8)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>Microsoft Kaizala Pro Plan 1 (73b2a583-6a59-42e3-8e83-54db46bc3278)<br/>Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>Microsoft Search (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Microsoft StaffHub (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>Microsoft Stream for O365 K SKU (3ffba0d2-38e5-4d5e-8ec0-98f2b05c09d9)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Mobile Device Management for Office 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>Office for the web (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>Office Mobile Apps for Office 365 (c63d4d19-e8cb-460e-b37c-4d6c34603745)<br/>Power Apps for Office 365 K1 (e0287f9f-e222-4f98-9a83-f379e249159a)<br/>Power Automate for Office 365 K1 (bd91b1a4-9f94-4ecf-b45b-3a65e5c8128a)<br/>Power Virtual Agents for Office 365 F1 (ba2fdb48-290b-4632-b46a-e4ecc58ac11a)<br/>Project for Office (Plan F) (7f6f28c2-34bb-4d4b-be36-48ca2e77e1ec)<br/>SharePoint Kiosk (902b47e5-dcb2-4fdc-858b-c63a90a2bdb9)<br/>Skype for Business Online (Plan 1) (afc06cb0-b4f4-4473-8286-d644f70d8faf)<br/>Sway (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>To-Do (Firstline) (80873e7a-cd2a-4e67-b061-1b5381a676a5)<br/>Universal Print (795f6fe0-cc4d-4773-b050-5dde4dc704c9)<br/>Whiteboard (Firstline) (36b29273-c6d0-477a-aca6-6fbe24f538e3)<br/>Windows 10 Enterprise E3 (local only) (e041597c-9c7f-4ed9-99b0-2663301576f7)<br/>Windows Update for Business Deployment Service (7bf960f6-2cd9-443a-8046-5dbff9558365)<br/>Yammer Enterprise (7547a3fe-08ee-4ccb-b430-5077c5041653) |
| MICROSOFT FLOW FREE | FLOW_FREE | f30db892-07e9-47e9-837c-80727f46fd3d | DYN365_CDS_VIRAL (17ab22cd-a0b3-4536-910a-cb6eb12696c0)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>FLOW_P2_VIRAL (50e68c76-46c6-4674-81f9-75456511b170) | COMMON DATA SERVICE - VIRAL (17ab22cd-a0b3-4536-910a-cb6eb12696c0)<br/>EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>FLOW FREE (50e68c76-46c6-4674-81f9-75456511b170) | | MICROSOFT 365 AUDIO CONFERENCING FOR GCC | MCOMEETADV_GOV | 2d3091c7-0712-488b-b3d8-6b97bde6a1f5 | EXCHANGE_S_FOUNDATION_GOV (922ba911-5694-4e99-a794-73aed9bfeec8)<br/>MCOMEETADV_GOV (f544b08d-1645-4287-82de-8d91f37c02a1) | EXCHANGE FOUNDATION FOR GOVERNMENT (922ba911-5694-4e99-a794-73aed9bfeec8)<br/>MICROSOFT 365 AUDIO CONFERENCING FOR GOVERNMENT (f544b08d-1645-4287-82de-8d91f37c02a1) |
+| Microsoft 365 E5 Suite features | M365_E5_SUITE_COMPONENTS | 99cc8282-2f74-4954-83b7-c6a9a1999067 | Content_Explorer (d9fa6af4-e046-4c89-9226-729a0786685d)<br/>MICROSOFTENDPOINTDLP (64bfac92-2b17-4482-b5e5-a0304429de3e)<br/>INSIDER_RISK (d587c7a3-bda9-4f99-8776-9bcf59c84f75)<br/>ML_CLASSIFICATION (d2d51368-76c9-4317-ada2-a12c004c432f)<br/>SAFEDOCS (bf6f5520-59e3-4f82-974b-7dbbc4fd27c7) | Information Protection and Governance Analytics ΓÇô Premium (d9fa6af4-e046-4c89-9226-729a0786685d)<br/>Microsoft Endpoint DLP (64bfac92-2b17-4482-b5e5-a0304429de3e)<br/>Microsoft Insider Risk Management (d587c7a3-bda9-4f99-8776-9bcf59c84f75)<br/>Microsoft ML-based classification (d2d51368-76c9-4317-ada2-a12c004c432f)<br/>Office 365 SafeDocs (bf6f5520-59e3-4f82-974b-7dbbc4fd27c7) |
+| Microsoft 365 F1 | M365_F1_COMM | 50f60901-3181-4b75-8a2c-4c8e4c1d5a72 | AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>ADALLOM_S_DISCOVERY (932ad362-64a8-4783-9106-97849a1a30b9)<br/>DYN365_CDS_O365_F1 (ca6e61ec-d4f4-41eb-8b88-d96e0e14323f)<br/>EXCHANGE_S_DESKLESS (4a82b400-a79f-41a4-b4e2-e94f5787b113)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>STREAM_O365_K (3ffba0d2-38e5-4d5e-8ec0-98f2b05c09d9)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>SHAREPOINTDESKLESS (902b47e5-dcb2-4fdc-858b-c63a90a2bdb9)<br/>MCOIMP (afc06cb0-b4f4-4473-8286-d644f70d8faf)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/> RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>ADALLOM_S_DISCOVERY (932ad362-64a8-4783-9106-97849a1a30b9)<br/>DYN365_CDS_O365_F1 (ca6e61ec-d4f4-41eb-8b88-d96e0e14323f)<br/>EXCHANGE_S_DESKLESS (4a82b400-a79f-41a4-b4e2-e94f5787b113)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>STREAM_O365_K (3ffba0d2-38e5-4d5e-8ec0-98f2b05c09d9)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>SHAREPOINTDESKLESS (902b47e5-dcb2-4fdc-858b-c63a90a2bdb9)<br/>MCOIMP (afc06cb0-b4f4-4473-8286-d644f70d8faf)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) |
| MICROSOFT 365 G3 GCC | M365_G3_GOV | e823ca47-49c4-46b3-b38d-ca11d5abe3d2 | AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>RMS_S_ENTERPRISE_GOV (6a76346d-5d6e-4051-9fe3-ed3f312b5597)<br/>RMS_S_PREMIUM_GOV (1b66aedf-8ca1-4f73-af76-ec76c6180f98)<br/>DYN365_CDS_O365_P2_GCC (06162da2-ebf9-4954-99a0-00fee96f95cc)<br/>CDS_O365_P2_GCC (a70bbf38-cdda-470d-adb8-5804b8770f41)<br/>EXCHANGE_S_ENTERPRISE_GOV (8c3069c0-ccdb-44be-ab77-986203a67df2)<br/>FORMS_GOV_E3 (24af5f65-d0f3-467b-9f78-ea798c4aeffc)<br/>CONTENT_EXPLORER (d9fa6af4-e046-4c89-9226-729a0786685d)<br/>CONTENTEXPLORER_STANDARD (2b815d45-56e4-4e3a-b65c-66cb9175b560)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>MYANALYTICS_P2_GOV (6e5b7995-bd4f-4cbd-9d19-0e32010c72f0)<br/>OFFICESUBSCRIPTION_GOV (de9234ff-6483-44d9-b15e-dca72fdd27af)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>STREAM_O365_E3_GOV (2c1ada27-dbaa-46f9-bda6-ecb94445f758)<br/>TEAMS_GOV (304767db-7d23-49e8-a945-4a7eb65f9f28)<br/>PROJECTWORKMANAGEMENT_GOV (5b4ef465-7ea1-459a-9f91-033317755a51)<br/>SHAREPOINTWAC_GOV (8f9f0f3b-ca90-406c-a842-95579171f8ec)<br/>POWERAPPS_O365_P2_GOV (0a20c815-5e81-4727-9bdc-2b5a117850c3)<br/>FLOW_O365_P2_GOV (c537f360-6a00-4ace-a7f5-9128d0ac1e4b)<br/>SHAREPOINTENTERPRISE_GOV (153f85dd-d912-4762-af6c-d6e0fb4f6692)<br/>MCOSTANDARD_GOV (a31ef4a2-f787-435e-8335-e47eb0cafc94) | AZURE ACTIVE DIRECTORY PREMIUM P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>AZURE RIGHTS MANAGEMENT (6a76346d-5d6e-4051-9fe3-ed3f312b5597)<br/>AZURE RIGHTS MANAGEMENT PREMIUM FOR GOVERNMENT (1b66aedf-8ca1-4f73-af76-ec76c6180f98)<br/>COMMON DATA SERVICE - O365 P2 GCC (06162da2-ebf9-4954-99a0-00fee96f95cc)<br/>COMMON DATA SERVICE FOR TEAMS_P2 GCC (a70bbf38-cdda-470d-adb8-5804b8770f41)<br/>EXCHANGE PLAN 2G (8c3069c0-ccdb-44be-ab77-986203a67df2)<br/>FORMS FOR GOVERNMENT (PLAN E3) (24af5f65-d0f3-467b-9f78-ea798c4aeffc)<br/>INFORMATION PROTECTION AND GOVERNANCE ANALYTICS ΓÇô PREMIUM (d9fa6af4-e046-4c89-9226-729a0786685d)<br/>INFORMATION PROTECTION AND GOVERNANCE ANALYTICS ΓÇô STANDARD (2b815d45-56e4-4e3a-b65c-66cb9175b560)<br/>INFORMATION PROTECTION FOR OFFICE 365 ΓÇô STANDARD (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>INSIGHTS BY MYANALYTICS FOR GOVERNMENT (6e5b7995-bd4f-4cbd-9d19-0e32010c72f0)<br/>MICROSOFT 365 APPS FOR ENTERPRISE G (de9234ff-6483-44d9-b15e-dca72fdd27af)<br/>MICROSOFT Azure Multi-Factor Authentication (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>MICROSOFT BOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>MICROSOFT INTUNE (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>MICROSOFT STREAM FOR O365 FOR GOVERNMENT (E3) (2c1ada27-dbaa-46f9-bda6-ecb94445f758)<br/>MICROSOFT TEAMS FOR GOVERNMENT (304767db-7d23-49e8-a945-4a7eb65f9f28)<br/>OFFICE 365 PLANNER FOR GOVERNMENT (5b4ef465-7ea1-459a-9f91-033317755a51)<br/>OFFICE FOR THE WEB (GOVERNMENT) (8f9f0f3b-ca90-406c-a842-95579171f8ec)<br/>POWER APPS FOR OFFICE 365 FOR GOVERNMENT (0a20c815-5e81-4727-9bdc-2b5a117850c3)<br/>POWER AUTOMATE FOR OFFICE 365 FOR GOVERNMENT (c537f360-6a00-4ace-a7f5-9128d0ac1e4b)<br/>SHAREPOINT PLAN 2G (153f85dd-d912-4762-af6c-d6e0fb4f6692)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) FOR GOVERNMENT (a31ef4a2-f787-435e-8335-e47eb0cafc94) | | MICROSOFT 365 PHONE SYSTEM | MCOEV | e43b5b99-8dfb-405f-9987-dc307f34bcbd | MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7) | MICROSOFT 365 PHONE SYSTEM (4828c8ec-dc2e-4779-b502-87ac9ce28ab7) | | MICROSOFT 365 PHONE SYSTEM FOR DOD | MCOEV_DOD | d01d9287-694b-44f3-bcc5-ada78c8d953e | MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7) | MICROSOFT 365 PHONE SYSTEM (4828c8ec-dc2e-4779-b502-87ac9ce28ab7) |
When managing licenses in [the Azure portal](https://portal.azure.com/#blade/Mic
| MICROSOFT 365 PHONE SYSTEM_USGOV_GCCHIGH | MCOEV_USGOV_GCCHIGH | 985fcb26-7b94-475b-b512-89356697be71 | MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7) | MICROSOFT 365 PHONE SYSTEM (4828c8ec-dc2e-4779-b502-87ac9ce28ab7) | | MICROSOFT 365 PHONE SYSTEM - VIRTUAL USER | PHONESYSTEM_VIRTUALUSER | 440eaaa8-b3e0-484b-a8be-62870b9ba70a | MCOEV_VIRTUALUSER (f47330e9-c134-43b3-9993-e7f004506889) | MICROSOFT 365 PHONE SYSTEM VIRTUAL USER (f47330e9-c134-43b3-9993-e7f004506889)| | Microsoft 365 Phone System - Virtual User for GCC | PHONESYSTEM_VIRTUALUSER_GOV | 2cf22bcb-0c9e-4bc6-8daf-7e7654c0f285 | MCOEV_VIRTUALUSER_GOV (0628a73f-3b4a-4989-bd7b-0f8823144313) | Microsoft 365 Phone System Virtual User for Government (0628a73f-3b4a-4989-bd7b-0f8823144313) |
-| MICROSOFT 365 SECURITY AND COMPLIANCE FOR FLW | M365_SECURITY_COMPLIANCE_FOR_FLW | 2347355b-4e81-41a4-9c22-55057a399791 | AAD_PREMIUM_P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>RMS_S_PREMIUM2 (5689bec4-755d-4753-8b61-40975025187c)<br/>LOCKBOX_ENTERPRISE (9f431833-0334-42de-a7dc-70aa40db46db)<br/>MIP_S_Exchange (cd31b152-6326-4d1b-ae1b-997b625182e6)<br/>BPOS_S_DlpAddOn (9bec7e34-c9fa-40b7-a9d1-bd6d1165c7ed)<br/>EXCHANGE_S_ARCHIVE_ADDON (176a09a6-7ec5-4039-ac02-b2791c6ba793)<br/>INFORMATION_BARRIERS (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>MIP_S_CLP2 (efb0351d-3b08-4503-993d-383af8de41e3)<br/>MTP (bf28f719-7844-4079-9c78-c1307898e192)<br/>ADALLOM_S_STANDALONE (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>WINDEFATP (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>ATA (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>ATP_ENTERPRISE (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>THREAT_INTELLIGENCE (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>EQUIVIO_ANALYTICS (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>PAM_ENTERPRISE (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>PREMIUM_ENCRYPTION (617b097b-4b93-4ede-83de-5f075bb5fb2f) | AZURE ACTIVE DIRECTORY PREMIUM P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>AZURE INFORMATION PROTECTION PREMIUM P2 (5689bec4-755d-4753-8b61-40975025187c)<br/>CUSTOMER LOCKBOX (9f431833-0334-42de-a7dc-70aa40db46db)<br/>DATA CLASSIFICATION IN MICROSOFT 365 (cd31b152-6326-4d1b-ae1b-997b625182e6)<br/>DATA LOSS PREVENTION (9bec7e34-c9fa-40b7-a9d1-bd6d1165c7ed)<br/>EXCHANGE ONLINE ARCHIVING FOR EXCHANGE ONLINE (176a09a6-7ec5-4039-ac02-b2791c6ba793)<br/>INFORMATION BARRIERS (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>INFORMATION PROTECTION FOR OFFICE 365 ΓÇô PREMIUM (efb0351d-3b08-4503-993d-383af8de41e3)<br/>MICROSOFT 365 DEFENDER (bf28f719-7844-4079-9c78-c1307898e192)<br/>MICROSOFT CLOUD APP SECURITY (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>MICROSOFT DEFENDER FOR ENDPOINT (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>MICROSOFT DEFENDER FOR IDENTITY (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>MICROSOFT DEFENDER FOR OFFICE 365 (PLAN 1) (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>MICROSOFT DEFENDER FOR OFFICE 365 (PLAN 2) (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>OFFICE 365 ADVANCED EDISCOVERY (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>OFFICE 365 PRIVILEGED ACCESS MANAGEMENT (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>PREMIUM ENCRYPTION IN OFFICE 365 (617b097b-4b93-4ede-83de-5f075bb5fb2f |
+| Microsoft 365 Security and Compliance for Firstline Workers | M365_SECURITY_COMPLIANCE_FOR_FLW | 2347355b-4e81-41a4-9c22-55057a399791 | AAD_PREMIUM_P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>RMS_S_PREMIUM2 (5689bec4-755d-4753-8b61-40975025187c)<br/>LOCKBOX_ENTERPRISE (9f431833-0334-42de-a7dc-70aa40db46db)<br/>MIP_S_Exchange (cd31b152-6326-4d1b-ae1b-997b625182e6)<br/>BPOS_S_DlpAddOn (9bec7e34-c9fa-40b7-a9d1-bd6d1165c7ed)<br/>EXCHANGE_S_ARCHIVE_ADDON (176a09a6-7ec5-4039-ac02-b2791c6ba793)<br/>INFORMATION_BARRIERS (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>Content_Explorer (d9fa6af4-e046-4c89-9226-729a0786685d)<br/>ContentExplorer_Standard (2b815d45-56e4-4e3a-b65c-66cb9175b560)<br/>MIP_S_CLP2 (efb0351d-3b08-4503-993d-383af8de41e3)<br/>MICROSOFT_COMMUNICATION_COMPLIANCE (a413a9ff-720c-4822-98ef-2f37c2a21f4c)<br/>M365_ADVANCED_AUDITING (2f442157-a11c-46b9-ae5b-6e39ff4e5849)<br/>MTP (bf28f719-7844-4079-9c78-c1307898e192)<br/>ADALLOM_S_STANDALONE (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>COMMUNICATIONS_DLP (6dc145d6-95dd-4191-b9c3-185575ee6f6b)<br/>CUSTOMER_KEY (6db1f1db-2b46-403f-be40-e39395f08dbb)<br/>WINDEFATP (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>ATA (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>ATP_ENTERPRISE (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>THREAT_INTELLIGENCE (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>MICROSOFTENDPOINTDLP (64bfac92-2b17-4482-b5e5-a0304429de3e)<br/>ML_CLASSIFICATION (d2d51368-76c9-4317-ada2-a12c004c432f)<br/>EQUIVIO_ANALYTICS (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>PAM_ENTERPRISE (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>PREMIUM_ENCRYPTION (617b097b-4b93-4ede-83de-5f075bb5fb2f) | Azure Active Directory Premium P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>Azure Information Protection Premium P2 (5689bec4-755d-4753-8b61-40975025187c)<br/>Customer Lockbox (9f431833-0334-42de-a7dc-70aa40db46db)<br/>Data Classification in Microsoft 365 (cd31b152-6326-4d1b-ae1b-997b625182e6)<br/>Data Loss Prevention (9bec7e34-c9fa-40b7-a9d1-bd6d1165c7ed)<br/>Exchange Online Archiving for Exchange Online (176a09a6-7ec5-4039-ac02-b2791c6ba793)<br/>Information Barriers (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>Information Protection and Governance Analytics ΓÇô Premium (d9fa6af4-e046-4c89-9226-729a0786685d)<br/>Information Protection and Governance Analytics ΓÇô Standard (2b815d45-56e4-4e3a-b65c-66cb9175b560)<br/>Information Protection for Office 365 ΓÇô Premium (efb0351d-3b08-4503-993d-383af8de41e3)<br/>M365 Communication Compliance (a413a9ff-720c-4822-98ef-2f37c2a21f4c)<br/>Microsoft 365 Advanced Auditing (2f442157-a11c-46b9-ae5b-6e39ff4e5849)<br/>Microsoft 365 Defender (bf28f719-7844-4079-9c78-c1307898e192)<br/>Microsoft Cloud App Security (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>Microsoft Communications DLP (6dc145d6-95dd-4191-b9c3-185575ee6f6b)<br/>Microsoft Customer Key (6db1f1db-2b46-403f-be40-e39395f08dbb)<br/>Microsoft Defender For Endpoint (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>Microsoft Defender for Identity (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>Microsoft Defender for Office 365 (Plan 1) (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>Microsoft Defender for Office 365 (Plan 2) (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>Microsoft Endpoint DLP (64bfac92-2b17-4482-b5e5-a0304429de3e)<br/>Microsoft ML-based classification (d2d51368-76c9-4317-ada2-a12c004c432f)<br/>Office 365 Advanced eDiscovery (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>Office 365 Privileged Access Management (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>Premium Encryption in Office 365 (617b097b-4b93-4ede-83de-5f075bb5fb2f) |
| MICROSOFT BUSINESS CENTER | MICROSOFT_BUSINESS_CENTER | 726a0894-2c77-4d65-99da-9775ef05aad1 | MICROSOFT_BUSINESS_CENTER (cca845f9-fd51-4df6-b563-976a37c56ce0) | MICROSOFT BUSINESS CENTER (cca845f9-fd51-4df6-b563-976a37c56ce0) | | Microsoft Cloud App Security | ADALLOM_STANDALONE | df845ce7-05f9-4894-b5f2-11bbfbcfd2b6 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>ADALLOM_S_STANDALONE (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2) | Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Microsoft Cloud App Security (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2) | | MICROSOFT DEFENDER FOR ENDPOINT | WIN_DEF_ATP | 111046dd-295b-4d6d-9724-d52ac90bd1f2 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>WINDEFATP (871d91ec-ec1a-452b-a83f-bd76c7d770ef) | Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>MICROSOFT DEFENDER FOR ENDPOINT (871d91ec-ec1a-452b-a83f-bd76c7d770ef) |
When managing licenses in [the Azure portal](https://portal.azure.com/#blade/Mic
| MICROSOFT INTUNE DEVICE FOR GOVERNMENT | INTUNE_A_D_GOV | 2c21e77a-e0d6-4570-b38a-7ff2dc17d2ca | EXCHANGE_S_FOUNDATION_GOV (922ba911-5694-4e99-a794-73aed9bfeec8)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5) | Exchange Foundation for Government (922ba911-5694-4e99-a794-73aed9bfeec8)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5) | | MICROSOFT POWER APPS PLAN 2 TRIAL | POWERAPPS_VIRAL | dcb1a3ae-b33f-4487-846a-a640262fadf4 | DYN365_CDS_VIRAL (17ab22cd-a0b3-4536-910a-cb6eb12696c0)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>FLOW_P2_VIRAL (50e68c76-46c6-4674-81f9-75456511b170)<br/>FLOW_P2_VIRAL_REAL (d20bfa21-e9ae-43fc-93c2-20783f0840c3)<br/>POWERAPPS_P2_VIRAL (d5368ca3-357e-4acb-9c21-8495fb025d1f) | COMMON DATA SERVICE ΓÇô VIRAL (17ab22cd-a0b3-4536-910a-cb6eb12696c0)<br/>EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>FLOW FREE (50e68c76-46c6-4674-81f9-75456511b170)<br/>FLOW P2 VIRAL (d20bfa21-e9ae-43fc-93c2-20783f0840c3)<br/>POWERAPPS TRIAL (d5368ca3-357e-4acb-9c21-8495fb025d1f) | | MICROSOFT INTUNE SMB | INTUNE_SMB | e6025b08-2fa5-4313-bd0a-7e5ffca32958 | AAD_SMB (de377cbc-0019-4ec2-b77c-3f223947e102)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>INTUNE_SMBIZ (8e9ff0ff-aa7a-4b20-83c1-2f636b600ac2)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/> | AZURE ACTIVE DIRECTORY (de377cbc-0019-4ec2-b77c-3f223947e102)<br/> EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/> MICROSOFT INTUNE (8e9ff0ff-aa7a-4b20-83c1-2f636b600ac2)<br/> MICROSOFT INTUNE (c1ec4a95-1f05-45b3-a911-aa3fa01094f5) |
+| Microsoft Power Apps Plan 2 (Qualified Offer) | POWERFLOW_P2 | ddfae3e3-fcb2-4174-8ebd-3023cb213c8b | DYN365_CDS_P2 (6ea4c1ef-c259-46df-bce2-943342cd3cb2)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>FLOW_P2 (56be9436-e4b2-446c-bb7f-cc15d16cca4d)<br/>POWERAPPS_P2 (00527d7f-d5bc-4c2a-8d1e-6c0de2410c81) | Common Data Service - P2 (6ea4c1ef-c259-46df-bce2-943342cd3cb2)<br/>Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Flow Plan 2 (56be9436-e4b2-446c-bb7f-cc15d16cca4d)<br/>PowerApps Plan 2 (00527d7f-d5bc-4c2a-8d1e-6c0de2410c81) |
+| Microsoft Power Automate Free | FLOW_FREE | f30db892-07e9-47e9-837c-80727f46fd3d | DYN365_CDS_VIRAL (17ab22cd-a0b3-4536-910a-cb6eb12696c0)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>FLOW_P2_VIRAL (50e68c76-46c6-4674-81f9-75456511b170) | Common Data Service ΓÇô VIRAL (17ab22cd-a0b3-4536-910a-cb6eb12696c0)<br/>Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Flow Free (50e68c76-46c6-4674-81f9-75456511b170) |
| MICROSOFT STREAM | STREAM | 1f2f344a-700d-42c9-9427-5cea1d5d7ba6 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>MICROSOFTSTREAM (acffdce6-c30f-4dc2-81c0-372e33c515ec) | EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>MICROSOFT STREAM (acffdce6-c30f-4dc2-81c0-372e33c515ec) |
+| Microsoft Stream Plan 2 | STREAM_P2 | ec156933-b85b-4c50-84ec-c9e5603709ef | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>STREAM_P2 (d3a458d0-f10d-48c2-9e44-86f3f684029e) | Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Microsoft Stream Plan 2 (d3a458d0-f10d-48c2-9e44-86f3f684029e) |
+|Microsoft Stream Storage Add-On (500 GB) | STREAM_STORAGE | 9bd7c846-9556-4453-a542-191d527209e8 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>STREAM_STORAGE (83bced11-77ce-4071-95bd-240133796768) | Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Microsoft Stream Storage Add-On (83bced11-77ce-4071-95bd-240133796768) |
| MICROSOFT TEAMS (FREE) | TEAMS_FREE | 16ddbbfc-09ea-4de2-b1d7-312db6112d70 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>MCOFREE (617d9209-3b90-4879-96e6-838c42b2701d)<br/>TEAMS_FREE (4fa4026d-ce74-4962-a151-8e96d57ea8e4)<br/>SHAREPOINTDESKLESS (902b47e5-dcb2-4fdc-858b-c63a90a2bdb9)<br/>TEAMS_FREE_SERVICE (bd6f2ac2-991a-49f9-b23c-18c96a02c228)<br/>WHITEBOARD_FIRSTLINE1 (36b29273-c6d0-477a-aca6-6fbe24f538e3) | EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>MCO FREE FOR MICROSOFT TEAMS (FREE) (617d9209-3b90-4879-96e6-838c42b2701d)<br/>MICROSOFT TEAMS (FREE) (4fa4026d-ce74-4962-a151-8e96d57ea8e4)<br/>SHAREPOINT KIOSK (902b47e5-dcb2-4fdc-858b-c63a90a2bdb9)<br/>TEAMS FREE SERVICE (bd6f2ac2-991a-49f9-b23c-18c96a02c228)<br/>WHITEBOARD (FIRSTLINE) (36b29273-c6d0-477a-aca6-6fbe24f538e3) | | MICROSOFT TEAMS EXPLORATORY | TEAMS_EXPLORATORY | 710779e8-3d4a-4c88-adb9-386c958d1fdf | CDS_O365_P1 (bed136c6-b799-4462-824d-fc045d3a9d25)<br/>EXCHANGE_S_STANDARD (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>MYANALYTICS_P2 (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>FORMS_PLAN_E1 (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>PROJECTWORKMANAGEMENT(b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>DESKLESS (s8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_E1 (743dd19e-1ce3-4c62-a3ad-49ba8f63a2f6)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MCO_TEAMS_IW (42a3ec34-28ba-46b6-992f-db53a675ac5b)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>OFFICEMOBILE_SUBSCRIPTION (c63d4d19-e8cb-460e-b37c-4d6c34603745)<br/>POWERAPPS_O365_P1 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>FLOW_O365_P1 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>POWER_VIRTUAL_AGENTS_O365_P1 (0683001c-0492-4d59-9515-d9a6426b5813)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_1 (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>WHITEBOARD_PLAN1 (b8afc642-032e-4de5-8c0a-507a7bba7e5d)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | COMMON DATA SERVICE FOR TEAMS_P1 (bed136c6-b799-4462-824d-fc045d3a9d25)<br/>EXCHANGE ONLINE (PLAN 1) (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>INSIGHTS BY MYANALYTICS (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>MICROSOFT FORMS (PLAN E1) (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>MICROSOFT PLANNER (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>MICROSOFT STAFFHUB (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>MICROSOFT STREAM FOR O365 E1 SKU (743dd19e-1ce3-4c62-a3ad-49ba8f63a2f6)<br/>MICROSOFT TEAMS (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MICROSOFT TEAMS (42a3ec34-28ba-46b6-992f-db53a675ac5b)<br/>MOBILE DEVICE MANAGEMENT FOR OFFICE 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>OFFICE FOR THE WEB (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>OFFICE MOBILE APPS FOR OFFICE 365 (c63d4d19-e8cb-460e-b37c-4d6c34603745)<br/>POWER APPS FOR OFFICE 365 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>POWER AUTOMATE FOR OFFICE 365 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>POWER VIRTUAL AGENTS FOR OFFICE 365 P1 (0683001c-0492-4d59-9515-d9a6426b5813)<br/>SHAREPOINT STANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TO-DO (PLAN 1) (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>WHITEBOARD (PLAN 1) (b8afc642-032e-4de5-8c0a-507a7bba7e5d)<br/>YAMMER ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653 | | Microsoft Teams Rooms Standard | MEETING_ROOM | 6070a4c8-34c6-4937-8dfb-39bbc6397a60 | MCOMEETADV (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>WHITEBOARD_PLAN3 (4a51bca5-1eff-43f5-878c-177680f191af) | Microsoft 365 Audio Conferencing (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>Microsoft 365 Phone System (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>Whiteboard (Plan 3) (4a51bca5-1eff-43f5-878c-177680f191af) |
+| Microsoft Threat Experts - Experts on Demand | EXPERTS_ON_DEMAND | 9fa2f157-c8e4-4351-a3f2-ffa506da1406 | EXPERTS_ON_DEMAND (b83a66d4-f05f-414d-ac0f-ea1c5239c42b) | Microsoft Threat Experts - Experts on Demand (b83a66d4-f05f-414d-ac0f-ea1c5239c42b) |
| Teams Rooms Premium | MTR_PREM | 4fb214cb-a430-4a91-9c91-4976763aa78f | MMR_P1 (bdaa59a3-74fd-4137-981a-31d4f84eb8a0)<br/>MCOMEETADV (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>WHITEBOARD_PLAN3 (4a51bca5-1eff-43f5-878c-177680f191af) | Meeting Room Managed Services (bdaa59a3-74fd-4137-981a-31d4f84eb8a0)<br/>Microsoft 365 Audio Conferencing (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>Microsoft 365 Phone System (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>Whiteboard (Plan 3) (4a51bca5-1eff-43f5-878c-177680f191af) | | Office 365 A5 for faculty| ENTERPRISEPREMIUM_FACULTY | a4585165-0533-458a-97e3-c400570268c4 | AAD_BASIC_EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>LOCKBOX_ENTERPRISE (9f431833-0334-42de-a7dc-70aa40db46db)<br/>EducationAnalyticsP1 (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW_O365_P3 (07699545-9485-468e-95b6-2fca3738be01)<br/>INFORMATION_BARRIERS (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>MIP_S_CLP2 (efb0351d-3b08-4503-993d-383af8de41e3)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>M365_ADVANCED_AUDITING (2f442157-a11c-46b9-ae5b-6e39ff4e5849)<br/>MCOMEETADV (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>COMMUNICATIONS_COMPLIANCE (41fcdd7d-4733-4863-9cf4-c65b83ce2df4)<br/>COMMUNICATIONS_DLP (6dc145d6-95dd-4191-b9c3-185575ee6f6b)<br/>CUSTOMER_KEY (6db1f1db-2b46-403f-be40-e39395f08dbb)<br/>DATA_INVESTIGATIONS (46129a58-a698-46f0-aa5b-17f6586297d9)<br/>OFFICE_FORMS_PLAN_3 (96c1e14a-ef43-418d-b115-9636cdaa8eed)<br/>INFO_GOVERNANCE (e26c2fcc-ab91-4a61-b35c-03cdc8dddf66)<br/>KAIZALA_STANDALONE (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>EXCHANGE_ANALYTICS (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>RECORDS_MANAGEMENT (65cc641f-cccd-4643-97e0-a17e3045e541)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_E5 (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>EQUIVIO_ANALYTICS (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>ADALLOM_S_O365 (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>ATP_ENTERPRISE (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>THREAT_INTELLIGENCE (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>PAM_ENTERPRISE (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>SHAREPOINTWAC_EDU (e03c7e47-402c-463c-ab25-949079bedb21)<br/>BI_AZURE_P2 (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>POWERAPPS_O365_P3 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>PREMIUM_ENCRYPTION (617b097b-4b93-4ede-83de-5f075bb5fb2f)<br/>SCHOOL_DATA_SYNC_P2 (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SHAREPOINTENTERPRISE_EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_3 (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>WHITEBOARD_PLAN3 (4a51bca5-1eff-43f5-878c-177680f191af)<br/>YAMMER_EDU (2078e8df-cff6-4290-98cb-5408261a760a) | Azure Active Directory Basic for EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>Azure Rights Management (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Customer Lockbox (9f431833-0334-42de-a7dc-70aa40db46db)<br/>Education Analytics (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>Exchange Online (Plan 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Flow for Office 365 (07699545-9485-468e-95b6-2fca3738be01)<br/>Information Barriers (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>Information Protection for Office 365 - Premium (efb0351d-3b08-4503-993d-383af8de41e3)<br/>Information Protection for Office 365 - Standard (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>Microsoft 365 Advanced Auditing (2f442157-a11c-46b9-ae5b-6e39ff4e5849)<br/>Microsoft 365 Audio Conferencing (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>Microsoft 365 Phone System (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>Microsoft Bookings (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>Microsoft Communications Compliance (41fcdd7d-4733-4863-9cf4-c65b83ce2df4)<br/>Microsoft Communications DLP (6dc145d6-95dd-4191-b9c3-185575ee6f6b)<br/>Microsoft Customer Key (6db1f1db-2b46-403f-be40-e39395f08dbb)<br/>Microsoft Data Investigations (46129a58-a698-46f0-aa5b-17f6586297d9)<br/>Microsoft Forms (Plan 3) (96c1e14a-ef43-418d-b115-9636cdaa8eed)<br/>Microsoft Information Governance (e26c2fcc-ab91-4a61-b35c-03cdc8dddf66)<br/>Microsoft Kaizala (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>Microsoft MyAnalytics (Full) (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>Microsoft Records Management (65cc641f-cccd-4643-97e0-a17e3045e541)<br/>Microsoft Search (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Microsoft StaffHub (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>Microsoft Stream for O365 E5 SKU (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Mobile Device Management for Office 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>Office 365 Advanced eDiscovery (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>Office 365 Advanced Security Management (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>Microsoft Defender for Office 365 (Plan 1) (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>Microsoft Defender for Office 365 (Plan 2) (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>Office 365 Privileged Access Management (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>Office 365 ProPlus (43de0ff5-c92c-492b-9116-175376d08c38)<br/>Office for the web (Education) (e03c7e47-402c-463c-ab25-949079bedb21)<br/>Power BI Pro (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>PowerApps for Office 365 Plan 3 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>Premium Encryption in Office 365 (617b097b-4b93-4ede-83de-5f075bb5fb2f)<br/>School Data Sync (Plan 2) (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SharePoint Plan 2 for EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>Sway (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>To-Do (Plan 3) (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>Whiteboard (Plan 3) (4a51bca5-1eff-43f5-878c-177680f191af)<br/>Yammer for Academic (2078e8df-cff6-4290-98cb-5408261a760a) | | Office 365 A5 for students | ENTERPRISEPREMIUM_STUDENT | ee656612-49fa-43e5-b67e-cb1fdf7699df | AAD_BASIC_EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>LOCKBOX_ENTERPRISE (9f431833-0334-42de-a7dc-70aa40db46db)<br/>EducationAnalyticsP1 (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW_O365_P3 (07699545-9485-468e-95b6-2fca3738be01)<br/>INFORMATION_BARRIERS (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>MIP_S_CLP2 (efb0351d-3b08-4503-993d-383af8de41e3)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>M365_ADVANCED_AUDITING (2f442157-a11c-46b9-ae5b-6e39ff4e5849)<br/>MCOMEETADV (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>COMMUNICATIONS_COMPLIANCE (41fcdd7d-4733-4863-9cf4-c65b83ce2df4)<br/>COMMUNICATIONS_DLP (6dc145d6-95dd-4191-b9c3-185575ee6f6b)<br/>CUSTOMER_KEY (6db1f1db-2b46-403f-be40-e39395f08dbb)<br/>DATA_INVESTIGATIONS (46129a58-a698-46f0-aa5b-17f6586297d9)<br/>OFFICE_FORMS_PLAN_3 (96c1e14a-ef43-418d-b115-9636cdaa8eed)<br/>INFO_GOVERNANCE (e26c2fcc-ab91-4a61-b35c-03cdc8dddf66)<br/>KAIZALA_STANDALONE (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>EXCHANGE_ANALYTICS (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>RECORDS_MANAGEMENT (65cc641f-cccd-4643-97e0-a17e3045e541)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_E5 (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>EQUIVIO_ANALYTICS (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>ADALLOM_S_O365 (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>ATP_ENTERPRISE (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>THREAT_INTELLIGENCE (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>PAM_ENTERPRISE (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>SHAREPOINTWAC_EDU (e03c7e47-402c-463c-ab25-949079bedb21)<br/>BI_AZURE_P2 (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>POWERAPPS_O365_P3 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>PREMIUM_ENCRYPTION (617b097b-4b93-4ede-83de-5f075bb5fb2f)<br/>SCHOOL_DATA_SYNC_P2 (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SHAREPOINTENTERPRISE_EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_3 (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>WHITEBOARD_PLAN3 (4a51bca5-1eff-43f5-878c-177680f191af)<br/>YAMMER_EDU (2078e8df-cff6-4290-98cb-5408261a760a) | Azure Active Directory Basic for EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>Azure Rights Management (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Customer Lockbox (9f431833-0334-42de-a7dc-70aa40db46db)<br/>Education Analytics (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>Exchange Online (Plan 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Flow for Office 365 (07699545-9485-468e-95b6-2fca3738be01)<br/>Information Barriers (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>Information Protection for Office 365 - Premium (efb0351d-3b08-4503-993d-383af8de41e3)<br/>Information Protection for Office 365 - Standard (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>Microsoft 365 Advanced Auditing (2f442157-a11c-46b9-ae5b-6e39ff4e5849)<br/>Microsoft 365 Audio Conferencing (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>Microsoft 365 Phone System (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>Microsoft Bookings (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>Microsoft Communications Compliance (41fcdd7d-4733-4863-9cf4-c65b83ce2df4)<br/>Microsoft Communications DLP (6dc145d6-95dd-4191-b9c3-185575ee6f6b)<br/>Microsoft Customer Key (6db1f1db-2b46-403f-be40-e39395f08dbb)<br/>Microsoft Data Investigations (46129a58-a698-46f0-aa5b-17f6586297d9)<br/>Microsoft Forms (Plan 3) (96c1e14a-ef43-418d-b115-9636cdaa8eed)<br/>Microsoft Information Governance (e26c2fcc-ab91-4a61-b35c-03cdc8dddf66)<br/>Microsoft Kaizala (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>Microsoft MyAnalytics (Full) (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>Microsoft Records Management (65cc641f-cccd-4643-97e0-a17e3045e541)<br/>Microsoft Search (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Microsoft StaffHub (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>Microsoft Stream for O365 E5 SKU (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Mobile Device Management for Office 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>Office 365 Advanced eDiscovery (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>Office 365 Advanced Security Management (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>Microsoft Defender for Office 365 (Plan 1) (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>Microsoft Defender for Office 365 (Plan 2) (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>Office 365 Privileged Access Management (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>Office 365 ProPlus (43de0ff5-c92c-492b-9116-175376d08c38)<br/>Office for the web (Education) (e03c7e47-402c-463c-ab25-949079bedb21)<br/>Power BI Pro (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>PowerApps for Office 365 Plan 3 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>Premium Encryption in Office 365 (617b097b-4b93-4ede-83de-5f075bb5fb2f)<br/>School Data Sync (Plan 2) (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SharePoint Plan 2 for EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>Sway (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>To-Do (Plan 3) (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>Whiteboard (Plan 3) (4a51bca5-1eff-43f5-878c-177680f191af)<br/>Yammer for Academic (2078e8df-cff6-4290-98cb-5408261a760a) | | Office 365 Advanced Compliance | EQUIVIO_ANALYTICS | 1b1b1f7a-8355-43b6-829f-336cfccb744c | LOCKBOX_ENTERPRISE (9f431833-0334-42de-a7dc-70aa40db46db)<br/>INFORMATION_BARRIERS (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>MIP_S_CLP2 (efb0351d-3b08-4503-993d-383af8de41e3)<br/>EQUIVIO_ANALYTICS (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>PAM_ENTERPRISE (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>PREMIUM_ENCRYPTION (617b097b-4b93-4ede-83de-5f075bb5fb2f) | Customer Lockbox (9f431833-0334-42de-a7dc-70aa40db46db)<br/>Information Barriers (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>Information Protection for Office 365 - Premium (efb0351d-3b08-4503-993d-383af8de41e3)<br/>Office 365 Advanced eDiscovery (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>Office 365 Privileged Access Management (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>Premium Encryption in Office 365 (617b097b-4b93-4ede-83de-5f075bb5fb2f) | | Microsoft Defender for Office 365 (Plan 1) | ATP_ENTERPRISE | 4ef96642-f096-40de-a3e9-d83fb2f90211 | ATP_ENTERPRISE (f20fedf3-f3c3-43c3-8267-2bfdd51c0939) | Microsoft Defender for Office 365 (Plan 1) (f20fedf3-f3c3-43c3-8267-2bfdd51c0939) | | Office 365 Extra File Storage for GCC | SHAREPOINTSTORAGE_GOV | e5788282-6381-469f-84f0-3d7d4021d34d | EXCHANGE_S_FOUNDATION_GOV (922ba911-5694-4e99-a794-73aed9bfeec8)<br/>SHAREPOINTSTORAGE_GOV (e5bb877f-6ac9-4461-9e43-ca581543ab16) | EXCHANGE_S_FOUNDATION_GOV (922ba911-5694-4e99-a794-73aed9bfeec8)<br/>SHAREPOINTSTORAGE_GOV (e5bb877f-6ac9-4461-9e43-ca581543ab16) |
+| Office 365 Extra File Storage | SHAREPOINTSTORAGE | 99049c9c-6011-4908-bf17-15f496e6519d | SHAREPOINTSTORAGE (be5a7ed5-c598-4fcd-a061-5e6724c68a58) | Office 365 Extra File Storage (be5a7ed5-c598-4fcd-a061-5e6724c68a58) |
| OFFICE 365 E1 | STANDARDPACK | 18181a46-0d4e-45cd-891e-60aabd171b4e | BPOS_S_TODO_1 (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EXCHANGE_S_STANDARD (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>FLOW_O365_P1 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>FORMS_PLAN_E1 (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>OFFICEMOBILE_SUBSCRIPTION (c63d4d19-e8cb-460e-b37c-4d6c34603745)<br/>POWERAPPS_O365_P1 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>STREAM_O365_E1 (743dd19e-1ce3-4c62-a3ad-49ba8f63a2f6)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653)) | BPOS_S_TODO_1 (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>MICROSOFT STAFFHUB (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EXCHANGE ONLINE (PLAN 1) (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>FLOW FOR OFFICE 365 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>MICROSOFT FORMS (PLAN E1) (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>OFFICEMOBILE_SUBSCRIPTION (c63d4d19-e8cb-460e-b37c-4d6c34603745)<br/>POWERAPPS FOR OFFICE 365 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>MICROSOFT PLANNER(b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>MICROSOFT STREAM FOR O365 E1 SKU (743dd19e-1ce3-4c62-a3ad-49ba8f63a2f6)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653)) | | OFFICE 365 E2 | STANDARDWOFFPACK | 6634e0ce-1a9f-428c-a498-f84ec7b8aa2e | BPOS_S_TODO_1(5e62787c-c316-451f-b873-1d05acd4d12c)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EXCHANGE_S_STANDARD (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>FLOW_O365_P1 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>FORMS_PLAN_E1 (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>POWERAPPS_O365_P1 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>STREAM_O365_E1 (743dd19e-1ce3-4c62-a3ad-49ba8f63a2f6)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | BPOS_S_TODO_1 (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>MICROSOFT STAFFHUB (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EXCHANGE ONLINE (PLAN 1) (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>FLOW FOR OFFICE 365 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>MICROSOFT FORMS (PLAN E1) (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>POWERAPPS FOR OFFICE 365 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>MICROSOFT PLANNER(b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>MICROSOFT STREAM FOR O365 E1 SKU (743dd19e-1ce3-4c62-a3ad-49ba8f63a2f6)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) |
-| OFFICE 365 E3 | ENTERPRISEPACK | 6fd2c87f-b296-42f0-b197-1e91e994b900 | RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>DYN365_CDS_O365_P2 (4ff01e01-1ba7-4d71-8cf8-ce96c3bbcf14)<br/>CDS_O365_P2 (95b76021-6a53-4741-ab8b-1d1f3d66a95a)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>CONTENTEXPLORER_STANDARD (2b815d45-56e4-4e3a-b65c-66cb9175b560)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>MYANALYTICS_P2 (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>FORMS_PLAN_E3 (2789c901-c14e-48ab-a76a-be334d9d793a)<br/>KAIZALA_O365_P3 (aebd3021-9f8f-4bf8-bbe3-0ed2f4f047a1)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>DESKLESS (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_E3 (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>POWERAPPS_O365_P2 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>FLOW_O365_P2 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>POWER_VIRTUAL_AGENTS_O365_P2 (041fe683-03e4-45b6-b1af-c0cdc516daee)<br/>PROJECT_O365_P2 (31b4e2fc-4cd6-4e7d-9c1b-41407303bd66)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_2 (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>WHITEBOARD_PLAN2 (94a54592-cd8b-425e-87c6-97868b000b91)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | AZURE RIGHTS MANAGEMENT (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>COMMON DATA SERVICE - O365 P2 (4ff01e01-1ba7-4d71-8cf8-ce96c3bbcf14)<br/>COMMON DATA SERVICE FOR TEAMS_P2 (95b76021-6a53-4741-ab8b-1d1f3d66a95a)<br/>EXCHANGE ONLINE (PLAN 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>INFORMATION PROTECTION AND GOVERNANCE ANALYTICS ΓÇô STANDARD (2b815d45-56e4-4e3a-b65c-66cb9175b560)<br/>INFORMATION PROTECTION FOR OFFICE 365 ΓÇô STANDARD (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>INSIGHTS BY MYANALYTICS (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>MICROSOFT 365 APPS FOR ENTERPRISE (43de0ff5-c92c-492b-9116-175376d08c38)<br/>MICROSOFT BOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>MICROSOFT FORMS (PLAN E3) (2789c901-c14e-48ab-a76a-be334d9d793a)<br/>MICROSOFT KAIZALA PRO PLAN 3 (aebd3021-9f8f-4bf8-bbe3-0ed2f4f047a1)<br/>MICROSOFT PLANNER (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>MICROSOFT STAFFHUB (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>MICROSOFT STREAM FOR O365 E3 SKU (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>MICROSOFT TEAMS (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MOBILE DEVICE MANAGEMENT FOR OFFICE 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>OFFICE FOR THE WEB (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>POWER APPS FOR OFFICE 365 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>POWER AUTOMATE FOR OFFICE 365 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>POWER VIRTUAL AGENTS FOR OFFICE 365 P2 (041fe683-03e4-45b6-b1af-c0cdc516daee)<br/>PROJECT FOR OFFICE (PLAN E3) (31b4e2fc-4cd6-4e7d-9c1b-41407303bd66)<br/>SHAREPOINT (PLAN 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TO-DO (PLAN 2) (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>WHITEBOARD (PLAN 2) (94a54592-cd8b-425e-87c6-97868b000b91)<br/>YAMMER ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) |
+| Office 365 E3 | ENTERPRISEPACK | 6fd2c87f-b296-42f0-b197-1e91e994b900 | DYN365_CDS_O365_P2 (4ff01e01-1ba7-4d71-8cf8-ce96c3bbcf14)<br/>CDS_O365_P2 (95b76021-6a53-4741-ab8b-1d1f3d66a95a)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>ContentExplorer_Standard (2b815d45-56e4-4e3a-b65c-66cb9175b560)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>MYANALYTICS_P2 (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>FORMS_PLAN_E3 (2789c901-c14e-48ab-a76a-be334d9d793a)<br/>KAIZALA_O365_P3 (aebd3021-9f8f-4bf8-bbe3-0ed2f4f047a1)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_E3 (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>POWERAPPS_O365_P2 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>FLOW_O365_P2 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>POWER_VIRTUAL_AGENTS_O365_P2 (041fe683-03e4-45b6-b1af-c0cdc516daee)<br/>PROJECT_O365_P2 (31b4e2fc-4cd6-4e7d-9c1b-41407303bd66)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_2 (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>WHITEBOARD_PLAN2 (94a54592-cd8b-425e-87c6-97868b000b91)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | Common Data Service - O365 P2 (4ff01e01-1ba7-4d71-8cf8-ce96c3bbcf14)<br/>Common Data Service for Teams_P2 (95b76021-6a53-4741-ab8b-1d1f3d66a95a)<br/>Exchange Online (Plan 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Information Protection and Governance Analytics ΓÇô Standard (2b815d45-56e4-4e3a-b65c-66cb9175b560)<br/>Information Protection for Office 365 ΓÇô Standard (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>Insights by MyAnalytics (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>Microsoft 365 Apps for enterprise (43de0ff5-c92c-492b-9116-175376d08c38)<br/>Microsoft Azure Active Directory Rights (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Microsoft Bookings (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>Microsoft Forms (Plan E3) (2789c901-c14e-48ab-a76a-be334d9d793a)<br/>Microsoft Kaizala Pro Plan 3 (aebd3021-9f8f-4bf8-bbe3-0ed2f4f047a1)<br/>Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>Microsoft Search (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Microsoft StaffHub (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>Microsoft Stream for O365 E3 SKU (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Mobile Device Management for Office 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>Office for the web (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>Power Apps for Office 365 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/> Power Automate for Office 365 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/> Power Virtual Agents for Office 365 P2 (041fe683-03e4-45b6-b1af-c0cdc516daee)<br/> Project for Office (Plan E3) (31b4e2fc-4cd6-4e7d-9c1b-41407303bd66)<br/>SharePoint (Plan 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>Sway (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>To-Do (Plan 2) (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>Whiteboard (Plan 2) (94a54592-cd8b-425e-87c6-97868b000b91)<br/>Yammer Enterprise (7547a3fe-08ee-4ccb-b430-5077c5041653) |
| OFFICE 365 E3 DEVELOPER | DEVELOPERPACK | 189a915c-fe4f-4ffa-bde4-85b9628d07a0 | BPOS_S_TODO_3 (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW_O365_P2 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>FORMS_PLAN_E5 (e212cbc7-0961-4c40-9825-01117710dcb1)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>POWERAPPS_O365_P2 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>SHAREPOINT_S_DEVELOPER (a361d6e2-509e-4e25-a8ad-950060064ef4)<br/>SHAREPOINTWAC_DEVELOPER (527f7cdd-0e86-4c47-b879-f5fd357a3ac6)<br/>STREAM_O365_E5 (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929) | BPOS_S_TODO_3 (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>EXCHANGE ONLINE (PLAN 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW FOR OFFICE 365 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>MICROSOFT FORMS (PLAN E5) (e212cbc7-0961-4c40-9825-01117710dcb1)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>POWERAPPS FOR OFFICE 365(c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>MICROSOFT PLANNER(b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>SHAREPOINT FOR DEVELOPER (a361d6e2-509e-4e25-a8ad-950060064ef4)<br/>OFFICE ONLINE FOR DEVELOPER (527f7cdd-0e86-4c47-b879-f5fd357a3ac6)<br/>MICROSOFT STREAM FOR O365 E5 SKU (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929) | | Office 365 E3_USGOV_DOD | ENTERPRISEPACK_USGOV_DOD | b107e5a3-3e60-4c0d-a184-a7e4395eb44c | EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>STREAM_O365_E3 (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>TEAMS_AR_DOD (fd500458-c24c-478e-856c-a6067a8376cd)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)| Exchange Online (Plan 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Microsoft Azure Active Directory Rights (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Microsoft Stream for O365 E3 SKU (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>Microsoft Teams for DOD (AR) (fd500458-c24c-478e-856c-a6067a8376cd)<br/>Office 365 ProPlus (43de0ff5-c92c-492b-9116-175376d08c38)<br/>Office Online (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SharePoint Online (Plan 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c) | | Office 365 E3_USGOV_GCCHIGH | ENTERPRISEPACK_USGOV_GCCHIGH | aea38a85-9bd5-4981-aa00-616b411205bf | EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>STREAM_O365_E3 (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>TEAMS_AR_GCCHIGH (9953b155-8aef-4c56-92f3-72b0487fce41)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c) | Exchange Online (Plan 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Microsoft Azure Active Directory Rights (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>Microsoft Stream for O365 E3 SKU (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>Microsoft Teams for GCCHigh (AR) (9953b155-8aef-4c56-92f3-72b0487fce41)<br/>Office 365 ProPlus (43de0ff5-c92c-492b-9116-175376d08c38)<br/>Office Online (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SharePoint Online (Plan 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c) | | OFFICE 365 E4 | ENTERPRISEWITHSCAL | 1392051d-0cb9-4b7a-88d5-621fee5e8711 | BPOS_S_TODO_2 (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW_O365_P2 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>FORMS_PLAN_E3 (2789c901-c14e-48ab-a76a-be334d9d793a)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>MCOVOICECONF (27216c54-caf8-4d0d-97e2-517afb5c08f6)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>POWERAPPS_O365_P2 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>STREAM_O365_E3 (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | BPOS_S_TODO_2 (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>MICROSOFT STAFFHUB (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EXCHANGE ONLINE (PLAN 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW FOR OFFICE 365 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>MICROSOFT FORMS (PLAN E3) (2789c901-c14e-48ab-a76a-be334d9d793a)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 3) (27216c54-caf8-4d0d-97e2-517afb5c08f6)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>POWERAPPS FOR OFFICE 365(c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>MICROSOFT PLANNER(b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT AZURE ACTIVE DIRECTORY RIGHTS (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>SHAREPOINT ONLINE (PLAN 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>MICROSOFT STREAM FOR O365 E3 SKU (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) |
-| OFFICE 365 E5 | ENTERPRISEPREMIUM | c7df2760-2c81-4ef7-b578-5b5392b571df | RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>DYN365_CDS_O365_P3 (28b0fa46-c39a-4188-89e2-58e979a6b014)<br/>CDS_O365_P3 (afa73018-811e-46e9-988f-f75d2b1b8430)<br/>LOCKBOX_ENTERPRISE (9f431833-0334-42de-a7dc-70aa40db46db)<br/>MIP_S_EXCHANGE (cd31b152-6326-4d1b-ae1b-997b625182e6)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>GRAPH_CONNECTORS_SEARCH_INDEX (a6520331-d7d4-4276-95f5-15c0933bc757)<br/>INFORMATION_BARRIERS (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>CONTENT_EXPLORER (d9fa6af4-e046-4c89-9226-729a0786685d)<br/>CONTENTEXPLORER_STANDARD (2b815d45-56e4-4e3a-b65c-66cb9175b560)<br/>MIP_S_CLP2 (efb0351d-3b08-4503-993d-383af8de41e3)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>MYANALYTICS_P2 (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>MICROSOFT_COMMUNICATION_COMPLIANCE (a413a9ff-720c-4822-98ef-2f37c2a21f4c)<br/>M365_ADVANCED_AUDITING (2f442157-a11c-46b9-ae5b-6e39ff4e5849<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>MCOMEETADV (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>MTP (bf28f719-7844-4079-9c78-c1307898e192)<br/>MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>COMMUNICATIONS_DLP (6dc145d6-95dd-4191-b9c3-185575ee6f6b)<br/>CUSTOMER_KEY (6db1f1db-2b46-403f-be40-e39395f08dbb)<br/>DATA_INVESTIGATIONS (46129a58-a698-46f0-aa5b-17f6586297d9)<br/>ATP_ENTERPRISE (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>THREAT_INTELLIGENCE (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>EXCEL_PREMIUM (531ee2f8-b1cb-453b-9c21-d2180d014ca5)<br/>FORMS_PLAN_E5 (e212cbc7-0961-4c40-9825-01117710dcb1)<br/>INFO_GOVERNANCE (e26c2fcc-ab91-4a61-b35c-03cdc8dddf66)<br/>KAIZALA_STANDALONE (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>EXCHANGE_ANALYTICS (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>RECORDS_MANAGEMENT (65cc641f-cccd-4643-97e0-a17e3045e541)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>DESKLESS (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_E5 (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>EQUIVIO_ANALYTICS (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>ADALLOM_S_O365 (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>PAM_ENTERPRISE (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>FLOW_O365_P3 (07699545-9485-468e-95b6-2fca3738be01)<br/>BI_AZURE_P2 (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>POWER_VIRTUAL_AGENTS_O365_P3 (ded3d325-1bdc-453e-8432-5bac26d7a014)<br/>POWERAPPS_O365_P3 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>PREMIUM_ENCRYPTION (617b097b-4b93-4ede-83de-5f075bb5fb2f)<br/>PROJECT_O365_P3 (b21a6b06-1988-436e-a07b-51ec6d9f52ad)<br/>COMMUNICATIONS_COMPLIANCE (41fcdd7d-4733-4863-9cf4-c65b83ce2df4)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_3 (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>WHITEBOARD_PLAN3 (4a51bca5-1eff-43f5-878c-177680f191af)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | AZURE RIGHTS MANAGEMENT (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>COMMON DATA SERVICE - O365 P3 (28b0fa46-c39a-4188-89e2-58e979a6b014)<br/>COMMON DATA SERVICE FOR TEAMS_P3 (afa73018-811e-46e9-988f-f75d2b1b8430)<br/>CUSTOMER LOCKBOX (9f431833-0334-42de-a7dc-70aa40db46db)<br/>DATA CLASSIFICATION IN MICROSOFT 365 (cd31b152-6326-4d1b-ae1b-997b625182e6)<br/>EXCHANGE ONLINE (PLAN 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>GRAPH CONNECTORS SEARCH WITH INDEX (a6520331-d7d4-4276-95f5-15c0933bc757)<br/>INFORMATION BARRIERS (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>INFORMATION PROTECTION AND GOVERNANCE ANALYTICS ΓÇô PREMIUM (d9fa6af4-e046-4c89-9226-729a0786685d)<br/>INFORMATION PROTECTION AND GOVERNANCE ANALYTICS ΓÇô STANDARD (2b815d45-56e4-4e3a-b65c-66cb9175b560)<br/>INFORMATION PROTECTION FOR OFFICE 365 ΓÇô PREMIUM (efb0351d-3b08-4503-993d-383af8de41e3)<br/>INFORMATION PROTECTION FOR OFFICE 365 ΓÇô STANDARD (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>INSIGHTS BY MYANALYTICS (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>M365 COMMUNICATION COMPLIANCE (a413a9ff-720c-4822-98ef-2f37c2a21f4c)<br/>MICROSOFT 365 ADVANCED AUDITING (2f442157-a11c-46b9-ae5b-6e39ff4e5849)<br/>MICROSOFT 365 APPS FOR ENTERPRISE (43de0ff5-c92c-492b-9116-175376d08c38)<br/>MICROSOFT 365 AUDIO CONFERENCING (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>MICROSOFT 365 DEFENDER (bf28f719-7844-4079-9c78-c1307898e192)<br/>MICROSOFT 365 PHONE SYSTEM (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>MICROSOFT BOOKINGS(199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>MICROSOFT COMMUNICATIONS DLP (6dc145d6-95dd-4191-b9c3-185575ee6f6b)<br/>MICROSOFT CUSTOMER KEY (6db1f1db-2b46-403f-be40-e39395f08dbb)<br/>MICROSOFT DATA INVESTIGATIONS (46129a58-a698-46f0-aa5b-17f6586297d9)<br/>MICROSOFT DEFENDER FOR OFFICE 365 (PLAN 1) (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>MICROSOFT DEFENDER FOR OFFICE 365 (PLAN 2) (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>MICROSOFT EXCEL ADVANCED ANALYTICS (531ee2f8-b1cb-453b-9c21-d2180d014ca5)<br/>MICROSOFT FORMS (PLAN E5) (e212cbc7-0961-4c40-9825-01117710dcb1)<br/>MICROSOFT INFORMATION GOVERNANCE (e26c2fcc-ab91-4a61-b35c-03cdc8dddf66)<br/>MICROSOFT KAIZALA (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>MICROSOFT MYANALYTICS (FULL) (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>MICROSOFT PLANNER (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT RECORDS MANAGEMENT (65cc641f-cccd-4643-97e0-a17e3045e541)<br/>MICROSOFT SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>MICROSOFT STAFFHUB (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>MICROSOFT STREAM FOR O365 E5 SKU (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>MICROSOFT TEAMS (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MOBILE DEVICE MANAGEMENT FOR OFFICE 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>OFFICE 365 ADVANCED EDISCOVERY (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>OFFICE 365 ADVANCED SECURITY MANAGEMENT (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>OFFICE 365 PRIVILEGED ACCESS MANAGEMENT (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>OFFICE FOR THE WEB (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>POWER AUTOMATE FOR OFFICE 365 (07699545-9485-468e-95b6-2fca3738be01)<br/>POWER BI PRO (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>POWER VIRTUAL AGENTS FOR OFFICE 365 P3 (ded3d325-1bdc-453e-8432-5bac26d7a014)<br/>POWERAPPS FOR OFFICE 365 PLAN 3 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>PREMIUM ENCRYPTION IN OFFICE 365 (617b097b-4b93-4ede-83de-5f075bb5fb2f)<br/>PROJECT FOR OFFICE (PLAN E5) (b21a6b06-1988-436e-a07b-51ec6d9f52ad)<br/>RETIRED - MICROSOFT COMMUNICATIONS COMPLIANCE (41fcdd7d-4733-4863-9cf4-c65b83ce2df4)<br/>SHAREPOINT (PLAN 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TO-DO (PLAN 3) (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>WHITEBOARD (PLAN 3) (4a51bca5-1eff-43f5-878c-177680f191af)<br/>YAMMER ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) |
+| Office 365 E5 | ENTERPRISEPREMIUM | c7df2760-2c81-4ef7-b578-5b5392b571df | DYN365_CDS_O365_P3 (28b0fa46-c39a-4188-89e2-58e979a6b014)<br/>CDS_O365_P3 (afa73018-811e-46e9-988f-f75d2b1b8430)<br/>LOCKBOX_ENTERPRISE (9f431833-0334-42de-a7dc-70aa40db46db)<br/>MIP_S_Exchange (cd31b152-6326-4d1b-ae1b-997b625182e6)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>GRAPH_CONNECTORS_SEARCH_INDEX (a6520331-d7d4-4276-95f5-15c0933bc757)<br/>INFORMATION_BARRIERS (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>Content_Explorer (d9fa6af4-e046-4c89-9226-729a0786685d)<br/>ContentExplorer_Standard (2b815d45-56e4-4e3a-b65c-66cb9175b560)<br/>MIP_S_CLP2 (efb0351d-3b08-4503-993d-383af8de41e3)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>MYANALYTICS_P2 (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>MICROSOFT_COMMUNICATION_COMPLIANCE (a413a9ff-720c-4822-98ef-2f37c2a21f4c)<br/>M365_ADVANCED_AUDITING (2f442157-a11c-46b9-ae5b-6e39ff4e5849)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>MCOMEETADV (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>MTP (bf28f719-7844-4079-9c78-c1307898e192)<br/>MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>COMMUNICATIONS_DLP (6dc145d6- 95dd-4191-b9c3-185575ee6f6b)<br/>CUSTOMER_KEY (6db1f1db-2b46-403f-be40-e39395f08dbb)<br/>DATA_INVESTIGATIONS (46129a58-a698-46f0-aa5b-17f6586297d9)<br/>ATP_ENTERPRISE (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>THREAT_INTELLIGENCE (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>EXCEL_PREMIUM (531ee2f8-b1cb-453b-9c21-d2180d014ca5)<br/>FORMS_PLAN_E5 (e212cbc7-0961-4c40-9825-01117710dcb1)<br/>INFO_GOVERNANCE (e26c2fcc-ab91-4a61-b35c-03cdc8dddf66)<br/>KAIZALA_STANDALONE (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>EXCHANGE_ANALYTICS (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>RECORDS_MANAGEMENT (65cc641f-cccd-4643-97e0-a17e3045e541)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_E5 (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>EQUIVIO_ANALYTICS (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>ADALLOM_S_O365 (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>PAM_ENTERPRISE (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>FLOW_O365_P3 (07699545-9485-468e-95b6-2fca3738be01)<br/>BI_AZURE_P2 (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>POWER_VIRTUAL_AGENTS_O365_P3 (ded3d325-1bdc-453e-8432-5bac26d7a014)<br/>POWERAPPS_O365_P3 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>PREMIUM_ENCRYPTION (617b097b-4b93-4ede-83de-5f075bb5fb2f)<br/>PROJECT_O365_P3 (b21a6b06-1988-436e-a07b-51ec6d9f52ad)<br/>COMMUNICATIONS_COMPLIANCE (41fcdd7d-4733-4863-9cf4-c65b83ce2df4)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_3 (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>WHITEBOARD_PLAN3 (4a51bca5-1eff-43f5-878c-177680f191af)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | Common Data Service - O365 P3 (28b0fa46-c39a-4188-89e2-58e979a6b014)<br/>Common Data Service for Teams_P3 (afa73018-811e-46e9-988f-f75d2b1b8430)<br/>Customer Lockbox (9f431833-0334-42de-a7dc-70aa40db46db)<br/>Data Classification in Microsoft 365 (cd31b152-6326-4d1b-ae1b-997b625182e6)<br/>Exchange Online (Plan 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Graph Connectors Search with Index (a6520331-d7d4-4276-95f5-15c0933bc757)<br/>Information Barriers (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>Information Protection and Governance Analytics ΓÇô Premium (d9fa6af4-e046-4c89-9226-729a0786685d)<br/>Information Protection and Governance Analytics ΓÇô Standard (2b815d45-56e4-4e3a-b65c-66cb9175b560)<br/>Information Protection for Office 365 ΓÇô Premium (efb0351d-3b08-4503-993d-383af8de41e3)<br/>Information Protection for Office 365 ΓÇô Standard (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>Insights by MyAnalytics (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>M365 Communication Compliance (a413a9ff-720c-4822-98ef-2f37c2a21f4c)<br/>Microsoft 365 Advanced Auditing (2f442157-a11c-46b9-ae5b-6e39ff4e5849)<br/>Microsoft 365 Apps for enterprise (43de0ff5-c92c-492b-9116-175376d08c38)<br/>Microsoft 365 Audio Conferencing (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>Microsoft 365 Defender (bf28f719-7844-4079-9c78-c1307898e192)<br/>Microsoft 365 Phone System (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>Microsoft Azure Active Directory Rights (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Microsoft Bookings (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>Microsoft Communications DLP (6dc145d6-95dd-4191-b9c3-185575ee6f6b)<br/>Microsoft Customer Key (6db1f1db-2b46-403f-be40-e39395f08dbb)<br/>Microsoft Data Investigations (46129a58-a698-46f0-aa5b-17f6586297d9)<br/>Microsoft Defender for Office 365 (Plan 1) (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>Microsoft Defender for Office 365 (Plan 2) (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>Microsoft Excel Advanced Analytics (531ee2f8-b1cb-453b-9c21-d2180d014ca5)<br/>Microsoft Forms (Plan E5) (e212cbc7-0961-4c40-9825-01117710dcb1)<br/>Microsoft Information Governance (e26c2fcc-ab91-4a61-b35c-03cdc8dddf66)<br/>Microsoft Kaizala (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>Microsoft MyAnalytics (Full) (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>Microsoft Records Management (65cc641f-cccd-4643-97e0-a17e3045e541)<br/>Microsoft Search (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Microsoft StaffHub (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>Microsoft Stream for O365 E5 SKU (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Mobile Device Management for Office 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>Office 365 Advanced eDiscovery (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>Office 365 Advanced Security Management (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>Office 365 Privileged Access Management (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>Office for the web (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>Power Automate for Office 365 (07699545-9485-468e-95b6-2fca3738be01)<br/>Power BI Pro (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>Power Virtual Agents for Office 365 P3 (ded3d325-1bdc-453e-8432-5bac26d7a014)<br/>PowerApps for Office 365 Plan 3 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>Premium Encryption in Office 365 (617b097b-4b93-4ede-83de-5f075bb5fb2f)<br/>Project for Office (Plan E5) (b21a6b06-1988-436e-a07b-51ec6d9f52ad)<br/>Microsoft Communications Compliance (41fcdd7d-4733-4863-9cf4-c65b83ce2df4)<br/>SharePoint (Plan 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>Sway (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>To-Do (Plan 3) (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>Whiteboard (Plan 3) (4a51bca5-1eff-43f5-878c-177680f191af)<br/>Yammer Enterprise (7547a3fe-08ee-4ccb-b430-5077c5041653) |
| OFFICE 365 E5 WITHOUT AUDIO CONFERENCING | ENTERPRISEPREMIUM_NOPSTNCONF | 26d45bd9-adf1-46cd-a9e1-51e9a5524128 | ADALLOM_S_O365 (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>BI_AZURE_P2 (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>BPOS_S_TODO_3 (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EQUIVIO_ANALYTICS (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>EXCHANGE_ANALYTICS (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW_O365_P3 (07699545-9485-468e-95b6-2fca3738be01)<br/>FORMS_PLAN_E5 (e212cbc7-0961-4c40-9825-01117710dcb1)<br/>LOCKBOX_ENTERPRISE (9f431833-0334-42de-a7dc-70aa40db46db)<br/>MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>POWERAPPS_O365_P3 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>STREAM_O365_E5 (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>THREAT_INTELLIGENCE (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | OFFICE 365 CLOUD APP SECURITY (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>POWER BI PRO (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>BPOS_S_TODO_3 (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>MICROSOFT STAFFHUB (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>OFFICE 365 ADVANCED EDISCOVERY (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>EXCHANGE_ANALYTICS (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>EXCHANGE ONLINE (PLAN 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW FOR OFFICE 365 (07699545-9485-468e-95b6-2fca3738be01)<br/>MICROSOFT FORMS (PLAN E5) (e212cbc7-0961-4c40-9825-01117710dcb1)<br/>LOCKBOX_ENTERPRISE (9f431833-0334-42de-a7dc-70aa40db46db)<br/>PHONE SYSTEM (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>POWERAPPS FOR OFFICE 365 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>MICROSOFT PLANNER(b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT AZURE ACTIVE DIRECTORY RIGHTS (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>SHAREPOINT ONLINE (PLAN 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>MICROSOFT STREAM FOR O365 E5 SKU (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>OFFICE 365 ADVANCED THREAT PROTECTION (PLAN 2) (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | | OFFICE 365 F3 | DESKLESSPACK | 4b585984-651b-448a-9e53-3b10f069cf7f | BPOS_S_TODO_FIRSTLINE (80873e7a-cd2a-4e67-b061-1b5381a676a5)<br/>CDS_O365_F1 (90db65a7-bf11-4904-a79f-ef657605145b)<br/>DESKLESS (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>DYN365_CDS_O365_F1 (ca6e61ec-d4f4-41eb-8b88-d96e0e14323f)<br/>EXCHANGE_S_DESKLESS (4a82b400-a79f-41a4-b4e2-e94f5787b113)<br/>FLOW_O365_S1 (bd91b1a4-9f94-4ecf-b45b-3a65e5c8128a)<br/>FORMS_PLAN_K (f07046bd-2a3c-4b96-b0be-dea79d7cbfb8)<br/>INTUNE_365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>KAIZALA_O365_P1 (73b2a583-6a59-42e3-8e83-54db46bc3278)<br/>MCOIMP (afc06cb0-b4f4-4473-8286-d644f70d8faf)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>OFFICEMOBILE_SUBSCRIPTION (c63d4d19-e8cb-460e-b37c-4d6c34603745)<br/>POWERAPPS_O365_S1 (e0287f9f-e222-4f98-9a83-f379e249159a)<br/>POWER_VIRTUAL_AGENTS_O365_F1 (ba2fdb48-290b-4632-b46a-e4ecc58ac11a)<br/>PROJECT_O365_F3 (7f6f28c2-34bb-4d4b-be36-48ca2e77e1ec)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>RMS_S_BASIC (31cf2cfc-6b0d-4adc-a336-88b724ed8122)<br/>SHAREPOINTDESKLESS (902b47e5-dcb2-4fdc-858b-c63a90a2bdb9)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>STREAM_O365_K (3ffba0d2-38e5-4d5e-8ec0-98f2b05c09d9)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>WHITEBOARD_FIRSTLINE_1 (36b29273-c6d0-477a-aca6-6fbe24f538e3)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | COMMON DATA SERVICE - O365 F1 (ca6e61ec-d4f4-41eb-8b88-d96e0e14323f)<br/>COMMON DATA SERVICE FOR TEAMS_F1 (90db65a7-bf11-4904-a79f-ef657605145b)<br/>EXCHANGE ONLINE KIOSK (4a82b400-a79f-41a4-b4e2-e94f5787b113)<br/>FLOW FOR OFFICE 365 K1 (bd91b1a4-9f94-4ecf-b45b-3a65e5c8128a)<br/>MICROSOFT AZURE RIGHTS MANAGEMENT SERVICE (31cf2cfc-6b0d-4adc-a336-88b724ed8122)<br/>MICROSOFT FORMS (PLAN F1) (f07046bd-2a3c-4b96-b0be-dea79d7cbfb8)<br/>MICROSOFT KAIZALA PRO PLAN 1 (73b2a583-6a59-42e3-8e83-54db46bc3278)<br/>MICROSOFT PLANNER (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>MICROSOFT STAFFHUB (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>MICROSOFT STREAM FOR O365 K SKU (3ffba0d2-38e5-4d5e-8ec0-98f2b05c09d9)<br/>MICROSOFT TEAMS (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MOBILE DEVICE MANAGEMENT FOR OFFICE 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>OFFICE FOR THE WEB (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>OFFICE MOBILE APPS FOR OFFICE 365 (c63d4d19-e8cb-460e-b37c-4d6c34603745)<br/>POWER VIRTUAL AGENTS FOR OFFICE 365 F1 (ba2fdb48-290b-4632-b46a-e4ecc58ac11a)<br/>POWERAPPS FOR OFFICE 365 K1 (e0287f9f-e222-4f98-9a83-f379e249159a)<br/>PROJECT FOR OFFICE (PLAN F) (7f6f28c2-34bb-4d4b-be36-48ca2e77e1ec)<br/>SHAREPOINT KIOSK (902b47e5-dcb2-4fdc-858b-c63a90a2bdb9)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 1) (afc06cb0-b4f4-4473-8286-d644f70d8faf)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TO-DO (FIRSTLINE) (80873e7a-cd2a-4e67-b061-1b5381a676a5)<br/>YAMMER ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | | OFFICE 365 G3 GCC | ENTERPRISEPACK_GOV | 535a3a29-c5f0-42fe-8215-d3b9e1f38c4a | RMS_S_ENTERPRISE_GOV (6a76346d-5d6e-4051-9fe3-ed3f312b5597)<br/>DYN365_CDS_O365_P2_GCC (06162da2-ebf9-4954-99a0-00fee96f95cc)<br/>CDS_O365_P2_GCC (a70bbf38-cdda-470d-adb8-5804b8770f41)<br/>EXCHANGE_S_ENTERPRISE_GOV (8c3069c0-ccdb-44be-ab77-986203a67df2)<br/>FORMS_GOV_E3 (24af5f65-d0f3-467b-9f78-ea798c4aeffc)<br/>Content_Explorer (d9fa6af4-e046-4c89-9226-729a0786685d)<br/>ContentExplorer_Standard (2b815d45-56e4-4e3a-b65c-66cb9175b560)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>MYANALYTICS_P2_GOV (6e5b7995-bd4f-4cbd-9d19-0e32010c72f0)<br/>OFFICESUBSCRIPTION_GOV (de9234ff-6483-44d9-b15e-dca72fdd27af)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>STREAM_O365_E3_GOV (2c1ada27-dbaa-46f9-bda6-ecb94445f758)<br/>TEAMS_GOV (304767db-7d23-49e8-a945-4a7eb65f9f28)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>PROJECTWORKMANAGEMENT_GOV (5b4ef465-7ea1-459a-9f91-033317755a51)<br/>SHAREPOINTWAC_GOV (8f9f0f3b-ca90-406c-a842-95579171f8ec)<br/>POWERAPPS_O365_P2_GOV (0a20c815-5e81-4727-9bdc-2b5a117850c3)<br/>FLOW_O365_P2_GOV (c537f360-6a00-4ace-a7f5-9128d0ac1e4b)<br/>SHAREPOINTENTERPRISE_GOV (153f85dd-d912-4762-af6c-d6e0fb4f6692)<br/>MCOSTANDARD_GOV (a31ef4a2-f787-435e-8335-e47eb0cafc94) | AZURE RIGHTS MANAGEMENT (6a76346d-5d6e-4051-9fe3-ed3f312b5597)<br/>COMMON DATA SERVICE - O365 P2 GCC (06162da2-ebf9-4954-99a0-00fee96f95cc)<br/>COMMON DATA SERVICE FOR TEAMS_P2 GCC (a70bbf38-cdda-470d-adb8-5804b8770f41)<br/>EXCHANGE PLAN 2G (8c3069c0-ccdb-44be-ab77-986203a67df2)<br/>FORMS FOR GOVERNMENT (PLAN E3) (24af5f65-d0f3-467b-9f78-ea798c4aeffc)<br/>INFORMATION PROTECTION AND GOVERNANCE ANALYTICS ΓÇô PREMIUM (d9fa6af4-e046-4c89-9226-729a0786685d)<br/>INFORMATION PROTECTION AND GOVERNANCE ANALYTICS ΓÇô STANDARD (2b815d45-56e4-4e3a-b65c-66cb9175b560)<br/>INFORMATION PROTECTION FOR OFFICE 365 ΓÇô STANDARD (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>INSIGHTS BY MYANALYTICS FOR GOVERNMENT (6e5b7995-bd4f-4cbd-9d19-0e32010c72f0)<br/>MICROSOFT 365 APPS FOR ENTERPRISE G (de9234ff-6483-44d9-b15e-dca72fdd27af)<br/>MICROSOFT BOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>MICROSOFT STREAM FOR O365 FOR GOVERNMENT (E3) (2c1ada27-dbaa-46f9-bda6-ecb94445f758)<br/>MICROSOFT TEAMS FOR GOVERNMENT (304767db-7d23-49e8-a945-4a7eb65f9f28)<br/>MOBILE DEVICE MANAGEMENT FOR OFFICE 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>OFFICE 365 PLANNER FOR GOVERNMENT (5b4ef465-7ea1-459a-9f91-033317755a51)<br/>OFFICE FOR THE WEB (GOVERNMENT) (8f9f0f3b-ca90-406c-a842-95579171f8ec)<br/>POWER APPS FOR OFFICE 365 FOR GOVERNMENT (0a20c815-5e81-4727-9bdc-2b5a117850c3)<br/>POWER AUTOMATE FOR OFFICE 365 FOR GOVERNMENT (c537f360-6a00-4ace-a7f5-9128d0ac1e4b)<br/>SHAREPOINT PLAN 2G (153f85dd-d912-4762-af6c-d6e0fb4f6692)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) FOR GOVERNMENT (a31ef4a2-f787-435e-8335-e47eb0cafc94) |
When managing licenses in [the Azure portal](https://portal.azure.com/#blade/Mic
| ONEDRIVE FOR BUSINESS (PLAN 1) | WACONEDRIVESTANDARD | e6778190-713e-4e4f-9119-8b8238de25df | FORMS_PLAN_E1 (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>ONEDRIVESTANDARD (13696edf-5a08-49f6-8134-03083ed8ba30)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97) | MICROSOFT FORMS (PLAN E1) (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>ONEDRIVESTANDARD (13696edf-5a08-49f6-8134-03083ed8ba30)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97) | | ONEDRIVE FOR BUSINESS (PLAN 2) | WACONEDRIVEENTERPRISE | ed01faf2-1d88-4947-ae91-45ca18703a96 | ONEDRIVEENTERPRISE (afcafa6a-d966-4462-918c-ec0b4e0fe642)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014) | ONEDRIVEENTERPRISE (afcafa6a-d966-4462-918c-ec0b4e0fe642)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014) | | POWERAPPS AND LOGIC FLOWS | POWERAPPS_INDIVIDUAL_USER | 87bbbc60-4754-4998-8c88-227dca264858 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>POWERFLOWSFREE (0b4346bb-8dc3-4079-9dfc-513696f56039)<br/>POWERVIDEOSFREE (2c4ec2dc-c62d-4167-a966-52a3e6374015)<br/>POWERAPPSFREE (e61a2945-1d4e-4523-b6e7-30ba39d20f32) | EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>LOGIC FLOWS (0b4346bb-8dc3-4079-9dfc-513696f56039)<br/>MICROSOFT POWER VIDEOS BASIC (2c4ec2dc-c62d-4167-a966-52a3e6374015)<br/>MICROSOFT POWERAPPS (e61a2945-1d4e-4523-b6e7-30ba39d20f32) |
+| PowerApps per app baseline access | POWERAPPS_PER_APP_IW | bf666882-9c9b-4b2e-aa2f-4789b0a52ba2 | CDS_PER_APP_IWTRIAL (94a669d1-84d5-4e54-8462-53b0ae2c8be5)<br/>Flow_Per_APP_IWTRIAL (dd14867e-8d31-4779-a595-304405f5ad39)<br/>POWERAPPS_PER_APP_IWTRIAL (35122886-cef5-44a3-ab36-97134eabd9ba) | CDS Per app baseline access (94a669d1-84d5-4e54-8462-53b0ae2c8be5)<br/>Flow per app baseline access (dd14867e-8d31-4779-a595-304405f5ad39)<br/>PowerApps per app baseline access (35122886-cef5-44a3-ab36-97134eabd9ba) |
| Power Automate per flow plan | FLOW_BUSINESS_PROCESS | b3a42176-0a8c-4c3f-ba4e-f2b37fe5be6b | CDS_Flow_Business_Process (c84e52ae-1906-4947-ac4d-6fb3e5bf7c2e)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>FLOW_BUSINESS_PROCESS (7e017b61-a6e0-4bdc-861a-932846591f6e) | Common data service for Flow per business process plan (c84e52ae-1906-4947-ac4d-6fb3e5bf7c2e)<br/>Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Flow per business process plan (7e017b61-a6e0-4bdc-861a-932846591f6e) |
+| Power Automate per user plan | FLOW_PER_USER | 4a51bf65-409c-4a91-b845-1121b571cc9d | DYN365_CDS_P2 (6ea4c1ef-c259-46df-bce2-943342cd3cb2)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>FLOW_PER_USER (c5002c70-f725-4367-b409-f0eff4fee6c0) | Common Data Service - P2 (6ea4c1ef-c259-46df-bce2-943342cd3cb2)<br/>Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Flow per user plan (c5002c70-f725-4367-b409-f0eff4fee6c0) |
+| Power Automate per user plan dept | FLOW_PER_USER_DEPT | d80a4c5d-8f05-4b64-9926-6574b9e6aee4 | DYN365_CDS_P2 (6ea4c1ef-c259-46df-bce2-943342cd3cb2)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/> FLOW_PER_USER (c5002c70-f725-4367-b409-f0eff4fee6c0) | Common Data Service - P2 (6ea4c1ef-c259-46df-bce2-943342cd3cb2)<br/>Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Flow per user plan (c5002c70-f725-4367-b409-f0eff4fee6c0) |
+| Power Automate per user with attended RPA plan | POWERAUTOMATE_ATTENDED_RPA | eda1941c-3c4f-4995-b5eb-e85a42175ab9 | CDS_ATTENDED_RPA (3da2fd4c-1bee-4b61-a17f-94c31e5cab93)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>POWER_AUTOMATE_ATTENDED_RPA (375cd0ad-c407-49fd-866a-0bff4f8a9a4d) | Common Data Service Attended RPA (3da2fd4c-1bee-4b61-a17f-94c31e5cab93)<br/>Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Power Automate RPA Attended (375cd0ad-c407-49fd-866a-0bff4f8a9a4d) |
| Power Automate unattended RPA add-on | POWERAUTOMATE_UNATTENDED_RPA | 3539d28c-6e35-4a30-b3a9-cd43d5d3e0e2 |CDS_UNATTENDED_RPA (b475952f-128a-4a44-b82a-0b98a45ca7fb)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>POWER_AUTOMATE_UNATTENDED_RPA (0d373a98-a27a-426f-8993-f9a425ae99c5) | Common Data Service Unattended RPA (b475952f-128a-4a44-b82a-0b98a45ca7fb)<br/>Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Power Automate Unattended RPA add-on (0d373a98-a27a-426f-8993-f9a425ae99c5) |
-| POWER BI (FREE) | POWER_BI_STANDARD | a403ebcc-fae0-4ca2-8c8c-7a907fd6c235 | BI_AZURE_P0 (2049e525-b859-401b-b2a0-e0a31c4b1fe4)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318) | POWER BI (FREE) (2049e525-b859-401b-b2a0-e0a31c4b1fe4)<br/>EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318) |
+| Power BI | POWER_BI_INDIVIDUAL_USER | e2767865-c3c9-4f09-9f99-6eee6eef861a | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>SQL_IS_SSIM (fc0a60aa-feee-4746-a0e3-aecfe81a38dd)<br/>BI_AZURE_P1 (2125cfd7-2110-4567-83c4-c1cd5275163d) | Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Microsoft Power BI Information Services Plan 1 (fc0a60aa-feee-4746-a0e3-aecfe81a38dd)<br/>Microsoft Power BI Reporting and Analytics Plan 1 (2125cfd7-2110-4567-83c4-c1cd5275163d) |
+| Power BI (free) | POWER_BI_STANDARD | a403ebcc-fae0-4ca2-8c8c-7a907fd6c235 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>BI_AZURE_P0 (2049e525-b859-401b-b2a0-e0a31c4b1fe4) | Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Power BI (free) (2049e525-b859-401b-b2a0-e0a31c4b1fe4) |
| POWER BI FOR OFFICE 365 ADD-ON | POWER_BI_ADDON | 45bc2c81-6072-436a-9b0b-3b12eefbc402 | BI_AZURE_P1 (2125cfd7-2110-4567-83c4-c1cd5275163d)<br/>SQL_IS_SSIM (fc0a60aa-feee-4746-a0e3-aecfe81a38dd) |MICROSOFT POWER BI REPORTING AND ANALYTICS PLAN 1 (2125cfd7-2110-4567-83c4-c1cd5275163d)<br/>MICROSOFT POWER BI INFORMATION SERVICES PLAN 1(fc0a60aa-feee-4746-a0e3-aecfe81a38dd) |
+| Power BI Premium P1 | PBI_PREMIUM_P1_ADDON | 7b26f5ab-a763-4c00-a1ac-f6c4b5506945 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>PBI_PREMIUM_P1_ADDON (9da49a6d-707a-48a1-b44a-53dcde5267f8) | Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Power BI Premium P1 (9da49a6d-707a-48a1-b44a-53dcde5267f8 |
| Power BI Premium Per User | PBI_PREMIUM_PER_USER | c1d032e0-5619-4761-9b5c-75b6831e1711 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>BI_AZURE_P3 (0bf3c642-7bb5-4ccc-884e-59d09df0266c)<br/>BI_AZURE_P2 (70d33638-9c74-4d01-bfd3-562de28bd4ba) | Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Power BI Premium Per User (0bf3c642-7bb5-4ccc-884e-59d09df0266c)<br/>Power BI Pro (70d33638-9c74-4d01-bfd3-562de28bd4ba) |
-| POWER BI PRO | POWER_BI_PRO | f8a1db68-be16-40ed-86d5-cb42ce701560 | BI_AZURE_P2 (70d33638-9c74-4d01-bfd3-562de28bd4ba) | POWER BI PRO (70d33638-9c74-4d01-bfd3-562de28bd4ba) |
-| Power BI Pro | POWER_BI_PRO_CE | 420af87e-8177-4146-a780-3786adaffbca | EXCHANGE_S_FOUNDATION( 113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>BI_AZURE_P2 (70d33638-9c74-4d01-bfd3-562de28bd4ba) | Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Power BI Pro (70d33638-9c74-4d01-bfd3-562de28bd4ba) |
+| Power BI Premium Per User Add-On | PBI_PREMIUM_PER_USER_ADDON | de376a03-6e5b-42ec-855f-093fb50b8ca5 | BI_AZURE_P3 (0bf3c642-7bb5-4ccc-884e-59d09df0266c) | Power BI Premium Per User (0bf3c642-7bb5-4ccc-884e-59d09df0266c) |
+| Power BI Premium Per User Dept | PBI_PREMIUM_PER_USER_DEPT | f168a3fb-7bcf-4a27-98c3-c235ea4b78b4 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>BI_AZURE_P3 (0bf3c642-7bb5-4ccc-884e-59d09df0266c)<br/>BI_AZURE_P2 (70d33638-9c74-4d01-bfd3-562de28bd4ba) | Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Power BI Premium Per User (0bf3c642-7bb5-4ccc-884e-59d09df0266c)<br/>Power BI Pro (70d33638-9c74-4d01-bfd3-562de28bd4ba) |
+| Power BI Pro | POWER_BI_PRO | f8a1db68-be16-40ed-86d5-cb42ce701560 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>BI_AZURE_P2 (70d33638-9c74-4d01-bfd3-562de28bd4ba) | Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Power BI Pro (70d33638-9c74-4d01-bfd3-562de28bd4ba) |
+| Power BI Pro CE | POWER_BI_PRO_CE | 420af87e-8177-4146-a780-3786adaffbca | EXCHANGE_S_FOUNDATION( 113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>BI_AZURE_P2 (70d33638-9c74-4d01-bfd3-562de28bd4ba) | Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Power BI Pro (70d33638-9c74-4d01-bfd3-562de28bd4ba) |
+| Power BI Pro Dept | POWER_BI_PRO_DEPT | 3a6a908c-09c5-406a-8170-8ebb63c42882 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>BI_AZURE_P2 (70d33638-9c74-4d01-bfd3-562de28bd4ba) | Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Power BI Pro (70d33638-9c74-4d01-bfd3-562de28bd4ba) |
| Power Virtual Agent | VIRTUAL_AGENT_BASE | e4e55366-9635-46f4-a907-fc8c3b5ec81f | CDS_VIRTUAL_AGENT_BASE (0a0a23fa-fea1-4195-bb89-b4789cb12f7f)<br/>FLOW_VIRTUAL_AGENT_BASE (4b81a949-69a1-4409-ad34-9791a6ec88aa)<br/>VIRTUAL_AGENT_BASE (f6934f16-83d3-4f3b-ad27-c6e9c187b260) | Common Data Service for Virtual Agent Base (0a0a23fa-fea1-4195-bb89-b4789cb12f7f)<br/>Power Automate for Virtual Agent (4b81a949-69a1-4409-ad34-9791a6ec88aa)<br/>Virtual Agent Base (f6934f16-83d3-4f3b-ad27-c6e9c187b260) |
+| Power Virtual Agents Viral Trial | CCIBOTS_PRIVPREV_VIRAL | 606b54a9-78d8-4298-ad8b-df6ef4481c80 | DYN365_CDS_CCI_BOTS (cf7034ed-348f-42eb-8bbd-dddeea43ee81)<br/>CCIBOTS_PRIVPREV_VIRAL (ce312d15-8fdf-44c0-9974-a25a177125ee)<br/>FLOW_CCI_BOTS (5d798708-6473-48ad-9776-3acc301c40af) | Common Data Service for CCI Bots (cf7034ed-348f-42eb-8bbd-dddeea43ee81)<br/>Dynamics 365 AI for Customer Service Virtual Agents Viral (ce312d15-8fdf-44c0-9974-a25a177125ee)<br/>Flow for CCI Bots (5d798708-6473-48ad-9776-3acc301c40af) |
| PROJECT FOR OFFICE 365 | PROJECTCLIENT | a10d5e58-74da-4312-95c8-76be4e5b75a0 | PROJECT_CLIENT_SUBSCRIPTION (fafd7243-e5c1-4a3a-9e40-495efcb1d3c3) | PROJECT ONLINE DESKTOP CLIENT (fafd7243-e5c1-4a3a-9e40-495efcb1d3c3) |
-| PROJECT ONLINE ESSENTIALS | PROJECTESSENTIALS | 776df282-9fc0-4862-99e2-70e561b9909e | FORMS_PLAN_E1 (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>PROJECT_ESSENTIALS (1259157c-8581-4875-bca7-2ffb18c51bda)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97) | MICROSOFT FORMS (PLAN E1) (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>PROJECT ONLINE ESSENTIALS (1259157c-8581-4875-bca7-2ffb18c51bda)<br/>SHAREPOINT ONLINE (PLAN 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97) |
+| Project Online Essentials | PROJECTESSENTIALS | 776df282-9fc0-4862-99e2-70e561b9909e | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>FORMS_PLAN_E1 (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>PROJECT_ESSENTIALS (1259157c-8581-4875-bca7-2ffb18c51bda)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97) | Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Microsoft Forms (Plan E1) (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>Office for the web (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>Project Online Essentials (1259157c-8581-4875-bca7-2ffb18c51bda)<br/>SharePoint (Plan 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>Sway (a23b959c-7ce8-4e57-9140-b90eb88a9e97) |
| PROJECT ONLINE PREMIUM | PROJECTPREMIUM | 09015f9f-377f-4538-bbb5-f75ceb09358a | PROJECT_CLIENT_SUBSCRIPTION (fafd7243-e5c1-4a3a-9e40-495efcb1d3c3)<br/>SHAREPOINT_PROJECT (fe71d6c3-a2ea-4499-9778-da042bf08063)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014) | PROJECT ONLINE DESKTOP CLIENT (fafd7243-e5c1-4a3a-9e40-495efcb1d3c3)<br/>SHAREPOINT_PROJECT (fe71d6c3-a2ea-4499-9778-da042bf08063)<br/>SHAREPOINT ONLINE (PLAN 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014) | | PROJECT ONLINE PREMIUM WITHOUT PROJECT CLIENT | PROJECTONLINE_PLAN_1 | 2db84718-652c-47a7-860c-f10d8abbdae3 | FORMS_PLAN_E1 (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>SHAREPOINT_PROJECT (fe71d6c3-a2ea-4499-9778-da042bf08063)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97) | MICROSOFT FORMS (PLAN E1) (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>SHAREPOINT_PROJECT (fe71d6c3-a2ea-4499-9778-da042bf08063)<br/>SHAREPOINT ONLINE (PLAN 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97) |
-| PROJECT ONLINE PROFESSIONAL | PROJECTPROFESSIONAL | 53818b1b-4a27-454b-8896-0dba576410e6 | PROJECT_CLIENT_SUBSCRIPTION (fafd7243-e5c1-4a3a-9e40-495efcb1d3c3)<br/>SHAREPOINT_PROJECT (fe71d6c3-a2ea-4499-9778-da042bf08063)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014) | PROJECT ONLINE DESKTOP CLIENT (fafd7243-e5c1-4a3a-9e40-495efcb1d3c3)<br/>SHAREPOINT_PROJECT (fe71d6c3-a2ea-4499-9778-da042bf08063)<br/>SHAREPOINT ONLINE (PLAN 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014) |
| PROJECT ONLINE WITH PROJECT FOR OFFICE 365 | PROJECTONLINE_PLAN_2 | f82a60b8-1ee3-4cfb-a4fe-1c6a53c2656c | FORMS_PLAN_E1 (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>PROJECT_CLIENT_SUBSCRIPTION (fafd7243-e5c1-4a3a-9e40-495efcb1d3c3)<br/>SHAREPOINT_PROJECT (fe71d6c3-a2ea-4499-9778-da042bf08063)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97) | MICROSOFT FORMS (PLAN E1) (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>PROJECT ONLINE DESKTOP CLIENT (fafd7243-e5c1-4a3a-9e40-495efcb1d3c3)<br/>SHAREPOINT_PROJECT (fe71d6c3-a2ea-4499-9778-da042bf08063)<br/>SHAREPOINT ONLINE (PLAN 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97) | | PROJECT PLAN 1 | PROJECT_P1 | beb6439c-caad-48d3-bf46-0c82871e12be | DYN365_CDS_FOR_PROJECT_P1 (a6f677b3-62a6-4644-93e7-2a85d240845e)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Power_Automate_For_Project_P1 (00283e6b-2bd8-440f-a2d5-87358e4c89a1)<br/>PROJECT_ESSENTIALS (1259157c-8581-4875-bca7-2ffb18c51bda)<br/>PROJECT_P1 (4a12c688-56c6-461a-87b1-30d6f32136f9)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1) | COMMON DATA SERVICE FOR PROJECT P1 (a6f677b3-62a6-4644-93e7-2a85d240845e)<br/>EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>POWER AUTOMATE FOR PROJECT P1 (00283e6b-2bd8-440f-a2d5-87358e4c89a1)<br/>PROJECT ONLINE ESSENTIALS (1259157c-8581-4875-bca7-2ffb18c51bda)<br/>PROJECT P1 (4a12c688-56c6-461a-87b1-30d6f32136f9)<br/>SHAREPOINT (c7699d2e-19aa-44de-8edf-1736da088ca1) |
+| Project Plan 3 | PROJECTPROFESSIONAL | 53818b1b-4a27-454b-8896-0dba576410e6 | DYN365_CDS_PROJECT (50554c47-71d9-49fd-bc54-42a2765c555c)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>FLOW_FOR_PROJECT (fa200448-008c-4acb-abd4-ea106ed2199d)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>PROJECT_CLIENT_SUBSCRIPTION (fafd7243-e5c1-4a3a-9e40-495efcb1d3c3)<br/>SHAREPOINT_PROJECT (fe71d6c3-a2ea-4499-9778-da042bf08063)<br/>PROJECT_PROFESSIONAL (818523f5-016b-4355-9be8-ed6944946ea7)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72) | Common Data Service for Project (50554c47-71d9-49fd-bc54-42a2765c555c)<br/>Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Flow for Project (fa200448-008c-4acb-abd4-ea106ed2199d)<br/>Office for the web (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>Project Online Desktop Client (fafd7243-e5c1-4a3a-9e40-495efcb1d3c3)<br/>Project Online Service (fe71d6c3-a2ea-4499-9778-da042bf08063)<br/>Project P3 (818523f5-016b-4355-9be8-ed6944946ea7)<br/>SharePoint (Plan 2) (5dbe027f-2339-4123-9542-606e4d348a72) |
| Project Plan 3 for GCC | PROJECTPROFESSIONAL_GOV | 074c6829-b3a0-430a-ba3d-aca365e57065 | SHAREPOINTWAC_GOV (8f9f0f3b-ca90-406c-a842-95579171f8ec)<br/>PROJECT_CLIENT_SUBSCRIPTION_GOV (45c6831b-ad74-4c7f-bd03-7c2b3fa39067)<br/>SHAREPOINT_PROJECT_GOV (e57afa78-1f19-4542-ba13-b32cd4d8f472)<br/>SHAREPOINTENTERPRISE_GOV (153f85dd-d912-4762-af6c-d6e0fb4f6692) | Office for the web (Government) (8f9f0f3b-ca90-406c-a842-95579171f8ec)<br/>Project Online Desktop Client for Government(45c6831b- ad74-4c7f-bd03-7c2b3fa39067)<br/>Project Online Service for Government (e57afa78-1f19-4542-ba13-b32cd4d8f472)<br/>SharePoint Plan 2G (153f85dd-d912-4762-af6c-d6e0fb4f6692) | | Project Plan 5 for GCC | PROJECTPREMIUM_GOV | f2230877-72be-4fec-b1ba-7156d6f75bd6 | EXCHANGE_S_FOUNDATION_GOV (922ba911-5694-4e99-a794-73aed9bfeec8)<br/>SHAREPOINTWAC_GOV (8f9f0f3b-ca90-406c-a842-95579171f8ec)<br/>PROJECT_CLIENT_SUBSCRIPTION_GOV (45c6831b-ad74-4c7f-bd03-7c2b3fa39067)<br/>SHAREPOINT_PROJECT_GOV (e57afa78-1f19-4542-ba13-b32cd4d8f472)<br/>SHAREPOINTENTERPRISE_GOV (153f85dd-d912-4762-af6c-d6e0fb4f6692) | Exchange Foundation for Government (922ba911-5694-4e99-a794-73aed9bfeec8)<br/>Office for the web (Government) (8f9f0f3b-ca90-406c-a842-95579171f8ec)<br/>Project Online Desktop Client for Government (45c6831b-ad74-4c7f-bd03-7c2b3fa39067)<br/>Project Online Service for Government (e57afa78-1f19-4542-ba13-b32cd4d8f472)<br/>SharePoint Plan 2G (153f85dd-d912-4762-af6c-d6e0fb4f6692) |
+| Rights Management Adhoc | RIGHTSMANAGEMENT_ADHOC | 8c4ce438-32a7-4ac5-91a6-e22ae08d9c8b | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>RMS_S_ADHOC (7a39d7dd-e456-4e09-842a-0204ee08187b) | Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Rights Management Adhoc (7a39d7dd-e456-4e09-842a-0204ee08187b) |
| Rights Management Service Basic Content Protection | RMSBASIC | 093e8d14-a334-43d9-93e3-30589a8b47d0 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>RMS_S_BASIC (31cf2cfc-6b0d-4adc-a336-88b724ed8122) | Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Microsoft Azure Rights Management Service (31cf2cfc-6b0d-4adc-a336-88b724ed8122) |
+| Sensor Data Intelligence Additional Machines Add-in for Dynamics 365 Supply Chain Management | DYN365_IOT_INTELLIGENCE_ADDL_MACHINES | 08e18479-4483-4f70-8f17-6f92156d8ea9 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>D365_IOTFORSCM_ADDITIONAL (a5f38206-2f48-4d83-9957-525f4e75e9c0) | Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>IoT Intelligence Add-in Additional Machines (a5f38206-2f48-4d83-9957-525f4e75e9c0) |
+| Sensor Data Intelligence Scenario Add-in for Dynamics 365 Supply Chain Management | DYN365_IOT_INTELLIGENCE_SCENARIO | 9ea4bdef-a20b-4668-b4a7-73e1f7696e0a | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>D365_IOTFORSCM (83dd9619-c7d5-44da-9250-dc4ee79fff7e) | Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Iot Intelligence Add-in for D365 Supply Chain Management (83dd9619-c7d5-44da-9250-dc4ee79fff7e) |
| SHAREPOINT ONLINE (PLAN 1) | SHAREPOINTSTANDARD | 1fc08a02-8b3d-43b9-831e-f76859e04e1a | SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1) | SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1) | | SHAREPOINT ONLINE (PLAN 2) | SHAREPOINTENTERPRISE | a9732ec9-17d9-494c-a51c-d6b45b384dcb | SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72) | SHAREPOINT ONLINE (PLAN 2) (5dbe027f-2339-4123-9542-606e4d348a72) |
+| SharePoint Syntex | Intelligent_Content_Services | f61d4aba-134f-44e9-a2a0-f81a5adb26e4 | CDS_O365_E5_KM (3069d530-e41b-421c-ad59-fb1001a23e11)<br/>Intelligent_Content_Services (f00bd55e-1633-416e-97c0-03684e42bc42)<br/>Intelligent_Content_Services_SPO_type (fd2e7f90-1010-487e-a11b-d2b1ae9651fc) | Common Data Service for SharePoint Syntex (3069d530-e41b-421c-ad59-fb1001a23e11)<br/>SharePoint Syntex (f00bd55e-1633-416e-97c0-03684e42bc42)<br/>SharePoint Syntex - SPO type (fd2e7f90-1010-487e-a11b-d2b1ae9651fc) |
| SKYPE FOR BUSINESS ONLINE (PLAN 1) | MCOIMP | b8b749f8-a4ef-4887-9539-c95b1eaa5db7 | MCOIMP (afc06cb0-b4f4-4473-8286-d644f70d8faf) | SKYPE FOR BUSINESS ONLINE (PLAN 1) (afc06cb0-b4f4-4473-8286-d644f70d8faf) | | SKYPE FOR BUSINESS ONLINE (PLAN 2) | MCOSTANDARD | d42c793f-6c78-4f43-92ca-e8f6a02b035f | MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c) | SKYPE FOR BUSINESS ONLINE (PLAN 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c) | | SKYPE FOR BUSINESS PSTN DOMESTIC AND INTERNATIONAL CALLING | MCOPSTN2 | d3b4fe1f-9992-4930-8acb-ca6ec609365e | MCOPSTN2 (5a10155d-f5c1-411a-a8ec-e99aae125390) | DOMESTIC AND INTERNATIONAL CALLING PLAN (5a10155d-f5c1-411a-a8ec-e99aae125390) | | SKYPE FOR BUSINESS PSTN DOMESTIC CALLING | MCOPSTN1 | 0dab259f-bf13-4952-b7f8-7db8f131b28d | MCOPSTN1 (4ed3ff63-69d7-4fb7-b984-5aec7f605ca8) | DOMESTIC CALLING PLAN (4ed3ff63-69d7-4fb7-b984-5aec7f605ca8) | | SKYPE FOR BUSINESS PSTN DOMESTIC CALLING (120 Minutes)| MCOPSTN5 | 54a152dc-90de-4996-93d2-bc47e670fc06 | MCOPSTN5 (54a152dc-90de-4996-93d2-bc47e670fc06) | DOMESTIC CALLING PLAN (54a152dc-90de-4996-93d2-bc47e670fc06) |
-| TOPIC EXPERIENCES | TOPIC_EXPERIENCES | 4016f256-b063-4864-816e-d818aad600c9 | GRAPH_CONNECTORS_SEARCH_INDEX_TOPICEXP (b74d57b2-58e9-484a-9731-aeccbba954f0)<br/>CORTEX (c815c93d-0759-4bb8-b857-bc921a71be83) | GRAPH CONNECTORS SEARCH WITH INDEX (b74d57b2-58e9-484a-9731-aeccbba954f0)<br/>TOPIC EXPERIENCES (c815c93d-0759-4bb8-b857-bc921a71be83)|
| TELSTRA CALLING FOR O365 | MCOPSTNEAU2 | de3312e1-c7b0-46e6-a7c3-a515ff90bc86 | MCOPSTNEAU (7861360b-dc3b-4eba-a3fc-0d323a035746) | AUSTRALIA CALLING PLAN (7861360b-dc3b-4eba-a3fc-0d323a035746) |
+| Universal Print | UNIVERSAL_PRINT | 9f3d9c1d-25a5-4aaa-8e59-23a1e6450a67 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>UNIVERSAL_PRINT_01 (795f6fe0-cc4d-4773-b050-5dde4dc704c9) | Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Universal Print (795f6fe0-cc4d-4773-b050-5dde4dc704c9) |
+| Visio Plan 1 | VISIO_PLAN1_DEPT | ca7f3140-d88c-455b-9a1c-7f0679e31a76 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>ONEDRIVE_BASIC (da792a53-cbc0-4184-a10d-e544dd34b3c1)<br/>VISIOONLINE (2bdbaf8f-738f-4ac7-9234-3c3ee2ce7d0f) | Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>OneDrive for business Basic (da792a53-cbc0-4184-a10d-e544dd34b3c1)<br/>Visio web app (2bdbaf8f-738f-4ac7-9234-3c3ee2ce7d0f) |
| VISIO ONLINE PLAN 1 | VISIOONLINE_PLAN1 | 4b244418-9658-4451-a2b8-b5e2b364e9bd | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>ONEDRIVE_BASIC (da792a53-cbc0-4184-a10d-e544dd34b3c1)<br/>VISIOONLINE (2bdbaf8f-738f-4ac7-9234-3c3ee2ce7d0f) | EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>ONEDRIVE FOR BUSINESS BASIC (da792a53-cbc0-4184-a10d-e544dd34b3c1)<br/>VISIO WEB APP (2bdbaf8f-738f-4ac7-9234-3c3ee2ce7d0f) | | VISIO ONLINE PLAN 2 | VISIOCLIENT | c5928f49-12ba-48f7-ada3-0d743a3601d5 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>ONEDRIVE_BASIC (da792a53-cbc0-4184-a10d-e544dd34b3c1)<br/>VISIO_CLIENT_SUBSCRIPTION (663a804f-1c30-4ff0-9915-9db84f0d1cea)<br/>VISIOONLINE (2bdbaf8f-738f-4ac7-9234-3c3ee2ce7d0f) | EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>ONEDRIVE FOR BUSINESS BASIC (da792a53-cbc0-4184-a10d-e544dd34b3c1)<br/>VISIO DESKTOP APP (663a804f-1c30-4ff0-9915-9db84f0d1cea)<br/>VISIO WEB APP (2bdbaf8f-738f-4ac7-9234-3c3ee2ce7d0f) | | VISIO PLAN 2 FOR GCC | VISIOCLIENT_GOV | 4ae99959-6b0f-43b0-b1ce-68146001bdba | EXCHANGE_S_FOUNDATION_GOV (922ba911-5694-4e99-a794-73aed9bfeec8)<br/>ONEDRIVE_BASIC_GOV (98709c2e-96b5-4244-95f5-a0ebe139fb8a)<br/>VISIO_CLIENT_SUBSCRIPTION_GOV (f85945f4-7a55-4009-bc39-6a5f14a8eac1)<br/>VISIOONLINE_GOV (8a9ecb07-cfc0-48ab-866c-f83c4d911576) | EXCHANGE FOUNDATION FOR GOVERNMENT (922ba911-5694-4e99-a794-73aed9bfeec8)<br/>ONEDRIVE FOR BUSINESS BASIC FOR GOVERNMENT (98709c2e-96b5-4244-95f5-a0ebe139fb8a)<br/>VISIO DESKTOP APP FOR Government (f85945f4-7a55-4009-bc39-6a5f14a8eac1)<br/>VISIO WEB APP FOR GOVERNMENT (8a9ecb07-cfc0-48ab-866c-f83c4d911576) |
+|Viva Topics | TOPIC_EXPERIENCES | 4016f256-b063-4864-816e-d818aad600c9 | GRAPH_CONNECTORS_SEARCH_INDEX_TOPICEXP (b74d57b2-58e9-484a-9731-aeccbba954f0)<br/>CORTEX (c815c93d-0759-4bb8-b857-bc921a71be83) | Graph Connectors Search with Index (Viva Topics) (b74d57b2-58e9-484a-9731-aeccbba954f0)<br/>Viva Topics (c815c93d-0759-4bb8-b857-bc921a71be83) |
| WINDOWS 10 ENTERPRISE E3 | WIN10_PRO_ENT_SUB | cb10e6cd-9da4-4992-867b-67546b1db821 | WIN10_PRO_ENT_SUB (21b439ba-a0ca-424f-a6cc-52f954a5b111) | WINDOWS 10 ENTERPRISE (21b439ba-a0ca-424f-a6cc-52f954a5b111) | | WINDOWS 10 ENTERPRISE E3 | WIN10_VDA_E3 | 6a0f6da5-0b87-4190-a6ae-9bb5a2b9546a | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>UNIVERSAL_PRINT_01 (795f6fe0-cc4d-4773-b050-5dde4dc704c9)<br/>Virtualization Rights for Windows 10 (E3/E5+VDA) (e7c91390-7625-45be-94e0-e16907e03118)<br/>WINDOWSUPDATEFORBUSINESS_DEPLOYMENTSERVICE (7bf960f6-2cd9-443a-8046-5dbff9558365) | EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>UNIVERSAL PRINT (795f6fe0-cc4d-4773-b050-5dde4dc704c9)<br/>WINDOWS 10 ENTERPRISE (NEW) (e7c91390-7625-45be-94e0-e16907e03118)<br/>WINDOWS UPDATE FOR BUSINESS DEPLOYMENT SERVICE (7bf960f6-2cd9-443a-8046-5dbff9558365) |
-| Windows 10 Enterprise E5 | WIN10_VDA_E5 | 488ba24a-39a9-4473-8ee5-19291e71b002 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>WINDEFATP (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>Virtualization Rights for Windows 10 (E3/E5+VDA) (e7c91390-7625-45be-94e0-e16907e03118) | Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>MICROSOFT DEFENDER FOR ENDPOINT (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>Windows 10 Enterprise (New) (e7c91390-7625-45be-94e0-e16907e03118) |
+| Windows 10 Enterprise E5 | WIN10_VDA_E5 | 488ba24a-39a9-4473-8ee5-19291e71b002 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>WINDEFATP (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>UNIVERSAL_PRINT_01 (795f6fe0-cc4d-4773-b050-5dde4dc704c9)<br/>Virtualization Rights for Windows 10 (E3/E5+VDA) (e7c91390-7625-45be-94e0-e16907e03118)<br/>WINDOWSUPDATEFORBUSINESS_DEPLOYMENTSERVICE (7bf960f6-2cd9-443a-8046-5dbff9558365) | Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Microsoft Defender For Endpoint (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>Universal Print (795f6fe0-cc4d-4773-b050-5dde4dc704c9)<br/>Windows 10 Enterprise (New) (e7c91390-7625-45be-94e0-e16907e03118)<br/>Windows Update for Business Deployment Service (7bf960f6-2cd9-443a-8046-5dbff9558365) |
| Windows 10 Enterprise E5 Commercial (GCC Compatible) | WINE5_GCC_COMPAT | 938fd547-d794-42a4-996c-1cc206619580 | EXCHANGE_S_FOUNDATION_GOV (922ba911-5694-4e99-a794-73aed9bfeec8)<br/>WINDEFATP (871d91ec-ec1a-452b-a83f-bd76c7d770ef))<br/>Virtualization Rights for Windows 10 (E3/E5+VDA) (e7c91390-7625-45be-94e0-e16907e03118) | Exchange Foundation for Government (922ba911-5694-4e99-a794-73aed9bfeec8)<br/>Microsoft Defender For Endpoint (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>Windows 10 Enterprise (New) (e7c91390-7625-45be-94e0-e16907e03118) | | WINDOWS STORE FOR BUSINESS | WINDOWS_STORE | 6470687e-a428-4b7a-bef2-8a291ad947c9 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>WINDOWS_STORE (a420f25f-a7b3-4ff5-a9d0-5d58f73b537d) | EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>WINDOWS STORE SERVICE (a420f25f-a7b3-4ff5-a9d0-5d58f73b537d) |
+| Microsoft Workplace Analytics | WORKPLACE_ANALYTICS | 3d957427-ecdc-4df2-aacd-01cc9d519da8 | WORKPLACE_ANALYTICS (f477b0f0-3bb1-4890-940c-40fcee6ce05f)<br/>WORKPLACE_ANALYTICS_INSIGHTS_BACKEND (ff7b261f-d98b-415b-827c-42a3fdf015af)<br/>WORKPLACE_ANALYTICS_INSIGHTS_USER (b622badb-1b45-48d5-920f-4b27a2c0996c) | Microsoft Workplace Analytics (f477b0f0-3bb1-4890-940c-40fcee6ce05f)<br/>Microsoft Workplace Analytics Insights Backend (ff7b261f-d98b-415b-827c-42a3fdf015af)<br/>Microsoft Workplace Analytics Insights User (b622badb-1b45-48d5-920f-4b27a2c0996c) |
## Service plans that cannot be assigned at the same time
active-directory Google Federation https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/external-identities/google-federation.md
Previously updated : 07/13/2021 Last updated : 08/17/2021 -+ # Add Google as an identity provider for B2B guest users
-By setting up federation with Google, you can allow invited users to sign in to your shared apps and resources with their own Gmail accounts, without having to create Microsoft accounts.
-
-After you've added Google as one of your application's sign-in options, on the **Sign in** page, a user can simply enter the email they use to sign in to Google, or they can select **Sign-in options** and choose **Sign in with Google**. In either case, they'll be redirected to the Google sign-in page for authentication.
+By setting up federation with Google, you can allow invited users to sign in to your shared apps and resources with their own Gmail accounts, without having to create Microsoft accounts. After you've added Google as one of your application's sign-in options, on the **Sign in** page, a user can simply enter the Gmail address they use to sign in to Google.
![Sign in options for Google users](media/google-federation/sign-in-with-google-overview.png)
First, create a new project in the Google Developers Console to obtain a client
11. Under **Application type**, select **Web application**. Give the application a suitable name, like **Azure AD B2B**. Under **Authorized redirect URIs**, enter the following URIs: - `https://login.microsoftonline.com` - `https://login.microsoftonline.com/te/<tenant ID>/oauth2/authresp` <br>(where `<tenant ID>` is your tenant ID)
+ - `https://login.microsoftonline.com/te/<tenant name>.onmicrosoft.com/oauth2/authresp` <br>(where `<tenant name>` is your tenant name)
> [!NOTE] > To find your tenant ID, go to the [Azure portal](https://portal.azure.com). Under **Azure Active Directory**, select **Properties** and copy the **Tenant ID**.
First, create a new project in the Google Developers Console to obtain a client
![Screenshot that shows the OAuth client ID and client secret.](media/google-federation/google-auth-client-id-secret.png)
+13. You can leave your project at a publishing status of **Testing** and add test users to the OAuth consent screen. Or you can select the **Publish app** button on the OAuth consent screen to make the app available to any user with a Google Account.
+ ## Step 2: Configure Google federation in Azure AD You'll now set the Google client ID and client secret. You can use the Azure portal or PowerShell to do so. Be sure to test your Google federation configuration by inviting yourself. Use a Gmail address and try to redeem the invitation with your invited Google account.
You'll now set the Google client ID and client secret. You can use the Azure por
> [!NOTE] > Use the client ID and client secret from the app you created in "Step 1: Configure a Google developer project." For more information, see [New-AzureADMSIdentityProvider](/powershell/module/azuread/new-azureadmsidentityprovider?view=azureadps-2.0-preview&preserve-view=true).
-
+ ## How do I remove Google federation? You can delete your Google federation setup. If you do so, Google guest users who have already redeemed their invitation won't be able to sign in. But you can give them access to your resources again by [resetting their redemption status](reset-redemption-status.md).
active-directory Users Default Permissions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/fundamentals/users-default-permissions.md
Users can perform the following actions on owned devices.
#### Owned groups Users can perform the following actions on owned groups.
+> [!NOTE]
+> Owners of dynamic groups must have a Global administrator, Group administrator, Intune administrator, or User administrator role to edit group membership rules. For more information, see [Create or update a dynamic group in Azure Active Directory](../enterprise-users/groups-create-rule.md).
+ | **Actions** | **Description** | | | | | microsoft.directory/groups/appRoleAssignments/update | Update groups.appRoleAssignments property in Azure Active Directory. |
active-directory Reference Connect Version History Archive https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/hybrid/reference-connect-version-history-archive.md
Last updated 07/23/2020
+ # Azure AD Connect: Version release history archive
active-directory Reference Connect Version History https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/hybrid/reference-connect-version-history.md
Last updated 03/16/2021 +
Please follow this link to read more about [auto upgrade](how-to-connect-install
> >For version history information on retired versions, see [Azure AD Connect version release history archive](reference-connect-version-history-archive.md)
+## 2.0.10.0
+
+>[!NOTE]
+>This is a hotfix update release of Azure AD Connect. This release requires Windows Server 2016 or newer. This hotfix addresses an issue that is present in version 2.0 as well as in Azure AD Connect version 1.6. If you are running Azure AD Connect on an older Windows Server you should install the [1.6.13.0](#16130) build instead.
+
+### Release status
+8/19/2021: Released for download only, not available for auto upgrade.
+
+### Bug fixes
+
+ - We fixed a bug where, when a domain is renamed, Password Hash Sync would fail with an error indicating "a specified cast is not valid" in the Event log. This is a regression from earlier builds.
+
+## 1.6.13.0
+>[!NOTE]
+>This is a hotfix update release of Azure AD Connect. This release is intended for customers who are running Azure AD Connect on a server with Windows Server 2012 or 2012 R2.
+
+8/19/2021: Released for download only, not available for auto upgrade.
+
+### Bug fixes
+
+ - We fixed a bug where, when a domain is renamed, Password Hash Sync would fail with an error indicating "a specified cast is not valid" in the Event log. This is a regression from earlier builds.
+
+### Functional changes
+There are no functional changes in this release
+
+## 2.0.9.0
+
+### Release status
+8/17/2021: Released for download only, not available for auto upgrade.
+
+### Bug fixes
+>[!NOTE]
+>This is a hotfix update release of Azure AD Connect. This release requires Windows Server 2016 or newer. This release addresses an issue that is present in version 2.0.8.0, this issue is not present in Azure AD Connect version 1.6
+
+ - We fixed a bug where, when syncing a large number of Password Hash Sync transactions, the Event log entry length would exceed the maximum allowed length for a Password Hash Sync event entry. We now split the lengthy log entry into multiple entries.
+ ## 2.0.8.0 >[!NOTE] >This is a security update release of Azure AD Connect. This release requires Windows Server 2016 or newer. If you are using an older version of Windows Server, please use [version 1.6.11.3](#16113).
active-directory Whatis Azure Ad Connect V2 https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/hybrid/whatis-azure-ad-connect-v2.md
Last updated 06/24/2021 -+ # Introduction to Azure AD Connect V2.0
You should upgrade to Azure AD Connect V2.0 as soon as you can. For the time bei
**I use an external SQL database and do not use SQL 2012 LocalDb ΓÇô do I still have to upgrade?** </br> Yes, you still need to upgrade to remain in a supported state even if you do not use SQL Server 2012, due to the TLS1.0/1.1 and ADAL deprecation.
+**After the upgrade of my Azure AD Connect instance to V2.0, will the SQL 2012 components automatically get uninstalled?** </br>
+No, the upgrade to SQL 2019 does not remove any SQL 2012 components from your server. If you no longer need these components then you should follow [the SQL Server uninstallation instructions](https://docs.microsoft.com/sql/sql-server/install/uninstall-an-existing-instance-of-sql-server-setup).
+ **What happens if I do not upgrade?** </br> Until one of the components that are being retired are actually deprecated, you will not see any impact. Azure AD Connect will keep on working.
This is a known issue. To resolve this, restart your PowerShell session after i
- [Express settings](how-to-connect-install-express.md) - [Customized settings](how-to-connect-install-custom.md)
-This article describes the upgrade from older Windows Server versions to Windows Server 2019.
+This article describes the upgrade from older Windows Server versions to Windows Server 2019.
active-directory Assign App Owners https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/assign-app-owners.md
+
+ Title: Assign enterprise application owners - Azure AD | Microsoft Docs
+description: Assign owners to applications in Azure Active Directory
+
+documentationcenter: ''
++++++ Last updated : 08/03/2021+
+#Customer intent: As an Azure AD administrator, I want to assign owners to enterprise applications.
+++
+# Assign enterprise application owners
+
+Assigning owners is a simple way to grant the ability to manage all aspects of Azure AD configuration for a specific application registration or enterprise application. As an owner, a user can manage the organization-specific configuration of the enterprise application, such as the single sign-on configuration, provisioning, and user assignments. An owner can also add or remove other owners. Unlike Global Administrators, owners can manage only the enterprise applications they own.
+
+Only users can be owners of enterprise applications. Groups cannot be assigned as owners. Owners can add credentials to an application and use those credentials to impersonate the applicationΓÇÖs identity. The application may have more permissions than the owner, and thus would be an elevation of privilege over what the owner has access to as a user or service principal.
+
+An application owner could potentially create or update users or other objects while impersonating the application, depending on the application's permissions. Owners of applications have the same permissions as application administrators scoped to an individual application. For more information, see [Azure AD built-in roles](../roles/permissions-reference.md#application-administrator).
+
+## Assign an owner
+
+To assign an owner to an enterprise application:
+
+1. Sign in to [your Azure AD organization](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview) with an account that is eligible for the **Application Administrator** role or the **Cloud Application Administrator** role for the organization.
+2. Select **Enterprise applications**, and then select the application that you want to add an owner to.
+3. Select **Owners**, and then select **Add** to get a list of user accounts that you can choose an owner from.
+4. Search for and select the user account that you want to be an owner of the application.
+5. Click **Select** to add the user account that you chose as an owner of the application.
+
+> [!NOTE]
+> If the user setting **Restrict access to Azure AD administration portal** is set to `Yes`, non-admin users will not be able to use the Azure portal to manage the applications they own. For more information about the actions that can be performed on owned enterprise applications, see [Owned enterprise applications](../fundamentals/users-default-permissions.md#owned-enterprise-applications).
+
+## Next steps
+
+- [Delegate app registration permissions in Azure Active Directory](../roles/delegate-app-roles.md)
active-directory Secure Hybrid Access https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/secure-hybrid-access.md
Title: Azure AD secure hybrid access | Microsoft Docs
-description: This article describes partner solutions for integrating your legacy on-premises, public cloud, or private cloud applications with Azure AD. Secure your legacy apps by connecting app delivery controllers or networks to Azure AD.
+description: This article describes partner solutions for integrating your legacy on-premises, public cloud, or private cloud applications with Azure AD.
-+ Previously updated : 2/16/2021- Last updated : 8/17/2021+ - # Secure hybrid access: Secure legacy apps with Azure Active Directory You can now protect your on-premises and cloud legacy authentication applications by connecting them to Azure Active Directory (AD) with: -- [Azure AD Application Proxy](#secure-hybrid-access-sha-through-azure-ad-application-proxy)
+- [Azure AD Application Proxy](#secure-hybrid-access-through-azure-ad-application-proxy)
-- [Your existing application delivery controllers and networks](#sha-through-networking-and-delivery-controllers)
+- [Secure hybrid access partners](#secure-hybrid-access-through-azure-ad-partner-integrations)
-- [Virtual Private Network (VPN) and Software-Defined Perimeter (SDP) applications](#sha-through-vpn-and-sdp-applications)
+You can bridge the gap and strengthen your security posture across all applications with Azure AD capabilities like [Azure AD Conditional Access](https://docs.microsoft.com/azure/active-directory/conditional-access/overview) and [Azure AD Identity Protection](https://docs.microsoft.com/azure/active-directory/identity-protection/overview-identity-protection). By having Azure AD as an Identity provider (IDP), you can use modern authentication and authorization methods like [single sign-on (SSO)](https://docs.microsoft.com/azure/active-directory/manage-apps/what-is-single-sign-on) and [multifactor authentication (MFA)](https://docs.microsoft.com/azure/active-directory/authentication/concept-mfa-howitworks) to secure your on-premises legacy applications.
-You can bridge the gap and strengthen your security posture across all applications with Azure AD capabilities like Azure AD [Conditional Access](../conditional-access/overview.md) and Azure AD [Identity Protection](../identity-protection/overview-identity-protection.md).
-
-## Secure hybrid access (SHA) through Azure AD Application Proxy
+## Secure hybrid access through Azure AD Application Proxy
-Using [Application Proxy](../app-proxy/what-is-application-proxy.md) you can provide [secure remote access](../app-proxy/application-proxy.md) to your on-premises web applications. Your users donΓÇÖt require to use a VPN. Users benefit by easily connecting to their applications from any device after a [single sign-on](add-application-portal-setup-sso.md). Application Proxy provides remote access as a service and allows you to [easily publish your on-premise applications](../app-proxy/application-proxy-add-on-premises-application.md) to users outside the corporate network. It helps you scale your cloud access management without requiring you to modify your on-premises applications. [Plan an Azure AD Application Proxy deployment](../app-proxy/application-proxy-deployment-plan.md) as a next step.
-
-## Azure AD partner integrations
-
-### SHA through networking and delivery controllers
-
-In addition to [Azure AD Application Proxy](../app-proxy/what-is-application-proxy.md), to enable you to use the [Zero Trust framework](https://www.microsoft.com/security/blog/2020/04/02/announcing-microsoft-zero-trust-assessment-tool/), Microsoft partners with third-party providers. You can use your existing networking and delivery controllers, and easily protect legacy applications that are critical to your business processes but that you couldnΓÇÖt protect before with Azure AD. ItΓÇÖs likely you already have everything you need to start protecting these applications.
-
-![Image shows secure hybrid access with networking partners and app proxy](./media/secure-hybrid-access/secure-hybrid-access.png)
-
-The following networking vendors offer pre-built solutions and detailed guidance for integrating with Azure AD.
+Using [Application Proxy](https://docs.microsoft.com/azure/active-directory/app-proxy/what-is-application-proxy) you can provide [secure remote access](https://docs.microsoft.com/azure/active-directory/app-proxy/application-proxy-add-on-premises-application) to your on-premises web applications. Your users donΓÇÖt need to use a VPN. Users benefit by easily connecting to their applications from any device after a [SSO](https://docs.microsoft.com/azure/active-directory/app-proxy/application-proxy-config-sso-how-to#how-to-configure-single-sign-on). Application Proxy provides remote access as a service and allows you to [easily publish your on-premise applications](https://docs.microsoft.com/azure/active-directory/app-proxy/application-proxy-add-on-premises-application) to users outside the corporate network. It helps you scale your cloud access management without requiring you to modify your on-premises applications. [Plan an Azure AD Application Proxy](https://docs.microsoft.com/azure/active-directory/app-proxy/application-proxy-deployment-plan) deployment as a next step.
-- [Akamai Enterprise Application Access (EAA)](../saas-apps/akamai-tutorial.md)
+## Secure hybrid access through Azure AD partner integrations
-- [Citrix Application Delivery Controller (ADC)](../saas-apps/citrix-netscaler-tutorial.md)
+In addition to [Azure AD Application Proxy](https://aka.ms/whyappproxy), Microsoft partners with third-party providers to enable secure access to your on-premises applications and applications that use legacy authentication.
-- [F5 Big-IP APM](./f5-aad-integration.md)
+![Image shows secure hybrid access with app proxy and partners](./media/secure-hybrid-access/secure-hybrid-access.png)
-- [Kemp](../saas-apps/kemp-tutorial.md)
+The following partners offer pre-built solutions to support conditional access policies per application and provide detailed guidance for integrating with Azure AD.
-- [Pulse Secure Virtual Traffic Manager (VTM)](../saas-apps/pulse-secure-virtual-traffic-manager-tutorial.md)
+- [Akamai Enterprise Application Access](https://docs.microsoft.com/azure/active-directory/saas-apps/akamai-tutorial)
-### SHA through VPN and SDP applications
+- [Citrix Application Delivery Controller (ADC)](https://docs.microsoft.com/azure/active-directory/saas-apps/citrix-netscaler-tutorial)
-Using VPN and SDP solutions you can provide secure access to your enterprise network from any device, at any time, in any location while protecting your organizationΓÇÖs data. By having Azure AD as an Identity provider (IDP), you can use modern authentication and authorization methods like Azure AD [Single sign-on](./what-is-single-sign-on.md) and [Multi-factor authentication](../authentication/concept-mfa-howitworks.md) to secure your on-premises legacy applications.
+- [Datawiza Access Broker](https://docs.microsoft.com/azure/active-directory/manage-apps/add-application-portal-setup-oidc-sso)
-![Image shows secure hybrid access with VPN partners and app proxy ](./media/secure-hybrid-access/app-proxy-vpn.png)
+- [F5 Big-IP APM ADC](https://docs.microsoft.com/azure/active-directory/manage-apps/f5-aad-integration)
-The following VPN vendors offer pre-built solutions and detailed guidance for integrating with Azure AD.
+- [F5 Big-IP APM VPN](https://docs.microsoft.com/azure/active-directory/manage-apps/f5-aad-password-less-vpn)
-- [Cisco AnyConnect](../saas-apps/cisco-anyconnect.md)
+- [Kemp](https://docs.microsoft.com/azure/active-directory/saas-apps/kemp-tutorial)
-- [Fortinet](../saas-apps/fortigate-ssl-vpn-tutorial.md)
+- [Perimeter 81](https://docs.microsoft.com/azure/active-directory/saas-apps/perimeter-81-tutorial)
-- [F5 Big-IP APM](./f5-aad-password-less-vpn.md)
+- [Silverfort Authentication Platform](https://docs.microsoft.com/azure/active-directory/manage-apps/add-application-portal-setup-oidc-sso)
-- [Palo Alto Networks Global Protect](../saas-apps/paloaltoadmin-tutorial.md)
+- [Strata](https://docs.microsoft.com/azure/active-directory/saas-apps/maverics-identity-orchestrator-saml-connector-tutorial)
-- [Pulse Secure Pulse Connect Secure (PCS)](../saas-apps/pulse-secure-pcs-tutorial.md)
+The following partners offer pre-built solutions and detailed guidance for integrating with Azure AD.
-The following SDP vendors offer pre-built solutions and detailed guidance for integrating with Azure AD.
+- [Cisco AnyConnect](https://docs.microsoft.com/azure/active-directory/saas-apps/cisco-anyconnect)
-- [Datawiza Access Broker](./add-application-portal-setup-oidc-sso.md)
+- [Fortinet](https://docs.microsoft.com/azure/active-directory/saas-apps/fortigate-ssl-vpn-tutorial)
-- [Perimeter 81](../saas-apps/perimeter-81-tutorial.md)
+- [Palo Alto Networks Global Protect](https://docs.microsoft.com/azure/active-directory/saas-apps/paloaltoadmin-tutorial)
-- [Silverfort Authentication Platform](./add-application-portal-setup-oidc-sso.md)
+- [Pulse Secure Pulse Connect Secure (PCS)](https://docs.microsoft.com/azure/active-directory/saas-apps/pulse-secure-pcs-tutorial)
-- [Strata](../saas-apps/maverics-identity-orchestrator-saml-connector-tutorial.md)
+- [Pulse Secure Virtual Traffic Manager (VTM)](https://docs.microsoft.com/azure/active-directory/saas-apps/pulse-secure-virtual-traffic-manager-tutorial)
-- [Zscaler Private Access (ZPA)](../saas-apps/zscalerprivateaccess-tutorial.md)
+- [Zscaler Private Access (ZPA)](https://docs.microsoft.com/azure/active-directory/saas-apps/zscalerprivateaccess-tutorial)
active-directory Known Issues https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/managed-identities-azure-resources/known-issues.md
Last updated 04/08/2021 -+ # Known issues with Managed Identities
active-directory Services Support Managed Identities https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/managed-identities-azure-resources/services-support-managed-identities.md
Refer to the following list to configure access to Azure Resource
| Azure Germany | | Not Available | | Azure China 21Vianet | | Not Available |
+### Azure Cosmos DB
+
+| Cloud | Resource ID | Status |
+|--||:-:|
+| Azure Global | `https://<account>.documents.azure.com/`<br/><br/>`https://cosmos.azure.com` | ![Available][check] |
+| Azure Government | `https://<account>.documents.azure.us/`<br/><br/>`https://cosmos.azure.us` | ![Available][check] |
+| Azure Germany | `https://<account>.documents.microsoftazure.de/`<br/><br/>`https://cosmos.microsoftazure.de` | ![Available][check] |
+| Azure China 21Vianet | `https://<account>.documents.azure.cn/`<br/><br/>`https://cosmos.azure.cn` | ![Available][check] |
+ ### Azure SQL | Cloud | Resource ID | Status |
active-directory Concept Privileged Access Versus Role Assignable https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/privileged-identity-management/concept-privileged-access-versus-role-assignable.md
Title: What's eth difference between Privileged Access groups and role-assignable groups - Azure AD | Microsoft Docs
+ Title: What's the difference between Privileged Access groups and role-assignable groups - Azure AD | Microsoft Docs
description: Learn how to tell the difference between Privileged Access groups and role-assignable groups in Azure AD Privileged Identity Management (PIM). documentationcenter: ''
Azure AD lets you assign a cloud Azure AD security group to an Azure AD role. Gl
## What are Privileged Access groups?
-Privileged Access groups enable users to elevate to the owner or member role of an Azure AD security group. This feature allows you to set up just-in-time workflows for not only Azure AD and Azure roles in batches, and also enables just-in-time scenarios for other use cases like Azure SQL, Azure Key Vault, Intune, or other application roles.
+Privileged Access groups enable users to elevate to the owner or member role of an Azure AD security group. This feature allows you to set up just-in-time workflows for not only Azure AD and Azure roles in batches, and also enables just-in-time scenarios for other use cases like Azure SQL, Azure Key Vault, Intune, or other application roles. For more information, see [Management capabilities for Privileged Access groups](groups-features.md).
-Eligible members of the group also have their passwords reset by the Helpdesk Administrator role. You can also use Privileged Identity Management to manage access to the Helpdesk Administrator role can improve your security posture.
+>[!Note]
+>For privileged access groups used for elevating into Azure AD roles, Microsoft recommends that you require an approval process for eligible member assignments. Assignments that can be activated without approval can leave you vulnerable to a security risk from less-privileged administrators. For example, the Helpdesk Administrator has permission to reset an eligible user's passwords.
## When to use each type of group You can set up just-in-time access to permissions and roles beyond Azure AD and Azure Resource. If you have other resources whose authorization can be connected to an Azure AD security group (for Azure Key Vault, Intune, Azure SQL, or other apps and services), you should enable privileged access on the group and assign users as eligible for membership in the group.
-If you want to assign a group to an Azure AD or Azure Resource role and require activation via PIM, there are two ways you can achieve this result:
+If you want to assign a group to an Azure AD or Azure Resource role and require elevation through a PIM process, there are two ways to do it:
-- Assign the group as eligible for a role through PIM. Everyone in the group must activate their assignment to get access to the role. This path requires a role-assignable group for the Azure AD role, and a security group for Azure resources.
+- **Assign the group persistently to a role**. You then grant users eligible member access to the group in PIM. Eligible users must then activate their membership to get into the group that is permanently assigned to the role. This path requires a role-assignable group to be enabled in PIM as a privileged access group for the Azure AD role.
+- **Assign the group as eligible for a role** through PIM. Everyone in the group must activate their assignment to get access to the role. This path requires a role-assignable group for the Azure AD role, and a security group for Azure resources.
-- Assign the group as permanently active in a role. You then grant users eligible member access to the group in PIM. Eligible users must then activate their membership to get into the group that is permanently assigned to the role. This path requires a role-assignable group to be enabled in PIM as a privileged access group for the Azure AD role.
+ ![Diagram showing two ways to assign role using privileged access groups in PIM.](./media/concept-privileged-access-versus-role-assignable/concept-privileged-access.png)
Either of these methods will work for the end-to-end scenario. We recommend that you use the first method in most cases. You should use the second method only if you are trying to:
active-directory Pim How To Renew Extend https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/privileged-identity-management/pim-how-to-renew-extend.md
+
+ Title: Renew Azure AD role assignments in PIM - Azure Active Directory | Microsoft Docs
+description: Learn how to extend or renew Azure Active Directory role assignments in Azure AD Privileged Identity Management (PIM).
+
+documentationcenter: ''
++
+editor: markwahl-msft
++
+ na
+ms.devlang: na
++ Last updated : 08/06/2021+++++++
+# Extend or renew Azure AD role assignments in Privileged Identity Management
+
+Azure Active Directory (Azure AD) Privileged Identity Management (PIM) provides controls to manage the access and assignment lifecycle for Azure AD roles. Administrators can assign roles using start and end date-time properties. When the assignment end approaches, Privileged Identity Management sends email notifications to the affected users or groups. It also sends email notifications to Azure AD administrators to ensure that appropriate access is maintained. Assignments might be renewed and remain visible in an expired state for up to 30 days, even if access is not extended.
+
+## Who can extend and renew?
+
+Only Global Administrators or Privileged Role administrators can extend or renew Azure AD role assignments. The affected user or group can ask to extend roles that are about to expire and request to renew roles that are already expired.
+
+## When are notifications sent?
+
+Privileged Identity Management sends email notifications to administrators and affected user or groups of roles that are expiring within 14 days and one day prior to expiration. It sends another email when an assignment officially expires.
+
+Administrators receive notifications when a user or group assigned an expiring or expired role requests to extend or renew. When an administrator resolves a request as approved or denied, all other administrators are notified of the decision. Then the requesting user or group is notified of the decision.
+
+## Extend role assignments
+
+The following steps outline the process for requesting, resolving, or administering an extension or renewal of a role assignment.
+
+### Self-extend expiring assignments
+
+Users or groups assigned to a role can extend expiring role assignments directly from the **Eligible** or **Active** tab on the **My roles** page, either under **Azure AD roles** or from the top level **My roles** page of the Privileged Identity Management portal. Users or groups can request to extend eligible and active role assignments that expire in the next 14 days.
+
+![Azure AD roles - My roles page listing eligible roles with an Action column](./media/pim-how-to-renew-extend/pim-extend-link-in-portal.png)
+
+When the assignment end date and time is within 14 days, the button to **Extend** becomes an active link in the user interface. In the following example, assume the current date is March 27.
+
+![Action column with links to Activate or Extend](./media/pim-how-to-renew-extend/pim-extend-within-fourteen.png)
+
+To request an extension of this role assignment, select **Extend** to open the request form.
+
+![Extend role assignment pane with a Reason box](./media/pim-how-to-renew-extend/extend-role-assignment-request.png)
+
+Enter a reason for the extension request, and then select **Extend**.
+
+>[!NOTE]
+>We recommend including the details of why the extension is necessary, and for how long the extension should be granted (if you have this information).
+
+Administrators receive an email notification to review the extension request. If a request to extend has already been submitted, an Azure notification appears in the portal.
+
+![Notification explaining that there is already an existing pending role assignment extension](./media/pim-how-to-renew-extend/extend-notification.png)
+
+Go to the **Pending requests** page to view the status of your request or to cancel it.
+
+![Azure AD roles - Pending requests page listing any pending requested and a link to Cancel](./media/pim-how-to-renew-extend/pending-requests.png)
+
+### Admin approved extension
+
+When a user or group submits a request to extend a role assignment, administrators receive an email notification that contains the details of the original assignment and the reason for the request. The notification includes a direct link to the request for the administrator to approve or deny.
+
+In addition to using following the link from email, administrators can approve or deny requests by going to the Privileged Identity Management administration portal and selecting **Approve requests** in the left pane.
+
+![Azure AD roles - Approve requests page listing requests and links to approve or deny](./media/pim-how-to-renew-extend/extend-admin-approve-list.png)
+
+When an Administrator selects **Approve** or **Deny**, the details of the request are shown, along with a field to provide a business justification for the audit logs.
+
+![Approve role assignment request with requestor reason, assignment type, start time, end time, and reason](./media/pim-how-to-renew-extend/extend-admin-approve-form.png)
+
+When approving a request to extend role assignment, administrators can choose a new start date, end date, and assignment type. Changing assignment type might be necessary if the administrator wants to provide limited access to complete a specific task (one day, for example). In this example, the administrator can change the assignment from **Eligible** to **Active**. This means they can provide access to the requestor without requiring them to activate.
+
+### Admin initiated extension
+
+If a user assigned to a role doesn't request an extension for the role assignment, an administrator can extend an assignment on behalf of the user. Administrative extensions of role assignment do not require approval, but notifications are sent to all other administrators after the role has been extended.
+
+To extend a role assignment, browse to the role or assignment view in Privileged Identity Management. Find the assignment that requires an extension. Then select **Extend** in the action column.
+
+![Azure AD Roles - Assignments page listing eligible roles with links to extend](./media/pim-how-to-renew-extend/extend-admin-extend.png)
+
+## Renew role assignments
+
+While conceptually similar to the process for requesting an extension, the process to renew an expired role assignment is different. Using the following steps, assignments and administrators can renew access to expired roles when necessary.
+
+### Self-renew
+
+Users who can no longer access resources can access up to 30 days of expired assignment history. To do this, they browse to **My Roles** in the left pane, and then select the **Expired roles** tab in the Azure AD roles section.
+
+![My roles page - Expired roles tab](./media/pim-how-to-renew-extend/renew-from-myroles.png)
+
+The list of roles shown defaults to **Eligible roles**. Select **Eligible** or **Active** assigned roles.
+
+To request renewal for any of the role assignments in the list, select the **Renew** action. Then provide a reason for the request. It's helpful to provide a duration in addition to any additional context or a business justification that can help the administrator decide whether to approve or deny.
+
+![Renew role assignment pane showing Reason box](./media/pim-how-to-renew-extend/renew-request-form.png)
+
+After the request has been submitted, administrators are notified of a pending request to renew a role assignment.
+
+### Admin approves
+
+Azure AD administrators can access the renewal request from the link in the email notification, or by accessing Privileged Identity Management from the Azure portal and selecting **Approve requests** in PIM.
+
+![Azure AD roles - Approve requests page listing requests and links to approve or deny](./media/pim-how-to-renew-extend/extend-admin-approve-list.png)
+
+When an administrator selects **Approve** or **Deny**, the details of the request are shown along with a field to provide a business justification for the audit logs.
+
+![Approve role assignment request with requestor reason, assignment type, start time, end time, and reason](./media/pim-how-to-renew-extend/extend-admin-approve-form.png)
+
+When approving a request to renew role assignment, administrators must enter a new start date, end date, and assignment type.
+
+### Admin renew
+
+They can also renew expired role assignments from within the **Expired** roles tab of an Azure AD role. To view a list of all expired role assignments, on the **Assignments** screen, select **Expired roles**.
+
+![Azure AD roles - Assignments page listing expired roles with links to renew](./media/pim-how-to-renew-extend/renew-from-assignments-pane.png)
+
+## Next steps
+
+- [Approve or deny requests for Azure AD roles in Privileged Identity Management](azure-ad-pim-approval-workflow.md)
+- [Configure Azure AD role settings in Privileged Identity Management](pim-how-to-change-default-settings.md)
active-directory Howto Analyze Activity Logs Log Analytics https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/reports-monitoring/howto-analyze-activity-logs-log-analytics.md
description: Learn how to analyze Azure Active Directory activity logs using Azu
documentationcenter: '' -+ editor: '' ms.assetid: 4535ae65-8591-41ba-9a7d-b7f00c574426
na Previously updated : 05/06/2021 Last updated : 08/19/2021
active-directory Howto Integrate Activity Logs With Log Analytics https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/reports-monitoring/howto-integrate-activity-logs-with-log-analytics.md
Last updated 07/09/2021 +
active-directory Tutorial Azure Monitor Stream Logs To Event Hub https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/reports-monitoring/tutorial-azure-monitor-stream-logs-to-event-hub.md
description: Learn how to set up Azure Diagnostics to push Azure Active Director
documentationcenter: '' -+ editor: '' ms.assetid: 045f94b3-6f12-407a-8e9c-ed13ae7b43a3
na Previously updated : 07/28/2021 Last updated : 08/19/2021
After data is displayed in the event hub, you can access and read the data in tw
## Next steps
+* [Create diagnostic settings to send platform logs and metrics to different destinations](../../azure-monitor/essentials/diagnostic-settings.md)
* [Integrate Azure Active Directory logs with ArcSight using Azure Monitor](howto-integrate-activity-logs-with-arcsight.md) * [Integrate Azure AD logs with Splunk by using Azure Monitor](./howto-integrate-activity-logs-with-splunk.md) * [Integrate Azure AD logs with SumoLogic by using Azure Monitor](howto-integrate-activity-logs-with-sumologic.md)
active-directory Tutorial Log Analytics Wizard https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/reports-monitoring/tutorial-log-analytics-wizard.md
description: Learn how to configure log analytics.
-+ Last updated 08/05/2020
This procedure shows how to send alerts when the breakglass account is used.
8. On the **Create alert rule** page, verify that the scope is correct.
-9. Under **Condition**, click: **Whenever the average custom log search is greater than <logic undefined> count**
+9. Under **Condition**, click: **Whenever the average custom log search is greater than `logic undefined` count**
![Default condition](./media/tutorial-log-analytics-wizard/default-condition.png)
active-directory Delegate App Roles https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/roles/delegate-app-roles.md
By default in Azure AD, all users can register applications and manage all aspec
### Grant individual permissions to create and consent to applications when the default ability is disabled
-Assign the Application Developer role to grant the ability to create application registrations when the **Users can register applications** setting is set to No. This role also grants permission to consent on one's own behalf when the **Users can consent to apps accessing company data on their behalf** setting is set to No. As a system behavior, when a user creates a new application registration, they are automatically added as the first owner. Ownership permissions give the user the ability to manage all aspects of an application registration or enterprise application that they own.
+Assign the Application Developer role to grant the ability to create application registrations when the **Users can register applications** setting is set to No. This role also grants permission to consent on one's own behalf when the **Users can consent to apps accessing company data on their behalf** setting is set to No.
## Assign application owners
-Assigning owners is a simple way to grant the ability to manage all aspects of Azure AD configuration for a specific application registration or enterprise application. As a system behavior, when a user creates a new application registration they are automatically added as the first owner. Ownership permissions give the user the ability to manage all aspects of an application registration or enterprise application that they own. The original owner can be removed and additional owners can be added.
-
-### Enterprise application owners
-
-As an owner, a user can manage the organization-specific configuration of the enterprise application, such as the single sign-on configuration, provisioning, and user assignments. An owner can also add or remove other owners. Unlike Global Administrators, owners can manage only the enterprise applications they own.
-
-In some cases, enterprise applications created from the application gallery include both an enterprise application and an application registration. When this is true, adding an owner to the enterprise application automatically adds the owner to the corresponding application registration as an owner.
-
-### To assign an owner to an enterprise application
-
-1. Sign in to [your Azure AD organization](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview) with an account that eligible for the Application Administrator or Cloud Application Administrator for the organization.
-1. On the [Enterprise applications page](https://portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/AllApps/menuId/) for the organization, select an app to open the Overview page for the app.
-1. Select **Owners** to see the list of the owners for the app.
-1. Select **Add** to select one or more owners to add to the app.
-
-> [!NOTE]
-> If the user setting "[Restrict access to Azure AD administration portal](../fundamentals/users-default-permissions.md)" is set to Yes, non-admin users wil not be able to use the Azure portal to manage the applications they own.
-
-> [!IMPORTANT]
-> Users and service principals can be owners of application registrations. Only users can be owners of enterprise applications. Groups cannot be assigned as owners of either.
->
-> Owners can add credentials to an application and use those credentials to impersonate the applicationΓÇÖs identity. The application may have more permissions than the owner, and thus would be an elevation of privilege over what the owner has access to as a user or service principal. An application owner could potentially create or update users or other objects while impersonating the application, depending on the application's permissions.
+Assigning owners is a simple way to grant the ability to manage all aspects of Azure AD configuration for a specific application registration or enterprise application. For more information, see [Assign enterprise application owners](../manage-apps/assign-app-owners.md).
## Assign built-in application admin roles
active-directory Adobe Identity Management Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/adobe-identity-management-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 04/30/2021
active-directory Agiloft Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/agiloft-tutorial.md
Previously updated : 06/03/2021 Last updated : 08/11/2021 # Tutorial: Azure Active Directory integration with Agiloft Contract Management Suite
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In a different web browser window, log in to your Agiloft Contract Management Suite company site as an administrator.
-2. Click on **Setup** (on the Left Pane) and then select **Access**.
+2. Click on the **Settings** icon at the top right corner of the page.
- ![Screenshot that highlights the Access section.](./media/agiloft-tutorial/access.png)
+ ![Screenshot highlighting the Setup icon.](./media/agiloft-tutorial/settings.png)
-3. Click on the button **Configure SAML 2.0 Single Sign-On**.
+3. Select **Access**.
+
+ ![Screenshot highlighting the Access area](./media/agiloft-tutorial/access.png)
++
+4. Click on the button **Configure SAML 2.0 Single Sign-On**.
![Screenshot that highlights the Configure SAML 2.0 Single Sign-On button.](./media/agiloft-tutorial/setup.png)
-4. A wizard dialog appears. On the dialog, click on the **Identity Provider Details** and fill in the following fields:
+5. A wizard dialog appears. On the dialog, click on the **Identity Provider Details** and fill in the following fields:
![Agiloft Contract Management Suite Configuration](./media/agiloft-tutorial/details.png)
active-directory Andromedascm Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/andromedascm-tutorial.md
Previously updated : 12/28/2020 Last updated : 08/12/2021 # Tutorial: Azure Active Directory integration with Andromeda
-In this tutorial, you learn how to integrate Andromeda with Azure Active Directory (Azure AD).
-Integrating Andromeda with Azure AD provides you with the following benefits:
+In this tutorial, you'll learn how to integrate Andromeda with Azure Active Directory (Azure AD). When you integrate Andromeda with Azure AD, you can:
-- You can control in Azure AD who has access to Andromeda.-- You can enable your users to be automatically signed-in to Andromeda (Single Sign-On) with their Azure AD accounts.-- You can manage your accounts in one central location - the Azure portal.
+* Control in Azure AD who has access to Andromeda.
+* Enable your users to be automatically signed-in to Andromeda with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
## Prerequisites To configure Azure AD integration with Andromeda, you need the following items: -- An Azure AD subscription. If you don't have an Azure AD environment, you can get a [free account](https://azure.microsoft.com/free/)-- Andromeda single sign-on enabled subscription
+* An Azure AD subscription. If you don't have an Azure AD environment, you can get a [free account](https://azure.microsoft.com/free/).
+* Andromeda single sign-on enabled subscription.
## Scenario description In this tutorial, you configure and test Azure AD single sign-on in a test environment. -- Andromeda supports **SP and IDP** initiated SSO-- Andromeda supports **Just In Time** user provisioning
+* Andromeda supports **SP and IDP** initiated SSO.
+* Andromeda supports **Just In Time** user provisioning.
-## Adding Andromeda from the gallery
+## Add Andromeda from the gallery
To configure the integration of Andromeda into Azure AD, you need to add Andromeda from the gallery to your list of managed SaaS apps.
Follow these steps to enable Azure AD SSO in the Azure portal.
![Edit Basic SAML Configuration](common/edit-urls.png)
-1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, enter the values for the following fields:
+1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, perform the following steps:
a. In the **Identifier** text box, type a URL using the following pattern: `https://<tenantURL>.ngcxpress.com/`
Follow these steps to enable Azure AD SSO in the Azure portal.
1. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode:
- ![Screenshot shows Set additional U R Ls where you can enter a Sign on U R L.](common/metadata-upload-additional-signon.png)
- In the **Sign-on URL** text box, type a URL using the following pattern: `https://<tenantURL>.ngcxpress.com/SAMLLogon.aspx`
Follow these steps to enable Azure AD SSO in the Azure portal.
1. Andromeda application expects the SAML assertions in a specific format. Configure the following claims for this application. You can manage the values of these attributes from the **User Attributes** section on application integration page. On the **Set up Single Sign-On with SAML** page, click **Edit** button to open **User Attributes** dialog.
- ![Screenshot shows User attributes such as givenname user.givenname and emailaddress user.mail.](common/edit-attribute.png)
+ ![Screenshot shows User attributes.](common/edit-attribute.png)
- > [!Important]
+ > [!NOTE]
> Clear out the NameSpace definitions while setting these up. 1. In the **User Claims** section on the **User Attributes** dialog, edit the claims by using **Edit icon** or add the claims by using **Add new claim** to configure SAML token attribute as shown in the image above and perform the following steps:
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. Sign-on to your Andromeda company site as administrator.
-2. On the top of the menubar click **Admin** and navigate to **Administration**.
+2. On the top of the menu bar click **Admin** and navigate to **Administration**.
- ![Andromeda admin](./media/andromedascm-tutorial/tutorial_andromedascm_admin.png)
+ ![Andromeda admin.](./media/andromedascm-tutorial/admin.png)
3. On the left side of tool bar under **Interfaces** section, click **SAML Configuration**.
- ![Andromeda saml](./media/andromedascm-tutorial/tutorial_andromedascm_saml.png)
+ ![Andromeda SAML.](./media/andromedascm-tutorial/interface.png)
4. On the **SAML Configuration** section page, perform the following steps:
- ![Andromeda config](./media/andromedascm-tutorial/tutorial_andromedascm_config.png)
+ ![Andromeda configuration.](./media/andromedascm-tutorial/configure.png)
a. Check **Enable SSO with SAML**.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
g. Open the downloaded **Base64 encoded certificate** from Azure portal in notepad, paste it into the **X 509 Certificate** textbox.
- h. Map the following attributes with the respective value to facilitate SSO login from Azure AD. The **User ID** attribute is required for logging in. For provisioning, **Email**, **Company**, **UserType**, and **Role** are required. In this section, we define attributes mapping (name and values) which correlate to those defined within Azure portal
+ h. Map the following attributes with the respective value to facilitate SSO login from Azure AD. The **User ID** attribute is required for logging in. For provisioning, **Email**, **Company**, **UserType**, and **Role** are required. In this section, we define attributes mapping (name and values) which correlate to those defined within Azure portal.
- ![Andromeda attbmap](./media/andromedascm-tutorial/tutorial_andromedascm_attbmap.png)
+ ![Andromeda attributes.](./media/andromedascm-tutorial/mapping.png)
i. Click **Save**.
In this section, you test your Azure AD single sign-on configuration with follow
#### SP initiated: -- Click on **Test this application** in Azure portal. This will redirect to Andromeda Sign on URL where you can initiate the login flow.
+* Click on **Test this application** in Azure portal. This will redirect to Andromeda Sign on URL where you can initiate the login flow.
-- Go to Andromeda Sign-on URL directly and initiate the login flow from there.
+* Go to Andromeda Sign-on URL directly and initiate the login flow from there.
#### IDP initiated: -- Click on **Test this application** in Azure portal and you should be automatically signed in to the Andromeda for which you set up the SSO
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the Andromeda for which you set up the SSO
-You can also use Microsoft My Apps to test the application in any mode. When you click the Andromeda tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Andromeda for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
+* You can also use Microsoft My Apps to test the application in any mode. When you click the Andromeda tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Andromeda for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
## Next steps
-Once you configure Andromeda you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
+Once you configure Andromeda you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
active-directory Askspoke Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/askspoke-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 06/02/2021
active-directory Auditboard Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/auditboard-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 04/21/2021
active-directory Aws Single Sign On Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/aws-single-sign-on-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 02/23/2021
active-directory Bambubysproutsocial Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/bambubysproutsocial-tutorial.md
Previously updated : 02/22/2019 Last updated : 08/12/2021 # Tutorial: Azure Active Directory integration with Bambu by Sprout Social
-In this tutorial, you learn how to integrate Bambu by Sprout Social with Azure Active Directory (Azure AD).
-Integrating Bambu by Sprout Social with Azure AD provides you with the following benefits:
+In this tutorial, you'll learn how to integrate Bambu by Sprout Social with Azure Active Directory (Azure AD). When you integrate Bambu by Sprout Social with Azure AD, you can:
-* You can control in Azure AD who has access to Bambu by Sprout Social.
-* You can enable your users to be automatically signed-in to Bambu by Sprout Social (Single Sign-On) with their Azure AD accounts.
-* You can manage your accounts in one central location - the Azure portal.
-
-If you want to know more details about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
-If you don't have an Azure subscription, [create a free account](https://azure.microsoft.com/free/) before you begin.
+* Control in Azure AD who has access to Bambu by Sprout Social.
+* Enable your users to be automatically signed-in to Bambu by Sprout Social with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
## Prerequisites
-To configure Azure AD integration with Bambu by Sprout Social, you need the following items:
+To get started, you need the following items:
-* An Azure AD subscription. If you don't have an Azure AD environment, you can get one-month trial [here](https://azure.microsoft.com/pricing/free-trial/)
-* Bambu by Sprout Social single sign-on enabled subscription
+* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
+* Bambu by Sprout Social single sign-on (SSO) enabled subscription.
## Scenario description In this tutorial, you configure and test Azure AD single sign-on in a test environment.
-* Bambu by Sprout Social supports **IDP** initiated SSO
-* Bambu by Sprout Social supports **Just In Time** user provisioning
+* Bambu by Sprout Social supports **IDP** initiated SSO.
+* Bambu by Sprout Social supports **Just In Time** user provisioning.
-## Adding Bambu by Sprout Social from the gallery
+## Add Bambu by Sprout Social from the gallery
To configure the integration of Bambu by Sprout Social into Azure AD, you need to add Bambu by Sprout Social from the gallery to your list of managed SaaS apps.
-**To add Bambu by Sprout Social from the gallery, perform the following steps:**
-
-1. In the **[Azure portal](https://portal.azure.com)**, on the left navigation panel, click **Azure Active Directory** icon.
-
- ![The Azure Active Directory button](common/select-azuread.png)
-
-2. Navigate to **Enterprise Applications** and then select the **All Applications** option.
-
- ![The Enterprise applications blade](common/enterprise-applications.png)
-
-3. To add new application, click **New application** button on the top of dialog.
-
- ![The New application button](common/add-new-app.png)
-
-4. In the search box, type **Bambu by Sprout Social**, select **Bambu by Sprout Social** from result panel then click **Add** button to add the application.
-
- ![Bambu by Sprout Social in the results list](common/search-new-app.png)
-
-## Configure and test Azure AD single sign-on
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
+1. On the left navigation pane, select the **Azure Active Directory** service.
+1. Navigate to **Enterprise Applications** and then select **All Applications**.
+1. To add new application, select **New application**.
+1. In the **Add from the gallery** section, type **Bambu by Sprout Social** in the search box.
+1. Select **Bambu by Sprout Social** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-In this section, you configure and test Azure AD single sign-on with Bambu by Sprout Social based on a test user called **Britta Simon**.
-For single sign-on to work, a link relationship between an Azure AD user and the related user in Bambu by Sprout Social needs to be established.
+## Configure and test Azure AD SSO for Bambu by Sprout Social
-To configure and test Azure AD single sign-on with Bambu by Sprout Social, you need to complete the following building blocks:
+Configure and test Azure AD SSO with Bambu by Sprout Social using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Bambu by Sprout Social.
-1. **[Configure Azure AD Single Sign-On](#configure-azure-ad-single-sign-on)** - to enable your users to use this feature.
-2. **[Configure Bambu by Sprout Social Single Sign-On](#configure-bambu-by-sprout-social-single-sign-on)** - to configure the Single Sign-On settings on application side.
-3. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with Britta Simon.
-4. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
-5. **[Create Bambu by Sprout Social test user](#create-bambu-by-sprout-social-test-user)** - to have a counterpart of Britta Simon in Bambu by Sprout Social that is linked to the Azure AD representation of user.
-6. **[Test single sign-on](#test-single-sign-on)** - to verify whether the configuration works.
+To configure and test Azure AD SSO with Bambu by Sprout Social, perform the following steps:
-### Configure Azure AD single sign-on
+1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure Bambu by Sprout Social SSO](#configure-bambu-by-sprout-social-sso)** - to configure the single sign-on settings on application side.
+ 1. **[Create Bambu by Sprout Social test user](#create-bambu-by-sprout-social-test-user)** - to have a counterpart of B.Simon in Bambu by Sprout Social that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
-In this section, you enable Azure AD single sign-on in the Azure portal.
+## Configure Azure AD SSO
-To configure Azure AD single sign-on with Bambu by Sprout Social, perform the following steps:
+Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **Bambu by Sprout Social** application integration page, select **Single sign-on**.
+1. In the Azure portal, on the **Bambu by Sprout Social** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
- ![Configure single sign-on link](common/select-sso.png)
-
-2. On the **Select a Single sign-on method** dialog, select **SAML/WS-Fed** mode to enable single sign-on.
-
- ![Single sign-on select mode](common/select-saml-option.png)
-
-3. On the **Set up Single Sign-On with SAML** page, click **Edit** icon to open **Basic SAML Configuration** dialog.
-
- ![Edit Basic SAML Configuration](common/edit-urls.png)
+ ![Edit Basic SAML Configuration](common/edit-urls.png)
4. On the **Basic SAML Configuration** section, the user does not have to perform any step as the app is already pre-integrated with Azure.
- ![Bambu by Sprout Social Domain and URLs single sign-on information](common/preintegrated.png)
- 5. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, click **Download** to download the **Federation Metadata XML** from the given options as per your requirement and save it on your computer. ![The Certificate download link](common/metadataxml.png)
To configure Azure AD single sign-on with Bambu by Sprout Social, perform the fo
![Copy configuration URLs](common/copy-configuration-urls.png)
- a. Login URL
-
- b. Azure Ad Identifier
-
- c. Logout URL
-
-### Configure Bambu by Sprout Social Single Sign-On
-
-To configure single sign-on on **Bambu by Sprout Social** side, you need to send the downloaded **Federation Metadata XML** and appropriate copied URLs from Azure portal to [Bambu by Sprout Social support team](mailto:support@getbambu.com). They set this setting to have the SAML SSO connection set properly on both sides.
- ### Create an Azure AD test user
-The objective of this section is to create a test user in the Azure portal called Britta Simon.
-
-1. In the Azure portal, in the left pane, select **Azure Active Directory**, select **Users**, and then select **All users**.
-
- ![The "Users and groups" and "All users" links](common/users.png)
-
-2. Select **New user** at the top of the screen.
-
- ![New user Button](common/new-user.png)
-
-3. In the User properties, perform the following steps.
-
- ![The User dialog box](common/user-properties.png)
-
- a. In the **Name** field enter **BrittaSimon**.
-
- b. In the **User name** field type **brittasimon\@yourcompanydomain.extension**
- For example, BrittaSimon@contoso.com
-
- c. Select **Show password** check box, and then write down the value that's displayed in the Password box.
+In this section, you'll create a test user in the Azure portal called B.Simon.
- d. Click **Create**.
+1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
+1. Select **New user** at the top of the screen.
+1. In the **User** properties, follow these steps:
+ 1. In the **Name** field, enter `B.Simon`.
+ 1. In the **User name** field, enter the username@companydomain.extension. For example, `B.Simon@contoso.com`.
+ 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
+ 1. Click **Create**.
### Assign the Azure AD test user
-In this section, you enable Britta Simon to use Azure single sign-on by granting access to Bambu by Sprout Social.
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Bambu by Sprout Social.
-1. In the Azure portal, select **Enterprise Applications**, select **All applications**, then select **Bambu by Sprout Social**.
+1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
+1. In the applications list, select **Bambu by Sprout Social**.
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
+1. In the **Add Assignment** dialog, click the **Assign** button.
- ![Enterprise applications blade](common/enterprise-applications.png)
+## Configure Bambu by Sprout Social SSO
-2. In the applications list, select **Bambu by Sprout Social**.
-
- ![The Bambu by Sprout Social link in the Applications list](common/all-applications.png)
-
-3. In the menu on the left, select **Users and groups**.
-
- ![The "Users and groups" link](common/users-groups-blade.png)
-
-4. Click the **Add user** button, then select **Users and groups** in the **Add Assignment** dialog.
-
- ![The Add Assignment pane](common/add-assign-user.png)
-
-5. In the **Users and groups** dialog select **Britta Simon** in the Users list, then click the **Select** button at the bottom of the screen.
-
-6. If you are expecting any role value in the SAML assertion then in the **Select Role** dialog select the appropriate role for the user from the list, then click the **Select** button at the bottom of the screen.
-
-7. In the **Add Assignment** dialog click the **Assign** button.
+To configure single sign-on on **Bambu by Sprout Social** side, you need to send the downloaded **Federation Metadata XML** and appropriate copied URLs from Azure portal to [Bambu by Sprout Social support team](mailto:support@getbambu.com). They set this setting to have the SAML SSO connection set properly on both sides.
### Create Bambu by Sprout Social test user In this section, a user called Britta Simon is created in Bambu by Sprout Social. Bambu by Sprout Social supports just-in-time user provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Bambu by Sprout Social, a new one is created after authentication.
-### Test single sign-on
-
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+## Test SSO
-When you click the Bambu by Sprout Social tile in the Access Panel, you should be automatically signed in to the Bambu by Sprout Social for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+In this section, you test your Azure AD single sign-on configuration with following options.
-## Additional Resources
+* Click on Test this application in Azure portal and you should be automatically signed in to the Bambu by Sprout Social for which you set up the SSO.
-- [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](./tutorial-list.md)
+* You can use Microsoft My Apps. When you click the Bambu by Sprout Social tile in the My Apps, you should be automatically signed in to the Bambu by Sprout Social for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+## Next steps
-- [What is Conditional Access in Azure Active Directory?](../conditional-access/overview.md)
+Once you configure Bambu by Sprout Social you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Bentley Automatic User Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/bentley-automatic-user-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 04/13/2021
active-directory Bizagi Studio For Digital Process Automation Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/bizagi-studio-for-digital-process-automation-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 10/20/2020
active-directory Boxcryptor Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/boxcryptor-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 04/02/2021
active-directory Bpanda Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/bpanda-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 03/05/2021
active-directory Browserstack Single Sign On Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/browserstack-single-sign-on-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 04/22/2021
active-directory Bugsnag Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/bugsnag-tutorial.md
Previously updated : 02/13/2019 Last updated : 08/12/2021 # Tutorial: Azure Active Directory integration with Bugsnag
-In this tutorial, you learn how to integrate Bugsnag with Azure Active Directory (Azure AD).
-Integrating Bugsnag with Azure AD provides you with the following benefits:
+In this tutorial, you'll learn how to integrate Bugsnag with Azure Active Directory (Azure AD). When you integrate Bugsnag with Azure AD, you can:
-* You can control in Azure AD who has access to Bugsnag.
-* You can enable your users to be automatically signed-in to Bugsnag (Single Sign-On) with their Azure AD accounts.
-* You can manage your accounts in one central location - the Azure portal.
-
-If you want to know more details about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
-If you don't have an Azure subscription, [create a free account](https://azure.microsoft.com/free/) before you begin.
+* Control in Azure AD who has access to Bugsnag.
+* Enable your users to be automatically signed-in to Bugsnag with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
## Prerequisites
-To configure Azure AD integration with Bugsnag, you need the following items:
+To get started, you need the following items:
-* An Azure AD subscription. If you don't have an Azure AD environment, you can get one-month trial [here](https://azure.microsoft.com/pricing/free-trial/)
-* Bugsnag single sign-on enabled subscription
+* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
+* Bugsnag single sign-on (SSO) enabled subscription.
## Scenario description In this tutorial, you configure and test Azure AD single sign-on in a test environment.
-* Bugsnag supports **SP and IDP** initiated SSO
-* Bugsnag supports **Just In Time** user provisioning
-
-## Adding Bugsnag from the gallery
-
-To configure the integration of Bugsnag into Azure AD, you need to add Bugsnag from the gallery to your list of managed SaaS apps.
-
-**To add Bugsnag from the gallery, perform the following steps:**
-
-1. In the **[Azure portal](https://portal.azure.com)**, on the left navigation panel, click **Azure Active Directory** icon.
-
- ![The Azure Active Directory button](common/select-azuread.png)
-
-2. Navigate to **Enterprise Applications** and then select the **All Applications** option.
-
- ![The Enterprise applications blade](common/enterprise-applications.png)
-
-3. To add new application, click **New application** button on the top of dialog.
+* Bugsnag supports **SP and IDP** initiated SSO.
+* Bugsnag supports **Just In Time** user provisioning.
- ![The New application button](common/add-new-app.png)
+> [!NOTE]
+> Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
-4. In the search box, type **Bugsnag**, select **Bugsnag** from result panel then click **Add** button to add the application.
+## Add Bugsnag from the gallery
- ![Bugsnag in the results list](common/search-new-app.png)
-
-## Configure and test Azure AD single sign-on
-
-In this section, you configure and test Azure AD single sign-on with Bugsnag based on a test user called **Britta Simon**.
-For single sign-on to work, a link relationship between an Azure AD user and the related user in Bugsnag needs to be established.
-
-To configure and test Azure AD single sign-on with Bugsnag, you need to complete the following building blocks:
-
-1. **[Configure Azure AD Single Sign-On](#configure-azure-ad-single-sign-on)** - to enable your users to use this feature.
-2. **[Configure Bugsnag Single Sign-On](#configure-bugsnag-single-sign-on)** - to configure the Single Sign-On settings on application side.
-3. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with Britta Simon.
-4. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
-5. **[Create Bugsnag test user](#create-bugsnag-test-user)** - to have a counterpart of Britta Simon in Bugsnag that is linked to the Azure AD representation of user.
-6. **[Test single sign-on](#test-single-sign-on)** - to verify whether the configuration works.
+To configure the integration of Bugsnag into Azure AD, you need to add Bugsnag from the gallery to your list of managed SaaS apps.
-### Configure Azure AD single sign-on
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
+1. On the left navigation pane, select the **Azure Active Directory** service.
+1. Navigate to **Enterprise Applications** and then select **All Applications**.
+1. To add new application, select **New application**.
+1. In the **Add from the gallery** section, type **Bugsnag** in the search box.
+1. Select **Bugsnag** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-In this section, you enable Azure AD single sign-on in the Azure portal.
+## Configure and test Azure AD SSO for Bugsnag
-To configure Azure AD single sign-on with Bugsnag, perform the following steps:
+Configure and test Azure AD SSO with Bugsnag using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Bugsnag.
-1. In the [Azure portal](https://portal.azure.com/), on the **Bugsnag** application integration page, select **Single sign-on**.
+To configure and test Azure AD SSO with Bugsnag, perform the following steps:
- ![Configure single sign-on link](common/select-sso.png)
+1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure Bugsnag SSO](#configure-bugsnag-sso)** - to configure the single sign-on settings on application side.
+ 1. **[Create Bugsnag test user](#create-bugsnag-test-user)** - to have a counterpart of B.Simon in Bugsnag that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
-2. On the **Select a Single sign-on method** dialog, select **SAML/WS-Fed** mode to enable single sign-on.
+## Configure Azure AD SSO
- ![Single sign-on select mode](common/select-saml-option.png)
+Follow these steps to enable Azure AD SSO in the Azure portal.
-3. On the **Set up Single Sign-On with SAML** page, click **Edit** icon to open **Basic SAML Configuration** dialog.
+1. In the Azure portal, on the **Bugsnag** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
- ![Edit Basic SAML Configuration](common/edit-urls.png)
+ ![Edit Basic SAML Configuration](common/edit-urls.png)
4. On the **Basic SAML Configuration** section, If you wish to configure the application in **IDP** initiated mode, perform the following step:
- ![Screenshot shows the Basic SAML Configuration, where you can enter Reply U R L, and select Save.](common/both-replyurl.png)
- In the **Reply URL** text box, type a URL using the following pattern: `https://app.bugsnag.com/user/sign_in/saml/<org_slug>/acs`
To configure Azure AD single sign-on with Bugsnag, perform the following steps:
5. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode:
- ![Screenshot shows Set additional U R Ls where you can enter a Sign on U R L.](common/both-signonurl.png)
-
- In the **Sign-on URL** text box, type as:
+ In the **Sign-on URL** text box, type the URL:
`https://app.bugsnag.com/user/identity_provider` 6. On the **Set up Single Sign-On with SAML** page, In the **SAML Signing Certificate** section, click copy button to copy **App Federation Metadata Url** and save it on your computer. ![The Certificate download link](common/copy-metadataurl.png)
-### Configure Bugsnag Single Sign-On
-
-To configure single sign-on on **Bugsnag** side, you need to send the **App Federation Metadata Url** to [Bugsnag support team](mailto:support@bugsnag.com). They set this setting to have the SAML SSO connection set properly on both sides.
- ### Create an Azure AD test user
-The objective of this section is to create a test user in the Azure portal called Britta Simon.
+In this section, you'll create a test user in the Azure portal called B.Simon.
-1. In the Azure portal, in the left pane, select **Azure Active Directory**, select **Users**, and then select **All users**.
-
- ![The "Users and groups" and "All users" links](common/users.png)
-
-2. Select **New user** at the top of the screen.
-
- ![New user Button](common/new-user.png)
-
-3. In the User properties, perform the following steps.
-
- ![The User dialog box](common/user-properties.png)
-
- a. In the **Name** field enter **BrittaSimon**.
-
- b. In the **User name** field type **brittasimon\@yourcompanydomain.extension**
- For example, BrittaSimon@contoso.com
-
- c. Select **Show password** check box, and then write down the value that's displayed in the Password box.
-
- d. Click **Create**.
+1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
+1. Select **New user** at the top of the screen.
+1. In the **User** properties, follow these steps:
+ 1. In the **Name** field, enter `B.Simon`.
+ 1. In the **User name** field, enter the username@companydomain.extension. For example, `B.Simon@contoso.com`.
+ 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
+ 1. Click **Create**.
### Assign the Azure AD test user
-In this section, you enable Britta Simon to use Azure single sign-on by granting access to Bugsnag.
-
-1. In the Azure portal, select **Enterprise Applications**, select **All applications**, then select **Bugsnag**.
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Bugsnag.
- ![Enterprise applications blade](common/enterprise-applications.png)
+1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
+1. In the applications list, select **Bugsnag**.
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
+1. In the **Add Assignment** dialog, click the **Assign** button.
-2. In the applications list, select **Bugsnag**.
+## Configure Bugsnag SSO
- ![The Bugsnag link in the Applications list](common/all-applications.png)
-
-3. In the menu on the left, select **Users and groups**.
-
- ![The "Users and groups" link](common/users-groups-blade.png)
-
-4. Click the **Add user** button, then select **Users and groups** in the **Add Assignment** dialog.
-
- ![The Add Assignment pane](common/add-assign-user.png)
+To configure single sign-on on **Bugsnag** side, you need to send the **App Federation Metadata Url** to [Bugsnag support team](mailto:support@bugsnag.com). They set this setting to have the SAML SSO connection set properly on both sides.
-5. In the **Users and groups** dialog select **Britta Simon** in the Users list, then click the **Select** button at the bottom of the screen.
+### Create Bugsnag test user
-6. If you are expecting any role value in the SAML assertion then in the **Select Role** dialog select the appropriate role for the user from the list, then click the **Select** button at the bottom of the screen.
+In this section, a user called Britta Simon is created in Bugsnag. Bugsnag supports just-in-time user provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Bugsnag, a new one is created after authentication.
-7. In the **Add Assignment** dialog click the **Assign** button.
+## Test SSO
-### Create Bugsnag test user
+In this section, you test your Azure AD single sign-on configuration with following options.
-In this section, a user called Britta Simon is created in Bugsnag. Bugsnag supports just-in-time user provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Bugsnag, a new one is created after authentication.
+#### SP initiated:
-### Test single sign-on
+* Click on **Test this application** in Azure portal. This will redirect to Bugsnag Sign on URL where you can initiate the login flow.
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+* Go to Bugsnag Sign-on URL directly and initiate the login flow from there.
-When you click the Bugsnag tile in the Access Panel, you should be automatically signed in to the Bugsnag for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+#### IDP initiated:
-## Additional Resources
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the Bugsnag for which you set up the SSO.
-- [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](./tutorial-list.md)
+You can also use Microsoft My Apps to test the application in any mode. When you click the Bugsnag tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Bugsnag for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+## Next steps
-- [What is Conditional Access in Azure Active Directory?](../conditional-access/overview.md)
+Once you configure Bugsnag you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Chatwork Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/chatwork-provisioning-tutorial.md
+
+ Title: 'Tutorial: Configure Chatwork for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+description: Learn how to automatically provision and de-provision user accounts from Azure AD to Chatwork.
++
+writer: twimmers
++
+ms.assetid: 586bcb81-1c00-4b46-9da0-4aa86c6c8fd5
++++++ Last updated : 08/11/2021+++
+# Tutorial: Configure Chatwork for automatic user provisioning
+
+This tutorial describes the steps you need to perform in both Chatwork and Azure Active Directory (Azure AD) to configure automatic user provisioning. When configured, Azure AD automatically provisions and de-provisions users and groups to [Chatwork](https://corp.chatwork.com/) using the Azure AD Provisioning service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Azure Active Directory](../app-provisioning/user-provisioning.md).
++
+## Capabilities Supported
+> [!div class="checklist"]
+> * Create users in Chatwork.
+> * Remove users in Chatwork when they do not require access anymore.
+> * Keep user attributes synchronized between Azure AD and Chatwork.
+> * [Single sign-on](chatwork-tutorial.md) to Chatwork (required).
+
+## Prerequisites
+
+The scenario outlined in this tutorial assumes that you already have the following prerequisites:
+
+* [An Azure AD tenant](../develop/quickstart-create-new-tenant.md).
+* A user account in Azure AD with [permission](../roles/permissions-reference.md) to configure provisioning (for example, Application Administrator, Cloud Application administrator, Application Owner, or Global Administrator).
+* A [Chatwork](https://corp.chatwork.com/) tenant.
+* A user account in Chatwork with Admin permission.
+* Organizations that have contracted Chatwork Enterprise Plan or KDDI Chatwork.
++
+## Step 1. Plan your provisioning deployment
+1. Learn about [how the provisioning service works](../app-provisioning/user-provisioning.md).
+1. Determine who will be in [scope for provisioning](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
+1. Determine what data to [map between Azure AD and Chatwork](../app-provisioning/customize-application-attributes.md).
+
+## Step 2. Configure Chatwork to support provisioning with Azure AD
+
+### 1. Open **User Synchronization** from the Chatwork admin page
+
+Access the Chatwork admin portal as a user with admin rights. If you have administrator privileges, you will be able to access the **User Synchronization** page.
+
+**User Synchronization** page contains notes and restrictions for using the user provisioning feature. Check all the items.
+
+![User Synchronization page](media/chatwork-provisioning-tutorial/chatwork-sync.png)
+
+### 2. Configure the SAML login settings.
+
+If you are using Azure AD and user provisioning, login to Chatwork using your Azure AD ID.
+
+![Configure the SAML login settings](media/chatwork-provisioning-tutorial/chatwork-saml.png)
+
+### 3. Check the checkboxes after accepting the various items.
+
+Check the checkboxes after accepting the cautions and restrictions for using the user provisioning function.
+
+When all the items are checked, click the **Enable user synchronization** button.
+
+![Accepting the various items and enable user synchronization button](media/chatwork-provisioning-tutorial/chatwork-accept.png)
+
+When the user provisioning function is enabled, a message will appear at the top of the page indicating that it has been enabled.
+
+![Enabled message](media/chatwork-provisioning-tutorial/chatwork-enable.png)
+
+## Step 3. Add Chatwork from the Azure AD application gallery
+++
+Add Chatwork from the Azure AD application gallery to start managing provisioning to Chatwork. If you have previously setup Chatwork for SSO, you can use the same application. However it is recommended that you create a separate app when testing out the integration initially. Learn more about adding an application from the gallery [here](../manage-apps/add-application-portal.md).
+
+## Step 4. Define who will be in scope for provisioning
+
+The Azure AD provisioning service allows you to scope who will be provisioned based on assignment to the application and or based on attributes of the user / group. If you choose to scope who will be provisioned to your app based on assignment, you can use the following [steps](../manage-apps/assign-user-or-group-access-portal.md) to assign users and groups to the application. If you choose to scope who will be provisioned based solely on attributes of the user or group, you can use a scoping filter as described [here](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
+
+* When assigning users and groups to Chatwork, you must select a role other than **Default Access**. Users with the Default Access role are excluded from provisioning and will be marked as not effectively entitled in the provisioning logs. If the only role available on the application is the default access role, you can [update the application manifest](../develop/howto-add-app-roles-in-azure-ad-apps.md) to add more roles.
+
+* Start small. Test with a small set of users and groups before rolling out to everyone. When scope for provisioning is set to assigned users and groups, you can control it by assigning one or two users or groups to the app. When scope is set to all users and groups, you can specify an [attribute based scoping filter](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
++
+## Step 5. Configure automatic user provisioning to Chatwork
+
+This section guides you through the steps to configure the Azure AD provisioning service to create, update, and disable users and/or groups in Chatwork based on user and/or group assignments in Azure AD.
+
+### To configure automatic user provisioning for Chatwork in Azure AD:
+
+1. Sign in to the [Azure portal](https://portal.azure.com). Select **Enterprise Applications**, then select **All applications**.
+
+ ![Enterprise applications blade](common/enterprise-applications.png)
+
+1. In the applications list, select **Chatwork**.
+
+ ![The Chatwork link in the Applications list](common/all-applications.png)
+
+1. Select the **Provisioning** tab.
+
+ ![Provisioning tab](common/provisioning.png)
+
+1. Set the **Provisioning Mode** to **Automatic**.
+
+ ![Provisioning tab automatic](common/provisioning-automatic.png)
+
+1. In the **Admin Credentials** section, click on Authorize, make sure that you enter your Chatwork account's Admin credentials. Click **Test Connection** to ensure Azure AD can connect to Chatwork. If the connection fails, ensure your Chatwork account has Admin permissions and try again.
+
+ ![Token](media/chatwork-provisioning-tutorial/chatwork-authorize.png)
+1. In the **Notification Email** field, enter the email address of a person or group who should receive the provisioning error notifications and select the **Send an email notification when a failure occurs** check box.
+
+ ![Notification Email](common/provisioning-notification-email.png)
+
+1. Select **Save**.
+
+1. In the **Mappings** section, select **Synchronize Azure Active Directory Users to Chatwork**.
+
+1. Review the user attributes that are synchronized from Azure AD to Chatwork in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the user accounts in Chatwork for update operations. If you choose to change the [matching target attribute](../app-provisioning/customize-application-attributes.md), you will need to ensure that the Chatwork API supports filtering users based on that attribute. Select the **Save** button to commit any changes.
+
+ |Attribute|Type|Supported for filtering|
+ ||||
+ |userName|String|&check;
+ |active|Boolean|
+ |title|String|
+ |externalId|String|
+ |urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department|String|
+ |urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:organization|String|
+
+1. To configure scoping filters, refer to the following instructions provided in the [Scoping filter tutorial](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
+
+1. To enable the Azure AD provisioning service for Chatwork, change the **Provisioning Status** to **On** in the **Settings** section.
+
+ ![Provisioning Status Toggled On](common/provisioning-toggle-on.png)
+
+1. Define the users and/or groups that you would like to provision to Chatwork by choosing the desired values in **Scope** in the **Settings** section.
+
+ ![Provisioning Scope](common/provisioning-scope.png)
+
+1. When you are ready to provision, click **Save**.
+
+ ![Saving Provisioning Configuration](common/provisioning-configuration-save.png)
+
+This operation starts the initial synchronization cycle of all users and groups defined in **Scope** in the **Settings** section. The initial cycle takes longer to perform than subsequent cycles, which occur approximately every 40 minutes as long as the Azure AD provisioning service is running.
+
+## Step 6. Monitor your deployment
+Once you've configured provisioning, use the following resources to monitor your deployment:
+
+* Use the [provisioning logs](../reports-monitoring/concept-provisioning-logs.md) to determine which users have been provisioned successfully or unsuccessfully
+* Check the [progress bar](../app-provisioning/application-provisioning-when-will-provisioning-finish-specific-user.md) to see the status of the provisioning cycle and how close it is to completion
+* If the provisioning configuration seems to be in an unhealthy state, the application will go into quarantine. Learn more about quarantine states [here](../app-provisioning/application-provisioning-quarantine-status.md).
+
+## More resources
+
+* [Managing user account provisioning for Enterprise Apps](../app-provisioning/configure-automatic-user-provisioning-portal.md)
+* [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+
+## Next steps
+
+* [Learn how to review logs and get reports on provisioning activity](../app-provisioning/check-status-user-account-provisioning.md)
active-directory Checkproof Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/checkproof-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 06/21/2021
active-directory Cisco Umbrella User Management Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/cisco-umbrella-user-management-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 04/20/2021
active-directory Clebex Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/clebex-provisioning-tutorial.md
Title: 'Tutorial: Configure Clebex for automatic user provisioning with Azure Ac
description: Learn how to automatically provision and de-provision user accounts from Azure AD to Clebex. documentationcenter: ''-
-writer: Zhchia
+
+writer: twimmers
ms.assetid: 4746fd14-114c-4e6e-bee4-34a7a34a6237
na ms.devlang: na-+ Last updated 07/14/2021-+ # Tutorial: Configure Clebex for automatic user provisioning
active-directory Cloud Academy Sso Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/cloud-academy-sso-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 06/02/2021
active-directory Contentful Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/contentful-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 11/11/2020
active-directory Datahug Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/datahug-tutorial.md
Previously updated : 01/25/2019 Last updated : 08/12/2021 # Tutorial: Azure Active Directory integration with Datahug
-In this tutorial, you learn how to integrate Datahug with Azure Active Directory (Azure AD).
-Integrating Datahug with Azure AD provides you with the following benefits:
+In this tutorial, you'll learn how to integrate Datahug with Azure Active Directory (Azure AD). When you integrate Datahug with Azure AD, you can:
-* You can control in Azure AD who has access to Datahug.
-* You can enable your users to be automatically signed-in to Datahug (Single Sign-On) with their Azure AD accounts.
-* You can manage your accounts in one central location - the Azure portal.
-
-If you want to know more details about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
-If you don't have an Azure subscription, [create a free account](https://azure.microsoft.com/free/) before you begin.
+* Control in Azure AD who has access to Datahug.
+* Enable your users to be automatically signed-in to Datahug with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
## Prerequisites
-To configure Azure AD integration with Datahug, you need the following items:
+To get started, you need the following items:
-* An Azure AD subscription. If you don't have an Azure AD environment, you can get one-month trial [here](https://azure.microsoft.com/pricing/free-trial/)
-* Datahug single sign-on enabled subscription
+* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
+* Datahug single sign-on (SSO) enabled subscription.
## Scenario description In this tutorial, you configure and test Azure AD single sign-on in a test environment.
-* Datahug supports **SP** and **IDP** initiated SSO
+* Datahug supports **SP** and **IDP** initiated SSO.
-## Adding Datahug from the gallery
+## Add Datahug from the gallery
To configure the integration of Datahug into Azure AD, you need to add Datahug from the gallery to your list of managed SaaS apps.
-**To add Datahug from the gallery, perform the following steps:**
-
-1. In the **[Azure portal](https://portal.azure.com)**, on the left navigation panel, click **Azure Active Directory** icon.
-
- ![The Azure Active Directory button](common/select-azuread.png)
-
-2. Navigate to **Enterprise Applications** and then select the **All Applications** option.
-
- ![The Enterprise applications blade](common/enterprise-applications.png)
-
-3. To add new application, click **New application** button on the top of dialog.
-
- ![The New application button](common/add-new-app.png)
-
-4. In the search box, type **Datahug**, select **Datahug** from result panel then click **Add** button to add the application.
-
- ![Datahug in the results list](common/search-new-app.png)
-
-## Configure and test Azure AD single sign-on
-
-In this section, you configure and test Azure AD single sign-on with Datahug based on a test user called **Britta Simon**.
-For single sign-on to work, a link relationship between an Azure AD user and the related user in Datahug needs to be established.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
+1. On the left navigation pane, select the **Azure Active Directory** service.
+1. Navigate to **Enterprise Applications** and then select **All Applications**.
+1. To add new application, select **New application**.
+1. In the **Add from the gallery** section, type **Datahug** in the search box.
+1. Select **Datahug** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-To configure and test Azure AD single sign-on with Datahug, you need to complete the following building blocks:
+## Configure and test Azure AD SSO for Datahug
-1. **[Configure Azure AD Single Sign-On](#configure-azure-ad-single-sign-on)** - to enable your users to use this feature.
-2. **[Configure Datahug Single Sign-On](#configure-datahug-single-sign-on)** - to configure the Single Sign-On settings on application side.
-3. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with Britta Simon.
-4. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
-5. **[Create Datahug test user](#create-datahug-test-user)** - to have a counterpart of Britta Simon in Datahug that is linked to the Azure AD representation of user.
-6. **[Test single sign-on](#test-single-sign-on)** - to verify whether the configuration works.
+Configure and test Azure AD SSO with Datahug using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Datahug.
-### Configure Azure AD single sign-on
+To configure and test Azure AD SSO with Datahug, perform the following steps:
-In this section, you enable Azure AD single sign-on in the Azure portal.
+1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure Datahug SSO](#configure-datahug-sso)** - to configure the single sign-on settings on application side.
+ 1. **[Create Datahug test user](#create-datahug-test-user)** - to have a counterpart of B.Simon in Datahug that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
-To configure Azure AD single sign-on with Datahug, perform the following steps:
+## Configure Azure AD SSO
-1. In the [Azure portal](https://portal.azure.com/), on the **Datahug** application integration page, select **Single sign-on**.
+Follow these steps to enable Azure AD SSO in the Azure portal.
- ![Configure single sign-on link](common/select-sso.png)
+1. In the Azure portal, on the **Datahug** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
-2. On the **Select a Single sign-on method** dialog, select **SAML/WS-Fed** mode to enable single sign-on.
-
- ![Single sign-on select mode](common/select-saml-option.png)
-
-3. On the **Set up Single Sign-On with SAML** page, click **Edit** icon to open **Basic SAML Configuration** dialog.
-
- ![Edit Basic SAML Configuration](common/edit-urls.png)
+ ![Edit Basic SAML Configuration](common/edit-urls.png)
4. On the **Basic SAML Configuration** section, If you wish to configure the application in **IDP** initiated mode, perform the following steps:
- ![Screenshot that shows the "Basic S A M L Configuration" section with the "Identifier", "Reply URL", and "Save" button highlighted.](common/idp-intiated.png)
- a. In the **Identifier** text box, type a URL using the following pattern: `https://apps.datahug.com/identity/<uniqueID>`
To configure Azure AD single sign-on with Datahug, perform the following steps:
5. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode:
- ![Datahug Domain and URLs single sign-on information](common/metadata-upload-additional-signon.png)
-
- In the **Sign-on URL** text box, type a URL:
+ In the **Sign-on URL** text box, type the URL:
`https://apps.datahug.com/` > [!NOTE]
To configure Azure AD single sign-on with Datahug, perform the following steps:
b. Select **SHA-1** from the **Signing Algorithm**.
- c. Click **Save**
-
- ![Communifire Signing option](./media/datahug-tutorial/tutorial_datahug_signingoption.png)
+ c. Click **Save**.
8. On the **Set up Datahug** section, copy the appropriate URL(s) as per your requirement. ![Copy configuration URLs](common/copy-configuration-urls.png)
- a. Login URL
-
- b. Azure Ad Identifier
-
- c. Logout URL
-
-### Configure Datahug Single Sign-On
-
-To configure single sign-on on **Datahug** side, you need to send the downloaded **Federation Metadata XML** and appropriate copied URLs from Azure portal to [Datahug support team](https://www.sap.com/corporate/en/company/office-locations.html). They set this setting to have the SAML SSO connection set properly on both sides.
- ### Create an Azure AD test user
-The objective of this section is to create a test user in the Azure portal called Britta Simon.
-
-1. In the Azure portal, in the left pane, select **Azure Active Directory**, select **Users**, and then select **All users**.
-
- ![The "Users and groups" and "All users" links](common/users.png)
-
-2. Select **New user** at the top of the screen.
-
- ![New user Button](common/new-user.png)
-
-3. In the User properties, perform the following steps.
+In this section, you'll create a test user in the Azure portal called B.Simon.
- ![The User dialog box](common/user-properties.png)
-
- a. In the **Name** field, enter **BrittaSimon**.
-
- b. In the **User name** field, type **brittasimon\@yourcompanydomain.extension**
- For example, BrittaSimon@contoso.com
-
- c. Select **Show password** check box, and then write down the value that's displayed in the Password box.
-
- d. Click **Create**.
+1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
+1. Select **New user** at the top of the screen.
+1. In the **User** properties, follow these steps:
+ 1. In the **Name** field, enter `B.Simon`.
+ 1. In the **User name** field, enter the username@companydomain.extension. For example, `B.Simon@contoso.com`.
+ 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
+ 1. Click **Create**.
### Assign the Azure AD test user
-In this section, you enable Britta Simon to use Azure single sign-on by granting access to Datahug.
-
-1. In the Azure portal, select **Enterprise Applications**, select **All applications**, then select **Datahug**.
-
- ![Enterprise applications blade](common/enterprise-applications.png)
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Datahug.
-2. In the applications list, select **Datahug**.
+1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
+1. In the applications list, select **Datahug**.
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
+1. In the **Add Assignment** dialog, click the **Assign** button.
- ![The Datahug link in the Applications list](common/all-applications.png)
+## Configure Datahug SSO
-3. In the menu on the left, select **Users and groups**.
-
- ![The "Users and groups" link](common/users-groups-blade.png)
-
-4. Click the **Add user** button, then select **Users and groups** in the **Add Assignment** dialog.
-
- ![The Add Assignment pane](common/add-assign-user.png)
-
-5. In the **Users and groups** dialog, select **Britta Simon** in the Users list, then click the **Select** button at the bottom of the screen.
-
-6. If you are expecting any role value in the SAML assertion then in the **Select Role** dialog select the appropriate role for the user from the list, then click the **Select** button at the bottom of the screen.
-
-7. In the **Add Assignment** dialog, click the **Assign** button.
+To configure single sign-on on **Datahug** side, you need to send the downloaded **Federation Metadata XML** and appropriate copied URLs from Azure portal to [Datahug support team](https://www.sap.com/corporate/en/company/office-locations.html). They set this setting to have the SAML SSO connection set properly on both sides.
### Create Datahug test user
When Datahug, provisioning is a manual task.
1. Sign in to your Datahug company site as an administrator.
-2. Hover over the **cog** in the top right-hand corner and click **Settings**
+2. Hover over the **cog** in the top right-hand corner and click **Settings**.
- ![Screenshot that shows the "Datahug" homepage with "Cog" icon selected and "Settings" selected in the drop-down menu.](./media/datahug-tutorial/1.png)
+ ![Screenshot that shows the "Datahug" homepage with "Cog" icon selected and "Settings" selected in the drop-down menu.](./media/datahug-tutorial/settings.png)
-3. Choose **People** and click the **Add Users** tab
+3. Choose **People** and click the **Add Users** tab.
- ![Screenshot that shows the "Settings" page with the "People" tab and "Add Users" selected.](./media/datahug-tutorial/2.png)
+ ![Screenshot that shows the "Settings" page with the "People" tab and "Add Users" selected.](./media/datahug-tutorial/users.png)
4. Type the email of the person you would like to create an account for and click **Add**.
- ![Add Employee](./media/datahug-tutorial/3.png)
+ ![Screenshot that shows to Add Employee.](./media/datahug-tutorial/add-user.png)
> [!NOTE] > You can send registration mail to user by selecting **Send welcome email** checkbox. > If you are creating an account for Salesforce do not send the welcome email.
-### Test single sign-on
+## Test SSO
+
+In this section, you test your Azure AD single sign-on configuration with following options.
+
+#### SP initiated:
+
+* Click on **Test this application** in Azure portal. This will redirect to Datahug Sign on URL where you can initiate the login flow.
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+* Go to Datahug Sign-on URL directly and initiate the login flow from there.
-When you click the Datahug tile in the Access Panel, you should be automatically signed in to the Datahug for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+#### IDP initiated:
-## Additional Resources
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the Datahug for which you set up the SSO.
-- [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](./tutorial-list.md)
+You can also use Microsoft My Apps to test the application in any mode. When you click the Datahug tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Datahug for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+## Next steps
-- [What is Conditional Access in Azure Active Directory?](../conditional-access/overview.md)
+Once you configure Datahug you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Datasite Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/datasite-tutorial.md
Previously updated : 08/27/2020 Last updated : 08/10/2021
In this tutorial, you'll learn how to integrate Datasite with Azure Active Direc
* Enable your users to be automatically signed-in to Datasite with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
- ## Prerequisites To get started, you need the following items:
To get started, you need the following items:
In this tutorial, you configure and test Azure AD SSO in a test environment.
-* Datasite supports **SP** initiated SSO
-
-* Once you configure Datasite you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
+* Datasite supports **SP** initiated SSO.
> [!NOTE] > Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
-## Adding Datasite from the gallery
+## Add Datasite from the gallery
To configure the integration of Datasite into Azure AD, you need to add Datasite from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**. 1. In the **Add from the gallery** section, type **Datasite** in the search box. 1. Select **Datasite** from results panel and then add the app. Wait a few seconds while the app is added to your tenant. - ## Configure and test Azure AD SSO for Datasite Configure and test Azure AD SSO with Datasite using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Datasite.
-To configure and test Azure AD SSO with Datasite, complete the following building blocks:
+To configure and test Azure AD SSO with Datasite, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature. 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
To configure and test Azure AD SSO with Datasite, complete the following buildin
Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **Datasite** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **Datasite** application integration page, find the **Manage** section and select **single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
-1. On the **Basic SAML Configuration** section, enter the values for the following fields:
+1. On the **Basic SAML Configuration** section, perform the following step:
In the **Sign-on URL** text box, type the URL: `https://auth.datasite.com/sp/ACS.saml2`
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **Datasite**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen. 1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen. 1. In the **Add Assignment** dialog, click the **Assign** button.
In this section, you create a user called B.Simon in Datasite. Work with [Datas
## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
-
-When you click the Datasite tile in the Access Panel, you should be automatically signed in to the Datasite for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
-
-## Additional resources
--- [ List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](./tutorial-list.md)
+In this section, you test your Azure AD single sign-on configuration with following options.
-- [What is application access and single sign-on with Azure Active Directory? ](../manage-apps/what-is-single-sign-on.md)
+* Click on **Test this application** in Azure portal. This will redirect to Datasite Sign-on URL where you can initiate the login flow.
-- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+* Go to Datasite Sign-on URL directly and initiate the login flow from there.
-- [Try Datasite with Azure AD](https://aad.portal.azure.com/)
+* You can use Microsoft My Apps. When you click the Datasite tile in the My Apps, this will redirect to Datasite Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is session control in Microsoft Cloud App Security?](/cloud-app-security/proxy-intro-aad)
+## Next steps
-- [How to protect Datasite with advanced visibility and controls](/cloud-app-security/proxy-intro-aad)
+Once you configure Datasite you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Displayr Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/displayr-tutorial.md
Previously updated : 05/20/2019 Last updated : 08/12/2021
In this tutorial, you'll learn how to integrate Displayr with Azure Active Direc
* Enable your users to be automatically signed-in to Displayr with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
- ## Prerequisites To get started, you need the following items:
To get started, you need the following items:
## Scenario description
-In this tutorial, you will learn to configure Azure AD SSO in your Displayr company. Displayr supports **SP** initiated SSO.
+In this tutorial, you will learn to configure Azure AD SSO in your Displayr company.
+
+* Displayr supports **SP** initiated SSO.
-## Adding Displayr from the gallery
+## Add Displayr from the gallery
To configure the integration of Displayr into Azure AD, you need to add Displayr from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**. 1. In the **Add from the gallery** section, type **Displayr** in the search box. 1. Select **Displayr** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-## Configure Azure AD single sign-on
+## Configure Azure AD SSO for Displayr
-To configure Azure AD SSO with Displayr, complete the following building blocks:
+To configure Azure AD SSO with Displayr, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** to enable your users to use this feature.
-2. **[Configure Displayr](#configure-displayr)** to configure the SSO settings on application side.
-4. **[Restrict access to specific users](#restrict-access-to-specific-users)** to restrict which of your Azure AD users can sign in to Displayr.
-6. **[Test SSO](#test-sso)** to verify whether the configuration works.
+1. **[Configure Displayr SSO](#configure-displayr-sso)** to configure the SSO settings on application side.
+1. **[Restrict access to specific users](#restrict-access-to-specific-users)** to restrict which of your Azure AD users can sign in to Displayr.
+1. **[Test SSO](#test-sso)** to verify whether the configuration works.
-### Configure Azure AD SSO
+## Configure Azure AD SSO
Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **Displayr** application integration page, find the **Manage** section and select **Single sign-on**.
+1. In the Azure portal, on the **Displayr** application integration page, find the **Manage** section and select **Single sign-on**.
1. On the **Select a Single sign-on method** page, select **SAML**.
-1. On the **Set-up Single Sign-On with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set-up Single Sign-On with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
-1. On the **Basic SAML Configuration** section, perform the following step:
-
- a. In the **Sign-on URL** text box, type a URL using the following pattern:
- `https://<YOURDOMAIN>.displayr.com`
+1. On the **Basic SAML Configuration** section, perform the following steps:
- b. In the **Identifier (Entity ID)** text box, type a URL using the following pattern:`<YOURDOMAIN>.displayr.com`
+ a. In the **Identifier (Entity ID)** text box, type a value using the following pattern:
+ `<YOURDOMAIN>.displayr.com`
- c. In the **Reply URL** text box, type `https://app.displayr.com/Login/ProcessSamlResponse`.
+ b. In the **Reply URL** text box, type the URL:
+ `https://app.displayr.com/Login/ProcessSamlResponse`.
+ c. In the **Sign-on URL** text box, type a URL using the following pattern:
+ `https://<YOURDOMAIN>.displayr.com`
+ d. Click **Save**. >[!NOTE]
- >These values are not real. Update these values with the actual Sign on URL and Identifier. Contact [Displayr Client support team](mailto:support@displayr.com) to get these values. You can also refer to the patterns shown in the Basic SAML Configuration section in the Azure portal.
+ >These values are not real. Update these values with the actual Identifier and Sign on URL. Contact [Displayr Client support team](mailto:support@displayr.com) to get these values. You can also refer to the patterns shown in the Basic SAML Configuration section in the Azure portal.
1. On the **Set-up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, find **Certificate (Base64)** and select **Download** to download the certificate and save it on your computer.
Follow these steps to enable Azure AD SSO in the Azure portal.
a. Click **Add a group claim**.
- ![Screenshot that shows the "Group Claims (Preview) window with settings selected.](./media/displayr-tutorial/config05.png)
+ ![Screenshot that shows the "Group Claims (Preview) window with settings selected.](./media/displayr-tutorial/claims.png)
b. Select **All Groups** from the radio list.
Follow these steps to enable Azure AD SSO in the Azure portal.
![Copy configuration URLs](common/copy-configuration-urls.png)
-### Configure Displayr
+## Configure Displayr SSO
1. To automate the configuration within Displayr, you need to install **My Apps Secure Sign-in browser extension** by clicking **Install the extension**.
Follow these steps to enable Azure AD SSO in the Azure portal.
4. Click on the **User** icon, then navigate to **Account settings**.
- ![Screenshot that shows the "Settings" icon and "Account" selected.](./media/displayr-tutorial/config01.png)
+ ![Screenshot that shows the "Settings" icon and "Account" selected.](./media/displayr-tutorial/account.png)
5. Switch to **Settings** from the top menu and scroll down the page to click on **Configure Single Sign On (SAML)**.
- ![Screenshot that shows the "Settings" tab selected and the "Configure Single Sign On (S A M L)" action selected.](./media/displayr-tutorial/config02.png)
+ ![Screenshot that shows the "Settings" tab selected and the "Configure Single Sign On (S A M L)" action selected.](./media/displayr-tutorial/settings.png)
6. On the **Single Sign On (SAML)** page, perform the following steps:
- ![Configuration](./media/displayr-tutorial/config03.png)
+ ![Screenshot that shows the Configuration.](./media/displayr-tutorial/configure.png)
a. Check the **Enable Single Sign On (SAML)** box.
Follow these steps to enable Azure AD SSO in the Azure portal.
By default, all users in the tenant where you added the Displayr application can log in to Displayr by using SSO. If you want to restrict access to specific users or groups, see [Restrict your Azure AD app to a set of users in an Azure AD tenant](../develop/howto-restrict-your-app-to-a-set-of-users.md).
-### Test SSO
+## Test SSO
+
+In this section, you test your Azure AD single sign-on configuration with following options.
-When you select the Displayr tile in the Access Panel, you should be automatically signed in to the Displayr company for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+* Click on **Test this application** in Azure portal. This will redirect to Displayr Sign-on URL where you can initiate the login flow.
-## Additional Resources
+* Go to Displayr Sign-on URL directly and initiate the login flow from there.
-- [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](./tutorial-list.md)
+* You can use Microsoft My Apps. When you click the Displayr tile in the My Apps, this will redirect to Displayr Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+## Next steps
-- [What is Conditional Access in Azure Active Directory?](../conditional-access/overview.md)
+Once you configure Displayr you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Eletive Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/eletive-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 04/16/2021
active-directory Envimmis Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/envimmis-tutorial.md
Previously updated : 02/06/2019 Last updated : 08/12/2021 # Tutorial: Azure Active Directory integration with Envi MMIS
-In this tutorial, you learn how to integrate Envi MMIS with Azure Active Directory (Azure AD).
-Integrating Envi MMIS with Azure AD provides you with the following benefits:
+In this tutorial, you'll learn how to integrate Envi MMIS with Azure Active Directory (Azure AD). When you integrate Envi MMIS with Azure AD, you can:
-* You can control in Azure AD who has access to Envi MMIS.
-* You can enable your users to be automatically signed-in to Envi MMIS (Single Sign-On) with their Azure AD accounts.
-* You can manage your accounts in one central location - the Azure portal.
-
-If you want to know more details about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
-If you don't have an Azure subscription, [create a free account](https://azure.microsoft.com/free/) before you begin.
+* Control in Azure AD who has access to Envi MMIS.
+* Enable your users to be automatically signed-in to Envi MMIS with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
## Prerequisites
-To configure Azure AD integration with Envi MMIS, you need the following items:
+To get started, you need the following items:
-* An Azure AD subscription. If you don't have an Azure AD environment, you can get one-month trial [here](https://azure.microsoft.com/pricing/free-trial/)
-* Envi MMIS single sign-on enabled subscription
+* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
+* Envi MMIS single sign-on (SSO) enabled subscription.
## Scenario description In this tutorial, you configure and test Azure AD single sign-on in a test environment.
-* Envi MMIS supports **SP** and **IDP** initiated SSO
+* Envi MMIS supports **SP** and **IDP** initiated SSO.
-## Adding Envi MMIS from the gallery
+## Add Envi MMIS from the gallery
To configure the integration of Envi MMIS into Azure AD, you need to add Envi MMIS from the gallery to your list of managed SaaS apps.
-**To add Envi MMIS from the gallery, perform the following steps:**
-
-1. In the **[Azure portal](https://portal.azure.com)**, on the left navigation panel, click **Azure Active Directory** icon.
-
- ![The Azure Active Directory button](common/select-azuread.png)
-
-2. Navigate to **Enterprise Applications** and then select the **All Applications** option.
-
- ![The Enterprise applications blade](common/enterprise-applications.png)
-
-3. To add new application, click **New application** button on the top of dialog.
-
- ![The New application button](common/add-new-app.png)
-
-4. In the search box, type **Envi MMIS**, select **Envi MMIS** from result panel then click **Add** button to add the application.
-
- ![Envi MMIS in the results list](common/search-new-app.png)
-
-## Configure and test Azure AD single sign-on
-
-In this section, you configure and test Azure AD single sign-on with Envi MMIS based on a test user called **Britta Simon**.
-For single sign-on to work, a link relationship between an Azure AD user and the related user in Envi MMIS needs to be established.
-
-To configure and test Azure AD single sign-on with Envi MMIS, you need to complete the following building blocks:
-
-1. **[Configure Azure AD Single Sign-On](#configure-azure-ad-single-sign-on)** - to enable your users to use this feature.
-2. **[Configure Envi MMIS Single Sign-On](#configure-envi-mmis-single-sign-on)** - to configure the Single Sign-On settings on application side.
-3. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with Britta Simon.
-4. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
-5. **[Create Envi MMIS test user](#create-envi-mmis-test-user)** - to have a counterpart of Britta Simon in Envi MMIS that is linked to the Azure AD representation of user.
-6. **[Test single sign-on](#test-single-sign-on)** - to verify whether the configuration works.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
+1. On the left navigation pane, select the **Azure Active Directory** service.
+1. Navigate to **Enterprise Applications** and then select **All Applications**.
+1. To add new application, select **New application**.
+1. In the **Add from the gallery** section, type **Envi MMIS** in the search box.
+1. Select **Envi MMIS** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-### Configure Azure AD single sign-on
+## Configure and test Azure AD SSO for Envi MMIS
-In this section, you enable Azure AD single sign-on in the Azure portal.
+Configure and test Azure AD SSO with Envi MMIS using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Envi MMIS.
-To configure Azure AD single sign-on with Envi MMIS, perform the following steps:
+To configure and test Azure AD SSO with Envi MMIS, perform the following steps:
-1. In the [Azure portal](https://portal.azure.com/), on the **Envi MMIS** application integration page, select **Single sign-on**.
+1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure Envi MMIS SSO](#configure-envi-mmis-sso)** - to configure the single sign-on settings on application side.
+ 1. **[Create Envi MMIS test user](#create-envi-mmis-test-user)** - to have a counterpart of B.Simon in Envi MMIS that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
- ![Configure single sign-on link](common/select-sso.png)
+## Configure Azure AD SSO
-2. On the **Select a Single sign-on method** dialog, select **SAML/WS-Fed** mode to enable single sign-on.
+Follow these steps to enable Azure AD SSO in the Azure portal.
- ![Single sign-on select mode](common/select-saml-option.png)
+1. In the Azure portal, on the **Envi MMIS** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
-3. On the **Set-up Single Sign-On with SAML** page, click **Edit** icon to open **Basic SAML Configuration** dialog.
-
- ![Edit Basic SAML Configuration](common/edit-urls.png)
+ ![Edit Basic SAML Configuration](common/edit-urls.png)
4. On the **Basic SAML Configuration** section, If you wish to configure the application in **IDP** initiated mode, perform the following steps:
- ![Screenshot that shows the "Basic S A M L Configuration" with the "Identifier", "Reply U R L", and "Save" button highlighted.](common/idp-intiated.png)
- a. In the **Identifier** text box, type a URL using the following pattern: `https://www.<CUSTOMER DOMAIN>.com/Account`
To configure Azure AD single sign-on with Envi MMIS, perform the following steps
5. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode:
- ![Envi MMIS Domain and URLs single sign-on information](common/metadata-upload-additional-signon.png)
- In the **Sign-on URL** text box, type a URL using the following pattern: `https://www.<CUSTOMER DOMAIN>.com/Account`
To configure Azure AD single sign-on with Envi MMIS, perform the following steps
![Copy configuration URLs](common/copy-configuration-urls.png)
- a. Login URL
+### Create an Azure AD test user
+
+In this section, you'll create a test user in the Azure portal called B.Simon.
+
+1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
+1. Select **New user** at the top of the screen.
+1. In the **User** properties, follow these steps:
+ 1. In the **Name** field, enter `B.Simon`.
+ 1. In the **User name** field, enter the username@companydomain.extension. For example, `B.Simon@contoso.com`.
+ 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
+ 1. Click **Create**.
- b. Azure Ad Identifier
+### Assign the Azure AD test user
+
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Envi MMIS.
- c. Logout URL
+1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
+1. In the applications list, select **Envi MMIS**.
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
+1. In the **Add Assignment** dialog, click the **Assign** button.
-### Configure Envi MMIS Single Sign-On
+## Configure Envi MMIS SSO
1. In a different web browser window, sign into your Envi MMIS site as an administrator. 2. Click on **My Domain** tab.
- ![Screenshot that shows the "User" menu with "My Domain" selected.](./media/envimmis-tutorial/configure1.png)
+ ![Screenshot that shows the "User" menu with "My Domain" selected.](./media/envimmis-tutorial/domain.png)
3. Click **Edit**.
- ![Screenshot that shows the "Edit" button selected.](./media/envimmis-tutorial/configure2.png)
+ ![Screenshot that shows the "Edit" button selected.](./media/envimmis-tutorial/edit-icon.png)
4. Select **Use remote authentication** checkbox and then select **HTTP Redirect** from the **Authentication Type** dropdown.
- ![Screenshot that shows the "Details" tab with "Use remote authentication" checked and "H T T P Redirect" selected.](./media/envimmis-tutorial/configure3.png)
+ ![Screenshot that shows the "Details" tab with "Use remote authentication" checked and "H T T P Redirect" selected.](./media/envimmis-tutorial/details.png)
5. Select **Resources** tab and then click **Upload Metadata**.
- ![Screenshot that shows the "Resources" tab with the "Upload Metadata" action selected.](./media/envimmis-tutorial/configure4.png)
+ ![Screenshot that shows the "Resources" tab with the "Upload Metadata" action selected.](./media/envimmis-tutorial/metadata.png)
6. In the **Upload Metadata** popup, perform the following steps:
- ![Screenshot that shows the "Upload Metadata" popup with the "File" option selected and the "choose file" icon and "OK" button highlighted.](./media/envimmis-tutorial/configure5.png)
+ ![Screenshot that shows the "Upload Metadata" popup with the "File" option selected and the "choose file" icon and "OK" button highlighted.](./media/envimmis-tutorial/file.png)
a. Select **File** option from the **Upload From** dropdown.
To configure Azure AD single sign-on with Envi MMIS, perform the following steps
c. Click **Ok**.
-7. After uploading the downloaded metadata file, the fields will get populated automatically. Click **Update**
-
- ![Configure Single Sign-On Save button](./media/envimmis-tutorial/configure6.png)
-
-### Create an Azure AD test user
-
-The objective of this section is to create a test user in the Azure portal called Britta Simon.
+7. After uploading the downloaded metadata file, the fields will get populated automatically. Click **Update**.
-1. In the Azure portal, in the left pane, select **Azure Active Directory**, select **Users**, and then select **All users**.
-
- ![The "Users and groups" and "All users" links](common/users.png)
-
-2. Select **New user** at the top of the screen.
-
- ![New user Button](common/new-user.png)
-
-3. In the User properties, perform the following steps.
-
- ![The User dialog box](common/user-properties.png)
-
- a. In the **Name** field, enter **BrittaSimon**.
-
- b. In the **User name** field, type **brittasimon\@yourcompanydomain.extension**
- For example, BrittaSimon@contoso.com
-
- c. Select **Show password** check box, and then write down the value that's displayed in the Password box.
-
- d. Click **Create**.
-
-### Assign the Azure AD test user
-
-In this section, you enable Britta Simon to use Azure single sign-on by granting access to Envi MMIS.
-
-1. In the Azure portal, select **Enterprise Applications**, select **All applications**, then select **Envi MMIS**.
-
- ![Enterprise applications blade](common/enterprise-applications.png)
-
-2. In the applications list, select **Envi MMIS**.
-
- ![The Envi MMIS link in the Applications list](common/all-applications.png)
-
-3. In the menu on the left, select **Users and groups**.
-
- ![The "Users and groups" link](common/users-groups-blade.png)
-
-4. Click the **Add user** button, then select **Users and groups** in the **Add Assignment** dialog.
-
- ![The Add Assignment pane](common/add-assign-user.png)
-
-5. In the **Users and groups** dialog, select **Britta Simon** in the Users list, then click the **Select** button at the bottom of the screen.
-
-6. If you are expecting any role value in the SAML assertion then in the **Select Role** dialog, select the appropriate role for the user from the list, then click the **Select** button at the bottom of the screen.
-
-7. In the **Add Assignment** dialog, click the **Assign** button.
+ ![Configure Single Sign-On Save button](./media/envimmis-tutorial/fields.png)
### Create Envi MMIS test user
To enable Azure AD users to sign in to Envi MMIS, they must be provisioned into
2. Click on **User List** tab.
- ![Screenshot that shows the "User" menu with "User List" selected.](./media/envimmis-tutorial/user1.png)
+ ![Screenshot that shows the "User" menu with "User List" selected.](./media/envimmis-tutorial/list.png)
3. Click **Add User** button.
- ![Screenshot that shows the "Users" section with the "Add User" button selected.](./media/envimmis-tutorial/user2.png)
+ ![Screenshot that shows the "Users" section with the "Add User" button selected.](./media/envimmis-tutorial/user.png)
4. In the **Add User** section, perform the following steps:
- ![Add Employee](./media/envimmis-tutorial/user3.png)
+ ![Screenshot that shows to Add Employee.](./media/envimmis-tutorial/add-user.png)
a. In the **User Name** textbox, type the username of Britta Simon account like **brittasimon\@contoso.com**.
To enable Azure AD users to sign in to Envi MMIS, they must be provisioned into
g. Click **Save**.
-### Test single sign-on
+## Test SSO
+
+In this section, you test your Azure AD single sign-on configuration with following options.
+
+#### SP initiated:
+
+* Click on **Test this application** in Azure portal. This will redirect to Envi MMIS Sign on URL where you can initiate the login flow.
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+* Go to Envi MMIS Sign-on URL directly and initiate the login flow from there.
-When you click the Envi MMIS tile in the Access Panel, you should be automatically signed in to the Envi MMIS for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+#### IDP initiated:
-## Additional Resources
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the Envi MMIS for which you set up the SSO.
-- [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](./tutorial-list.md)
+You can also use Microsoft My Apps to test the application in any mode. When you click the Envi MMIS tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Envi MMIS for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+## Next steps
-- [What is Conditional Access in Azure Active Directory?](../conditional-access/overview.md)
+Once you configure Envi MMIS you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Exium Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/exium-provisioning-tutorial.md
Title: 'Tutorial: Configure Exium for automatic user provisioning with Azure Act
description: Learn how to automatically provision and de-provision user accounts from Azure AD to Exium. documentationcenter: ''-
-writer: Zhchia
+
+writer: twimmers
ms.assetid: fb9d03e1-4365-4932-9403-69acfc3b8671
na ms.devlang: na-+ Last updated 07/14/2021-+ # Tutorial: Configure Exium for automatic user provisioning
active-directory Fivetran Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/fivetran-tutorial.md
Previously updated : 09/01/2020 Last updated : 08/10/2021
To get started, you need the following items:
In this tutorial, you configure and test Azure AD SSO in a test environment.
-* Fivetran supports **IDP** initiated SSO
-* Fivetran supports **Just In Time** user provisioning
+* Fivetran supports **IDP** initiated SSO.
+* Fivetran supports **Just In Time** user provisioning.
> [!NOTE] > Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
To configure the integration of Fivetran into Azure AD, you need to add Fivetran
1. In the **Add from the gallery** section, type **Fivetran** in the search box. 1. Select **Fivetran** from results panel and then add the app. Wait a few seconds while the app is added to your tenant. - ## Configure and test Azure AD SSO for Fivetran Configure and test Azure AD SSO with Fivetran using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Fivetran.
Follow these steps to enable Azure AD SSO in the Azure portal.
1. In the Azure portal, on the **Fivetran** application integration page, find the **Manage** section and select **single sign-on**. 1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png) 1. On the **Basic SAML Configuration** section, the application is pre-configured and the necessary URLs are already pre-populated with Azure. The user needs to save the configuration by clicking the **Save** button. - 1. Fivetran application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes. ![image](common/default-attributes.png)
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
In this section, you'll configure single sign-on on the **Fivetran** side. 1. In a different web browser window, sign in to your Fivetran account as the account owner.+ 1. Select the arrow in the top left corner of the window, and then select **Manage Account** from the drop-down list.
- ![Screenshot that shows the Manage Account menu option selected.](media/fivetran-tutorial/fivetran-1.png)
+ ![Screenshot that shows the Manage Account menu option selected.](media/fivetran-tutorial/menu.png)
1. Go to the **SAML Config** section of the **Settings** page.
- ![Screenshot that shows the SAML Config pane with configuration options highlighted.](media/fivetran-tutorial/fivetran-2.png)
+ ![Screenshot that shows the SAML Config pane with configuration options highlighted.](media/fivetran-tutorial/settings.png)
1. For **Enable SAML authentication**, select **ON**. 1. In **Sign on URL**, paste the value of **Login URL**, which you copied from the Azure portal.
In this section, a user called B.Simon is created in Fivetran. Fivetran supports
## Test SSO
-In this section, you test your Azure AD single sign-on configuration with following options.
+In this section, you test your Azure AD single sign-on configuration with following options.
-1. Click on **Test this application** in Azure portal and you should be automatically signed in to the Fivetran for which you set up the SSO
+* Click on Test this application in Azure portal and you should be automatically signed in to the Fivetran for which you set up the SSO.
-2. You can use Microsoft Access Panel. When you click the Fivetran tile in the Access Panel, you should be automatically signed in to the Fivetran for which you set up the SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+* You can use Microsoft My Apps. When you click the Fivetran tile in the My Apps, you should be automatically signed in to the Fivetran for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
## Next steps
active-directory Floqast Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/floqast-tutorial.md
Previously updated : 10/10/2019 Last updated : 08/10/2021
In this tutorial, you'll learn how to integrate FloQast with Azure Active Direct
* Enable your users to be automatically signed-in to FloQast with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
- ## Prerequisites To get started, you need the following items:
To get started, you need the following items:
In this tutorial, you configure and test Azure AD SSO in a test environment.
-* FloQast supports **SP and IDP** initiated SSO
+* FloQast supports **SP and IDP** initiated SSO.
+
+> [!NOTE]
+> Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
-## Adding FloQast from the gallery
+## Add FloQast from the gallery
To configure the integration of FloQast into Azure AD, you need to add FloQast from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**. 1. In the **Add from the gallery** section, type **FloQast** in the search box. 1. Select **FloQast** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-## Configure and test Azure AD single sign-on for FloQast
+## Configure and test Azure AD SSO for FloQast
Configure and test Azure AD SSO with FloQast using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in FloQast.
-To configure and test Azure AD SSO with FloQast, complete the following building blocks:
+To configure and test Azure AD SSO with FloQast, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
- * **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
- * **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
1. **[Configure FloQast SSO](#configure-floqast-sso)** - to configure the single sign-on settings on application side.
- * **[Create FloQast test user](#create-floqast-test-user)** - to have a counterpart of B.Simon in FloQast that is linked to the Azure AD representation of user.
+ 1. **[Create FloQast test user](#create-floqast-test-user)** - to have a counterpart of B.Simon in FloQast that is linked to the Azure AD representation of user.
1. **[Test SSO](#test-sso)** - to verify whether the configuration works. ## Configure Azure AD SSO Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **FloQast** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **FloQast** application integration page, find the **Manage** section and select **single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
-1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, enter the values for the following fields:
+1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, perform the following step:
- In the **Identifier** text box, type a URL:
+ In the **Identifier** text box, type the URL:
`https://go.floqast.com/` 1. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode:
- In the **Sign-on URL** text box, type a URL:
+ In the **Sign-on URL** text box, type the URL:
`https://go.floqast.com/login/sso` 1. FloQast application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes.
Follow these steps to enable Azure AD SSO in the Azure portal.
1. Select **Sign SAML response and assertion** from the **Signing Option**.
- 1. Click **Save**
-
- ![Communifire Signing option](./media/floqast-tutorial/tutorial-floqast-signing-option.png)
+ 1. Click **Save**.
1. On the **Set up FloQast** section, copy the appropriate URL(s) based on your requirement.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **FloQast**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen. 1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen. 1. In the **Add Assignment** dialog, click the **Assign** button.
In this section, you create a user called B.Simon in FloQast. Work with [FloQas
## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+In this section, you test your Azure AD single sign-on configuration with following options.
+
+#### SP initiated:
+
+* Click on **Test this application** in Azure portal. This will redirect to FloQast Sign on URL where you can initiate the login flow.
-When you click the FloQast tile in the Access Panel, you should be automatically signed in to the FloQast for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+* Go to FloQast Sign-on URL directly and initiate the login flow from there.
-## Additional resources
+#### IDP initiated:
-- [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](./tutorial-list.md)
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the FloQast for which you set up the SSO.
-- [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+You can also use Microsoft My Apps to test the application in any mode. When you click the FloQast tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the FloQast for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+## Next steps
-- [Try FloQast with Azure AD](https://aad.portal.azure.com/)
+Once you configure FloQast you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Freshservice Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/freshservice-provisioning-tutorial.md
Title: 'Tutorial: Configure Freshservice Provisioning for automatic user provisi
description: Learn how to automatically provision and de-provision user accounts from Azure AD to Freshservice Provisioning. documentationcenter: ''-
-writer: Zhchia
+
+writer: twimmers
ms.assetid: e03ec65a-25ef-4c91-a364-36b2f007443c
na ms.devlang: na-+ Last updated 08/09/2021-+ # Tutorial: Configure Freshservice Provisioning for automatic user provisioning
active-directory Getabstract Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/getabstract-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 01/25/2021
active-directory Github Ae Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/github-ae-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 09/29/2020
active-directory Github Enterprise Managed User Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/github-enterprise-managed-user-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 03/05/2021
active-directory Golinks Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/golinks-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 06/21/2021
active-directory Grammarly Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/grammarly-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 03/16/2021
active-directory Greenlight Integration Platform Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/greenlight-integration-platform-tutorial.md
Previously updated : 04/03/2020 Last updated : 08/11/2021
In this tutorial, you'll learn how to integrate Greenlight Integration Platform
* Enable your users to be automatically signed-in to Greenlight Integration Platform with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
- ## Prerequisites To get started, you need the following items:
To get started, you need the following items:
In this tutorial, you configure and test Azure AD SSO in a test environment.
-* Greenlight Integration Platform supports **SP and IDP** initiated SSO
-* Once you configure Greenlight Integration Platform you can enforce session control, which protect exfiltration and infiltration of your organizationΓÇÖs sensitive data in real-time. Session control extend from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
+* Greenlight Integration Platform supports **SP and IDP** initiated SSO.
-## Adding Greenlight Integration Platform from the gallery
+## Add Greenlight Integration Platform from the gallery
To configure the integration of Greenlight Integration Platform into Azure AD, you need to add Greenlight Integration Platform from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**. 1. In the **Add from the gallery** section, type **Greenlight Integration Platform** in the search box. 1. Select **Greenlight Integration Platform** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-## Configure and test Azure AD single sign-on for Greenlight Integration Platform
+## Configure and test Azure AD SSO for Greenlight Integration Platform
Configure and test Azure AD SSO with Greenlight Integration Platform using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Greenlight Integration Platform.
-To configure and test Azure AD SSO with Greenlight Integration Platform, complete the following building blocks:
+To configure and test Azure AD SSO with Greenlight Integration Platform, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
- * **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
- * **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
1. **[Configure Greenlight Integration Platform SSO](#configure-greenlight-integration-platform-sso)** - to configure the single sign-on settings on application side.
- * **[Create Greenlight Integration Platform test user](#create-greenlight-integration-platform-test-user)** - to have a counterpart of B.Simon in Greenlight Integration Platform that is linked to the Azure AD representation of user.
+ 1. **[Create Greenlight Integration Platform test user](#create-greenlight-integration-platform-test-user)** - to have a counterpart of B.Simon in Greenlight Integration Platform that is linked to the Azure AD representation of user.
1. **[Test SSO](#test-sso)** - to verify whether the configuration works. ## Configure Azure AD SSO Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **Greenlight Integration Platform** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **Greenlight Integration Platform** application integration page, find the **Manage** section and select **single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
-1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, enter the values for the following fields:
+1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, perform the following steps:
a. In the **Identifier** text box, type a URL using the following pattern: `https://<CUSTOMER>.greenlightcorp.com/ebcprtads/checkLoginSAML.do`
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **Greenlight Integration Platform**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen. 1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen. 1. In the **Add Assignment** dialog, click the **Assign** button.
In this section, you create a user called B.Simon in Greenlight Integration Plat
## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+In this section, you test your Azure AD single sign-on configuration with following options.
-When you click the Greenlight Integration Platform tile in the Access Panel, you should be automatically signed in to the Greenlight Integration Platform for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+#### SP initiated:
-## Additional resources
+* Click on **Test this application** in Azure portal. This will redirect to Greenlight Integration Platform Sign on URL where you can initiate the login flow.
-- [ List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](./tutorial-list.md)
+* Go to Greenlight Integration Platform Sign-on URL directly and initiate the login flow from there.
-- [What is application access and single sign-on with Azure Active Directory? ](../manage-apps/what-is-single-sign-on.md)
+#### IDP initiated:
-- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the Greenlight Integration Platform for which you set up the SSO.
-- [Try Greenlight Integration Platform with Azure AD](https://aad.portal.azure.com/)
+You can also use Microsoft My Apps to test the application in any mode. When you click the Greenlight Integration Platform tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Greenlight Integration Platform for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is session control in Microsoft Cloud App Security?](/cloud-app-security/proxy-intro-aad)
+## Next steps
-- [How to protect Greenlight Integration Platform with advanced visibility and controls](/cloud-app-security/proxy-intro-aad)
+Once you configure Greenlight Integration Platform you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Gtmhub Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/gtmhub-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 12/03/2020
active-directory H5mag Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/h5mag-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 06/21/2021
active-directory Hype Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/hype-tutorial.md
Previously updated : 07/05/2019 Last updated : 08/12/2021
In this tutorial, you'll learn how to integrate Hype with Azure Active Directory
* Enable your users to be automatically signed-in to Hype with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
- ## Prerequisites To get started, you need the following items:
-* An Azure AD subscription. If you don't have a subscription, you can get one-month free trial [here](https://azure.microsoft.com/pricing/free-trial/).
+* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
* Hype single sign-on (SSO) enabled subscription. ## Scenario description In this tutorial, you configure and test Azure AD SSO in a test environment.
-* Hype supports **SP** initiated SSO
-* Hype supports **Just In Time** user provisioning
+* Hype supports **SP** initiated SSO.
+* Hype supports **Just In Time** user provisioning.
-## Adding Hype from the gallery
+## Add Hype from the gallery
To configure the integration of Hype into Azure AD, you need to add Hype from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**. 1. In the **Add from the gallery** section, type **Hype** in the search box. 1. Select **Hype** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-## Configure and test Azure AD single sign-on
+## Configure and test Azure AD SSO for Hype
Configure and test Azure AD SSO with Hype using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Hype.
-To configure and test Azure AD SSO with Hype, complete the following building blocks:
+To configure and test Azure AD SSO with Hype, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
-2. **[Configure Hype SSO](#configure-hype-sso)** - to configure the Single Sign-On settings on application side.
-3. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with Britta Simon.
-4. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
-5. **[Create Hype test user](#create-hype-test-user)** - to have a counterpart of Britta Simon in Hype that is linked to the Azure AD representation of user.
-6. **[Test SSO](#test-sso)** - to verify whether the configuration works.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure Hype SSO](#configure-hype-sso)** - to configure the single sign-on settings on application side.
+ 1. **[Create Hype test user](#create-hype-test-user)** - to have a counterpart of B.Simon in Hype that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
-### Configure Azure AD SSO
+## Configure Azure AD SSO
Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **Hype** application integration page, find the **Manage** section and select **Single sign-on**.
+1. In the Azure portal, on the **Hype** application integration page, find the **Manage** section and select **Single sign-on**.
1. On the **Select a Single sign-on method** page, select **SAML**.
-1. On the **Set up Single Sign-On with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up Single Sign-On with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
-1. On the **Basic SAML Configuration** section, enter the values for the following fields:
+1. On the **Basic SAML Configuration** section, perform the following steps:
- 1. In the **Sign on URL** text box, type a URL using the following pattern:
+ 1. In the **Identifier (Entity ID)** text box, type a URL using the following pattern:
- `https://<SUBDOMAIN>.hypeinnovation.com/Shibboleth.sso/Login`
+ `https://<SUBDOMAIN>.hypeinnovation.com`
- 1. In the **Identifier (Entity ID)** text box, type a URL using the following pattern:
+ 1. In the **Sign on URL** text box, type a URL using the following pattern:
- `https://<SUBDOMAIN>.hypeinnovation.com`
+ `https://<SUBDOMAIN>.hypeinnovation.com/Shibboleth.sso/Login`
> [!NOTE]
- > These values are not real. Update these values with the actual Sign on URL and Identifier. Contact [Hype Client support team](mailto:itsupport@hype.de) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+ > These values are not real. Update these values with the actual Identifier and Sign on URL. Contact [Hype Client support team](mailto:itsupport@hype.de) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
1. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, find **Metadata XML** and select **Download** to download the certificate and save it on your computer.
Follow these steps to enable Azure AD SSO in the Azure portal.
![Copy configuration URLs](common/copy-configuration-urls.png)
-### Configure Hype SSO
-
-To configure single sign-on on **Hype** side, you need to send the downloaded **Metadata XML** and appropriate copied URLs from Azure portal to [Hype support team](mailto:itsupport@hype.de). They set this setting to have the SAML SSO connection set properly on both sides.
-- ### Create an Azure AD test user In this section, you'll create a test user in the Azure portal called B.Simon.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **Hype**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen. 1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen. 1. In the **Add Assignment** dialog, click the **Assign** button.
+## Configure Hype SSO
+
+To configure single sign-on on **Hype** side, you need to send the downloaded **Metadata XML** and appropriate copied URLs from Azure portal to [Hype support team](mailto:itsupport@hype.de). They set this setting to have the SAML SSO connection set properly on both sides.
+ ### Create Hype test user In this section, a user called Britta Simon is created in Hype. Hype supports just-in-time user provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Hype, a new one is created after authentication.
-### Test SSO
+## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+In this section, you test your Azure AD single sign-on configuration with following options.
-When you click the Hype tile in the Access Panel, you should be automatically signed in to the Hype for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+* Click on **Test this application** in Azure portal. This will redirect to Hype Sign-on URL where you can initiate the login flow.
-## Additional resources
+* Go to Hype Sign-on URL directly and initiate the login flow from there.
-- [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](./tutorial-list.md)
+* You can use Microsoft My Apps. When you click the Hype tile in the My Apps, this will redirect to Hype Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+## Next steps
-- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+Once you configure Hype you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Insight4grc Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/insight4grc-provisioning-tutorial.md
This section guides you through the steps to configure the Azure AD provisioning
9. Review the user attributes that are synchronized from Azure AD to Insight4GRC in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the user accounts in Insight4GRC for update operations. If you choose to change the [matching target attribute](../app-provisioning/customize-application-attributes.md), you will need to ensure that the Insight4GRC API supports filtering users based on that attribute. Select the **Save** button to commit any changes.
- |Attribute|Type|
- |||
- |userName|String|
- |externalId|String|
+ |Attribute|Type|Supported for filtering|
+ |||--|
+ |userName|String|&check;
+ |externalId|String|&check;
|active|Boolean|
+ urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager|String|
|title|String| |name.givenName|String| |name.familyName|String|
Once you've configured provisioning, use the following resources to monitor your
* Check the [progress bar](../app-provisioning/application-provisioning-when-will-provisioning-finish-specific-user.md) to see the status of the provisioning cycle and how close it is to completion. * If the provisioning configuration seems to be in an unhealthy state, the application will go into quarantine. Learn more about quarantine states [here](../app-provisioning/application-provisioning-quarantine-status.md).
+## Change log
+
+* 08/19/2021 - Enterprise extension User attribute **manager** has been added.
+ ## Additional resources * [Managing user account provisioning for Enterprise Apps](../app-provisioning/configure-automatic-user-provisioning-portal.md).
active-directory Intelligencebank Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/intelligencebank-tutorial.md
Previously updated : 06/15/2020 Last updated : 08/11/2021
In this tutorial, you'll learn how to integrate IntelligenceBank with Azure Acti
* Enable your users to be automatically signed-in to IntelligenceBank with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
- ## Prerequisites To get started, you need the following items:
To get started, you need the following items:
In this tutorial, you configure and test Azure AD SSO in a test environment.
-* IntelligenceBank supports **SP** initiated SSO
-
-* Once you configure IntelligenceBank you can enforce session control, which protect exfiltration and infiltration of your organizationΓÇÖs sensitive data in real-time. Session control extend from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
+* IntelligenceBank supports **SP** initiated SSO.
-## Adding IntelligenceBank from the gallery
+## Add IntelligenceBank from the gallery
To configure the integration of IntelligenceBank into Azure AD, you need to add IntelligenceBank from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**. 1. In the **Add from the gallery** section, type **IntelligenceBank** in the search box. 1. Select **IntelligenceBank** from results panel and then add the app. Wait a few seconds while the app is added to your tenant. -
-## Configure and test Azure AD single sign-on for IntelligenceBank
+## Configure and test Azure AD SSO for IntelligenceBank
Configure and test Azure AD SSO with IntelligenceBank using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in IntelligenceBank.
-To configure and test Azure AD SSO with IntelligenceBank, complete the following building blocks:
+To configure and test Azure AD SSO with IntelligenceBank, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature. 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
To configure and test Azure AD SSO with IntelligenceBank, complete the following
Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **IntelligenceBank** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **IntelligenceBank** application integration page, find the **Manage** section and select **single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
-1. On the **Basic SAML Configuration** section, enter the values for the following fields:
+1. On the **Basic SAML Configuration** section, perform the following steps:
- a. In the **Sign on URL** text box, type a URL using the following pattern:
- `https://<SUBDOMAIN>.intelligencebank.com`
+ a. In the **Identifier (Entity ID)** text box, type a URL using one of the following patterns:
- b. In the **Identifier (Entity ID)** text box, use anyone of the following:
+ | **Identifier** |
+ |--|
+ | `IB` |
+ | `IntelligenceBank` |
+ | `https://<SUBDOMAIN>.intelligencebank.com` |
- - `IB`
- - `IntelligenceBank`
- - `https://<SUBDOMAIN>.intelligencebank.com`
-
- c. In the **Reply URL** text box, type a URL using the following pattern:
+ b. In the **Reply URL** text box, type a URL using the following pattern:
`https://<SUBDOMAIN>.intelligencebank.com/auth`
+ c. In the **Sign on URL** text box, type a URL using the following pattern:
+ `https://<SUBDOMAIN>.intelligencebank.com`
+ > [!NOTE]
- > These values are not real. Update these values with the actual Sign on URL, Identifier and Reply URL. Contact [IntelligenceBank Client support team](mailto:helpdesk@intelligencebank.com) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+ > These values are not real. Update these values with the actual Identifier,Reply URL and Sign on URL. Contact [IntelligenceBank Client support team](mailto:helpdesk@intelligencebank.com) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section, find **Certificate (Base64)** and select **Download** to download the certificate and save it on your computer.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **IntelligenceBank**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen. 1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen. 1. In the **Add Assignment** dialog, click the **Assign** button.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In a different web browser window, sign in to your IntelligenceBank company site as an administrator.
-1. Click on **Authenticator** and click on **Add New**
+1. Click on **Authenticator** and click on **Add New**.
![Screenshot shows the Administrator tab selected and the Add New icon.](./media/intelligencebank-tutorial/authenticator.PNG) 1. Perform the following steps:
- ![Screenshot shows the fields where you enter the information in this step.](./media/intelligencebank-tutorial/urls.PNG)
+ ![Screenshot shows the fields where you enter the information in this step.](./media/intelligencebank-tutorial/fields.PNG)
a. In the **Name** textbox, enter the name for example like `azureadsso`.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. Fill the necessary fields as per your organization requirements and click **Save**.
- ![Screenshot show the Add New User page where you enter user information.](./media/intelligencebank-tutorial/creating-user-1.PNG)
+ ![Screenshot show the Add New User page where you enter user information.](./media/intelligencebank-tutorial/user.PNG)
## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
-
-When you click the IntelligenceBank tile in the Access Panel, you should be automatically signed in to the IntelligenceBank for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
-
-## Additional resources
--- [ List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](./tutorial-list.md)
+In this section, you test your Azure AD single sign-on configuration with following options.
-- [What is application access and single sign-on with Azure Active Directory? ](../manage-apps/what-is-single-sign-on.md)
+* Click on **Test this application** in Azure portal. This will redirect to IntelligenceBank Sign-on URL where you can initiate the login flow.
-- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+* Go to IntelligenceBank Sign-on URL directly and initiate the login flow from there.
-- [Try IntelligenceBank with Azure AD](https://aad.portal.azure.com/)
+* You can use Microsoft My Apps. When you click the IntelligenceBank tile in the My Apps, this will redirect to IntelligenceBank Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is session control in Microsoft Cloud App Security?](/cloud-app-security/proxy-intro-aad)
+## Next steps
-- [How to protect IntelligenceBank with advanced visibility and controls](/cloud-app-security/proxy-intro-aad)
+Once you configure IntelligenceBank you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Invitedesk Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/invitedesk-provisioning-tutorial.md
+
+ Title: 'Tutorial: Configure InviteDesk for automatic user provisioning with Azure Active Directory | Microsoft Docs'
+description: Learn how to automatically provision and de-provision user accounts from Azure AD to InviteDesk.
+
+writer: twimmers
+
+ms.assetid: d3291257-0dc0-4ed7-ae21-29249ce664df
++++ Last updated : 08/11/2021+++
+# Tutorial: Configure InviteDesk for automatic user provisioning
+
+This tutorial describes the steps you need to perform in both InviteDesk and Azure Active Directory (Azure AD) to configure automatic user provisioning. When configured, Azure AD automatically provisions and de-provisions users and groups to [InviteDesk](https://invitedesk.com/) using the Azure AD Provisioning service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Azure Active Directory](../app-provisioning/user-provisioning.md).
++
+## Capabilities Supported
+> [!div class="checklist"]
+> * Create users in InviteDesk
+> * Remove users in InviteDesk when they do not require access anymore
+> * Keep user attributes synchronized between Azure AD and InviteDesk
+> * Provision groups and group memberships in InviteDesk.
+> * [Single sign-on](../manage-apps/add-application-portal-setup-oidc-sso.md) to InviteDesk (recommended).
+
+## Prerequisites
+
+The scenario outlined in this tutorial assumes that you already have the following prerequisites:
+
+* [An Azure AD tenant](../develop/quickstart-create-new-tenant.md)
+* A user account in Azure AD with [permission](../roles/permissions-reference.md) to configure provisioning (for example, Application Administrator, Cloud Application administrator, Application Owner, or Global Administrator).
+* A [InviteDesk](https://invitedesk.com/) tenant.
+* A user account in InviteDesk with Admin permissions.
+
+## Step 1. Plan your provisioning deployment
+1. Learn about [how the provisioning service works](../app-provisioning/user-provisioning.md).
+1. Determine who will be in [scope for provisioning](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
+1. Determine what data to [map between Azure AD and InviteDesk](../app-provisioning/customize-application-attributes.md).
+
+## Step 2. Configure InviteDesk to support provisioning with Azure AD
+
+1. Login to [InviteDesk admin console](https://app.invitedesk.com/). Navigate to **Settings > Active Directory**.
++
+ ![InviteDesk settings](./media\invitedesk-provisioning-tutorial\invitedesk-settings.png)
+
+1. Enter the **Azure Tenant-Id** and then click on the toggle button to generate the corresponding **access code**.
+
+ ![InviteDesk token page](./media\invitedesk-provisioning-tutorial\invitedesk-token-page.png)
++
+1. On clicking the toggle button **access code** corresponding to the **Azure Tenant-Id** would be generated.This value will be entered in the **Secret Token** * field in the Provisioning tab of your LucidChart application in the Azure portal.
+
+ ![InviteDesk token generate](./media\invitedesk-provisioning-tutorial\invitedesk-token-generate.png)
++
+## Step 3. Add InviteDesk from the Azure AD application gallery
+
+Add InviteDesk from the Azure AD application gallery to start managing provisioning to InviteDesk. If you have previously setup InviteDesk for SSO you can use the same application. However it is recommended that you create a separate app when testing out the integration initially. Learn more about adding an application from the gallery [here](../manage-apps/add-application-portal.md).
+
+## Step 4. Define who will be in scope for provisioning
+
+The Azure AD provisioning service allows you to scope who will be provisioned based on assignment to the application and or based on attributes of the user / group. If you choose to scope who will be provisioned to your app based on assignment, you can use the following [steps](../manage-apps/assign-user-or-group-access-portal.md) to assign users and groups to the application. If you choose to scope who will be provisioned based solely on attributes of the user or group, you can use a scoping filter as described [here](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
+
+* When assigning users and groups to InviteDesk, you must select a role other than **Default Access**. Users with the Default Access role are excluded from provisioning and will be marked as not effectively entitled in the provisioning logs. If the only role available on the application is the default access role, you can [update the application manifest](../develop/howto-add-app-roles-in-azure-ad-apps.md) to add additional roles.
+
+* Start small. Test with a small set of users and groups before rolling out to everyone. When scope for provisioning is set to assigned users and groups, you can control this by assigning one or two users or groups to the app. When scope is set to all users and groups, you can specify an [attribute based scoping filter](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
++
+## Step 5. Configure automatic user provisioning to InviteDesk
+
+This section guides you through the steps to configure the Azure AD provisioning service to create, update, and disable users and/or groups in InviteDesk based on user and/or group assignments in Azure AD.
+
+### To configure automatic user provisioning for InviteDesk in Azure AD:
+
+1. Sign in to the [Azure portal](https://portal.azure.com). Select **Enterprise Applications**, then select **All applications**.
+
+ ![Enterprise applications blade](common/enterprise-applications.png)
+
+1. In the applications list, select **InviteDesk**.
+
+ ![The InviteDesk link in the Applications list](common/all-applications.png)
+
+1. Select the **Provisioning** tab.
+
+ ![Provisioning tab](common/provisioning.png)
+
+1. Set the **Provisioning Mode** to **Automatic**.
+
+ ![Provisioning tab automatic](common/provisioning-automatic.png)
+
+1. In the **Admin Credentials** section, input your InviteDesk **Tenant URL** and **Secret Token**. Click **Test Connection** to ensure Azure AD can connect to InviteDesk. If the connection fails , ensure your InviteDesk account has Admin permissions and try again.
+
+ ![Token](common/provisioning-testconnection-tenanturltoken.png)
+
+1. In the **Notification Email** field, enter the email address of a person or group who should receive the provisioning error notifications and select the **Send an email notification when a failure occurs** check box.
+
+ ![Notification Email](common/provisioning-notification-email.png)
+
+1. Select **Save**.
+
+1. In the **Mappings** section, select **Synchronize Azure Active Directory Users to InviteDesk**.
+
+1. Review the user attributes that are synchronized from Azure AD to InviteDesk in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the user accounts in InviteDesk for update operations. If you choose to change the [matching target attribute](../app-provisioning/customize-application-attributes.md), you will need to ensure that the InviteDesk API supports filtering users based on that attribute. Select the **Save** button to commit any changes.
+
+ |Attribute|Type|Supported for filtering|
+ ||||
+ |userName|String|&check;
+ |active|Boolean|
+ |emails[type eq "work"].value|String|
+ |name.givenName|String|
+ |name.familyName|String|
+ |addresses[type eq "work"].streetAddress|String|
+ |addresses[type eq "work"].locality|String|
+ |addresses[type eq "work"].postalCode|String|
+ |addresses[type eq "work"].country|String|
+ |phoneNumbers[type eq "work"].value|String|
+ |phoneNumbers[type eq "mobile"].value|String|
+ |externalId|String|
+ |preferredLanguage|String|
++
+1. In the **Mappings** section, select **Synchronize Azure Active Directory Groups to InviteDesk**.
+
+1. Review the group attributes that are synchronized from Azure AD to InviteDesk in the **Attribute-Mapping** section. The attributes selected as **Matching** properties are used to match the groups in InviteDesk for update operations. Select the **Save** button to commit any changes.
+
+ |Attribute|Type|Supported for filtering|
+ ||||
+ |displayName|String|&check;
+ |externalId|String|
+ |members|Reference|
+
+1. To configure scoping filters, refer to the following instructions provided in the [Scoping filter tutorial](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md).
+
+1. To enable the Azure AD provisioning service for InviteDesk, change the **Provisioning Status** to **On** in the **Settings** section.
+
+ ![Provisioning Status Toggled On](common/provisioning-toggle-on.png)
+
+1. Define the users and/or groups that you would like to provision to InviteDesk by choosing the desired values in **Scope** in the **Settings** section.
+
+ ![Provisioning Scope](common/provisioning-scope.png)
+
+1. When you are ready to provision, click **Save**.
+
+ ![Saving Provisioning Configuration](common/provisioning-configuration-save.png)
+
+This operation starts the initial synchronization cycle of all users and groups defined in **Scope** in the **Settings** section. The initial cycle takes longer to perform than subsequent cycles, which occur approximately every 40 minutes as long as the Azure AD provisioning service is running.
+
+## Step 6. Monitor your deployment
+Once you've configured provisioning, use the following resources to monitor your deployment:
+
+* Use the [provisioning logs](../reports-monitoring/concept-provisioning-logs.md) to determine which users have been provisioned successfully or unsuccessfully
+* Check the [progress bar](../app-provisioning/application-provisioning-when-will-provisioning-finish-specific-user.md) to see the status of the provisioning cycle and how close it is to completion
+* If the provisioning configuration seems to be in an unhealthy state, the application will go into quarantine. Learn more about quarantine states [here](../app-provisioning/application-provisioning-quarantine-status.md).
+
+## More resources
+
+* [Managing user account provisioning for Enterprise Apps](../app-provisioning/configure-automatic-user-provisioning-portal.md)
+* [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+
+## Next steps
+
+* [Learn how to review logs and get reports on provisioning activity](../app-provisioning/check-status-user-account-provisioning.md)
active-directory Knowledgeowl Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/knowledgeowl-tutorial.md
Previously updated : 02/11/2021 Last updated : 08/11/2021
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. Click on **Settings** and then select **SSO**.
- ![Screenshot that shows S S O selected from the Settings menu.](./media/knowledgeowl-tutorial/knowledgeowl-sso-settings-menu.png)
+ ![Screenshot shows SSO selected from the Settings menu.](./media/knowledgeowl-tutorial/settings-sso-dropdown.png)
1. In the Scroll to **SAML Settings** tab, perform the following steps:
- ![Screenshot that shows making changes to S A M L S S O Integration settings.](./media/knowledgeowl-tutorial/knowledgeowl-required-settings.png)
+ ![Screenshot shows SAML S S O Integration where you can make the changes described here.](./media/knowledgeowl-tutorial/sso-settings-required-fields.png)
a. Select **Enable SAML SSO**.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
f. In the **IdP Logout URL** textbox, paste the **Logout URL** value, which you have copied from the Azure portal. g. Upload the downloaded certificate form the Azure portal by clicking the **Upload** link beneath **IdP Certificate**.
-
+ h. Click **Save** at the bottom of the page.
-
- ![Screenshot that shows the Save button for S A M L S S O integration settings.](./media/knowledgeowl-tutorial/knowledgeowl-saml-save.png)
+
+ ![Screenshot shows the Save button.](./media/knowledgeowl-tutorial/sso-settings-saml-save.png)
i. Open the **SAML Attribute Map** tab to map attributes and perform the following steps:
- ![Screenshot that shows making changes to the S A M L Attribute Map.](./media/knowledgeowl-tutorial/knowledgeowl-direct-attributes-select.png)
+ ![Screenshot shows Map SAML Attributes where you can make the changes described here.](./media/knowledgeowl-tutorial/sso-settings-direct-attribute-fields.png)
* Enter `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/ssoid` into the **SSO ID** textbox. * Enter `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress` into the **Username/Email** textbox.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
j. Click **Save** at the bottom of the page.
- ![Screenshot shows the Save button for S A M L Attribute Map settings.](./media/knowledgeowl-tutorial/knowledgeowl-direct-attributes-save.png)
+ ![Screenshot shows the Save button1.](./media/knowledgeowl-tutorial/sso-settings-direct-attribute-save.png)
### Create KnowledgeOwl test user
active-directory Learningseatlms Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/learningseatlms-tutorial.md
Previously updated : 02/25/2019 Last updated : 08/12/2021 # Tutorial: Azure Active Directory integration with Learning Seat LMS
-In this tutorial, you learn how to integrate Learning Seat LMS with Azure Active Directory (Azure AD).
-Integrating Learning Seat LMS with Azure AD provides you with the following benefits:
+In this tutorial, you'll learn how to integrate Learning Seat LMS with Azure Active Directory (Azure AD). When you integrate Learning Seat LMS with Azure AD, you can:
-* You can control in Azure AD who has access to Learning Seat LMS.
-* You can enable your users to be automatically signed-in to Learning Seat LMS (Single Sign-On) with their Azure AD accounts.
-* You can manage your accounts in one central location - the Azure portal.
-
-If you want to know more details about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
-If you don't have an Azure subscription, [create a free account](https://azure.microsoft.com/free/) before you begin.
+* Control in Azure AD who has access to Learning Seat LMS.
+* Enable your users to be automatically signed-in to Learning Seat LMS with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
## Prerequisites
-To configure Azure AD integration with Learning Seat LMS, you need the following items:
+To get started, you need the following items:
-* An Azure AD subscription. If you don't have an Azure AD environment, you can get one-month trial [here](https://azure.microsoft.com/pricing/free-trial/)
-* Learning Seat LMS single sign-on enabled subscription
+* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
+* Learning Seat LMS single sign-on (SSO) enabled subscription.
## Scenario description In this tutorial, you configure and test Azure AD single sign-on in a test environment.
-* Learning Seat LMS supports **SP and IDP** initiated SSO
+* Learning Seat LMS supports **SP and IDP** initiated SSO.
-## Adding Learning Seat LMS from the gallery
+## Add Learning Seat LMS from the gallery
To configure the integration of Learning Seat LMS into Azure AD, you need to add Learning Seat LMS from the gallery to your list of managed SaaS apps.
-**To add Learning Seat LMS from the gallery, perform the following steps:**
-
-1. In the **[Azure portal](https://portal.azure.com)**, on the left navigation panel, click **Azure Active Directory** icon.
-
- ![The Azure Active Directory button](common/select-azuread.png)
-
-2. Navigate to **Enterprise Applications** and then select the **All Applications** option.
-
- ![The Enterprise applications blade](common/enterprise-applications.png)
-
-3. To add new application, click **New application** button on the top of dialog.
-
- ![The New application button](common/add-new-app.png)
-
-4. In the search box, type **Learning Seat LMS**, select **Learning Seat LMS** from result panel then click **Add** button to add the application.
-
- ![Learning Seat LMS in the results list](common/search-new-app.png)
-
-## Configure and test Azure AD single sign-on
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
+1. On the left navigation pane, select the **Azure Active Directory** service.
+1. Navigate to **Enterprise Applications** and then select **All Applications**.
+1. To add new application, select **New application**.
+1. In the **Add from the gallery** section, type **Learning Seat LMS** in the search box.
+1. Select **Learning Seat LMS** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-In this section, you configure and test Azure AD single sign-on with Learning Seat LMS based on a test user called **Britta Simon**.
-For single sign-on to work, a link relationship between an Azure AD user and the related user in Learning Seat LMS needs to be established.
+## Configure and test Azure AD SSO for Learning Seat LMS
-To configure and test Azure AD single sign-on with Learning Seat LMS, you need to complete the following building blocks:
+Configure and test Azure AD SSO with Learning Seat LMS using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Learning Seat LMS.
-1. **[Configure Azure AD Single Sign-On](#configure-azure-ad-single-sign-on)** - to enable your users to use this feature.
-2. **[Configure Learning Seat LMS Single Sign-On](#configure-learning-seat-lms-single-sign-on)** - to configure the Single Sign-On settings on application side.
-3. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with Britta Simon.
-4. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
-5. **[Create Learning Seat LMS test user](#create-learning-seat-lms-test-user)** - to have a counterpart of Britta Simon in Learning Seat LMS that is linked to the Azure AD representation of user.
-6. **[Test single sign-on](#test-single-sign-on)** - to verify whether the configuration works.
+To configure and test Azure AD SSO with Learning Seat LMS, perform the following steps:
-### Configure Azure AD single sign-on
+1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure Learning Seat LMS SSO](#configure-learning-seat-lms-sso)** - to configure the single sign-on settings on application side.
+ 1. **[Create Learning Seat LMS test user](#create-learning-seat-lms-test-user)** - to have a counterpart of B.Simon in Learning Seat LMS that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
-In this section, you enable Azure AD single sign-on in the Azure portal.
+## Configure Azure AD SSO
-To configure Azure AD single sign-on with Learning Seat LMS, perform the following steps:
+Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **Learning Seat LMS** application integration page, select **Single sign-on**.
+1. In the Azure portal, on the **Learning Seat LMS** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
- ![Configure single sign-on link](common/select-sso.png)
-
-2. On the **Select a Single sign-on method** dialog, select **SAML/WS-Fed** mode to enable single sign-on.
-
- ![Single sign-on select mode](common/select-saml-option.png)
-
-3. On the **Set up Single Sign-On with SAML** page, click **Edit** icon to open **Basic SAML Configuration** dialog.
-
- ![Edit Basic SAML Configuration](common/edit-urls.png)
+ ![Edit Basic SAML Configuration](common/edit-urls.png)
4. On the **Basic SAML Configuration** section, If you wish to configure the application in **IDP** initiated mode, perform the following steps:
- ![Screenshot shows the Basic SAML Configuration, where you can enter Identifier, Reply U R L, and select Save.](common/idp-intiated.png)
- a. In the **Identifier** text box, type a URL using the following pattern: `https://<subdomain>.learningseatlms.com`
To configure Azure AD single sign-on with Learning Seat LMS, perform the followi
5. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode:
- ![Screenshot shows Set additional U R Ls where you can enter a Sign on U R L.](common/metadata-upload-additional-signon.png)
- In the **Sign-on URL** text box, type a URL using the following pattern: `https://<subdomain>.learningseatlms.com`
To configure Azure AD single sign-on with Learning Seat LMS, perform the followi
![Copy configuration URLs](common/copy-configuration-urls.png)
- a. Login URL
-
- b. Azure Ad Identifier
-
- c. Logout URL
-
-### Configure Learning Seat LMS Single Sign-On
-
-To configure single sign-on on **Learning Seat LMS** side, you need to send the downloaded **Federation Metadata XML** and appropriate copied URLs from Azure portal to [Learning Seat LMS support team](https://azuremarketplace.microsoft.com/marketplace/apps/aad.learnconnect?tab=Overview). They set this setting to have the SAML SSO connection set properly on both sides.
- ### Create an Azure AD test user
-The objective of this section is to create a test user in the Azure portal called Britta Simon.
-
-1. In the Azure portal, in the left pane, select **Azure Active Directory**, select **Users**, and then select **All users**.
-
- ![The "Users and groups" and "All users" links](common/users.png)
-
-2. Select **New user** at the top of the screen.
-
- ![New user Button](common/new-user.png)
-
-3. In the User properties, perform the following steps.
-
- ![The User dialog box](common/user-properties.png)
-
- a. In the **Name** field enter **BrittaSimon**.
-
- b. In the **User name** field type **brittasimon\@yourcompanydomain.extension**
- For example, BrittaSimon@contoso.com
-
- c. Select **Show password** check box, and then write down the value that's displayed in the Password box.
+In this section, you'll create a test user in the Azure portal called B.Simon.
- d. Click **Create**.
+1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
+1. Select **New user** at the top of the screen.
+1. In the **User** properties, follow these steps:
+ 1. In the **Name** field, enter `B.Simon`.
+ 1. In the **User name** field, enter the username@companydomain.extension. For example, `B.Simon@contoso.com`.
+ 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
+ 1. Click **Create**.
### Assign the Azure AD test user
-In this section, you enable Britta Simon to use Azure single sign-on by granting access to Learning Seat LMS.
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Learning Seat LMS.
-1. In the Azure portal, select **Enterprise Applications**, select **All applications**, then select **Learning Seat LMS**.
+1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
+1. In the applications list, select **Learning Seat LMS**.
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
+1. In the **Add Assignment** dialog, click the **Assign** button.
- ![Enterprise applications blade](common/enterprise-applications.png)
+## Configure Learning Seat LMS SSO
-2. In the applications list, select **Learning Seat LMS**.
-
- ![The Learning Seat LMS link in the Applications list](common/all-applications.png)
-
-3. In the menu on the left, select **Users and groups**.
-
- ![The "Users and groups" link](common/users-groups-blade.png)
-
-4. Click the **Add user** button, then select **Users and groups** in the **Add Assignment** dialog.
-
- ![The Add Assignment pane](common/add-assign-user.png)
+To configure single sign-on on **Learning Seat LMS** side, you need to send the downloaded **Federation Metadata XML** and appropriate copied URLs from Azure portal to [Learning Seat LMS support team](https://azuremarketplace.microsoft.com/marketplace/apps/aad.learnconnect?tab=Overview). They set this setting to have the SAML SSO connection set properly on both sides.
-5. In the **Users and groups** dialog select **Britta Simon** in the Users list, then click the **Select** button at the bottom of the screen.
+### Create Learning Seat LMS test user
-6. If you are expecting any role value in the SAML assertion then in the **Select Role** dialog select the appropriate role for the user from the list, then click the **Select** button at the bottom of the screen.
+In this section, you create a user called Britta Simon in Learning Seat LMS. Work with [Learning Seat LMS support team](https://azuremarketplace.microsoft.com/marketplace/apps/aad.learnconnect?tab=Overview) to add the users in the Learning Seat LMS platform. Users must be created and activated before you use single sign-on.
-7. In the **Add Assignment** dialog click the **Assign** button.
+## Test SSO
-### Create Learning Seat LMS test user
+In this section, you test your Azure AD single sign-on configuration with following options.
-In this section, you create a user called Britta Simon in Learning Seat LMS. Work with [Learning Seat LMS support team](https://azuremarketplace.microsoft.com/marketplace/apps/aad.learnconnect?tab=Overview) to add the users in the Learning Seat LMS platform. Users must be created and activated before you use single sign-on.
+#### SP initiated:
-### Test single sign-on
+* Click on **Test this application** in Azure portal. This will redirect to Learning Seat LMS Sign on URL where you can initiate the login flow.
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+* Go to Learning Seat LMS Sign-on URL directly and initiate the login flow from there.
-When you click the Learning Seat LMS tile in the Access Panel, you should be automatically signed in to the Learning Seat LMS for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+#### IDP initiated:
-## Additional Resources
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the Learning Seat LMS for which you set up the SSO.
-- [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](./tutorial-list.md)
+You can also use Microsoft My Apps to test the application in any mode. When you click the Learning Seat LMS tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Learning Seat LMS for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+## Next steps
-- [What is Conditional Access in Azure Active Directory?](../conditional-access/overview.md)
+Once you configure Learning Seat LMS you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Linkedin Learning Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/linkedin-learning-provisioning-tutorial.md
Title: 'Tutorial: Configure LinkedIn Learning for automatic user provisioning with Azure Active Directory | Microsoft Docs' description: Learn how to automatically provision and de-provision user accounts from Azure AD to LinkedIn Learning. -
-writer: Zhchia
+
+writer: twimmers
ms.assetid: 21e2f470-4eb1-472c-adb9-4203c00300be
Last updated 06/30/2020-+ # Tutorial: Configure LinkedIn Learning for automatic user provisioning
active-directory Logicgate Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/logicgate-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 03/17/2021
active-directory Logmein Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/logmein-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 06/02/2021
active-directory Mondaycom Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/mondaycom-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 11/24/2020
active-directory Playvox Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/playvox-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 11/18/2020
active-directory Printer Logic Saas Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/printer-logic-saas-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 11/02/2020
active-directory Proware Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/proware-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 03/30/2021
active-directory Secure Deliver Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/secure-deliver-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 06/02/2021
active-directory Secure Login Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/secure-login-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 02/22/2021
active-directory Segment Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/segment-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 03/24/2021
active-directory Shopify Plus Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/shopify-plus-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 12/07/2020
active-directory Sigma Computing Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/sigma-computing-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 06/02/2021
active-directory Smallstep Ssh Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/smallstep-ssh-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 06/21/2021
active-directory Spectrumu Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/spectrumu-tutorial.md
Previously updated : 03/26/2020 Last updated : 08/11/2021
In this tutorial, you'll learn how to integrate SpectrumU with Azure Active Dire
* Enable your users to be automatically signed-in to SpectrumU with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
- ## Prerequisites To get started, you need the following items:
To get started, you need the following items:
* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/). * SpectrumU single sign-on (SSO) enabled subscription.
-> [!NOTE]
-> Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
- ## Scenario description In this tutorial, you configure and test Azure AD SSO in a test environment.
-* SpectrumU supports **SP** initiated SSO
-* SpectrumU supports **Just In Time** user provisioning
-* Once you configure SpectrumU you can enforce session control, which protect exfiltration and infiltration of your organizationΓÇÖs sensitive data in real-time. Session control extend from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
+* SpectrumU supports **SP** initiated SSO.
+* SpectrumU supports **Just In Time** user provisioning.
+
+> [!NOTE]
+> Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
-## Adding SpectrumU from the gallery
+## Add SpectrumU from the gallery
To configure the integration of SpectrumU into Azure AD, you need to add SpectrumU from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**. 1. In the **Add from the gallery** section, type **SpectrumU** in the search box. 1. Select **SpectrumU** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-## Configure and test Azure AD single sign-on for SpectrumU
+## Configure and test Azure AD SSO for SpectrumU
Configure and test Azure AD SSO with SpectrumU using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in SpectrumU.
-To configure and test Azure AD SSO with SpectrumU, complete the following building blocks:
+To configure and test Azure AD SSO with SpectrumU, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature. 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
To configure and test Azure AD SSO with SpectrumU, complete the following buildi
Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **SpectrumU** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **SpectrumU** application integration page, find the **Manage** section and select **single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
-1. On the **Basic SAML Configuration** section, enter the values for the following fields:
+1. On the **Basic SAML Configuration** section, perform the following step:
- In the **Sign-on URL** text box, type a URL:
+ In the **Sign-on URL** text box, type the URL:
`https://watch.spectrum.net/domainsearch/` 1. SpectrumU application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **SpectrumU**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen. 1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen. 1. In the **Add Assignment** dialog, click the **Assign** button.
In this section, a user called Britta Simon is created in SpectrumU. SpectrumU s
## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
-
-When you click the SpectrumU tile in the Access Panel, you should be automatically signed in to the SpectrumU for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
-
-## Additional resources
--- [ List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](./tutorial-list.md)
+In this section, you test your Azure AD single sign-on configuration with following options.
-- [What is application access and single sign-on with Azure Active Directory? ](../manage-apps/what-is-single-sign-on.md)
+* Click on **Test this application** in Azure portal. This will redirect to SpectrumU Sign-on URL where you can initiate the login flow.
-- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+* Go to SpectrumU Sign-on URL directly and initiate the login flow from there.
-- [Try SpectrumU with Azure AD](https://aad.portal.azure.com/)
+* You can use Microsoft My Apps. When you click the SpectrumU tile in the My Apps, this will redirect to SpectrumU Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is session control in Microsoft Cloud App Security?](/cloud-app-security/proxy-intro-aad)
+## Next steps
-- [How to protect SpectrumU with advanced visibility and controls](/cloud-app-security/proxy-intro-aad)
+Once you configure SpectrumU you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Splashtop Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/splashtop-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 01/19/2021
active-directory Talentech Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/talentech-provisioning-tutorial.md
Title: 'Tutorial: Configure Talentech for automatic user provisioning with Azure
description: Learn how to automatically provision and de-provision user accounts from Azure AD to Talentech. documentationcenter: ''-
-writer: Zhchia
+
+writer: twimmers
ms.assetid: 0a83529b-b150-4af8-bc5b-a0f4345c3356
na ms.devlang: na-+ Last updated 07/14/2021-+ # Tutorial: Configure Talentech for automatic user provisioning
active-directory Thrive Lxp Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/thrive-lxp-provisioning-tutorial.md
Title: 'Tutorial: Configure Thrive LXP for automatic user provisioning with Azur
description: Learn how to automatically provision and de-provision user accounts from Azure AD to Thrive LXP. documentationcenter: ''-
-writer: Zhchia
+
+writer: twimmers
ms.assetid: 1b4993b3-7fb1-4128-a399-3bad8e26559f
na ms.devlang: na-+ Last updated 07/14/2021-+ # Tutorial: Configure Thrive LXP for automatic user provisioning
active-directory Timeclock 365 Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/timeclock-365-provisioning-tutorial.md
Title: 'Tutorial: Configure TimeClock 365 for automatic user provisioning with Azure Active Directory | Microsoft Docs' description: Learn how to automatically provision and de-provision user accounts from Azure AD to TimeClock 365. -
-writer: Zhchia
+
+writer: twimmers
ms.assetid: dc5e95c8-d878-43dd-918e-69e1686b4db6
Last updated 07/16/2021-+ # Tutorial: Configure TimeClock 365 for automatic user provisioning
active-directory Travelperk Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/travelperk-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 02/22/2021
active-directory Travelperk Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/travelperk-tutorial.md
Previously updated : 09/23/2020 Last updated : 08/11/2021
To get started, you need the following items:
In this tutorial, you configure and test Azure AD SSO in a test environment.
-* TravelPerk supports **SP** initiated SSO
+* TravelPerk supports **SP** initiated SSO.
-* TravelPerk supports **Just In Time** user provisioning
+* TravelPerk supports **Just In Time** user provisioning.
-## Adding TravelPerk from the gallery
+## Add TravelPerk from the gallery
To configure the integration of TravelPerk into Azure AD, you need to add TravelPerk from the gallery to your list of managed SaaS apps.
To configure the integration of TravelPerk into Azure AD, you need to add Travel
1. In the **Add from the gallery** section, type **TravelPerk** in the search box. 1. Select **TravelPerk** from results panel and then add the app. Wait a few seconds while the app is added to your tenant. - ## Configure and test Azure AD SSO for TravelPerk Configure and test Azure AD SSO with TravelPerk using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in TravelPerk.
Follow these steps to enable Azure AD SSO in the Azure portal.
1. In the Azure portal, on the **TravelPerk** application integration page, find the **Manage** section and select **single sign-on**. 1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
-1. On the **Basic SAML Configuration** section, enter the values for the following fields:
-
- a. In the **Sign on URL** text box, type a URL using the following pattern:
- `https://<COMPANY>.travelperk.com/`
+1. On the **Basic SAML Configuration** section, perform the following steps:
- b. In the **Identifier (Entity ID)** text box, type a URL using the following pattern:
+ a. In the **Identifier (Entity ID)** text box, type a URL using the following pattern:
`https://<COMPANY>.travelperk.com/accounts/saml2/metadata/<APPLICATION_ID>`
- c. In the **Reply URL** text box, type a URL using the following pattern:
+ b. In the **Reply URL** text box, type a URL using the following pattern:
`https://<COMPANY>.travelperk.com/accounts/saml2/callback/<APPLICATION_ID>/?acs`
+ c. In the **Sign on URL** text box, type a URL using the following pattern:
+ `https://<COMPANY>.travelperk.com/`
+ > [!NOTE]
- > These values are not real. Update these values with the actual Sign on URL, Reply URL, and Identifier. The values can be found inside your TravelPerk account: go to **Company Settings** > **Integrations** > **Single Sign On**. For assistance, visit the [TravelPerk helpcenter](https://support.travelperk.com/hc/en-us/articles/360052450271-How-can-I-setup-SSO-for-Azure-SAML-).
+ > These values are not real. Update these values with the actual Identifier,Reply URL and Sign on URL. The values can be found inside your TravelPerk account: go to **Company Settings** > **Integrations** > **Single Sign On**. For assistance, visit the [TravelPerk helpcenter](https://support.travelperk.com/hc/articles/360052450271-How-can-I-setup-SSO-for-Azure-SAML).
1. Your TravelPerk application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes. In the default mapping, **emailaddress** is mapped with **user.mail**. However, the TravelPerk application expects **emailaddress** to be mapped with **user.userprincipalname**. For TravelPerk, you must edit the attribute mapping: click the **Edit** icon, and then change the attribute mapping. To edit an attribute, just click the attribute to open edit mode.
Follow these steps to enable Azure AD SSO in the Azure portal.
1. On the **Set up TravelPerk** section, copy the appropriate URL(s) based on your requirement. ![Copy configuration URLs](common/copy-configuration-urls.png)+ ### Create an Azure AD test user In this section, you'll create a test user in the Azure portal called B.Simon.
In this section, a user called B.Simon is created in TravelPerk. TravelPerk supp
In this section, you test your Azure AD single sign-on configuration with following options.
-1. Click on **Test this application** in Azure portal. This will redirect to TravelPerk Sign-on URL where you can initiate the login flow.
+* Click on **Test this application** in Azure portal. This will redirect to TravelPerk Sign-on URL where you can initiate the login flow.
-2. Go to TravelPerk Sign-on URL directly and initiate the login flow from there.
+* Go to TravelPerk Sign-on URL directly and initiate the login flow from there.
-3. You can use Microsoft Access Panel. When you click the TravelPerk tile in the Access Panel, this will redirect to TravelPerk Sign-on URL. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+* You can use Microsoft My Apps. When you click the TravelPerk tile in the My Apps, this will redirect to TravelPerk Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
## Next steps
-Once you configure TravelPerk you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
+Once you configure TravelPerk you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
active-directory Twingate Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/twingate-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 06/02/2021
active-directory Visibly Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/visibly-provisioning-tutorial.md
na ms.devlang: na-+ Last updated 09/30/2020
active-directory Youearnedit Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/youearnedit-tutorial.md
Previously updated : 01/17/2019 Last updated : 08/10/2021 # Tutorial: Azure Active Directory integration with YouEarnedIt
-In this tutorial, you learn how to integrate YouEarnedIt with Azure Active Directory (Azure AD).
-Integrating YouEarnedIt with Azure AD provides you with the following benefits:
+In this tutorial, you'll learn how to integrate YouEarnedIt with Azure Active Directory (Azure AD). When you integrate YouEarnedIt with Azure AD, you can:
-* You can control in Azure AD who has access to YouEarnedIt.
-* You can enable your users to be automatically signed-in to YouEarnedIt (Single Sign-On) with their Azure AD accounts.
-* You can manage your accounts in one central location - the Azure portal.
-
-If you want to know more details about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
-If you don't have an Azure subscription, [create a free account](https://azure.microsoft.com/free/) before you begin.
+* Control in Azure AD who has access to YouEarnedIt.
+* Enable your users to be automatically signed-in to YouEarnedIt with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
## Prerequisites
-To configure Azure AD integration with YouEarnedIt, you need the following items:
+To get started, you need the following items:
-* An Azure AD subscription. If you don't have an Azure AD environment, you can get one-month trial [here](https://azure.microsoft.com/pricing/free-trial/)
-* YouEarnedIt single sign-on enabled subscription
+* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
+* YouEarnedIt single sign-on (SSO) enabled subscription.
## Scenario description In this tutorial, you configure and test Azure AD single sign-on in a test environment.
-* YouEarnedIt supports **SP** initiated SSO
+* YouEarnedIt supports **SP** initiated SSO.
-## Adding YouEarnedIt from the gallery
+## Add YouEarnedIt from the gallery
To configure the integration of YouEarnedIt into Azure AD, you need to add YouEarnedIt from the gallery to your list of managed SaaS apps.
-**To add YouEarnedIt from the gallery, perform the following steps:**
-
-1. In the **[Azure portal](https://portal.azure.com)**, on the left navigation panel, click **Azure Active Directory** icon.
-
- ![The Azure Active Directory button](common/select-azuread.png)
-
-2. Navigate to **Enterprise Applications** and then select the **All Applications** option.
-
- ![The Enterprise applications blade](common/enterprise-applications.png)
-
-3. To add new application, click **New application** button on the top of dialog.
-
- ![The New application button](common/add-new-app.png)
-
-4. In the search box, type **YouEarnedIt**, select **YouEarnedIt** from result panel then click **Add** button to add the application.
-
- ![YouEarnedIt in the results list](common/search-new-app.png)
-
-## Configure and test Azure AD single sign-on
-
-In this section, you configure and test Azure AD single sign-on with YouEarnedIt based on a test user called **Britta Simon**.
-For single sign-on to work, a link relationship between an Azure AD user and the related user in YouEarnedIt needs to be established.
-
-To configure and test Azure AD single sign-on with YouEarnedIt, you need to complete the following building blocks:
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
+1. On the left navigation pane, select the **Azure Active Directory** service.
+1. Navigate to **Enterprise Applications** and then select **All Applications**.
+1. To add new application, select **New application**.
+1. In the **Add from the gallery** section, type **YouEarnedIt** in the search box.
+1. Select **YouEarnedIt** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-1. **[Configure Azure AD Single Sign-On](#configure-azure-ad-single-sign-on)** - to enable your users to use this feature.
-2. **[Configure YouEarnedIt Single Sign-On](#configure-youearnedit-single-sign-on)** - to configure the Single Sign-On settings on application side.
-3. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with Britta Simon.
-4. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
-5. **[Create YouEarnedIt test user](#create-youearnedit-test-user)** - to have a counterpart of Britta Simon in YouEarnedIt that is linked to the Azure AD representation of user.
-6. **[Test single sign-on](#test-single-sign-on)** - to verify whether the configuration works.
+## Configure and test Azure AD SSO for YouEarnedIt
-### Configure Azure AD single sign-on
+Configure and test Azure AD SSO with YouEarnedIt using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in YouEarnedIt.
-In this section, you enable Azure AD single sign-on in the Azure portal.
+To configure and test Azure AD SSO with YouEarnedIt, perform the following steps:
-To configure Azure AD single sign-on with YouEarnedIt, perform the following steps:
+1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure YouEarnedIt SSO](#configure-youearnedit-sso)** - to configure the single sign-on settings on application side.
+ 1. **[Create YouEarnedIt test user](#create-youearnedit-test-user)** - to have a counterpart of B.Simon in YouEarnedIt that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
-1. In the [Azure portal](https://portal.azure.com/), on the **YouEarnedIt** application integration page, select **Single sign-on**.
+## Configure Azure AD SSO
- ![Configure single sign-on link](common/select-sso.png)
+Follow these steps to enable Azure AD SSO in the Azure portal.
-2. On the **Select a Single sign-on method** dialog, select **SAML/WS-Fed** mode to enable single sign-on.
+1. In the Azure portal, on the **YouEarnedIt** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
- ![Single sign-on select mode](common/select-saml-option.png)
-
-3. On the **Set up Single Sign-On with SAML** page, click **Edit** icon to open **Basic SAML Configuration** dialog.
-
- ![Edit Basic SAML Configuration](common/edit-urls.png)
+ ![Edit Basic SAML Configuration](common/edit-urls.png)
4. On the **Basic SAML Configuration** section, perform the following steps:
- ![YouEarnedIt Domain and URLs single sign-on information](common/sp-identifier.png)
+ a. In the **Identifier** textbox, type a value using one of the following patterns:
+
+ | Environment | Pattern |
+ |: |: |
+ | Production | `<company name>.youearnedit.com` |
+ | Sandbox |`<company name>.sandbox.youearnedit.com` |
- a. In the **Sign-on URL** textbox, type a URL using the following patterns:
+ b. In the **Sign-on URL** textbox, type a URL using one of the following patterns:
| Environment | Pattern | |: |: | | Production | `https://<company name>.youearnedit.com/users/sign_in` | | Sandbox |`https://<company name>.sandbox.youearnedit.com/users/sign_in` |
- b. In the **Identifier** textbox, type a URL using the following patterns:
-
- | Environment | Pattern |
- |: |: |
- | Production | `<company name>.youearnedit.com` |
- | Sandbox |`<company name>.sandbox.youearnedit.com` |
- > [!NOTE]
- > These values are not real. Update these values with the actual Sign-On URL and Identifier. Contact your assigned YouEarnedIt Customer Success manager to get these values.
+ > These values are not real. Update these values with the actual Identifier and Sign on URL. Contact your assigned YouEarnedIt Customer Success manager to get these values.
5. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, click **Download** to download the **Certificate (Base64)** from the given options as per your requirement and save it on your computer.
To configure Azure AD single sign-on with YouEarnedIt, perform the following ste
![Copy configuration URLs](common/copy-configuration-urls.png)
- a. Login URL
-
- b. Azure Ad Identifier
-
- c. Logout URL
-
-### Configure YouEarnedIt Single Sign-On
-
-To configure single sign-on on **YouEarnedIt** side, you need to send the downloaded **Certificate (Base64)** and appropriate copied URLs from Azure portal to your assigned YouEarnedIt Customer Success manager. They set this setting to have the SAML SSO connection set properly on both sides.
- ### Create an Azure AD test user
-The objective of this section is to create a test user in the Azure portal called Britta Simon.
-
-1. In the Azure portal, in the left pane, select **Azure Active Directory**, select **Users**, and then select **All users**.
-
- ![The "Users and groups" and "All users" links](common/users.png)
-
-2. Select **New user** at the top of the screen.
-
- ![New user Button](common/new-user.png)
-
-3. In the User properties, perform the following steps.
+In this section, you'll create a test user in the Azure portal called B.Simon.
- ![The User dialog box](common/user-properties.png)
-
- a. In the **Name** field enter **BrittaSimon**.
-
- b. In the **User name** field type **brittasimon\@yourcompanydomain.extension**
- For example, BrittaSimon@contoso.com
-
- c. Select **Show password** check box, and then write down the value that's displayed in the Password box.
-
- d. Click **Create**.
+1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
+1. Select **New user** at the top of the screen.
+1. In the **User** properties, follow these steps:
+ 1. In the **Name** field, enter `B.Simon`.
+ 1. In the **User name** field, enter the username@companydomain.extension. For example, `B.Simon@contoso.com`.
+ 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
+ 1. Click **Create**.
### Assign the Azure AD test user
-In this section, you enable Britta Simon to use Azure single sign-on by granting access to YouEarnedIt.
-
-1. In the Azure portal, select **Enterprise Applications**, select **All applications**, then select **YouEarnedIt**.
-
- ![Enterprise applications blade](common/enterprise-applications.png)
-
-2. In the applications list, type and select **YouEarnedIt**.
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to YouEarnedIt.
- ![The YouEarnedIt link in the Applications list](common/all-applications.png)
+1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
+1. In the applications list, select **YouEarnedIt**.
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
+1. In the **Add Assignment** dialog, click the **Assign** button.
-3. In the menu on the left, select **Users and groups**.
+## Configure YouEarnedIt SSO
- ![The "Users and groups" link](common/users-groups-blade.png)
-
-4. Click the **Add user** button, then select **Users and groups** in the **Add Assignment** dialog.
-
- ![The Add Assignment pane](common/add-assign-user.png)
-
-5. In the **Users and groups** dialog select **Britta Simon** in the Users list, then click the **Select** button at the bottom of the screen.
-
-6. If you are expecting any role value in the SAML assertion then in the **Select Role** dialog select the appropriate role for the user from the list, then click the **Select** button at the bottom of the screen.
-
-7. In the **Add Assignment** dialog click the **Assign** button.
+To configure single sign-on on **YouEarnedIt** side, you need to send the downloaded **Certificate (Base64)** and appropriate copied URLs from Azure portal to your assigned YouEarnedIt Customer Success manager. They set this setting to have the SAML SSO connection set properly on both sides.
### Create YouEarnedIt test user
In this section, you create a user called Britta Simon in YouEarnedIt. Please wo
> [!NOTE] > YouEarnedIt expect the Identity Provider to supply an EmailAddress or UserName in the NameID attribute. Authentication will fail if a corresponding UserName or EmailAddress is not found within the database or does not match exactly. This will require that accounts be imported into the YouEarnedIt system before the SSO integration (Typically either via API or CSV import).
-### Test single sign-on
+## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+In this section, you test your Azure AD single sign-on configuration with following options.
-When you click the YouEarnedIt tile in the Access Panel, you should be automatically signed in to the YouEarnedIt for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+* Click on **Test this application** in Azure portal. This will redirect to YouEarnedIt Sign-on URL where you can initiate the login flow.
-## Additional Resources
+* Go to YouEarnedIt Sign-on URL directly and initiate the login flow from there.
-- [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](./tutorial-list.md)
+* You can use Microsoft My Apps. When you click the YouEarnedIt tile in the My Apps, this will redirect to YouEarnedIt Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+## Next steps
-- [What is Conditional Access in Azure Active Directory?](../conditional-access/overview.md)
+Once you configure YouEarnedIt you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Zip Provisioning Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/zip-provisioning-tutorial.md
Title: 'Tutorial: Configure Zip for automatic user provisioning with Azure Active Directory | Microsoft Docs' description: Learn how to automatically provision and de-provision user accounts from Azure AD to Zip. -
-writer: Zhchia
+
+writer: twimmers
ms.assetid: 8aea0505-a3a1-4f84-8deb-6e557997c815
Last updated 07/16/2021-+ # Tutorial: Configure Zip for automatic user provisioning
aks Availability Zones https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/aks/availability-zones.md
AKS clusters can currently be created using availability zones in the following
* US Gov Virginia * West Europe * West US 2
+* West US 3
The following limitations apply when you create an AKS cluster using availability zones:
aks Enable Host Encryption https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/aks/enable-host-encryption.md
This feature can only be set at cluster creation or node pool creation time.
### Prerequisites - - Ensure you have the CLI extension v2.23 or higher version installed.
+- Ensure you have the `EncryptionAtHost` feature flag under `Microsoft.Compute` enabled.
+
+### Register `EncryptionAtHost` preview features
+
+To create an AKS cluster that uses host-based encryption, you must enable the `EncryptionAtHost` feature flags on your subscription.
+
+Register the `EncryptionAtHost` feature flag using the [az feature register][az-feature-register] command as shown in the following example:
+
+```azurecli-interactive
+az feature register --namespace "Microsoft.Compute" --name "EncryptionAtHost"
+```
+It takes a few minutes for the status to show *Registered*. You can check on the registration status using the [az feature list][az-feature-list] command:
+
+```azurecli-interactive
+az feature list -o table --query "[?contains(name, 'Microsoft.Compute/EncryptionAtHost')].{Name:name,State:properties.state}"
+```
+
+When ready, refresh the registration of the `Microsoft.Compute` resource providers using the [az provider register][az-provider-register] command:
+
+```azurecli-interactive
+az provider register --namespace Microsoft.Compute
+```
### Limitations
aks Ingress Basic https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/aks/ingress-basic.md
An ingress controller is a piece of software that provides reverse proxy, config
This article shows you how to deploy the [NGINX ingress controller][nginx-ingress] in an Azure Kubernetes Service (AKS) cluster. Two applications are then run in the AKS cluster, each of which is accessible over the single IP address.
-You can also:
+> [!NOTE]
+> There are two open source ingress controllers for Kubernetes based on Nginx: One is maintained by the Kubernetes community ([kubernetes/ingress-nginx][nginx-ingress]), and one is maintained by NGINX, Inc. ([nginxinc/kubernetes-ingress]). This article will be using the Kubernetes community ingress controller.
+
+Alternatively, you can also:
- [Enable the HTTP application routing add-on][aks-http-app-routing] - [Create an ingress controller that uses an internal, private network and IP address][aks-ingress-internal]
This article also requires that you are running the Azure CLI version 2.0.64 or
In addition, this article assumes you have an existing AKS cluster with an integrated ACR. For more details on creating an AKS cluster with an integrated ACR, see [Authenticate with Azure Container Registry from Azure Kubernetes Service][aks-integrated-acr].
-## Import the images used by the Helm chart into your ACR
+## Basic configuration
+To create a simple NGINX ingress controller without customizing the defaults, you will use helm.
+
+```console
+NAMESPACE=ingress-basic
+
+helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
+helm repo update
+
+helm install ingress-nginx ingress-nginx/ingress-nginx --create-namespace --namespace $NAMESPACE
+```
-This article uses the [NGINX ingress controller Helm chart][ingress-nginx-helm-chart], which relies on three container images. Use `az acr import` to import those images into your ACR.
+Note that the above configuration uses the 'out of the box' configuration for simplicity. If needed, you could add parameters for customizing the deployment, eg, `--set controller.replicaCount=3`. The next section will show a highly customized example of the ingress controller.
+
+## Customized configuration
+As an alternative to the basic configuration presented in the above section, the next set of steps will show how to deploy a customized ingress controller.
+### Import the images used by the Helm chart into your ACR
+
+To control image versions, you will want to import them into your own Azure Container registry. The [NGINX ingress controller Helm chart][ingress-nginx-helm-chart] relies on three container images. Use `az acr import` to import those images into your ACR.
```azurecli REGISTRY_NAME=<REGISTRY_NAME>
az acr import --name $REGISTRY_NAME --source $DEFAULTBACKEND_REGISTRY/$DEFAULTBA
> [!NOTE] > In addition to importing container images into your ACR, you can also import Helm charts into your ACR. For more information, see [Push and pull Helm charts to an Azure container registry][acr-helm].
-## Create an ingress controller
+### Create an ingress controller
To create the ingress controller, use Helm to install *nginx-ingress*. For added redundancy, two replicas of the NGINX ingress controllers are deployed with the `--set controller.replicaCount` parameter. To fully benefit from running replicas of the ingress controller, make sure there's more than one node in your AKS cluster.
The ingress controller also needs to be scheduled on a Linux node. Windows Serve
> If you would like to enable [client source IP preservation][client-source-ip] for requests to containers in your cluster, add `--set controller.service.externalTrafficPolicy=Local` to the Helm install command. The client source IP is stored in the request header under *X-Forwarded-For*. When using an ingress controller with client source IP preservation enabled, SSL pass-through will not work. ```console
-# Create a namespace for your ingress resources
-kubectl create namespace ingress-basic
+# Set the namespace to be used
+NAMESPACE=ingress-basic
# Add the ingress-nginx repository helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
ACR_URL=<REGISTRY_URL>
# Use Helm to deploy an NGINX ingress controller helm install nginx-ingress ingress-nginx/ingress-nginx \
- --namespace ingress-basic \
+ --create-namespace --namespace $NAMESPACE \
--set controller.replicaCount=2 \ --set controller.nodeSelector."kubernetes\.io/os"=linux \ --set controller.image.registry=$ACR_URL \
helm install nginx-ingress ingress-nginx/ingress-nginx \
--set defaultBackend.image.tag=$DEFAULTBACKEND_TAG ```
+## Check the load balancer service
+ When the Kubernetes load balancer service is created for the NGINX ingress controller, a dynamic public IP address is assigned, as shown in the following example output: ```
You can also:
[helm-cli]: ./kubernetes-helm.md [nginx-ingress]: https://github.com/kubernetes/ingress-nginx [ingress-nginx-helm-chart]: https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx
+[nginxinc/kubernetes-ingress]: https://github.com/nginxinc/kubernetes-ingress
<!-- LINKS - internal --> [use-helm]: kubernetes-helm.md
aks Ingress Static Ip https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/aks/ingress-static-ip.md
Title: Use ingress controller with static IP
-description: Learn how to install and configure an NGINX ingress controller with a static public IP address in an Azure Kubernetes Service (AKS) cluster.
+description: Learn how to install and configure an NGINX ingress controller with a static public IP address that uses Let's Encrypt for automatic TLS certificate generation in an Azure Kubernetes Service (AKS) cluster.
Last updated 04/23/2021
az network public-ip create --resource-group MC_myResourceGroup_myAKSCluster_eas
Now deploy the *nginx-ingress* chart with Helm. For added redundancy, two replicas of the NGINX ingress controllers are deployed with the `--set controller.replicaCount` parameter. To fully benefit from running replicas of the ingress controller, make sure there's more than one node in your AKS cluster.
+### IP and DNS label
You must pass two additional parameters to the Helm release so the ingress controller is made aware both of the static IP address of the load balancer to be allocated to the ingress controller service, and of the DNS name label being applied to the public IP address resource. For the HTTPS certificates to work correctly, a DNS name label is used to configure an FQDN for the ingress controller IP address. 1. Add the `--set controller.service.loadBalancerIP` parameter. Specify your own public IP address that was created in the previous step.
-1. Add the `--set controller.service.annotations."service\.beta\.kubernetes\.io/azure-dns-label-name"` parameter. Specify a DNS name label to be applied to the public IP address that was created in the previous step.
+1. Add the `--set controller.service.annotations."service\.beta\.kubernetes\.io/azure-dns-label-name"` parameter. Specify a DNS name label to be applied to the public IP address that was created in the previous step. This label will create a DNS name of the form `<LABEL>.<AZURE REGION NAME>.cloudapp.azure.com`
The ingress controller also needs to be scheduled on a Linux node. Windows Server nodes shouldn't run the ingress controller. A node selector is specified using the `--set nodeSelector` parameter to tell the Kubernetes scheduler to run the NGINX ingress controller on a Linux-based node.
The ingress controller also needs to be scheduled on a Linux node. Windows Serve
Update the following script with the **IP address** of your ingress controller and a **unique name** that you would like to use for the FQDN prefix. > [!IMPORTANT]
-> You must update replace `<STATIC_IP>` and `<DNS_LABEL>` with your own IP address and unique name when running the command.
+> You must update replace `<STATIC_IP>` and `<DNS_LABEL>` with your own IP address and unique name when running the command. The DNS_LABEL must be unique within the Azure region.
```console # Create a namespace for your ingress resources
aks Ingress Tls https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/aks/ingress-tls.md
az network dns record-set a add-record \
--ipv4-address MY_EXTERNAL_IP ```
-> [!NOTE]
-> Optionally, you can configure an FQDN for the ingress controller IP address instead of a custom domain. Note that this sample is for a Bash shell.
->
-> ```bash
-> # Public IP address of your ingress controller
-> IP="MY_EXTERNAL_IP"
->
-> # Name to associate with public IP address
-> DNSNAME="demo-aks-ingress"
->
-> # Get the resource-id of the public ip
-> PUBLICIPID=$(az network public-ip list --query "[?ipAddress!=null]|[?contains(ipAddress, '$IP')].[id]" --output tsv)
->
-> # Update public ip address with DNS name
-> az network public-ip update --ids $PUBLICIPID --dns-name $DNSNAME
->
-> # Display the FQDN
-> az network public-ip show --ids $PUBLICIPID --query "[dnsSettings.fqdn]" --output tsv
-> ```
+### Configure an FQDN for the ingress controller
+Optionally, you can configure an FQDN for the ingress controller IP address instead of a custom domain. Your FQDN will be of the form `<CUSTOM LABEL>.<AZURE REGION NAME>.cloudapp.azure.com`.
+
+There are two methods for this configuration described below.
+
+#### Method 1: Set the DNS label using the Azure CLI
+Note that this sample is for a Bash shell.
+
+```bash
+# Public IP address of your ingress controller
+IP="MY_EXTERNAL_IP"
+
+# Name to associate with public IP address
+DNSNAME="demo-aks-ingress"
+
+# Get the resource-id of the public ip
+PUBLICIPID=$(az network public-ip list --query "[?ipAddress!=null]|[?contains(ipAddress, '$IP')].[id]" --output tsv)
+
+# Update public ip address with DNS name
+az network public-ip update --ids $PUBLICIPID --dns-name $DNSNAME
+
+# Display the FQDN
+az network public-ip show --ids $PUBLICIPID --query "[dnsSettings.fqdn]" --output tsv
+ ```
+
+#### Method 2: Set the DNS label using helm chart settings
+You can pass an annotation setting to your helm chard configuration by using the `--set controller.service.annotations."service\.beta\.kubernetes\.io/azure-dns-label-name"` parameter. This can be set either when the ingress controller is first deployed, or it can be configured later.
+The following example shows how to update this setting after the controller has been deployed.
+
+```
+DNS_LABEL="demo-aks-ingress"
+NAMESPACE="nginx-basic"
+
+helm upgrade ingress-nginx ingress-nginx/ingress-nginx \
+ --namespace $NAMESPACE \
+ --set controller.service.annotations."service\.beta\.kubernetes\.io/azure-dns-label-name"=$DNS_LABEL
+
+```
## Install cert-manager
aks Ssh https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/aks/ssh.md
node-debugger-aks-nodepool1-12345678-vmss000000-bkmmx 1/1 Running 0
In the above example, *node-debugger-aks-nodepool1-12345678-vmss000000-bkmmx* is the name of the pod started by `kubectl debug`.
-Copy your private SSH key into the pod created by `kubectl debug`. This private key is used to create the SSH to the Windows Server AKS node. If needed, change `~/.ssh/id_rsa` to location of your private SSH key:
+Using `kubectl port-forward`, you can open a connection to the deployed pod:
-```azurecli-interactive
-kubectl cp ~/.ssh/id_rsa node-debugger-aks-nodepool1-12345678-vmss000000-bkmmx:/id_rsa
```
+$ kubectl port-forward node-debugger-aks-nodepool1-12345678-vmss000000-bkmmx 2022:22
+Forwarding from 127.0.0.1:2022 -> 22
+Forwarding from [::1]:2022 -> 22
+```
+
+The above example begins forwarding network traffic from port 2022 on your development computer to port 22 on the deployed pod. When using `kubectl port-forward` to open a connection and forward network traffic, the connection remains open until you stop the `kubectl port-forward` command.
-Use `kubectl get nodes` to show the internal IP address of the Windows Server node:
+Open a new terminal and use `kubectl get nodes` to show the internal IP address of the Windows Server node:
```output $ kubectl get nodes -o wide
aksnpwin000000 Ready agent 87s v1.19.9 10.240.0.
In the above example, *10.240.0.67* is the internal IP address of the Windows Server node.
-Return to the terminal started by `kubectl debug` and update the permission of the private SSH key you copied to the pod.
-
-```azurecli-interactive
-chmod 0400 id_rsa
-```
- Create an SSH connection to the Windows Server node using the internal IP address. The default username for AKS nodes is *azureuser*. Accept the prompt to continue with the connection. You are then provided with the bash prompt of your Windows Server node: ```output
-$ ssh -i id_rsa azureuser@10.240.0.67
+$ ssh -o 'ProxyCommand ssh -p 2022 -W %h:%p azureuser@127.0.0.1' azureuser@10.240.0.67
The authenticity of host '10.240.0.67 (10.240.0.67)' can't be established. ECDSA key fingerprint is SHA256:1234567890abcdefghijklmnopqrstuvwxyzABCDEFG.
Microsoft Windows [Version 10.0.17763.1935]
azureuser@aksnpwin000000 C:\Users\azureuser> ```
+The above example connects to port 22 on the Windows Server node through port 2022 on your development computer.
+
+> [!NOTE]
+> If you prefer to use password authentication, use `-o PreferredAuthentications=password`. For example:
+>
+> ```console
+> ssh -o 'ProxyCommand ssh -p 2022 -W %h:%p azureuser@127.0.0.1' -o PreferredAuthentications=password azureuser@10.240.0.67
+> ```
+ ## Remove SSH access
-When done, `exit` the SSH session and then `exit` the interactive container session. When this container session closes, the pod used for SSH access from the AKS cluster is deleted.
+When done, `exit` the SSH session, stop any port forwarding, and then `exit` the interactive container session. After the interactive container session closes, the pod used for SSH access from the AKS cluster is deleted.
## Next steps
aks Uptime Sla https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/aks/uptime-sla.md
# Azure Kubernetes Service (AKS) Uptime SLA
-Uptime SLA is an optional feature to enable a financially backed, higher SLA for a cluster. Uptime SLA guarantees 99.95% availability of the Kubernetes API server endpoint for clusters that use [Availability Zones][availability-zones] and 99.9% of availability for clusters that don't use Availability Zones. AKS uses master node replicas across update and fault domains to ensure SLA requirements are met.
+Uptime SLA is a tier to enable a financially backed, higher SLA for an AKS cluster. Clusters with Uptime SLA, also regarded as Paid tier in AKS REST APIs, come with greater amount of control plane resources and automatically scale to meet the load of your cluster. Uptime SLA guarantees 99.95% availability of the Kubernetes API server endpoint for clusters that use [Availability Zones][availability-zones] and 99.9% of availability for clusters that don't use Availability Zones. AKS uses master node replicas across update and fault domains to ensure SLA requirements are met.
-Customers needing an SLA to meet compliance requirements or require extending an SLA to their end users should enable this feature. Customers with critical workloads that will benefit from a higher uptime SLA may also benefit. Using the Uptime SLA feature with Availability Zones enables a higher availability for the uptime of the Kubernetes API server.
+AKS recommends use of Uptime SLA in production workloads to ensure availability of control plane components. Clusters on free tier by contrast come with fewer replicas and limited resources for the control plane and are not suitable for production workloads.
-Customers can still create unlimited free clusters with a service level objective (SLO) of 99.5% and opt for the preferred SLO or SLA Uptime as needed.
+Customers can still create unlimited number of free clusters with a service level objective (SLO) of 99.5% and opt for the preferred SLO.
> [!IMPORTANT] > For clusters with egress lockdown, see [limit egress traffic](limit-egress-traffic.md) to open appropriate ports.
Customers can still create unlimited free clusters with a service level objectiv
## SLA terms and conditions
-Uptime SLA is a paid feature and enabled per cluster. Uptime SLA pricing is determined by the number of discrete clusters, and not by the size of the individual clusters. You can view [Uptime SLA pricing details](https://azure.microsoft.com/pricing/details/kubernetes-service/) for more information.
+Uptime SLA is a paid feature and is enabled per cluster. Uptime SLA pricing is determined by the number of discrete clusters, and not by the size of the individual clusters. You can view [Uptime SLA pricing details](https://azure.microsoft.com/pricing/details/kubernetes-service/) for more information.
## Before you begin
aks Use Managed Identity https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/aks/use-managed-identity.md
AKS uses several managed identities for built-in services and add-ons.
| Identity | Name | Use case | Default permissions | Bring your own identity |-|--|-|
-| Control plane | not visible | Used by AKS control plane components to manage cluster resources including ingress load balancers and AKS managed public IPs, and Cluster Autoscaler operations | Contributor role for Node resource group | Supported
+| Control plane | AKS Cluster Name | Used by AKS control plane components to manage cluster resources including ingress load balancers and AKS managed public IPs, Cluster Autoscaler, Azure Disk & File CSI drivers | Contributor role for Node resource group | Supported
| Kubelet | AKS Cluster Name-agentpool | Authentication with Azure Container Registry (ACR) | NA (for kubernetes v1.15+) | Supported | Add-on | AzureNPM | No identity required | NA | No | Add-on | AzureCNI network monitoring | No identity required | NA | No
A Kubelet identity enables access to be granted to the existing identity prior t
### Limitations - Only works with a User-Assigned Managed cluster.-- Azure China 21Vianet isn't currently supported.
+- China East, China North in Azure China 21Vianet aren't currently supported.
### Create or obtain managed identities
api-management Configure Custom Domain https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/api-management/configure-custom-domain.md
To perform the steps described in this article, you must have:
> Only the **Gateway** endpoint is available for configuration in the Consumption tier. > You can update all of the endpoints or some of them. Commonly, customers update **Gateway** (this URL is used to call the API exposed through API Management) and **Portal** (the developer portal URL). > **Management** and **SCM** endpoints are used internally by the API Management instance owners only and thus are less frequently assigned a custom domain name.
- > The **Premium** tier supports setting multiple host names for the **Gateway** endpoint.
+ > The **Premium** and **Developer** tiers support setting multiple host names for the **Gateway** endpoint.
1. Select the endpoint that you want to update. 1. In the window on the right, click **Custom**.
app-service Configure Authentication Customize Sign In Out https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/configure-authentication-customize-sign-in-out.md
In the sign-in page, or the navigation bar, or any other location of your app, a
When the user clicks on one of the links, the respective sign-in page opens to sign in the user.
-To redirect the user post-sign-in to a custom URL, use the `post_login_redirect_url` query string parameter (not to be confused with the Redirect URI in your identity provider configuration). For example, to navigate the user to `/Home/Index` after sign-in, use the following HTML code:
+To redirect the user post-sign-in to a custom URL, use the `post_login_redirect_uri` query string parameter (not to be confused with the Redirect URI in your identity provider configuration). For example, to navigate the user to `/Home/Index` after sign-in, use the following HTML code:
```html
-<a href="/.auth/login/<provider>?post_login_redirect_url=/Home/Index">Log in</a>
+<a href="/.auth/login/<provider>?post_login_redirect_uri=/Home/Index">Log in</a>
``` ## Client-directed sign-in
If either of the other levels don't provide the authorization you need, or if yo
## More resources - [Tutorial: Authenticate and authorize users end-to-end](tutorial-auth-aad.md)-- [Environment variables and app settings for authentication](reference-app-settings.md#authentication--authorization)
+- [Environment variables and app settings for authentication](reference-app-settings.md#authentication--authorization)
app-service Configure Authentication Provider Aad https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/configure-authentication-provider-aad.md
description: Learn how to configure Azure Active Directory authentication as an
ms.assetid: 6ec6a46c-bce4-47aa-b8a3-e133baef22eb Last updated 04/14/2020-+ # Configure your App Service or Azure Functions app to use Azure AD login
app-service Deploy Continuous Deployment https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/deploy-continuous-deployment.md
Title: Configure continuous deployment
-description: Learn how to enable CI/CD to Azure App Service from GitHub, BitBucket, Azure Repos, or other repos. Select the build pipeline that fits your needs.
+description: Learn how to enable CI/CD to Azure App Service from GitHub, Bitbucket, Azure Repos, or other repos. Select the build pipeline that fits your needs.
ms.assetid: 6adb5c84-6cf3-424e-a336-c554f23b4000 Last updated 03/12/2021
# Continuous deployment to Azure App Service
-[Azure App Service](overview.md) enables continuous deployment from [GitHub](https://help.github.com/articles/create-a-repo), [BitBucket](https://confluence.atlassian.com/get-started-with-bitbucket/create-a-repository-861178559.html), and [Azure Repos](/azure/devops/repos/git/creatingrepo) repositories by pulling in the latest updates.
+[Azure App Service](overview.md) enables continuous deployment from [GitHub](https://help.github.com/articles/create-a-repo), [Bitbucket](https://confluence.atlassian.com/get-started-with-bitbucket/create-a-repository-861178559.html), and [Azure Repos](/azure/devops/repos/git/creatingrepo) repositories by pulling in the latest updates.
> [!NOTE]
-> The **Development Center (Classic)** page in the Azure portal, an earlier version of the deployment experience, was deprecated in March 2021. This change doesn't affect existing deployment settings in your app, and you can continue to manage app deployment in the **Deployment Center** page in the portal.
+> The **Development Center (Classic)** page in the Azure portal, an earlier version of the deployment functionality, was deprecated in March 2021. This change doesn't affect existing deployment settings in your app, and you can continue to manage app deployment from the **Deployment Center** page in the portal.
[!INCLUDE [Prepare repository](../../includes/app-service-deploy-prepare-repo.md)]
-## Configure deployment source
+## Configure the deployment source
-1. In the [Azure portal](https://portal.azure.com), navigate to the management page for your App Service app.
+1. In the [Azure portal](https://portal.azure.com), go to the management page for your App Service app.
-1. From the left menu, click **Deployment Center** > **Settings**.
+1. In the left pane, select **Deployment Center**. Then select **Settings**.
-1. In **Source**, select one of the CI/CD options.
+1. In the **Source** box, select one of the CI/CD options:
- ![Shows how to choose deployment source in Deployment Center for Azure App Service](media/app-service-continuous-deployment/choose-source.png)
+ ![Screenshot that shows how to choose the deployment source.](media/app-service-continuous-deployment/choose-source.png)
-Choose the tab that corresponds to your selection for the steps.
+Select the tab that corresponds to your build provider to continue.
# [GitHub](#tab/github)
-4. [GitHub Actions](#how-the-github-actions-build-provider-works) is the default build provider. To change it, click **Change provider** > **App Service Build Service** (Kudu) > **OK**.
+4. [GitHub Actions](#how-the-github-actions-build-provider-works) is the default build provider. To change the provider, select **Change provider** > **App Service Build Service** (Kudu) > **OK**.
> [!NOTE]
- > To use Azure Pipelines as the build provider for your App Service app, don't configure it in App Service. Instead, configure CI/CD directly from Azure Pipelines. The **Azure Pipelines** option just points you in the right direction.
+ > To use Azure Pipelines as the build provider for your App Service app, configure CI/CD directly from Azure Pipelines. Don't configure it in App Service. The **Azure Pipelines** option just points you in the right direction.
-1. If you're deploying from GitHub for the first time, click **Authorize** and follow the authorization prompts. If you want to deploy from a different user's repository, click **Change Account**.
+1. If you're deploying from GitHub for the first time, select **Authorize** and follow the authorization prompts. If you want to deploy from a different user's repository, select **Change Account**.
-1. Once you authorize your Azure account with GitHub, select the **Organization**, **Repository**, and **Branch** to configure CI/CD for.
-If you canΓÇÖt find an organization or repository, you may need to enable additional permissions on GitHub. For more information, see [Managing access to your organization's repositories](https://docs.github.com/organizations/managing-access-to-your-organizations-repositories)
+1. After you authorize your Azure account with GitHub, select the **Organization**, **Repository**, and **Branch** to configure CI/CD for.
+If you canΓÇÖt find an organization or repository, you might need to enable more permissions on GitHub. For more information, see [Managing access to your organization's repositories](https://docs.github.com/organizations/managing-access-to-your-organizations-repositories).
-1. When GitHub Actions is the chosen build provider, you can select the workflow file you want with the **Runtime stack** and **Version** dropdowns. Azure commits this workflow file into your selected GitHub repository to handle build and deploy tasks. To see the file before saving your changes, click **Preview file**.
+1. When GitHub Actions is selected as the build provider, you can select the workflow file you want by using the **Runtime stack** and **Version** dropdown lists. Azure commits this workflow file into your selected GitHub repository to handle build and deploy tasks. To see the file before saving your changes, select **Preview file**.
> [!NOTE]
- > App Service detects the [language stack setting](configure-common.md#configure-language-stack-settings) of your app and selects the most appropriate workflow template. If you choose a different template, it may deploy an app that doesn't run properly. For more information, see [How the GitHub Actions build provider works](#how-the-github-actions-build-provider-works).
+ > App Service detects the [language stack setting](configure-common.md#configure-language-stack-settings) of your app and selects the most appropriate workflow template. If you choose a different template, it might deploy an app that doesn't run properly. For more information, see [How the GitHub Actions build provider works](#how-the-github-actions-build-provider-works).
-1. Click **Save**.
+1. Select **Save**.
- New commits in the selected repository and branch now deploy continuously into your App Service app. You can track the commits and deployments in the **Logs** tab.
+ New commits in the selected repository and branch now deploy continuously into your App Service app. You can track the commits and deployments on the **Logs** tab.
-# [BitBucket](#tab/bitbucket)
+# [Bitbucket](#tab/bitbucket)
-The BitBucket integration uses the App Service Build Services (Kudu) for build automation.
+The Bitbucket integration uses the App Service Build Services (Kudu) for build automation.
-4. If you're deploying from BitBucket for the first time, click **Authorize** and follow the authorization prompts. If you want to deploy from a different user's repository, click **Change Account**.
+4. If you're deploying from Bitbucket for the first time, select **Authorize** and follow the authorization prompts. If you want to deploy from a different user's repository, select **Change Account**.
1. For Bitbucket, select the Bitbucket **Team**, **Repository**, and **Branch** you want to deploy continuously.
-1. Click **Save**.
+1. Select **Save**.
- New commits in the selected repository and branch now deploy continuously into your App Service app. You can track the commits and deployments in the **Logs** tab.
+ New commits in the selected repository and branch now deploy continuously into your App Service app. You can track the commits and deployments on the **Logs** tab.
# [Local Git](#tab/local) See [Local Git deployment to Azure App Service](deploy-local-git.md). # [Azure Repos](#tab/repos)-
-> [!NOTE]
-> Azure Repos as a deployment source is support for Windows apps.
->
+
+ > [!NOTE]
+ > Azure Repos is supported as a deployment source for Windows apps.
+ >
4. App Service Build Service (Kudu) is the default build provider. > [!NOTE]
- > To use Azure Pipelines as the build provider for your App Service app, don't configure it in App Service. Instead, configure CI/CD directly from Azure Pipelines. The **Azure Pipelines** option just points you in the right direction.
+ > To use Azure Pipelines as the build provider for your App Service app, configure CI/CD directly from Azure Pipelines. Don't configure it in App Service. The **Azure Pipelines** option just points you in the right direction.
1. Select the **Azure DevOps Organization**, **Project**, **Repository**, and **Branch** you want to deploy continuously.
See [Local Git deployment to Azure App Service](deploy-local-git.md).
## Disable continuous deployment
-1. In the [Azure portal](https://portal.azure.com), navigate to the management page for your App Service app.
+1. In the [Azure portal](https://portal.azure.com), go to the management page for your App Service app.
-1. From the left menu, click **Deployment Center** > **Settings** > **Disconnect**.
+1. In the left pane, select **Deployment Center**. Then select **Settings** > **Disconnect**:
- ![Shows how to disconnect your cloud folder sync with your App Service app in the Azure portal.](media/app-service-continuous-deployment/disable.png)
+ ![Screenshot that shows how to disconnect your cloud folder sync with your App Service app in the Azure portal.](media/app-service-continuous-deployment/disable.png)
-1. By default, the GitHub Actions workflow file is preserved in your repository, but it will continue to trigger deployment to your app. To delete it from your repository, select **Delete workflow file**.
+1. By default, the GitHub Actions workflow file is preserved in your repository, but it will continue to trigger deployment to your app. To delete the file from your repository, select **Delete workflow file**.
-1. Click **OK**.
+1. Select **OK**.
[!INCLUDE [What happens to my app during deployment?](../../includes/app-service-deploy-atomicity.md)] ## How the GitHub Actions build provider works
-The GitHub Actions build provider is an option for [CI/CD from GitHub](#configure-deployment-source), and does the following to set up CI/CD:
+The GitHub Actions build provider is an option for [CI/CD from GitHub](#configure-the-deployment-source). It completes these actions to set up CI/CD:
- Deposits a GitHub Actions workflow file into your GitHub repository to handle build and deploy tasks to App Service. - Adds the publishing profile for your app as a GitHub secret. The workflow file uses this secret to authenticate with App Service.-- Captures information from the [workflow run logs](https://docs.github.com/actions/managing-workflow-runs/using-workflow-run-logs) and displays it in the **Logs** tab in your app's **Deployment Center**.
+- Captures information from the [workflow run logs](https://docs.github.com/actions/managing-workflow-runs/using-workflow-run-logs) and displays it on the **Logs** tab in your app's Deployment Center.
-You can customize the GitHub Actions build provider in the following ways:
+You can customize the GitHub Actions build provider in these ways:
- Customize the workflow file after it's generated in your GitHub repository. For more information, see [Workflow syntax for GitHub Actions](https://docs.github.com/actions/reference/workflow-syntax-for-github-actions). Just make sure that the workflow deploys to App Service with the [azure/webapps-deploy](https://github.com/Azure/webapps-deploy) action.-- If the selected branch is protected, you can still preview the workflow file without saving the configuration, then manually add it into your repository. This method doesn't give you the log integration with the Azure portal.-- Instead of a publishing profile, deploy using a [service principal](../active-directory/develop/app-objects-and-service-principals.md#service-principal-object) in Azure Active Directory.
+- If the selected branch is protected, you can still preview the workflow file without saving the configuration and then manually add it into your repository. This method doesn't give you log integration with the Azure portal.
+- Instead of using a publishing profile, deploy by using a [service principal](../active-directory/develop/app-objects-and-service-principals.md#service-principal-object) in Azure Active Directory.
-#### Authenticate with a service principal
+#### Authenticate by using a service principal
This optional configuration replaces the default authentication with publishing profiles in the generated workflow file.
-1. Generate a service principal with the [az ad sp create-for-rbac](/cli/azure/ad/sp#az_ad_sp_create_for_rbac) command in the [Azure CLI](/cli/azure/). In the following example, replace *\<subscription-id>*, *\<group-name>*, and *\<app-name>* with your own values:
+1. Generate a service principal by using the [az ad sp create-for-rbac](/cli/azure/ad/sp#az_ad_sp_create_for_rbac) command in the [Azure CLI](/cli/azure/). In the following example, replace \<subscription-id>, \<group-name>, and \<app-name> with your own values:
```azurecli-interactive az ad sp create-for-rbac --name "myAppDeployAuth" --role contributor \
This optional configuration replaces the default authentication with publishing
1. Save the entire JSON output for the next step, including the top-level `{}`.
-1. In [GitHub](https://github.com/), browse your repository, select **Settings > Secrets > Add a new secret**.
+1. In [GitHub](https://github.com/), in your repository, select **Settings** > **Secrets** > **Add a new secret**.
1. Paste the entire JSON output from the Azure CLI command into the secret's value field. Give the secret a name like `AZURE_CREDENTIALS`.
-1. In the workflow file generated by the **Deployment Center**, revise the `azure/webapps-deploy` step with code like the following example (which is modified from a Node.js workflow file):
+1. In the workflow file generated by the Deployment Center, revise the `azure/webapps-deploy` step to look like the following example (which is modified from a Node.js workflow file):
```yaml - name: Sign in to Azure
- # Use the GitHub secret you added
+ # Use the GitHub secret you added.
- uses: azure/login@v1 with: creds: ${{ secrets.AZURE_CREDENTIALS }} - name: Deploy to Azure Web App
- # Remove publish-profile
+ # Remove publish-profile.
- uses: azure/webapps-deploy@v2 with: app-name: '<app-name>' slot-name: 'production' package: .
- - name: Sign out of Azure
+ - name: Sign out of Azure.
run: | az logout ``` ## Deploy from other repositories
-For Windows apps, you can manually configure continuous deployment from a cloud Git or Mercurial repository that the portal doesn't directly support, such as [GitLab](https://gitlab.com/). You do it by choosing External Git in the **Source** dropdown. For more information, see [Set up continuous deployment using manual steps](https://github.com/projectkudu/kudu/wiki/Continuous-deployment#setting-up-continuous-deployment-using-manual-steps).
+For Windows apps, you can manually configure continuous deployment from a cloud Git or Mercurial repository that the portal doesn't directly support, like [GitLab](https://gitlab.com/). You do that by selecting **External Git** in the **Source** dropdown list. For more information, see [Set up continuous deployment using manual steps](https://github.com/projectkudu/kudu/wiki/Continuous-deployment#setting-up-continuous-deployment-using-manual-steps).
## More resources * [Deploy from Azure Pipelines to Azure App Services](/azure/devops/pipelines/apps/cd/deploy-webdeploy-webapps)
-* [Investigate common issues with continuous deployment](https://github.com/projectkudu/kudu/wiki/Investigating-continuous-deployment)
+* [Investigate common problems with continuous deployment](https://github.com/projectkudu/kudu/wiki/Investigating-continuous-deployment)
* [Use Azure PowerShell](/powershell/azure/) * [Project Kudu](https://github.com/projectkudu/kudu/wiki)
app-service Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/environment/overview.md
description: Overview on the App Service Environment
ms.assetid: 3d37f007-d6f2-4e47-8e26-b844e47ee919 Previously updated : 07/05/2021 Last updated : 08/05/2021
The number of addresses used by an ASEv3 in its subnet will vary based on how ma
The apps in an ASE do not need any features enabled to access resources in the same VNet that the ASE is in. If the ASE VNet is connected to another network, then the apps in the ASE can access resources in those extended networks. Traffic can be blocked by user configuration on the network.
-The multi-tenant version of Azure App Service contains numerous features to enable your apps to connect to your various networks. Those networking features enable your apps to act as if they were deployed in a VNet. The apps in an ASEv3 do not need any configuration to be in the VNet. A benefit of using an ASE over the multi-tenant service is that any network access controls to the ASE hosted apps is completely external to the application configuration. With the apps in the multi-tenant service, you must enable the features on an app by app basis and use RBAC or policy to prevent any configuration changes.
+The multi-tenant version of Azure App Service contains numerous features to enable your apps to connect to your various networks. Those networking features enable your apps to act as if they were deployed in a VNet. The apps in an ASEv3 do not need any configuration to be in the VNet. A benefit of using an ASE over the multi-tenant service is that any network access controls to the ASE hosted apps is external to the application configuration. With the apps in the multi-tenant service, you must enable the features on an app by app basis and use RBAC or policy to prevent any configuration changes.
## Feature differences
There are a few features that are not available in ASEv3 that were available in
With ASEv3, there is a different pricing model depending on the type of ASE deployment you have. The three pricing models are: -- **ASEv3**: If ASE is empty, there is a charge as if you had one ASP with one instance of Windows I1v2. The one instance charge is not an additive charge but is only applied if the ASE is totally empty.-- **Availability Zone ASEv3**: There is a minimum 9 Windows I1v2 instance charge. There is no added charge for availability zone support if you have 9 or more App Service plan instances.
+- **ASEv3**: If ASE is empty, there is a charge as if you had one ASP with one instance of Windows I1v2. The one instance charge is not an additive charge but is only applied if the ASE is empty.
+- **Availability Zone ASEv3**: There is a minimum nine Windows I1v2 instance charge. There is no added charge for availability zone support if you have nine or more App Service plan instances. All App Service plans in an AZ ASEv3 also have a minimum instance count of 3 to ensure there is an instance in each availability zone. As the plans are scaled out, they are spread across the availability zones.
- **Dedicated host ASEv3**: With a dedicated host deployment, you are charged for two dedicated hosts per our pricing at ASEv3 creation then a small percentage of the Isolated V2 rate per core charge as you scale.
-Reserved Instance pricing for Isolated v2 will be available after GA.
+Reserved Instance pricing for Isolated v2 is available and is described in [How reservation discounts apply to Azure App Service][reservedinstances]. The pricing, along with reserved instance pricing, is available at [App Service pricing][pricing] under **Isolated v2 plan**.
## Regions
-The ASEv3 is available in the following regions.
+The ASEv3 is available in the following regions.
|Normal and dedicated host ASEv3 regions| AZ ASEv3 regions| |||
The ASEv3 is available in the following regions.
|Korea Central | UK South| |North Europe | West Europe| |Norway East | West US 2 |
-|South Africa North| |
|South Central US | | |Southeast Asia| | |Switzerland North | |
The ASEv3 is available in the following regions.
|West Europe | | |West US | | |West US 2| |+
+<!--Links-->
+[reservedinstances]: https://docs.microsoft.com/azure/cost-management-billing/reservations/reservation-discount-app-service#how-reservation-discounts-apply-to-isolated-v2-instances
+[pricing]: https://azure.microsoft.com/pricing/details/app-service/windows/
app-service Using An Ase https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/environment/using-an-ase.md
ms.assetid: a22450c4-9b8b-41d4-9568-c4646f4cf66b Previously updated : 9/22/2020 Last updated : 8/5/2021
To create an alert against your logs, follow the instructions in [Create, view,
## Upgrade preference
-If you have multiple ASEs, you might want some ASEs to be upgraded before others. Within the ASE **HostingEnvironment Resource Manager** object, you can set a value for **upgradePreference**. The **upgradePreference** setting can be configured by using a template, ARMClient, or https://resources.azure.com. The three possible values are:
+If you have multiple ASEs, you might want some ASEs to be upgraded before others. This behavior can be enabled through your ASE portal. Under **Configuration** you have the option to set **Upgrade preference**. The three possible values are:
- **None**: Azure will upgrade your ASE in no particular batch. This value is the default. - **Early**: Your ASE will be upgraded in the first half of the App Service upgrades. - **Late**: Your ASE will be upgraded in the second half of the App Service upgrades.
-If you're using https://resources.azure.com, follow these steps to set the **upgradePreferences** value:
+Select the value desired and select **Save**. The default for any ASE is **None**.
-1. Go to resources.azure.com and sign in with your Azure account.
-1. Go through the resources to subscriptions\/\[subscription name\]\/resourceGroups\/\[resource group name\]\/providers\/Microsoft.Web\/hostingEnvironments\/\[ASE name\].
-1. Select **Read/Write** at the top.
-1. Select **Edit**.
-1. Set **upgradePreference** to whichever one of the three values you want.
-1. Select **Patch**.
-
-![resources azure com display][5]
+![ASE configuration portal][5]
The **upgradePreferences** feature makes the most sense when you have multiple ASEs because your "Early" ASEs will be upgraded before your "Late" ASEs. When you have multiple ASEs, you should set your development and test ASEs to be "Early" and your production ASEs to be "Late".
app-service Using https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/environment/using.md
This will encrypt internal network traffic in your ASE between the front ends an
## Upgrade preference
-If you have multiple ASEs, you might want some ASEs to be upgraded before others. Within the ASE **HostingEnvironment Resource Manager** object, you can set a value for **upgradePreference**. The **upgradePreference** setting can be configured by using a template, ARMClient, or https://resources.azure.com. The three possible values are:
+If you have multiple ASEs, you might want some ASEs to be upgraded before others. This behavior can be enabled through your ASE portal. Under **Configuration** you have the option to set **Upgrade preference**. The three possible values are:
- **None**: Azure will upgrade your ASE in no particular batch. This value is the default. - **Early**: Your ASE will be upgraded in the first half of the App Service upgrades. - **Late**: Your ASE will be upgraded in the second half of the App Service upgrades.
-To configure your upgrade preference, go to the ASE **Configuration** UI.
+Select the value desired and select **Save**. The default for any ASE is **None**.
+
+![ASE configuration portal][5]
+ The **upgradePreferences** feature makes the most sense when you have multiple ASEs because your "Early" ASEs will be upgraded before your "Late" ASEs. When you have multiple ASEs, you should set your development and test ASEs to be "Early" and your production ASEs to be "Late". ## Delete an ASE
To delete an ASE:
![ASE deletion][3] 1. Select **OK**.
+## Pricing
+
+With ASEv3, there is a different pricing model depending on the type of ASE deployment you have. The three pricing models are:
+
+- **ASEv3**: If ASE is empty, there is a charge as if you had one ASP with one instance of Windows I1v2. The one instance charge is not an additive charge but is only applied if the ASE is empty.
+- **Availability Zone ASEv3**: There is a minimum nine Windows I1v2 instance charge. There is no added charge for availability zone support if you have nine or more App Service plan instances. All App Service plans in an AZ ASEv3 also have a minimum instance count of 3 to ensure there is an instance in each availability zone. As the plans are scaled out, they are spread across the availability zones.
+- **Dedicated host ASEv3**: With a dedicated host deployment, you are charged for two dedicated hosts per our pricing at ASEv3 creation then a small percentage of the Isolated V2 rate per core charge as you scale.
+
+Reserved Instance pricing for Isolated v2 is available and is described in [How reservation discounts apply to Azure App Service][reservedinstances]. The pricing, along with reserved instance pricing, is available at [App Service pricing][pricing] under **Isolated v2 plan**.
+ <!--Image references--> [1]: ./media/using/using-appcreate.png
To delete an ASE:
[ASEWAF]: app-service-app-service-environment-web-application-firewall.md [AppGW]: ../../web-application-firewall/ag/ag-overview.md [logalerts]: ../../azure-monitor/alerts/alerts-log.md
+[reservedinstances]: https://docs.microsoft.com/azure/cost-management-billing/reservations/reservation-discount-app-service#how-reservation-discounts-apply-to-isolated-v2-instances
+[pricing]: https://azure.microsoft.com/pricing/details/app-service/windows/
app-service Manage Create Arc Environment https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/manage-create-arc-environment.md
Title: 'Set up Azure Arc for App Service, Functions, and Logic Apps' description: For your Azure Arc enabled Kubernetes clusters, learn how to enable App Service apps, function apps, and logic apps. Previously updated : 05/26/2021 Last updated : 08/17/2021 # Set up an Azure Arc enabled Kubernetes cluster to run App Service, Functions, and Logic Apps (Preview)
While a [Log Analytic workspace](../azure-monitor/logs/quick-create-workspace.md
--workspace-name $workspaceName ` --query primarySharedKey ` --output tsv)
- $logAnalyticsKeyEncWithSpace=[Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($logAnalyticsKey))
- $logAnalyticsKeyEnc=$(echo -n "${logAnalyticsKeyEncWithSpace//[[:space:]]/}") # Needed for the next step
+ $logAnalyticsKeyEnc=[Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($logAnalyticsKey))
```
Before you can start creating apps on the custom location, you need an [App Serv
- [Quickstart: Create a web app on Azure Arc](quickstart-arc.md) - [Create your first function on Azure Arc](../azure-functions/create-first-function-arc-cli.md)-- [Create your first logic app on Azure Arc](../logic-apps/azure-arc-enabled-logic-apps-create-deploy-workflows.md)
+- [Create your first logic app on Azure Arc](../logic-apps/azure-arc-enabled-logic-apps-create-deploy-workflows.md)
app-service Overview Arc Integration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/overview-arc-integration.md
Title: 'App Service on Azure Arc' description: An introduction to App Service integration with Azure Arc for Azure operators. Previously updated : 05/03/2021 Last updated : 08/17/2021 # App Service, Functions, and Logic Apps on Azure Arc (Preview)
Only one Kubernetes environment resource may be created in a custom location. In
- [Which App Service features are supported?](#which-app-service-features-are-supported) - [Are networking features supported?](#are-networking-features-supported) - [Are managed identities supported?](#are-managed-identities-supported)
+- [Are there any scaling limits?](#are-there-any-scaling-limits)
- [What logs are collected?](#what-logs-are-collected) - [What do I do if I see a provider registration error?](#what-do-i-do-if-i-see-a-provider-registration-error)
+- [Can I deploy the Application services extension on an ARM64 based cluster?](#can-i-deploy-the-application-services-extension-on-an-arm64-based-cluster)
### How much does it cost?
No. Networking features such as hybrid connections, Virtual Network integration,
No. Apps cannot be assigned managed identities when running in Azure Arc. If your app needs an identity for working with another Azure resource, consider using an [application service principal](../active-directory/develop/app-objects-and-service-principals.md#service-principal-object) instead.
+### Are there any scaling limits?
+
+All applications deployed with Azure App Service on Kubernetes with Azure Arc are able to scale within the limits of the underlying Kubernetes cluster. If the underlying Kubernetes Cluster runs out of available compute resources (CPU and memory primarily), then applications will only be able to scale to the number of instances of the application that Kubernetes can schedule with available resource.
+ ### What logs are collected? Logs for both system components and your applications are written to standard output. Both log types can be collected for analysis using standard Kubernetes tools. You can also configure the App Service cluster extension with a [Log Analytics workspace](../azure-monitor/logs/log-analytics-overview.md), and it will send all logs to that workspace.
app-service Overview Authentication Authorization https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/overview-authentication-authorization.md
ms.assetid: b7151b57-09e5-4c77-a10c-375a262f17e5
Last updated 07/21/2021 -+ # Authentication and authorization in Azure App Service and Azure Functions
app-service Overview Inbound Outbound Ips https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/overview-inbound-outbound-ips.md
az webapp show --resource-group <group_name> --name <app_name> --query possibleO
``` ## Get a static outbound IP
-You can control the IP address of outbound traffic from your app by using regional VNet integration together with a virtual network NAT gateway to direct traffic through a static public IP address. [Regional VNet integration](/azure/app-service/web-sites-integration-with-vnet) is available on **Standard**, **Premium**, **PremiumV2** and **PremiumV3** App Service plans. To learn more about this setup, see [NAT gateway integration](./networking/nat-gateway-integration.md).
+You can control the IP address of outbound traffic from your app by using regional VNet integration together with a virtual network NAT gateway to direct traffic through a static public IP address. [Regional VNet integration](/azure/app-service/web-sites-integrate-with-vnet) is available on **Standard**, **Premium**, **PremiumV2** and **PremiumV3** App Service plans. To learn more about this setup, see [NAT gateway integration](./networking/nat-gateway-integration.md).
## Next steps Learn how to restrict inbound traffic by source IP addresses. > [!div class="nextstepaction"]
-> [Static IP restrictions](app-service-ip-restrictions.md)
+> [Static IP restrictions](app-service-ip-restrictions.md)
applied-ai-services Reference Sdk Api V2 0 https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/applied-ai-services/form-recognizer/api-v2-0/reference-sdk-api-v2-0.md
+
+ Title: "Reference: Form Recognizer client library 3.0.0 and REST API v2.0"
+
+description: Use the Form Recognizer client library v3.0.0 or REST API v2.0 to create a forms processing app that extracts key/value pairs and table data from your custom documents.
++++++ Last updated : 05/25/2021+
+zone_pivot_groups: programming-languages-set-formre
+
+keywords: forms processing, automated data processing
++
+# Reference: Azure Form Recognizer client library v3.0.0 and REST API v2.0
+
+>[!IMPORTANT]
+>
+> * This guide is based on Azure Form Recognizer SDK v3.0.0 and REST API v2.0. Documentation and code samples for the latest version can be found in our **[Quickstarts](../quickstarts/client-library.md)** article.
+>
+>* For simplicity, the code in this article uses synchronous methods and unsecured credentials storage. For production, use secure methods to store and access your credentials. See the Cognitive Services [security](../../../cognitive-services/cognitive-services-security.md) article for more information.
+
+Get started with Azure Form Recognizer using the programming language of your choice. Azure Form Recognizer is a [Azure Applied AI Service](../../../applied-ai-services/index.yml) that lets you build automated data processing software using machine learning technology. Identify and extract text, key/value pairs, selection marks, table data, and more from your form documents&mdash;the service outputs structured data that includes the relationships in the original file. You can use Form Recognizer via the REST API or SDK. Follow these steps to install the SDK package and try out the example code for basic tasks.
+++++++++++++++
applied-ai-services Build Training Data Set https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/applied-ai-services/form-recognizer/build-training-data-set.md
+
+ Title: "How to build a training data set for a custom model - Form Recognizer"
+
+description: Learn how to ensure your training data set is optimized for training a Form Recognizer model.
++++++ Last updated : 07/27/2021+
+#Customer intent: As a user of the Form Recognizer custom model service, I want to ensure I'm training my model in the best way.
++
+# Build a training data set for a custom model
+
+When you use the Form Recognizer custom model, you provide your own training data to the [Train Custom Model](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/TrainCustomModelAsync) operation, so that the model can train to your industry-specific forms. Follow this guide to learn how to collect and prepare data to train the model effectively.
+
+You need at least five filled-in forms of the same type.
+
+If you want to use manually labeled training data, you must start with at least five filled-in forms of the same type. You can still use unlabeled forms in addition to the required data set.
+
+## Custom model input requirements
+
+First, make sure your training data set follows the input requirements for Form Recognizer.
++
+## Training data tips
+
+Follow these additional tips to further optimize your data set for training.
+
+* If possible, use text-based PDF documents instead of image-based documents. Scanned PDFs are handled as images.
+* For filled-in forms, use examples that have all of their fields filled in.
+* Use forms with different values in each field.
+* If your form images are of lower quality, use a larger data set (10-15 images, for example).
+
+## Upload your training data
+
+When you've put together the set of form documents that you'll use for training, you need to upload it to an Azure blob storage container. If you don't know how to create an Azure storage account with a container, following the [Azure Storage quickstart for Azure portal](../../storage/blobs/storage-quickstart-blobs-portal.md). Use the standard performance tier.
+
+If you want to use manually labeled data, you'll also have to upload the *.labels.json* and *.ocr.json* files that correspond to your training documents. You can use the [Sample labeling tool](label-tool.md) (or your own UI) to generate these files.
+
+### Organize your data in subfolders (optional)
+
+By default, the [Train Custom Model](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/TrainCustomModelAsync) API will only use form documents that are located at the root of your storage container. However, you can train with data in subfolders if you specify it in the API call. Normally, the body of the [Train Custom Model](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/TrainCustomModelAsync) call has the following format, where `<SAS URL>` is the Shared access signature URL of your container:
+
+```json
+{
+ "source":"<SAS URL>"
+}
+```
+
+If you add the following content to the request body, the API will train with documents located in subfolders. The `"prefix"` field is optional and will limit the training data set to files whose paths begin with the given string. So a value of `"Test"`, for example, will cause the API to look at only the files or folders that begin with the word "Test".
+
+```json
+{
+ "source": "<SAS URL>",
+ "sourceFilter": {
+ "prefix": "<prefix string>",
+ "includeSubFolders": true
+ },
+ "useLabelFile": false
+}
+```
+
+## Next steps
+
+Now that you've learned how to build a training data set, follow a quickstart to train a custom Form Recognizer model and start using it on your forms.
+
+* [Train a model and extract form data using the client library or REST API](./quickstarts/client-library.md)
+* [Train with labels using the sample labeling tool](label-tool.md)
+
+## See also
+
+* [What is Form Recognizer?](./overview.md)
applied-ai-services Concept Business Cards https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/applied-ai-services/form-recognizer/concept-business-cards.md
+
+ Title: Business cards - Form Recognizer
+
+description: Learn concepts related to business card analysis with the Form Recognizer API - usage and limits.
++++++ Last updated : 08/09/2021+++
+# Form Recognizer prebuilt business cards model
+
+Azure Form Recognizer can analyze and extract contact information from business cards using its prebuilt business cards model. It combines powerful Optical Character Recognition (OCR) capabilities with our business card understanding model to extract key information from business cards in English. It extracts personal contact info, company name, job title, and more. The Prebuilt Business Card API is publicly available in the Form Recognizer v2.1.
+
+## Customer scenarios
+
+The data extracted with the Business Card API can be used to perform various tasks. Extracting this contact info automatically saves time for users in client-facing roles. The following are a few examples of what our customers have accomplished with the Business Card API:
+
+* Extract contact info from Business cards and quickly create phone contacts.
+* Integrate with CRM to automatically create contact using business card images.
+* Keep track of sales leads.
+* Extract contact info in bulk from existing business card images.
+
+The Business Card API also powers the [AI Builder Business Card Processing feature](/ai-builder/prebuilt-business-card).
+
+## Try it
+
+To try out the Form Recognizer receipt service, go to the online Sample UI Tool:
+
+> [!div class="nextstepaction"]
+> [Try business card model](https://aka.ms/fott-2.1-ga "Start with a prebuilt model to extract data from business card")
+
+## What does the Business Card service do?
+
+The prebuilt Business Card API extracts key fields from business cards and returns them in an organized JSON response.
+
+![Contoso itemized image from sample labeling tool + JSON output](./media/business-card-example.jpg)
+
+### Fields extracted:
+
+|Name| Type | Description | Text | Value (standardized output) |
+|:--|:-|:-|:-|:-|
+| ContactNames | array of objects | Contact name extracted from business card | [{ "FirstName": "Chris", "LastName": "Smith" }] | |
+| FirstName | string | First (given) name of contact | "Chris" | "Chris" |
+| LastName | string | Last (family) name of contact | "Smith" | "Smith" |
+| CompanyNames | array of strings | Company name extracted from business card | ["CONTOSO"] | CONTOSO |
+| Departments | array of strings | Department or organization of contact | ["Cloud & Al Department"] | Cloud & Al Department |
+| JobTitles | array of strings | Listed Job title of contact | ["Senior Researcher"] | Senior Researcher |
+| Emails | array of strings | Contact email extracted from business card | ["chris.smith@contoso.com"] | chris.smith@contoso.com |
+| Websites | array of strings | Website extracted from business card | ["https://www.contoso.com"] | https://www.contoso.com |
+| Addresses | array of strings | Address extracted from business card | ["4001 1st Ave NE Redmond, WA 98052"] | 4001 1st Ave NE Redmond, WA 98052 |
+| MobilePhones | array of phone numbers | Mobile phone number extracted from business card | ["+1 (987) 123-4567"] | +19871234567 |
+| Faxes | array of phone numbers | Fax phone number extracted from business card | ["+1 (987) 312-6745"] | +19873126745 |
+| WorkPhones | array of phone numbers | Work phone number extracted from business card | ["+1 (987) 213-5674"] | +19872135674 |
+| OtherPhones | array of phone numbers | Other phone number extracted from business card | ["+1 (987) 213-5673"] | +19872135673 |
+
+The Business Card API can also return all recognized text from the Business Card. This OCR output is included in the JSON response.
+
+### Input Requirements
++
+## Supported locales
+
+**Pre-built business cards v2.1** supports the following locales: **en-us**, **en-au**, **en-ca**, **en-gb**, **en-in**
+
+## Analyze Business Card
+
+The [Analyze Business Card](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/AnalyzeBusinessCardAsync) takes an image or PDF of a business card as the input and extracts the values of interest. The call returns a response header field called `Operation-Location`. The `Operation-Location` value is a URL that contains the Result ID to be used in the next step.
+
+|Response header| Result URL |
+|:--|:-|
+|Operation-Location | `https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/AnalyzeBusinessCardAsync` |
+
+## Get Analyze Business Card Result
+
+The second step is to call the [Get Analyze Business Card Result](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/GetAnalyzeBusinessCardResult) operation. This operation takes as input the Result ID that was created by the Analyze Business Card operation. It returns a JSON response that contains a **status** field with the following possible values. You call this operation iteratively until it returns with the **succeeded** value. Use an interval of 3 to 5 seconds to avoid exceeding the requests per second (RPS) rate.
+
+|Field| Type | Possible values |
+|:--|:-:|:-|
+|status | string | notStarted: The analysis operation has not started.<br /><br />running: The analysis operation is in progress.<br /><br />failed: The analysis operation has failed.<br /><br />succeeded: The analysis operation has succeeded.|
+
+When the **status** field has the **succeeded** value, the JSON response will include the business card understanding and optional text recognition results, if requested. The business card understanding result is organized as a dictionary of named field values, where each value contains the extracted text, normalized value, bounding box, confidence, and corresponding word elements. The text recognition result is organized as a hierarchy of lines and words, with text, bounding box and confidence information.
+
+![sample business card output](./media/business-card-results.png)
+
+### Sample JSON output
+
+The response to the Get Analyze Business Card Result operation will be the structured representation of the business card with all the information extracted. See here for a [sample business card file](https://github.com/Azure-Samples/cognitive-services-REST-api-samples/blob/master/curl/form-recognizer/business-card-english.jpg) and its structured output [sample business card output](https://github.com/Azure-Samples/cognitive-services-REST-api-samples/blob/master/curl/form-recognizer/business-card-result.json).
+
+See the following example of a successful JSON response (the output has been shortened for simplicity):
+* The `"readResults"` node contains all of the recognized text. Text is organized by page, then by line, then by individual words.
+* The `"documentResults"` node contains the business-card-specific values that the model discovered. This is where you'll find useful contact information like the first name, last name, company name and more.
+
+```json
+{
+ "status": "succeeded",
+ "createdDateTime": "2021-05-27T02:18:35Z",
+ "lastUpdatedDateTime": "2021-05-27T02:18:37Z",
+ "analyzeResult": {
+ "version": "2.1.0",
+ "readResults": [
+ {
+ "page": 1,
+ "angle": 0.0255,
+ "width": 2592,
+ "height": 4608,
+ "unit": "pixel",
+ "lines": [
+ {
+ "text": "CONTOSO",
+ "boundingBox": [
+ 533,
+ 1570,
+ 1334,
+ 1570,
+ 1333,
+ 1721,
+ 533,
+ 1720
+ ],
+ "words": [
+ {
+ "text": "CONTOSO",
+ "boundingBox": [
+ 535,
+ 1571,
+ 1278,
+ 1571,
+ 1279,
+ 1722,
+ 534,
+ 1719
+ ],
+ "confidence": 0.994
+ }
+ ],
+ "appearance": {
+ "style": {
+ "name": "other",
+ "confidence": 0.878
+ }
+ }
+ },
+ ...
+ ]
+ }
+ ],
+ "documentResults": [
+ {
+ "docType": "prebuilt:businesscard",
+ "pageRange": [
+ 1,
+ 1
+ ],
+ "fields": {
+ "Addresses": {
+ "type": "array",
+ "valueArray": [
+ {
+ "type": "string",
+ "valueString": "4001 1st Ave NE Redmond, WA 98052",
+ "text": "4001 1st Ave NE Redmond, WA 98052",
+ "boundingBox": [
+ 400,
+ 2789,
+ 1514,
+ 2789,
+ 1514,
+ 2857,
+ 400,
+ 2857
+ ],
+ "page": 1,
+ "confidence": 0.986,
+ "elements": [
+ "#/readResults/0/lines/9/words/0",
+ "#/readResults/0/lines/9/words/1",
+ "#/readResults/0/lines/9/words/2",
+ "#/readResults/0/lines/9/words/3",
+ "#/readResults/0/lines/9/words/4",
+ "#/readResults/0/lines/9/words/5",
+ "#/readResults/0/lines/9/words/6"
+ ]
+ }
+ ]
+ },
+ "CompanyNames": {
+ "type": "array",
+ "valueArray": [
+ {
+ "type": "string",
+ "valueString": "CONTOSO",
+ "text": "CONTOSO",
+ "boundingBox": [
+ 535,
+ 1571,
+ 1278,
+ 1571,
+ 1279,
+ 1722,
+ 534,
+ 1719
+ ],
+ "page": 1,
+ "confidence": 0.985,
+ "elements": [
+ "#/readResults/0/lines/0/words/0"
+ ]
+ }
+ ]
+ },
+ "ContactNames": {
+ "type": "array",
+ "valueArray": [
+ {
+ "type": "object",
+ "valueObject": {
+ "FirstName": {
+ "type": "string",
+ "valueString": "Chris",
+ "text": "Chris",
+ "boundingBox": [
+ 1556,
+ 2018,
+ 1915,
+ 2021,
+ 1915,
+ 2156,
+ 1558,
+ 2154
+ ],
+ "page": 1,
+ "elements": [
+ "#/readResults/0/lines/1/words/0"
+ ]
+ },
+ "LastName": {
+ "type": "string",
+ "valueString": "Smith",
+ "text": "Smith",
+ "boundingBox": [
+ 1944,
+ 2021,
+ 2368,
+ 2016,
+ 2364,
+ 2156,
+ 1944,
+ 2156
+ ],
+ "page": 1,
+ "elements": [
+ "#/readResults/0/lines/1/words/1"
+ ]
+ }
+ },
+ "text": "Chris Smith",
+ "boundingBox": [
+ 1556.1,
+ 2010.3,
+ 2368,
+ 2016,
+ 2367,
+ 2159.6,
+ 1555.1,
+ 2154
+ ],
+ "page": 1,
+ "confidence": 0.99,
+ "elements": [
+ "#/readResults/0/lines/1/words/0",
+ "#/readResults/0/lines/1/words/1"
+ ]
+ }
+ ]
+ },
+ "Departments": {
+ "type": "array",
+ "valueArray": [
+ {
+ "type": "string",
+ "valueString": "Cloud & Al Department",
+ "text": "Cloud & Al Department",
+ "boundingBox": [
+ 1578,
+ 2288.8,
+ 2277,
+ 2295.1,
+ 2276.3,
+ 2367.8,
+ 1577.3,
+ 2361.5
+ ],
+ "page": 1,
+ "confidence": 0.989,
+ "elements": [
+ "#/readResults/0/lines/3/words/0",
+ "#/readResults/0/lines/3/words/1",
+ "#/readResults/0/lines/3/words/2",
+ "#/readResults/0/lines/3/words/3"
+ ]
+ }
+ ]
+ },
+ "Emails": {
+ "type": "array",
+ "valueArray": [
+ {
+ "type": "string",
+ "valueString": "chris.smith@contoso.com",
+ "text": "chris.smith@contoso.com",
+ "boundingBox": [
+ 1583,
+ 2381,
+ 2309,
+ 2382,
+ 2308,
+ 2445,
+ 1584,
+ 2447
+ ],
+ "page": 1,
+ "confidence": 0.99,
+ "elements": [
+ "#/readResults/0/lines/4/words/0"
+ ]
+ }
+ ]
+ },
+ "Faxes": {
+ "type": "array",
+ "valueArray": [
+ {
+ "type": "phoneNumber",
+ "valuePhoneNumber": "+19873126745",
+ "text": "+1 (987) 312-6745",
+ "boundingBox": [
+ 740,
+ 2703.8,
+ 1273,
+ 2702.1,
+ 1273.2,
+ 2774.1,
+ 740.2,
+ 2775.8
+ ],
+ "page": 1,
+ "confidence": 0.99,
+ "elements": [
+ "#/readResults/0/lines/8/words/1",
+ "#/readResults/0/lines/8/words/2",
+ "#/readResults/0/lines/8/words/3"
+ ]
+ }
+ ]
+ },
+ "JobTitles": {
+ "type": "array",
+ "valueArray": [
+ {
+ "type": "string",
+ "valueString": "Senior Researcher",
+ "text": "Senior Researcher",
+ "boundingBox": [
+ 1578,
+ 2206,
+ 2117,
+ 2207.6,
+ 2116.8,
+ 2272.6,
+ 1577.8,
+ 2271
+ ],
+ "page": 1,
+ "confidence": 0.99,
+ "elements": [
+ "#/readResults/0/lines/2/words/0",
+ "#/readResults/0/lines/2/words/1"
+ ]
+ }
+ ]
+ },
+ "MobilePhones": {
+ "type": "array",
+ "valueArray": [
+ {
+ "type": "phoneNumber",
+ "valuePhoneNumber": "+19871234567",
+ "text": "+1 (987) 123-4567",
+ "boundingBox": [
+ 744,
+ 2529,
+ 1281,
+ 2529,
+ 1281,
+ 2603,
+ 744,
+ 2603
+ ],
+ "page": 1,
+ "confidence": 0.99,
+ "elements": [
+ "#/readResults/0/lines/5/words/1",
+ "#/readResults/0/lines/5/words/2",
+ "#/readResults/0/lines/5/words/3"
+ ]
+ }
+ ]
+ },
+ "Websites": {
+ "type": "array",
+ "valueArray": [
+ {
+ "type": "string",
+ "valueString": "https://www.contoso.com/",
+ "text": "https://www.contoso.com/",
+ "boundingBox": [
+ 1576,
+ 2462,
+ 2383,
+ 2462,
+ 2380,
+ 2535,
+ 1576,
+ 2535
+ ],
+ "page": 1,
+ "confidence": 0.99,
+ "elements": [
+ "#/readResults/0/lines/6/words/0"
+ ]
+ }
+ ]
+ },
+ "WorkPhones": {
+ "type": "array",
+ "valueArray": [
+ {
+ "type": "phoneNumber",
+ "valuePhoneNumber": "+19872135674",
+ "text": "+1 (987) 213-5674",
+ "boundingBox": [
+ 736,
+ 2617.6,
+ 1267.1,
+ 2618.5,
+ 1267,
+ 2687.5,
+ 735.9,
+ 2686.6
+ ],
+ "page": 1,
+ "confidence": 0.984,
+ "elements": [
+ "#/readResults/0/lines/7/words/1",
+ "#/readResults/0/lines/7/words/2",
+ "#/readResults/0/lines/7/words/3"
+ ]
+ }
+ ]
+ }
+ }
+ }
+ ]
+ }
+}
+```
+
+## Next steps
+
+* Try your own business cards and samples in the [Form Recognizer Sample UI](https://fott-preview.azurewebsites.net/).
+* Complete a [Form Recognizer quickstart](quickstarts/client-library.md) to get started writing a business card processing app with Form Recognizer in the development language of your choice.
applied-ai-services Concept Custom https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/applied-ai-services/form-recognizer/concept-custom.md
+
+ Title: Custom and composed models - Form Recognizer
+
+description: Learn how to create, use, and manage Form Recognizer custom and composed models- usage and limits.
+++++++ Last updated : 08/09/2021+++
+# Form Recognizer custom and composed models
+
+Form Recognizer uses advanced machine learning technology to detect and extract information from document images and return the extracted data in a structured JSON output. With Form Recognizer, you can train standalone custom models, create composed models, or get started with our prebuilt models:
+
+* **Custom models**. Form Recognizer custom models enable you to analyze and extract data from forms and documents specific to your business. Custom models are trained for your distinct data and use cases.
+
+* **Composed models**. A composed model is created by taking a collection of custom models and assigning them to a single model that encompasses your form types. When a document is submitted to a composed model, the service performs a classification step to decide which custom model accurately represents the form presented for analysis.
+
+* **Prebuilt models**. Form Recognizer currently supports prebuilt models for [business cards](concept-business-cards.md), [layout](concept-layout.md), [identity documents](concept-identification-cards.md), [invoices](concept-invoices.md), and [receipts](concept-receipts.md).
+
+In this article, we'll examine the process for creating Form Recognizer custom and composed models using our [Form Recognizer sample labeling tool](label-tool.md), [REST APIs](quickstarts/client-library.md?branch=main&pivots=programming-language-rest-api#train-a-custom-model), or [client-library SDKs](quickstarts/client-library.md?branch=main&pivots=programming-language-csharp#train-a-custom-model).
+
+## What is a custom model?
+
+A custom model is a machine learning program trained to recognize form fields within your distinct content and extract key-value pairs and table data. You only need five examples of the same form type to get started and your custom model can be trained with or without labeled datasets.
+
+## What is a composed model?
+
+With composed models, you can assign multiple custom models to a composed model called with a single model ID. This is useful when you have trained several models and want to group them to analyze similar form types. For example, your composed model may be comprised of custom models trained to analyze your supply, equipment, and furniture purchase orders. Instead of manually trying to select the appropriate model, you can use a composed model to determine the appropriate custom model for each analysis and extraction.
+
+## Try it
+
+Get started with our Form Recognizer sample labeling tool:
+
+> [!div class="nextstepaction"]
+> [Try a custom model](https://aka.ms/fott-2.1-ga "Start with Custom to train a model with labels and find key-value pairs.")
+
+## Create your models
+
+The steps for building, training, and using custom and composed models are as follows:
+
+* [**Assemble your training dataset**](#assemble-your-training-dataset)
+* [**Upload your training set to Azure blob storage**](#upload-your-training-dataset)
+* [**Train your custom model**](#train-your-custom-model)
+* [**Compose custom models**](#create-a-composed-model)
+* [**Analyze documents**](#analyze-documents-with-your-custom-or-composed-model)
+* [**Manage your custom models**](#manage-your-custom-models)
+
+## Assemble your training dataset
+
+Building a custom model begins with establishing your training dataset. You'll need a minimum of five completed forms of the same type for your sample dataset. They can be of different file types (jpg, png, pdf, tiff) and contain both text and handwriting. Your forms must follow the [input requirements](build-training-data-set.md#custom-model-input-requirements) for Form Recognizer.
+
+## Upload your training dataset
+
+You'll need to [upload your training data](build-training-data-set.md#upload-your-training-data)
+to an Azure blob storage container. If you don't know how to create an Azure storage account with a container, *see* [Azure Storage quickstart for Azure portal](../../storage/blobs/storage-quickstart-blobs-portal.md). You can use the free pricing tier (F0) to try the service, and upgrade later to a paid tier for production.
+
+## Train your custom model
+
+You can [train your model](quickstarts/client-library.md#train-a-custom-model) with or without labeled data sets. Unlabeled datasets rely solely on the [Layout API](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/AnalyzeLayoutAsync) to detect and identify key information without added human input. Labeled datasets also rely on the Layout API, but supplementary human input is included such as your specific labels and field locations. To use both labeled and unlabeled data, start with at least five completed forms of the same type for the labeled training data and then add unlabeled data to the required data set.
+
+## Create a composed model
+
+> [!NOTE]
+> **Model Compose is only available for custom models trained _with_ labels.** Attempting to compose unlabeled models will produce an error.
+
+With the Model Compose operation, you can assign up to 100 trained custom models to a single model ID. When you call Analyze with the composed model ID, Form Recognizer will first classify the form you submitted, choose the best matching assigned model, and then return results for that model. This operation is useful when incoming forms may belong to one of several templates.
+
+Using the Form Recognizer sample labeling tool, the REST API, or the Client-library SDKs, follow the steps below to set up a composed model:
+
+1. [**Gather your custom model IDs**](#gather-your-custom-model-ids)
+1. [**Compose your custom models**](#compose-your-custom-models)
+
+#### Gather your custom model IDs
+
+Once the training process has successfully completed, your custom model will be assigned a model ID. You can retrieve a model ID as follows:
+
+### [**Form Recognizer sample labeling tool**](#tab/fott)
+
+When you train models using the [**Form Recognizer sample labeling tool**](https://fott-2-1.azurewebsites.net/), the model ID is located in the Train Result window:
++
+### [**REST API**](#tab/rest-api)
+
+The [**REST API**](quickstarts/client-library.md?pivots=programming-language-rest-api#train-a-custom-model), will return a `201 (Success)` response with a **Location** header. The value of the last parameter in this header is the model ID for the newly trained model:
++
+### [**Client-library SDKs**](#tab/sdks)
+
+ The [**client-library SDKs**](quickstarts/client-library.md?pivots=programming-language-csharp#train-a-custom-model) return a model object that can be queried to return the trained model ID:
+
+* C\# | [CustomFormModel Class](/dotnet/api/azure.ai.formrecognizer.training.customformmodel?view=azure-dotnet&preserve-view=true#properties "Azure SDK for .NET")
+
+* Java | [CustomFormModelInfo Class](/java/api/com.azure.ai.formrecognizer.training.models.customformmodelinfo?view=azure-java-stable&preserve-view=true#methods "Azure SDK for Java")
+
+* JavaScript | [CustomFormModelInfo interface](/javascript/api/@azure/ai-form-recognizer/customformmodelinfo?view=azure-node-latest&preserve-view=true&branch=main#properties "Azure SDK for JavaScript")
+
+* Python | [CustomFormModelInfo Class](/python/api/azure-ai-formrecognizer/azure.ai.formrecognizer.customformmodelinfo?view=azure-python&preserve-view=true&branch=main#variables "Azure SDK for Python")
+++
+#### Compose your custom models
+
+After you have gathered your custom models corresponding to a single form type, you can compose them into a single model.
+
+### [**Form Recognizer sample labeling tool**](#tab/fott)
+
+The **sample labeling tool** enables you to quickly get started training models and composing them to a single model ID.
+
+After you have completed training, compose your models as follows:
+
+1. On the left rail menu, select the **Model Compose icon** (merging arrow).
+
+1. In the main window, select the models you wish to assign to a single model ID. Models with the arrows icon are already composed models.
+
+1. Choose the **Compose button** from the upper-left corner.
+
+1. In the pop-up window, name your newly composed model and select **Compose**.
+
+When the operation completes, your newly composed model will appear in the list.
+
+ :::image type="content" source="media/custom-model-compose.png" alt-text="Screenshot: model compose window." lightbox="media/custom-model-compose-expanded.png":::
+
+### [**REST API**](#tab/rest-api)
+
+Using the **REST API**, you can make a [**Compose Custom Model**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/Compose) request to create a single composed model from existing models. The request body requires a string array of your `modelIds` to compose and you can optionally define the `modelName`. *See* [Compose Models Async](/rest/api/formrecognizer/2.1preview2/compose-custom-models-async/compose-custom-models-async).
+
+### [**Client-library SDKs**](#tab/sdks)
+
+Use the programming language code of your choice to create a composed model that will be called with a single model ID. Below are links to code samples that demonstrate how to create a composed model from existing custom models:
+
+* [**C#/.NET**](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/formrecognizer/Azure.AI.FormRecognizer/samples/Sample8_ModelCompose.md).
+
+* [**Java**](https://github.com/Azure/azure-sdk-for-java/blob/main/sdk/formrecognizer/azure-ai-formrecognizer/src/samples/java/com/azure/ai/formrecognizer/CreateComposedModel.java).
+
+* [**JavaScript**](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/formrecognizer/ai-form-recognizer/samples/v3/javascript/createComposedModel.js).
+
+* [**Python**](https://github.com/Azure/azure-sdk-for-python/blob/main/sdk/formrecognizer/azure-ai-formrecognizer/samples/sample_create_composed_model.py)
+++
+## Analyze documents with your custom or composed model
+
+ The custom form **Analyze**operation requires you to provide the `modelID` in the call to Form Recognizer . You can provide a single custom model ID or a composed model ID for the `modelID` parameter.
+
+### [**Form Recognizer sample labeling tool**](#tab/fott)
+
+1. On the tool's left-pane menu, select the **Analyze icon** (lightbulb).
+
+1. Choose a local file or image URL to analyze.
+
+1. Select the **Run Analysis** button.
+
+1. The tool will apply tags in bounding boxes and report the confidence percentage for each tag.
++
+### [**REST API**](#tab/rest-api)
+
+Using the REST API, you can make an [Analyze Form](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/AnalyzeWithCustomForm) request to analyze a document and extract key-value pairs and table data.
+
+### [**Client-library SDKs**](#tab/sdks)
+
+Using the programming language of your choice to analyze a form or document with a custom or composed model. You'll need your Form Recognizer endpoint, API key, and model ID.
+
+* [**C#/.NET**](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/formrecognizer/Azure.AI.FormRecognizer/samples/Sample8_ModelCompose.md#recognize-a-custom-form-using-a-composed-model)
+
+* [**Java**](https://github.com/Azure/azure-sdk-for-java/blob/main/sdk/formrecognizer/azure-ai-formrecognizer/src/samples/java/com/azure/ai/formrecognizer/RecognizeCustomFormsFromUrl.java)
+
+* [**JavaScript**](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/formrecognizer/ai-form-recognizer/samples/v3/javascript/recognizeCustomForm.js)
+
+* [**Python**](https://github.com/Azure/azure-sdk-for-python/blob/main/sdk/formrecognizer/azure-ai-formrecognizer/samples/sample_recognize_custom_forms.py)
+++
+Test your newly trained models by [analyzing forms](quickstarts/client-library.md#analyze-forms-with-a-custom-model) that were not part of the training dataset. Depending on the reported accuracy, you may want to do further training to improve the model. You can continue further training to [improve results](label-tool.md#improve-results).
+
+## Manage your custom models
+
+You can [manage your custom models](quickstarts/client-library.md#manage-custom-models) throughout their lifecycle by viewing a [list of all custom models](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/GetCustomModels) under your subscription, retrieving information about [a specific custom model](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/GetCustomModel), and [deleting custom models](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/DeleteCustomModel) from your account.
+
+Great! You have learned the steps to create custom and composed models and use them in your Form Recognizer projects and applications.
+
+## Next steps
+
+Learn more about the Form Recognizer client library by exploring our API reference documentation.
+
+> [!div class="nextstepaction"]
+> [Form Recognizer API reference](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/AnalyzeWithCustomForm)
+>
applied-ai-services Concept Identification Cards https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/applied-ai-services/form-recognizer/concept-identification-cards.md
+
+ Title: IDs - Form Recognizer
+
+description: Learn concepts related to data extraction from identity documents with the Form Recognizer Pre-built IDs API.
+++++++ Last updated : 08/09/2021+++
+# Form Recognizer prebuilt identification (ID) document model
+
+Azure Form Recognizer can analyze and extract information from government-issued identification documents (IDs) using its prebuilt IDs model. It combines our powerful [Optical Character Recognition (OCR)](../../cognitive-services/computer-vision/overview-ocr.md) capabilities with ID recognition capabilities to extract key information from Worldwide Passports and U.S. Driver's Licenses (all 50 states and D.C.). The IDs API extracts key information from these identity documents, such as first name, last name, date of birth, document number, and more. This API is available in the Form Recognizer v2.1 as a cloud service.
+
+## Customer scenarios
+
+The data extracted with the IDs API can be used to perform a variety of tasks for scenarios like Know Your Customer (KYC) in industries including finance, health & insurance, government, etc. Below are a few examples:
+
+* Digital onboarding - End user can use a mobile application to scan the their IDs and onboard to various services. Remote customer verification is aided by IDs data extraction.
+
+* Validation and IDs matching - End user can fill out an application and attach images of IDs. Pre-built IDs enables a bank to verify the information matches with data on hand.
+
+* Forms pre-population - As part of an insurance claim process, end user submits their IDs and fields are pre-populated in online documents, saving time in the process.
+
+The IDs API also powers the [AI Builder ID reader feature](/ai-builder/prebuilt-id-reader).
+
+## Try it
+
+To try out the Form Recognizer IDs service, go to the online Sample UI Tool:
+
+> [!div class="nextstepaction"]
+> [Try ID document model](https://aka.ms/fott-2.1-ga "Start with a prebuilt model to extract data from identity documents.")
+
+## What does the ID service do?
+
+The prebuilt IDs service extracts the key values from worldwide passports and U.S. Driver's Licenses and returns them in an organized structured JSON response.
+
+### **Driver's license example**
+
+![Sample Driver's License](./media/id-example-drivers-license.JPG)
+
+### **Passport example**
+
+![Sample Passport](./media/id-example-passport-result.JPG)
+
+### Fields extracted
+
+|Name| Type | Description | Value (standardized output) |
+|:--|:-|:-|:-|
+| CountryRegion | countryRegion | Country or region code compliant with ISO 3166 standard | "USA" |
+| DateOfBirth | date | DOB in YYYY-MM-DD format | "1980-01-01" |
+| DateOfExpiration | date | Expiration date in YYYY-MM-DD format | "2019-05-05" |
+| DocumentNumber | string | Relevant passport number, driver's license number, etc. | "340020013" |
+| FirstName | string | Extracted given name and middle initial if applicable | "JENNIFER" |
+| LastName | string | Extracted surname | "BROOKS" |
+| Nationality | countryRegion | Country or region code compliant with ISO 3166 standard | "USA" |
+| Sex | string | Possible extracted values include "M", "F" and "X" | "F" |
+| MachineReadableZone | object | Extracted Passport MRZ including two lines of 44 characters each | "P<USABROOKS<<JENNIFER<<<<<<<<<<<<<<<<<<<<<<< 3400200135USA8001014F1905054710000307<715816" |
+| DocumentType | string | Document type, for example, Passport, Driver's License | "passport" |
+| Address | string | Extracted address (Driver's License only) | "123 STREET ADDRESS YOUR CITY WA 99999-1234"|
+| Region | string | Extracted region, state, province, etc. (Driver's License only) | "Washington" |
+
+### Additional features
+
+The IDs API also returns the following information:
+
+* Field confidence level (each field returns an associated confidence value)
+* OCR raw text (OCR-extracted text output for the entire identity document)
+* Bounding box of each extracted field in U.S. Driver's Licenses
+* Bounding box for Machine Readable Zone (MRZ) on Passports
+
+ > [!NOTE]
+ > Pre-built IDs does not detect ID authenticity
+ >
+ > Form Recognizer Pre-built IDs extracts key data from ID data. However, it does not detect the validity or authenticity of the original identity document.
+
+## Input requirements
++
+## Supported Identity document types
+
+* **Pre-built IDs v2.1** extracts key values from worldwide passports, and U.S. Driver's Licenses.
+
+ > [!NOTE]
+ > ID type support
+ >
+ > Currently supported ID types include worldwide passport and U.S. Driver's Licenses. We are actively seeking to expand our ID support to other identity documents around the world.
+
+## Analyze ID Document
+
+The [Analyze ID](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/5f74a7daad1f2612c46f5822) operation takes an image or PDF of an ID as the input and extracts the values of interest. The call returns a response header field called `Operation-Location`. The `Operation-Location` value is a URL that contains the Result ID to be used in the next step.
+
+|Response header| Result URL |
+|:--|:-|
+|Operation-Location | `https://cognitiveservice/formrecognizer/v2.1/prebuilt/idDocument/analyzeResults/49a36324-fc4b-4387-aa06-090cfbf0064f` |
+
+## Get Analyze ID Document Result
+
+<!
+Need to update this with updated APIM links when available
+-->
+
+The second step is to call the [**Get Analyze ID Document Result**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/5f74a7738978e467c5fb8707) operation. This operation takes as input the Result ID that was created by the Analyze ID operation. It returns a JSON response that contains a **status** field with the following possible values. You call this operation iteratively until it returns with the **succeeded** value. Use an interval of 3 to 5 seconds to avoid exceeding the requests per second (RPS) rate.
+
+|Field| Type | Possible values |
+|:--|:-:|:-|
+|status | string | notStarted: The analysis operation has not started. |
+| | | running: The analysis operation is in progress. |
+| | | failed: The analysis operation has failed. |
+| | | succeeded: The analysis operation has succeeded. |
+
+When the **status** field has the **succeeded** value, the JSON response will include the receipt understanding and text recognition results. The IDs result are organized as a dictionary of named field values, where each value contains the extracted text, normalized value, bounding box, confidence, and corresponding word elements. The text recognition result is organized as a hierarchy of lines and words, with text, bounding box and confidence information.
+
+![sample receipt results](./media/id-example-passport-result.JPG)
+
+### Sample JSON output
+
+See the following example of a successful JSON response (the output has been shortened for simplicity):
+The `readResults` node contains all of the recognized text. Text is organized by page, then by line, then by individual words. The `documentResults` node contains the ID values that the model discovered. This node is also where you'll find useful key/value pairs like the first name, last name, document number, and more.
+
+```json
+{
+ "status": "succeeded",
+ "createdDateTime": "2021-03-04T22:29:33Z",
+ "lastUpdatedDateTime": "2021-03-04T22:29:36Z",
+ "analyzeResult": {
+ "version": "2.1.0",
+ "readResults": [
+ {
+ "page": 1,
+ "angle": 0.3183,
+ "width": 549,
+ "height": 387,
+ "unit": "pixel",
+ "lines": [
+ {
+ "text": "PASSPORT",
+ "boundingBox": [
+ 57,
+ 10,
+ 120,
+ 11,
+ 119,
+ 22,
+ 57,
+ 22
+ ],
+ "words": [
+ {
+ "text": "PASSPORT",
+ "boundingBox": [
+ 57,
+ 11,
+ 119,
+ 11,
+ 118,
+ 23,
+ 57,
+ 22
+ ],
+ "confidence": 0.994
+ }
+ ],
+ ...
+ }
+ ]
+ }
+ ],
+
+ "documentResults": [
+ {
+ "docType": "prebuilt:idDocument:passport",
+ "docTypeConfidence": 0.995,
+ "pageRange": [
+ 1,
+ 1
+ ],
+ "fields": {
+ "CountryRegion": {
+ "type": "countryRegion",
+ "valueCountryRegion": "USA",
+ "text": "USA"
+ },
+ "DateOfBirth": {
+ "type": "date",
+ "valueDate": "1980-01-01",
+ "text": "800101"
+ },
+ "DateOfExpiration": {
+ "type": "date",
+ "valueDate": "2019-05-05",
+ "text": "190505"
+ },
+ "DocumentNumber": {
+ "type": "string",
+ "valueString": "340020013",
+ "text": "340020013"
+ },
+ "FirstName": {
+ "type": "string",
+ "valueString": "JENNIFER",
+ "text": "JENNIFER"
+ },
+ "LastName": {
+ "type": "string",
+ "valueString": "BROOKS",
+ "text": "BROOKS"
+ },
+ "Nationality": {
+ "type": "countryRegion",
+ "valueCountryRegion": "USA",
+ "text": "USA"
+ },
+ "Sex": {
+ "type": "string",
+ "valueGender": "F",
+ "text": "F"
+ },
+ "MachineReadableZone": {
+ "type": "object",
+ "text": "P<USABROOKS<<JENNIFER<<<<<<<<<<<<<<<<<<<<<<< 3400200135USA8001014F1905054710000307<715816",
+ "boundingBox": [
+ 16,
+ 314.1,
+ 504.2,
+ 317,
+ 503.9,
+ 363,
+ 15.7,
+ 360.1
+ ],
+ "page": 1,
+ "confidence": 0.384,
+ "elements": [
+ "#/readResults/0/lines/33/words/0",
+ "#/readResults/0/lines/33/words/1",
+ "#/readResults/0/lines/33/words/2",
+ "#/readResults/0/lines/33/words/3",
+ "#/readResults/0/lines/33/words/4",
+ "#/readResults/0/lines/34/words/0"
+ ]
+ },
+ "DocumentType": {
+ "type": "string",
+ "text": "passport",
+ "confidence": 0.995
+ }
+ }
+ }
+ ]
+ }
+}
+```
+
+## Next steps
+
+* Try your own IDs and samples in the [Form Recognizer Sample UI](https://aka.ms/fott-2.1-ga).
+* Complete a [Form Recognizer quickstart](quickstarts/client-library.md) to get started writing an ID processing app with Form Recognizer in the development language of your choice.
++
applied-ai-services Concept Invoices https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/applied-ai-services/form-recognizer/concept-invoices.md
+
+ Title: Invoices - Form Recognizer
+
+description: Learn concepts related to invoice analysis with the Form Recognizer API - usage and limits.
+++++++ Last updated : 08/09/2021+++
+# Form Recognizer prebuilt invoice model
+
+Azure Form Recognizer can analyze and extract information from sales invoices using its prebuilt invoice models. The Invoice API enables customers to take invoices in various formats and return structured data to automate the invoice processing. It combines our powerful [Optical Character Recognition (OCR)](../../cognitive-services/computer-vision/overview-ocr.md) capabilities with invoice understanding deep learning models to extract key information from invoices written in English. It extracts the text, tables, and information such as customer, vendor, invoice ID, invoice due date, total, invoice amount due, tax amount, ship to, bill to, line items and more. The prebuilt Invoice API is publicly available in the Form Recognizer v2.1.
+
+## What does the Invoice service do?
+
+The Invoice API extracts key fields and line items from invoices and returns them in an organized structured JSON response. Invoices can be from various formats and quality, including phone-captured images, scanned documents, and digital PDFs. The invoice API will extract the structured output from all of these invoices.
+
+![Contoso invoice example](./media/invoice-example-new.jpg)
+
+## Try it
+
+To try out the Form Recognizer Invoice Service, go to the online Sample UI Tool:
+
+> [!div class="nextstepaction"]
+> [Try invoice model](https://aka.ms/fott-2.1-ga "Start with a prebuilt model to extract data from invoices.")
+
+You will need an Azure subscription ([create one for free](https://azure.microsoft.com/free/cognitive-services)) and a [Form Recognizer resource](https://ms.portal.azure.com/#create/Microsoft.CognitiveServicesFormRecognizer) endpoint and key to try out the Form Recognizer Invoice service.
++
+### Input requirements
++
+## Supported locales
+
+**Pre-built invoice v2.1** supports invoices in the **en-us** locale.
+
+## Analyze Invoice
+
+The [Analyze Invoice](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/5ed8c9843c2794cbb1a96291) operation takes an image or PDF of an invoice as the input and extracts the values of interest. The call returns a response header field called `Operation-Location`. The `Operation-Location` value is a URL that contains the Result ID to be used in the next step.
+
+|Response header| Result URL |
+|:--|:-|
+|Operation-Location | `https://cognitiveservice/formrecognizer/v2.1/prebuilt/invoice/analyzeResults/49a36324-fc4b-4387-aa06-090cfbf0064f` |
+
+## Get Analyze Invoice Result
+
+The second step is to call the [Get Analyze Invoice Result](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/5ed8c9acb78c40a2533aee83) operation. This operation takes as input the Result ID that was created by the Analyze Invoice operation. It returns a JSON response that contains a **status** field with the following possible values. You call this operation iteratively until it returns with the **succeeded** value. Use an interval of 3 to 5 seconds to avoid exceeding the requests per second (RPS) rate.
+
+|Field| Type | Possible values |
+|:--|:-:|:-|
+|status | string | notStarted: The analysis operation has not started.<br /><br />running: The analysis operation is in progress.<br /><br />failed: The analysis operation has failed.<br /><br />succeeded: The analysis operation has succeeded.|
+
+When the **status** field has the **succeeded** value, the JSON response will include the invoice understanding results, tables extracted and optional text recognition results, if requested. The invoice understanding result is organized as a dictionary of named field values, where each value contains the extracted text, normalized value, bounding box, confidence, and corresponding word elements. It also includes the line items extracted where each line item contains the amount, description, unitPrice, quantity etc. The text recognition result is organized as a hierarchy of lines and words, with text, bounding box and confidence information.
+
+### Sample JSON output
+
+The response to the Get Analyze Invoice Result operation will be the structured representation of the invoice with all the information extracted.
+See here for a [sample invoice file](media/sample-invoice.jpg) and its structured output [sample invoice output](media/invoice-example-new.jpg).
+
+The JSON output has three parts:
+* `"readResults"` node contains all of the recognized text and selection marks. Text is organized by page, then by line, then by individual words.
+* `"pageResults"` node contains the tables and cells extracted with their bounding boxes, confidence, and a reference to the lines and words in "readResults".
+* `"documentResults"` node contains the invoice-specific values and line items that the model discovered. It is where you'll find all the fields from the invoice such as invoice ID, ship to, bill to, customer, total, line items and lots more.
+
+## Example output
+
+The Invoice service will extract the text, tables, and 26 invoice fields. Following are the fields extracted from an invoice in the JSON output response (the output below uses this [sample invoice](media/sample-invoice.jpg)).
+
+### Key Value Pairs
+
+|Name| Type | Description | Text | Value (standardized output) |
+|:--|:-|:-|:-| :-|
+| CustomerName | string | Customer being invoiced | Microsoft Corp | |
+| CustomerId | string | Reference ID for the customer | CID-12345 | |
+| PurchaseOrder | string | A purchase order reference number | PO-3333 | |
+| InvoiceId | string | ID for this specific invoice (often "Invoice Number") | INV-100 | |
+| InvoiceDate | date | Date the invoice was issued | 11/15/2019 | 2019-11-15 |
+| DueDate | date | Date payment for this invoice is due | 12/15/2019 | 2019-12-15 |
+| VendorName | string | Vendor who has created this invoice | CONTOSO LTD. | |
+| VendorAddress | string | Mailing address for the Vendor | 123 456th St New York, NY, 10001 | |
+| VendorAddressRecipient | string | Name associated with the VendorAddress | Contoso Headquarters | |
+| CustomerAddress | string | Mailing address for the Customer | 123 Other St, Redmond WA, 98052 | |
+| CustomerAddressRecipient | string | Name associated with the CustomerAddress | Microsoft Corp | |
+| BillingAddress | string | Explicit billing address for the customer | 123 Bill St, Redmond WA, 98052 | |
+| BillingAddressRecipient | string | Name associated with the BillingAddress | Microsoft Services | |
+| ShippingAddress | string | Explicit shipping address for the customer | 123 Ship St, Redmond WA, 98052 | |
+| ShippingAddressRecipient | string | Name associated with the ShippingAddress | Microsoft Delivery | |
+| SubTotal | number | Subtotal field identified on this invoice | $100.00 | 100 |
+| TotalTax | number | Total tax field identified on this invoice | $10.00 | 10 |
+| InvoiceTotal | number | Total new charges associated with this invoice | $110.00 | 110 |
+| AmountDue | number | Total Amount Due to the vendor | $610.00 | 610 |
+| ServiceAddress | string | Explicit service address or property address for the customer | 123 Service St, Redmond WA, 98052 | |
+| ServiceAddressRecipient | string | Name associated with the ServiceAddress | Microsoft Services | |
+| RemittanceAddress | string | Explicit remittance or payment address for the customer | 123 Remit St New York, NY, 10001 | |
+| RemittanceAddressRecipient | string | Name associated with the RemittanceAddress | Contoso Billing | |
+| ServiceStartDate | date | First date for the service period (for example, a utility bill service period) | 10/14/2019 | 2019-10-14 |
+| ServiceEndDate | date | End date for the service period (for example, a utility bill service period) | 11/14/2019 | 2019-11-14 |
+| PreviousUnpaidBalance | number | Explicit previously unpaid balance | $500.00 | 500 |
+
+### Line items
+
+Following are the line items extracted from an invoice in the JSON output response (the output below uses this [sample invoice](./media/sample-invoice.jpg))
+
+|Name| Type | Description | Text (line item #1) | Value (standardized output) |
+|:--|:-|:-|:-| :-|
+| Items | string | Full string text line of the line item | 3/4/2021 A123 Consulting Services 2 hours $30.00 10% $60.00 | |
+| Amount | number | The amount of the line item | $60.00 | 100 |
+| Description | string | The text description for the invoice line item | Consulting service | Consulting service |
+| Quantity | number | The quantity for this invoice line item | 2 | 2 |
+| UnitPrice | number | The net or gross price (depending on the gross invoice setting of the invoice) of one unit of this item | $30.00 | 30 |
+| ProductCode | string| Product code, product number, or SKU associated with the specific line item | A123 | |
+| Unit | string| The unit of the line item, e.g, kg, lb etc. | hours | |
+| Date | date| Date corresponding to each line item. Often it is a date the line item was shipped | 3/4/2021| 2021-03-04 |
+| Tax | number | Tax associated with each line item. Possible values include tax amount, tax %, and tax Y/N | 10% | |
+
+The invoice key value pairs and line items extracted are in the documentResults section of the JSON output.
+
+## Next steps
+
+- Try your own invoices and samples in the [Form Recognizer Sample UI](https://aka.ms/fott-2.1-ga).
+- Complete a [Form Recognizer quickstart](quickstarts/client-library.md) to get started writing an invoice processing app with Form Recognizer in the development language of your choice.
+
+## See also
+
+* [What is Form Recognizer?](./overview.md)
+* [REST API reference docs](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/5ed8c9843c2794cbb1a96291)
applied-ai-services Concept Layout https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/applied-ai-services/form-recognizer/concept-layout.md
+
+ Title: Layouts - Form Recognizer
+
+description: Learn concepts related to layout analysis with the Form Recognizer API - usage and limits.
+++++++ Last updated : 08/09/2021+++
+# Form Recognizer Layout service
+
+Azure Form Recognizer's Layout API extracts text, tables, selection marks, and structure information from documents (PDF, TIFF) and images (JPG, PNG, BMP). It enables customers to take documents in a variety of formats and return structured data representations of the documents. It combines an enhanced version of our powerful [Optical Character Recognition (OCR)](../../cognitive-services/computer-vision/overview-ocr.md) capabilities with deep learning models to extract text, tables, selection marks, and document structure.
+
+## What does the Layout service do?
+
+The Layout API extracts text, tables with table headers included, selection marks, and structure information from documents with exceptional accuracy and returns an organized, structured, JSON response. Documents can be of a variety of formats and quality, including phone-captured images, scanned documents, and digital PDFs. The Layout API will accurately extract the structured output from all of these documents.
+
+![Layout example](./media/layout-demo.gif)
+
+## Try it
+
+To try out the Form Recognizer Layout Service, go to the online sample UI tool:
+
+> [!div class="nextstepaction"]
+> [Try layout model](https://aka.ms/fott-2.1-ga "Start with the layout prebuilt model to extract data from your forms.")
+
+You will need an Azure subscription ([create one for free](https://azure.microsoft.com/free/cognitive-services)) and a [Form Recognizer resource](https://ms.portal.azure.com/#create/Microsoft.CognitiveServicesFormRecognizer) endpoint and key to try out the Form Recognizer Layout API.
+
+![Sample UI screenshot; the text, tables, and selection marks of a document are analyzed](./media/analyze-layout.png)
+
+## Input requirements
++
+## Analyze Layout
+
+First, call the [Analyze Layout](https://westcentralus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/AnalyzeLayoutAsync) operation. Analyze Layout takes a document (image, TIFF, or PDF file) as the input and extracts the text, tables, selection marks, and structure of the document. The call returns a response header field called `Operation-Location`. The `Operation-Location` value is a URL that contains the Result ID to be used in the next step.
+
+|Response header| Result URL |
+|:--|:-|
+|Operation-Location | `https://cognitiveservice/formrecognizer/v2.1/layout/analyzeResults/{resultId}' |
+
+## Get Analyze Layout Result
+
+The second step is to call the [Get Analyze Layout Result](https://westcentralus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/GetAnalyzeLayoutResult) operation. This operation takes as input the Result ID that was created by the Analyze Layout operation. It returns a JSON response that contains a **status** field with the following possible values.
+
+|Field| Type | Possible values |
+|:--|:-:|:-|
+|status | string | `notStarted`: The analysis operation has not started.<br /><br />`running`: The analysis operation is in progress.<br /><br />`failed`: The analysis operation has failed.<br /><br />`succeeded`: The analysis operation has succeeded.|
+
+Call this operation iteratively until it returns the `succeeded` value. Use an interval of 3 to 5 seconds to avoid exceeding the requests per second (RPS) rate.
+
+When the **status** field has the `succeeded` value, the JSON response will include the extracted layout, text, tables, and selection marks. The extracted data includes extracted text lines and words, bounding boxes, text appearance with handwritten indication, tables, and selection marks with selected/unselected indicated.
+
+## Sample JSON output
+
+The response to the *Get Analyze Layout Result* operation is a structured representation of the document with all the information extracted.
+See here for a [sample document file](https://github.com/Azure-Samples/cognitive-services-REST-api-samples/tree/master/curl/form-recognizer/sample-layout.pdf) and its structured output [sample layout output](https://github.com/Azure-Samples/cognitive-services-REST-api-samples/tree/master/curl/form-recognizer/sample-layout-output.json).
+
+The JSON output has two parts:
+
+* `readResults` node contains all of the recognized text and selection marks. Text is organized by page, then by line, then by individual words.
+* `pageResults` node contains the tables and cells extracted with their bounding boxes, confidence, and a reference to the lines and words in "readResults".
+
+## Features
+
+### Tables and table headers
+
+Layout API extracts tables in the `pageResults` section of the JSON output. Documents can be scanned, photographed, or digitized. Tables can be complex with merged cells or columns, with or without borders, and with odd angles. Extracted table information includes the number of columns and rows, row span, and column span. Each cell with its bounding box is output along with information whether it's recognized as part of a header or not. The model predicted header cells can span multiple rows and are not necessarily the first rows in a table. They also work with rotated tables. Each table cell also includes the full text with references to the individual words in the `readResults` section.
++
+### Selection marks
+
+Layout API also extracts selection marks from documents. Extracted selection marks include the bounding box, confidence, and state (selected/unselected). Selection mark information is extracted in the `readResults` section of the JSON output.
++
+### Text lines and words
+
+Layout API extracts text from documents and images with multiple text angles and colors. It accepts photos of documents, faxes, printed and/or handwritten (English only) text, and mixed modes. Text is extracted with information provided on lines, words, bounding boxes, confidence scores, and style (handwritten or other). All the text information is included in the `readResults` section of the JSON output.
++
+### Natural reading order for text lines (Latin only)
+
+You can specify the order in which the text lines are output with the `readingOrder` query parameter. Use `natural` for a more human-friendly reading order output as shown in the following example. This feature is only supported for Latin languages.
++
+### Handwritten classification for text lines (Latin only)
+
+The response includes classifying whether each text line is of handwriting style or not, along with a confidence score. This feature is only supported for Latin languages. The following example shows the handwritten classification for the text in the image.
++
+### Select page numbers or ranges for text extraction
+
+For large multi-page documents, use the `pages` query parameter to indicate specific page numbers or page ranges for text extraction. The following example shows a document with 10 pages, with text extracted for both cases - all pages (1-10) and selected pages (3-6).
++
+## Next steps
+
+* Try your own layout extraction using the [Form Recognizer Sample UI tool](https://aka.ms/fott-2.1-ga)
+* Complete a [Form Recognizer quickstart](quickstarts/client-library.md#analyze-layout) to get started extracting layouts in the development language of your choice.
+
+## See also
+
+* [What is Form Recognizer?](./overview.md)
+* [REST API reference docs](https://westcentralus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/AnalyzeLayoutAsync)
applied-ai-services Concept Receipts https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/applied-ai-services/form-recognizer/concept-receipts.md
+
+ Title: Receipts - Form Recognizer
+
+description: Learn concepts related to receipt analysis with the Form Recognizer API - usage and limits.
+++++++ Last updated : 08/09/2021+++
+# Form Recognizer prebuilt receipt model
+
+Many businesses and individuals still rely on manually extracted data from sales receipts. Automatically extracting data from these receipts can be complicated. Receipts may be crumpled, hard to read, have handwritten parts and contain low-quality smartphone images. Also, receipt templates and fields can vary greatly by market, region, and merchant. These data extraction and field detection challenges make receipt processing a unique problem.
+
+Azure Form Recognizer can analyze and extract information from sales receipts using its prebuilt receipt model. It combines our powerful [Optical Character Recognition (OCR)](../../cognitive-services/computer-vision/overview-ocr.md) capabilities with deep learning models to extract key information such as merchant name, merchant phone number, transaction date, transaction total, and more from receipts written in English.
+
+## Customer scenarios
+
+### Business expense reporting
+
+Often filing business expenses involves spending time manually entering data from images of receipts. With the Receipt API, you can use the extracted fields to partially automate this process and analyze your receipts quickly.
+
+The Receipt API is a simple JSON output allowing you to use the extracted field values in multiple ways. Integrate with internal expense applications to pre-populate expense reports. For more on this scenario, read about how Acumatica is utilizing Receipt API to [make expense reporting a less painful process](https://customers.microsoft.com/story/762684-acumatica-partner-professional-services-azure).
+
+### Auditing and accounting
+
+The Receipt API output can also be used to perform analysis on a large number of expenses at various points in the expense reporting and reimbursement process. You can process receipts to triage them for manual audit or quick approvals.
+
+The Receipt output is also useful for general book-keeping for business or personal use. Use the Receipt API to transform any raw receipt image/PDF data into a digital output that is actionable.
+
+### Consumer behavior
+
+Receipts contain useful data which you can use to analyze consumer behavior and shopping trends.
+
+The Receipt API also powers the [AI Builder Receipt Processing feature](/ai-builder/prebuilt-receipt-processing).
+
+## Try it
+
+To try out the Form Recognizer receipt service, go to the online Sample UI Tool:
+
+> [!div class="nextstepaction"]
+> [Try receipt model](https://aka.ms/fott-2.1-ga "Start with prebuilt model to extract data from receipts.")
+
+## What does the Receipt service do?
+
+The prebuilt Receipt service extracts the contents of sales receipts&mdash;the type of receipt you would commonly get at a restaurant, retailer, or grocery store.
+
+![sample receipt](./media/receipts-example.jpg)
+
+### Fields extracted
+
+|Name| Type | Description | Text | Value (standardized output) |
+|:--|:-|:-|:-| :-|
+| ReceiptType | string | Type of sales receipt | | Itemized |
+| MerchantName | string | Name of the merchant issuing the receipt | Contoso | |
+| MerchantPhoneNumber | phoneNumber | Listed phone number of merchant | 987-654-3210 | +19876543210 |
+| MerchantAddress | string | Listed address of merchant | 123 Main St Redmond WA 98052 | |
+| TransactionDate | date | Date the receipt was issued | June 06, 2019 | 2019-06-26 |
+| TransactionTime | time | Time the receipt was issued | 4:49 PM | 16:49:00 |
+| Total | number | Full transaction total of receipt | $14.34 | 14.34 |
+| Subtotal | number | Subtotal of receipt, often before taxes are applied | $12.34 | 12.34 |
+| Tax | number | Tax on receipt, often sales tax or equivalent | $2.00 | 2.00 |
+| Tip | number | Tip included by buyer | $1.00 | 1.00 |
+| Items | array of objects | Extracted line items, with name, quantity, unit price, and total price extracted | |
+| Name | string | Item name | Surface Pro 6 | |
+| Quantity | number | Quantity of each item | 1 | 1 |
+| Price | number | Individual price of each item unit | $999.00 | 999.00 |
+| Total Price | number | Total price of line item | $999.00 | 999.00 |
+
+### Additional features
+
+The Receipt API also returns the following information:
+
+* Field confidence level (each field returns an associated confidence value)
+* OCR raw text (OCR-extracted text output for the entire receipt)
+* Bounding box for each value, line and word
+
+## Input requirements
++
+## Supported locales
+
+* **Pre-built receipt v2.1** supports sales receipts in the **en-au**, **en-ca**, **en-gb**, **en-in**, and **en-us** English locales
+
+ > [!NOTE]
+ > Language input
+ >
+ > Prebuilt Receipt v2.1 has an optional request parameter to specify a receipt locale from additional English markets. For sales receipts in English from Australia (en-au), Canada (en-ca), Great Britain (en-gb), and India (en-in), you can specify the locale to get improved results. If no locale is specified in v2.1, the model will automatically detect the locale.
+
+## Analyze Receipt
+
+The [Analyze Receipt](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/AnalyzeReceiptAsync) takes an image or PDF of a receipt as the input and extracts the values of interest and text. The call returns a response header field called `Operation-Location`. The `Operation-Location` value is a URL that contains the Result ID to be used in the next step.
+
+|Response header| Result URL |
+|:--|:-|
+|Operation-Location | `https://cognitiveservice/formrecognizer/v2.1/prebuilt/receipt/analyzeResults/56a36454-fc4d-4354-aa07-880cfbf0064f` |
+
+## Get Analyze Receipt Result
+
+The second step is to call the [Get Analyze Receipt Result](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/GetAnalyzeReceiptResult) operation. This operation takes as input the Result ID that was created by the Analyze Receipt operation. It returns a JSON response that contains a **status** field with the following possible values. You call this operation iteratively until it returns with the **succeeded** value. Use an interval of 3 to 5 seconds to avoid exceeding the requests per second (RPS) rate.
+
+|Field| Type | Possible values |
+|:--|:-:|:-|
+|status | string | notStarted: The operation hasn't started. |
+| | | running: The analysis operation is in progress. |
+| | | failed: The analysis operation has failed. |
+| | | succeeded: The analysis operation has succeeded. |
+
+When the **status** field has the **succeeded** value, the JSON response will include the receipt understanding and text recognition results. The receipt understanding result is organized as a dictionary of named field values. Each value contains the extracted text, normalized value, bounding box, confidence and corresponding word elements. The text recognition result is organized as a hierarchy of lines and words, with text, bounding box and confidence information.
+
+![sample receipt results](./media/contoso-receipt-2-information.png)
+
+### Sample JSON output
+
+The response to the Get Analyze Receipt Result operation will be the structured representation of the receipt with all the information extracted. See here for a [sample receipt file](https://github.com/Azure-Samples/cognitive-services-REST-api-samples/blob/master/curl/form-recognizer/contoso-allinone.jpg) and its structured output [sample receipt output](https://github.com/Azure-Samples/cognitive-services-REST-api-samples/blob/master/curl/form-recognizer/receipt-result.json).
+
+See the following example of a successful JSON response (the output has been shortened for simplicity):
+* The `"readResults"` node contains all of the recognized text. Text is organized by page, then by line, then by individual words.
+* The `"documentResults"` node contains the business-card-specific values that the model discovered. This is where you'll find useful key/value pairs like the first name, last name, company name and more.
+
+```json
+{
+ "status":"succeeded",
+ "createdDateTime":"2019-12-17T04:11:24Z",
+ "lastUpdatedDateTime":"2019-12-17T04:11:32Z",
+ "analyzeResult":{
+ "version":"2.0.0",
+ "readResults":[
+ {
+ "page":1,
+ "angle":0.6893,
+ "width":1688,
+ "height":3000,
+ "unit":"pixel",
+ "language":"en",
+ "lines":[
+ {
+ "text":"Contoso",
+ "boundingBox":[
+ 635,
+ 510,
+ 1086,
+ 461,
+ 1098,
+ 558,
+ 643,
+ 604
+ ],
+ "words":[
+ {
+ "text":"Contoso",
+ "boundingBox":[
+ 639,
+ 510,
+ 1087,
+ 461,
+ 1098,
+ 551,
+ 646,
+ 604
+ ],
+ "confidence":0.955
+ }
+ ]
+ },
+ ...
+ ]
+ }
+ ],
+ "documentResults":[
+ {
+ "docType":"prebuilt:receipt",
+ "pageRange":[
+ 1,
+ 1
+ ],
+ "fields":{
+ "ReceiptType":{
+ "type":"string",
+ "valueString":"Itemized",
+ "confidence":0.692
+ },
+ "MerchantName":{
+ "type":"string",
+ "valueString":"Contoso Contoso",
+ "text":"Contoso Contoso",
+ "boundingBox":[
+ 378.2,
+ 292.4,
+ 1117.7,
+ 468.3,
+ 1035.7,
+ 812.7,
+ 296.3,
+ 636.8
+ ],
+ "page":1,
+ "confidence":0.613,
+ "elements":[
+ "#/readResults/0/lines/0/words/0",
+ "#/readResults/0/lines/1/words/0"
+ ]
+ },
+ "MerchantAddress":{
+ "type":"string",
+ "valueString":"123 Main Street Redmond, WA 98052",
+ "text":"123 Main Street Redmond, WA 98052",
+ "boundingBox":[
+ 302,
+ 675.8,
+ 848.1,
+ 793.7,
+ 809.9,
+ 970.4,
+ 263.9,
+ 852.5
+ ],
+ "page":1,
+ "confidence":0.99,
+ "elements":[
+ "#/readResults/0/lines/2/words/0",
+ "#/readResults/0/lines/2/words/1",
+ "#/readResults/0/lines/2/words/2",
+ "#/readResults/0/lines/3/words/0",
+ "#/readResults/0/lines/3/words/1",
+ "#/readResults/0/lines/3/words/2"
+ ]
+ },
+ "MerchantPhoneNumber":{
+ "type":"phoneNumber",
+ "valuePhoneNumber":"+19876543210",
+ "text":"987-654-3210",
+ "boundingBox":[
+ 278,
+ 1004,
+ 656.3,
+ 1054.7,
+ 646.8,
+ 1125.3,
+ 268.5,
+ 1074.7
+ ],
+ "page":1,
+ "confidence":0.99,
+ "elements":[
+ "#/readResults/0/lines/4/words/0"
+ ]
+ },
+ "TransactionDate":{
+ "type":"date",
+ "valueDate":"2019-06-10",
+ "text":"6/10/2019",
+ "boundingBox":[
+ 265.1,
+ 1228.4,
+ 525,
+ 1247,
+ 518.9,
+ 1332.1,
+ 259,
+ 1313.5
+ ],
+ "page":1,
+ "confidence":0.99,
+ "elements":[
+ "#/readResults/0/lines/5/words/0"
+ ]
+ },
+ "TransactionTime":{
+ "type":"time",
+ "valueTime":"13:59:00",
+ "text":"13:59",
+ "boundingBox":[
+ 541,
+ 1248,
+ 677.3,
+ 1261.5,
+ 668.9,
+ 1346.5,
+ 532.6,
+ 1333
+ ],
+ "page":1,
+ "confidence":0.977,
+ "elements":[
+ "#/readResults/0/lines/5/words/1"
+ ]
+ },
+ "Items":{
+ "type":"array",
+ "valueArray":[
+ {
+ "type":"object",
+ "valueObject":{
+ "Quantity":{
+ "type":"number",
+ "text":"1",
+ "boundingBox":[
+ 245.1,
+ 1581.5,
+ 300.9,
+ 1585.1,
+ 295,
+ 1676,
+ 239.2,
+ 1672.4
+ ],
+ "page":1,
+ "confidence":0.92,
+ "elements":[
+ "#/readResults/0/lines/7/words/0"
+ ]
+ },
+ "Name":{
+ "type":"string",
+ "valueString":"Cappuccino",
+ "text":"Cappuccino",
+ "boundingBox":[
+ 322,
+ 1586,
+ 654.2,
+ 1601.1,
+ 650,
+ 1693,
+ 317.8,
+ 1678
+ ],
+ "page":1,
+ "confidence":0.923,
+ "elements":[
+ "#/readResults/0/lines/7/words/1"
+ ]
+ },
+ "TotalPrice":{
+ "type":"number",
+ "valueNumber":2.2,
+ "text":"$2.20",
+ "boundingBox":[
+ 1107.7,
+ 1584,
+ 1263,
+ 1574,
+ 1268.3,
+ 1656,
+ 1113,
+ 1666
+ ],
+ "page":1,
+ "confidence":0.918,
+ "elements":[
+ "#/readResults/0/lines/8/words/0"
+ ]
+ }
+ }
+ },
+ ...
+ ]
+ },
+ "Subtotal":{
+ "type":"number",
+ "valueNumber":11.7,
+ "text":"11.70",
+ "boundingBox":[
+ 1146,
+ 2221,
+ 1297.3,
+ 2223,
+ 1296,
+ 2319,
+ 1144.7,
+ 2317
+ ],
+ "page":1,
+ "confidence":0.955,
+ "elements":[
+ "#/readResults/0/lines/13/words/1"
+ ]
+ },
+ "Tax":{
+ "type":"number",
+ "valueNumber":1.17,
+ "text":"1.17",
+ "boundingBox":[
+ 1190,
+ 2359,
+ 1304,
+ 2359,
+ 1304,
+ 2456,
+ 1190,
+ 2456
+ ],
+ "page":1,
+ "confidence":0.979,
+ "elements":[
+ "#/readResults/0/lines/15/words/1"
+ ]
+ },
+ "Tip":{
+ "type":"number",
+ "valueNumber":1.63,
+ "text":"1.63",
+ "boundingBox":[
+ 1094,
+ 2479,
+ 1267.7,
+ 2485,
+ 1264,
+ 2591,
+ 1090.3,
+ 2585
+ ],
+ "page":1,
+ "confidence":0.941,
+ "elements":[
+ "#/readResults/0/lines/17/words/1"
+ ]
+ },
+ "Total":{
+ "type":"number",
+ "valueNumber":14.5,
+ "text":"$14.50",
+ "boundingBox":[
+ 1034.2,
+ 2617,
+ 1387.5,
+ 2638.2,
+ 1380,
+ 2763,
+ 1026.7,
+ 2741.8
+ ],
+ "page":1,
+ "confidence":0.985,
+ "elements":[
+ "#/readResults/0/lines/19/words/0"
+ ]
+ }
+ }
+ }
+ ]
+ }
+}
+```
+
+## Next steps
+
+* Try your own receipts and samples in the [Form Recognizer Sample UI](https://fott-preview.azurewebsites.net/).
+* Complete a [Form Recognizer quickstart](quickstarts/client-library.md) to get started writing a receipt processing app with Form Recognizer in the development language of your choice.
applied-ai-services Form Recognizer Container Configuration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/applied-ai-services/form-recognizer/containers/form-recognizer-container-configuration.md
+
+ Title: Configure Form Recognizer containers
+
+description: Learn how to configure the Form Recognizer container to parse form and table data.
+++++ Last updated : 07/01/2021++
+# Configure Form Recognizer containers
+
+> [!IMPORTANT]
+>
+> Form Recognizer containers are in gated preview. To use them, you must submit an [online request](https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR7en2Ais5pxKtso_Pz4b1_xUNlpBU1lFSjJUMFhKNzVHUUVLN1NIOEZETiQlQCN0PWcu), and have it approved. See [**Request approval to run container**](form-recognizer-container-install-run.md#request-approval-to-run-the-container) below for more information.
+
+With Azure Form Recognizer containers, you can build an application architecture that's optimized to take advantage of both robust cloud capabilities and edge locality. Containers provide a minimalist, virtually-isolated environment that can be easily deployed on-premise and in the cloud. In this article, you will learn to configure the Form Recognizer container run-time environment by using the `docker compose` command arguments. Form Recognizer features are supported by six Form Recognizer feature containersΓÇö**Layout**, **Business Card**,**ID Document**, **Receipt**, **Invoice**, **Custom**. These containers have several required settings and a few optional settings. For a few examples, see the [Example docker-compose.yml file](#example-docker-composeyml-file) section.
+
+## Configuration settings
+
+Each container has the following configuration settings:
+
+|Required|Setting|Purpose|
+|--|--|--|
+|Yes|[ApiKey](#apikey-and-billing-configuration-setting)|Tracks billing information.|
+|Yes|[Billing](#apikey-and-billing-configuration-setting)|Specifies the endpoint URI of the service resource on Azure. For more information on obtaining _see_ [Billing]](form-recognizer-container-install-run.md#billing). For more information and a complete list of regional endpoints, _see_ [Custom subdomain names for Cognitive Services](../../../cognitive-services/cognitive-services-custom-subdomains.md).|
+|Yes|[Eula](#eula-setting)| Indicates that you've accepted the license for the container.|
+|No|[ApplicationInsights](#applicationinsights-setting)|Enables adding [Azure Application Insights](/azure/application-insights) telemetry support to your container.|
+|No|[Fluentd](#fluentd-settings)|Writes log and, optionally, metric data to a Fluentd server.|
+|No|HTTP Proxy|Configures an HTTP proxy for making outbound requests.|
+|No|[Logging](#logging-settings)|Provides ASP.NET Core logging support for your container. |
+
+> [!IMPORTANT]
+> The [`ApiKey`](#apikey-and-billing-configuration-setting), [`Billing`](#apikey-and-billing-configuration-setting), and [`Eula`](#eula-setting) settings are used together. You must provide valid values for all three settings; otherwise, your containers won't start. For more information about using these configuration settings to instantiate a container, see [Billing](form-recognizer-container-install-run.md#billing).
+
+## ApiKey and Billing configuration setting
+
+The `ApiKey` setting specifies the Azure resource key that's used to track billing information for the container. The value for the ApiKey must be a valid key for the resource that's specified for `Billing` in the "Billing configuration setting" section.
+
+The `Billing` setting specifies the endpoint URI of the resource on Azure that's used to meter billing information for the container. The value for this configuration setting must be a valid endpoint URI for a resource on Azure. The container reports usage about every 10 to 15 minutes.
+
+ You can find these settings in the Azure portal on the **Keys and Endpoint** page.
+
+ :::image type="content" source="../media/containers/keys-and-endpoint.png" alt-text="Screenshot: Azure portal keys and endpoint page.":::
+
+## Eula setting
++
+## ApplicationInsights setting
++
+## Fluentd settings
++
+## HTTP proxy credentials settings
++
+## Logging settings
++
+## Volume settings
+
+Use [**volumes**](https://docs.docker.com/storage/volumes/) to read and write data to and from the container. Volumes are the preferred for persisting data generated and used by Docker containers. You can specify an input mount or an output mount by including the `volumes` option and specifying `type` (bind), `source` (path to the folder) and `target` (file path parameter).
+
+The Form Recognizer container requires an input volume and an output volume. The input volume can be read-only (`ro`), and it's required for access to the data that's used for training and scoring. The output volume has to be writable, and you use it to store the models and temporary data.
+
+The exact syntax of the host volume location varies depending on the host operating system. Additionally, the volume location of the [host computer](form-recognizer-container-install-run.md#host-computer-requirements) might not be accessible because of a conflict between the Docker service account permissions and the host mount location permissions.
+
+## Example docker-compose.yml file
+
+The **docker compose** method is comprised of three steps:
+
+ 1. Create a Dockerfile.
+ 1. Define the services in a **docker-compose.yml** so they can be run together in an isolated environment.
+ 1. Run `docker-compose up` to start and run your services.
+
+### Single container example
+
+In this example, enter {FORM_RECOGNIZER_ENDPOINT_URI} and {FORM_RECOGNIZER_API_KEY} values for your Layout container instance.
+
+#### **Layout container**
+
+```yml
+version: "3.9"
+
+azure-cognitive-service-layout:
+ container_name: azure-cognitive-service-layout
+ image: mcr.microsoft.com/azure-cognitive-services/form-recognizer/layout
+ environment:
+ - EULA=accept
+ - billing={FORM_RECOGNIZER_ENDPOINT_URI}
+ - apikey={FORM_RECOGNIZER_API_KEY}
+
+ ports:
+ - "5000"
+ networks:
+ - ocrvnet
+networks:
+ ocrvnet:
+ driver: bridge
+```
+
+### Multiple containers example
+
+#### **Receipt and OCR Read containers**
+
+In this example, enter {FORM_RECOGNIZER_ENDPOINT_URI} and {FORM_RECOGNIZER_API_KEY} values for your Receipt container and {COMPUTER_VISION_ENDPOINT_URI} and {COMPUTER_VISION_API_KEY} values for your Computer Vision Read container.
+
+```yml
+version: "3"
+
+ azure-cognitive-service-receipt:
+ container_name: azure-cognitive-service-receipt
+ image: cognitiveservicespreview.azurecr.io/microsoft/cognitive-services-form-recognizer-receipt:2.1
+ environment:
+ - EULA=accept
+ - billing={FORM_RECOGNIZER_ENDPOINT_URI}
+ - apikey={FORM_RECOGNIZER_API_KEY}
+ - AzureCognitiveServiceReadHost=http://azure-cognitive-service-read:5000
+ ports:
+ - "5000:5050"
+ networks:
+ - ocrvnet
+ azure-cognitive-service-read:
+ container_name: azure-cognitive-service-read
+ image: mcr.microsoft.com/azure-cognitive-services/vision/read:3.2
+ environment:
+ - EULA=accept
+ - billing={COMPUTER_VISION_ENDPOINT_URI}
+ - apikey={COMPUTER_VISION_API_KEY}
+ networks:
+ - ocrvnet
+
+networks:
+ ocrvnet:
+ driver: bridge
+```
+
+## Next steps
+
+> [!div class="nextstepaction"]
+> [Learn more about running multiple containers and the docker compose command](form-recognizer-container-install-run.md)
applied-ai-services Form Recognizer Container Install Run https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/applied-ai-services/form-recognizer/containers/form-recognizer-container-install-run.md
+
+ Title: Install and run Docker containers for Form Recognizer v2.1
+
+description: Use the Docker containers for Form Recognizer on-premises to identify and extract key-value pairs, selection marks, tables, and structure from forms and documents.
+++++ Last updated : 07/01/2021+
+keywords: on-premises, Docker, container, identify
++
+# Install and run Form Recognizer v2.1-preview containers
+
+> [!IMPORTANT]
+>
+> * Form Recognizer containers are in gated preview. To use them, you must submit an [online request](https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR7en2Ais5pxKtso_Pz4b1_xUNlpBU1lFSjJUMFhKNzVHUUVLN1NIOEZETiQlQCN0PWcu), and receive approval. See [**Request approval to run container**](#request-approval-to-run-the-container) below for more information.
+>
+> * The online request form requires that you provide a valid email address that belongs to the organization that owns the Azure subscription ID and that you have or have been granted access to that subscription.
+
+Azure Form Recognizer is an Azure Applied AI Service that lets you build automated data processing software using machine learning technology. Form Recognizer enables you to identify and extract text, key/value pairs, selection marks, table data, and more from your form documents and output structured data that includes the relationships in the original file.
+
+In this article you'll learn how to download, install, and run Form Recognizer containers. Containers enable you to run the Form Recognizer service in your own environment. Containers are great for specific security and data governance requirements. Form Recognizer features are supported by six Form Recognizer feature containersΓÇö**Layout**, **Business Card**,**ID Document**, **Receipt**, **Invoice**, and **Custom** (for Receipt, Business Card and ID Document containers you will also need the **Read** OCR container).
+
+## Prerequisites
+
+To get started, you'll need an active [**Azure account**](https://azure.microsoft.com/free/cognitive-services/). If you don't have one, you can [**create a free account**](https://azure.microsoft.com/free/).
+
+You'll also need the following to use Form Recognizer containers:
+
+| Required | Purpose |
+|-||
+| **Familiarity with Docker** | You should have a basic understanding of Docker concepts, like registries, repositories, containers, and container images, as well as knowledge of basic `docker` [terminology and commands](/dotnet/architecture/microservices/container-docker-introduction/docker-terminology). |
+| **Docker Engine installed** | <ul><li>You need the Docker Engine installed on a [host computer](#host-computer-requirements). Docker provides packages that configure the Docker environment on [macOS](https://docs.docker.com/docker-for-mac/), [Windows](https://docs.docker.com/docker-for-windows/), and [Linux](https://docs.docker.com/engine/installation/#supported-platforms). For a primer on Docker and container basics, see the [Docker overview](https://docs.docker.com/engine/docker-overview/).</li><li> Docker must be configured to allow the containers to connect with and send billing data to Azure. </li><li> On **Windows**, Docker must also be configured to support **Linux** containers.</li></ul> |
+|**Form Recognizer resource** | A [**single-service Azure Form Recognizer**](https://ms.portal.azure.com/#create/Microsoft.CognitiveServicesFormRecognizer) or [**multi-service Cognitive Services**](https://ms.portal.azure.com/#create/Microsoft.CognitiveServicesAllInOne) resource in the Azure portal. To use the containers, you must have the associated API key and endpoint URI. Both values are available on the Azure portal Form Recognizer **Keys and Endpoint** page: <ul><li>**{FORM_RECOGNIZER_API_KEY}**: one of the two available resource keys.<li>**{FORM_RECOGNIZER_ENDPOINT_URI}**: the endpoint for the resource used to track billing information.</li></li></ul>|
+| **Computer Vision API resource** | **To process business cards, ID documents, or Receipts, you'll need a Computer Vision resource.** <ul><li>You can access the Recognize Text feature as either an Azure resource (the REST API or SDK) or a **cognitive-services-recognize-text** [container](../../../cognitive-services/Computer-vision/computer-vision-how-to-install-containers.md#get-the-container-image-with-docker-pull). The usual [billing](#billing) fees apply.</li> <li>If you use the **cognitive-services-recognize-text** container, make sure that your Computer Vision key for the Form Recognizer container is the key specified in the Computer Vision `docker run` or `docker compose` command for the **cognitive-services-recognize-text** container and your billing endpoint is the container's endpoint (for example, `http://localhost:5000`). If you use both the Computer Vision container and Form Recognizer container together on the same host, they can't both be started with the default port of *5000*. </li></ul></br>Pass in both the API key and endpoints for your Computer Vision Azure cloud or Cognitive Services container:<ul><li>**{COMPUTER_VISION_API_KEY}**: one of the two available resource keys.</li><li> **{COMPUTER_VISION_ENDPOINT_URI}**: the endpoint for the resource used to track billing information.</li></ul> |
+
+|Optional|Purpose|
+||-|
+|**Azure CLI (command-line interface)** | The [Azure CLI](/cli/azure/install-azure-cli) enables you to use a set of online commands to create and manage Azure resources. It is available to install in Windows, macOS, and Linux environments and can be run in a Docker container and Azure Cloud Shell. |
+|||
+
+## Request approval to run the container
+
+Complete and submit the [Application for Gated Services form](https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR7en2Ais5pxKtso_Pz4b1_xUNlpBU1lFSjJUMFhKNzVHUUVLN1NIOEZETiQlQCN0PWcu) to request approval to run the container.
+
+The form requests information about you, your company, and the user scenario for which you'll use the container. After you submit the form, the Azure Cognitive Services team will review it and email you with a decision.
+
+On the form, you must use an email address associated with an Azure subscription ID. The Azure resource you use to run the container must have been created with the approved Azure subscription ID. Check your email (both inbox and junk folders) for updates on the status of your application from Microsoft. After you're approved, you will be able to run the container after downloading it from the Microsoft Container Registry (MCR), described later in the article.
+
+## Host computer requirements
+
+The host is a x64-based computer that runs the Docker container. It can be a computer on your premises or a Docker hosting service in Azure, such as:
+
+* [Azure Kubernetes Service](../../../aks/index.yml).
+* [Azure Container Instances](../../../container-instances/index.yml).
+* A [Kubernetes](https://kubernetes.io/) cluster deployed to [Azure Stack](/azure-stack/operator). For more information, see [Deploy Kubernetes to Azure Stack](/azure-stack/user/azure-stack-solution-template-kubernetes-deploy).
+
+### Container requirements and recommendations
+
+#### Required containers
+
+The following table lists the additional supporting container(s) for each Form Recognizer container you download. Please refer to the [Billing](#billing) section for more information.
+
+| Feature container | Supporting container(s) |
+||--|
+| **Layout** | None |
+| **Business Card** | **Computer Vision Read**|
+| **ID Document** | **Computer Vision Read** |
+| **Invoice** | **Layout** |
+| **Receipt** |**Computer Vision Read** |
+| **Custom** | **Custom API**, **Custom Supervised**, **Layout**|
+
+#### Recommended CPU cores and memory
+
+> [!Note]
+> The minimum and recommended values are based on Docker limits and *not* the host machine resources.
+
+##### Read, Layout, and Prebuilt containers
+
+| Container | Minimum | Recommended |
+|--||-|
+| Read 3.2 | 8 cores, 16-GB memory | 8 cores, 24-GB memory|
+| Layout 2.1-preview | 8 cores, 16-GB memory | 8 core, 24-GB memory |
+| Business Card 2.1-preview | 2 cores, 4-GB memory | 4 cores, 4-GB memory |
+| ID Document 2.1-preview | 1 core, 2-GB memory |2 cores, 2-GB memory |
+| Invoice 2.1-preview | 4 cores, 8-GB memory | 8 cores, 8-GB memory |
+| Receipt 2.1-preview | 4 cores, 8-GB memory | 8 cores, 8-GB memory |
+
+##### Custom containers
+
+The following host machine requirements are applicable to **train and analyze** requests:
+
+| Container | Minimum | Recommended |
+|--||-|
+| Custom API| 0.5 cores, 0.5-GB memory| 1 cores, 1-GB memory |
+|Custom Supervised | 4 cores, 2-GB memory | 8 cores, 4-GB memory|
+
+If you are only making analyze calls, the host machine requirements are as follows:
+
+| Container | Minimum | Recommended |
+|--||-|
+|Custom Supervised (Analyze) | 1 core, 0.5-GB | 2 cores, 1-GB memory |
+
+* Each core must be at least 2.6 gigahertz (GHz) or faster.
+* Core and memory correspond to the `--cpus` and `--memory` settings, which are used as part of the `docker compose` or `docker run` command.
+
+> [!TIP]
+> You can use the [docker images](https://docs.docker.com/engine/reference/commandline/images/) command to list your downloaded container images. For example, the following command lists the ID, repository, and tag of each downloaded container image, formatted as a table:
+>
+> ```docker
+> docker images --format "table {{.ID}}\t{{.Repository}}\t{{.Tag}}"
+>
+> IMAGE ID REPOSITORY TAG
+> <image-id> <repository-path/name> <tag-name>
+> ```
+
+## Run the container with the **docker-compose up** command
+
+* Replace the {ENDPOINT_URI} and {API_KEY} values with your resource Endpoint URI and the API Key from the Azure resource page.
+
+ :::image type="content" source="../media/containers/keys-and-endpoint.png" alt-text="Screenshot: Azure portal keys and endpoint page.":::
+
+* Ensure that the EULA value is set to "accept".
+
+* The `EULA`, `Billing`, and `ApiKey` values must be specified; otherwise the container won't start.
+
+> [!IMPORTANT]
+> The subscription keys are used to access your Form Recognizer resource. Do not share your keys. Store them securely, for example, using Azure Key Vault. We also recommend regenerating these keys regularly. Only one key is necessary to make an API call. When regenerating the first key, you can use the second key for continued access to the service.
+
+### [Layout](#tab/layout)
+
+Below is a self-contained `docker compose` example to run the Form Recognizer Layout container. With `docker compose`, you use a YAML file to configure your applicationΓÇÖs services. Then, with `docker-compose up` command, you create and start all the services from your configuration. Enter {FORM_RECOGNIZER_ENDPOINT_URI} and {{FORM_RECOGNIZER_API_KEY} values for your Layout container instance.
+
+```yml
+version: "3.9"
+
+azure-cognitive-service-layout:
+ container_name: azure-cognitive-service-layout
+ image: mcr.microsoft.com/azure-cognitive-services/form-recognizer/layout
+ environment:
+ - EULA=accept
+ - billing={FORM_RECOGNIZER_ENDPOINT_URI}
+ - apikey={FORM_RECOGNIZER_API_KEY}
+ ports:
+ - "5000"
+ networks:
+ - ocrvnet
+networks:
+ ocrvnet:
+ driver: bridge
+```
+
+Now, you can start the service with the [**docker compose**](https://docs.docker.com/compose/) command:
+
+```bash
+docker-compose up
+```
+
+### [Business Card](#tab/business-card)
+
+Below is a self-contained `docker compose` example to run Form Recognizer Business Card and Read containers together. With `docker compose`, you use a YAML file to configure your applicationΓÇÖs services. Then, with `docker-compose up` command, you create and start all the services from your configuration. Enter {FORM_RECOGNIZER_ENDPOINT_URI} and {FORM_RECOGNIZER_API_KEY} values for your Business Card container instance. Enter {COMPUTER_VISION_ENDPOINT_URI} and {COMPUTER_VISION_API_KEY} for your Computer Vision Read container.
+
+```yml
+version: "3.9"
+
+ azure-cognitive-service-businesscard:
+ container_name: azure-cognitive-service-businesscard
+ image: mcr.microsoft.com/azure-cognitive-services/form-recognizer/businesscard
+ environment:
+ - EULA=accept
+ - billing={FORM_RECOGNIZER_ENDPOINT_URI}
+ - apikey={FORM_RECOGNIZER_API_KEY}
+ - AzureCognitiveServiceReadHost=http://azure-cognitive-service-read:5000
+ ports:
+ - "5000:5050"
+ networks:
+ - ocrvnet
+ azure-cognitive-service-read:
+ container_name: azure-cognitive-service-read
+ image: mcr.microsoft.com/azure-cognitive-services/vision/read:3.2
+ environment:
+ - EULA=accept
+ - billing={COMPUTER_VISION_ENDPOINT_URI}
+ - apikey={COMPUTER_VISION_API_KEY}
+ networks:
+ - ocrvnet
+
+networks:
+ ocrvnet:
+ driver: bridge
+```
+
+Now, you can start the service with the [**docker compose**](https://docs.docker.com/compose/) command:
+
+```bash
+docker-compose up
+```
+
+### [ID Document](#tab/id-document)
+
+Below is a self-contained `docker compose` example to run Form Recognizer ID Document and Read containers together. With `docker compose`, you use a YAML file to configure your applicationΓÇÖs services. Then, with `docker-compose up` command, you create and start all the services from your configuration. Enter {FORM_RECOGNIZER_ENDPOINT_URI} and {FORM_RECOGNIZER_API_KEY} values for your ID document container. Enter {COMPUTER_VISION_ENDPOINT_URI} and {COMPUTER_VISION_API_KEY} values for your Computer Vision Read container.
+
+```yml
+version: "3.9"
+
+ azure-cognitive-service-id:
+ container_name: azure-cognitive-service-id
+ image: mcr.microsoft.com/azure-cognitive-services/form-recognizer/id-document
+ environment:
+ - EULA=accept
+ - billing={FORM_RECOGNIZER_ENDPOINT_URI}
+ - apikey={FORM_RECOGNIZER_API_KEY}
+ - AzureCognitiveServiceReadHost=http://azure-cognitive-service-read:5000
+ ports:
+ - "5000:5050"
+ networks:
+ - ocrvnet
+ azure-cognitive-service-read:
+ container_name: azure-cognitive-service-read
+ image: mcr.microsoft.com/azure-cognitive-services/vision/read:3.2
+ environment:
+ - EULA=accept
+ - billing={COMPUTER_VISION_ENDPOINT_URI}
+ - apikey={COMPUTER_VISION_API_KEY}
+ networks:
+ - ocrvnet
+
+networks:
+ ocrvnet:
+ driver: bridge
+```
+
+Now, you can start the service with the [**docker compose**](https://docs.docker.com/compose/) command:
+
+```bash
+docker-compose up
+```
+
+### [Invoice](#tab/invoice)
+
+Below is a self-contained `docker compose` example to run Form Recognizer Invoice and Layout containers together. With `docker compose`, you use a YAML file to configure your applicationΓÇÖs services. Then, with `docker-compose up` command, you create and start all the services from your configuration. Enter {FORM_RECOGNIZER_ENDPOINT_URI} and {FORM_RECOGNIZER_API_KEY} values for your Invoice and Layout containers.
+
+```yml
+version: "3.9"
+
+ azure-cognitive-service-invoice:
+ container_name: azure-cognitive-service-invoice
+ image: mcr.microsoft.com/azure-cognitive-services/form-recognizer/invoice
+ environment:
+ - EULA=accept
+ - billing={FORM_RECOGNIZER_ENDPOINT_URI}
+ - apikey={FORM_RECOGNIZER_API_KEY}
+ - AzureCognitiveServiceLayoutHost=http://azure-cognitive-service-layout:5000
+ ports:
+ - "5000:5050"
+ networks:
+ - ocrvnet
+ azure-cognitive-service-layout:
+ container_name: azure-cognitive-service-layout
+ image: mcr.microsoft.com/azure-cognitive-services/form-recognizer/layout
+ user: root
+ environment:
+ - EULA=accept
+ - billing={FORM_RECOGNIZER_ENDPOINT_URI}
+ - apikey={FORM_RECOGNIZER_API_KEY}
+ networks:
+ - ocrvnet
+
+networks:
+ ocrvnet:
+ driver: bridge
+```
+
+Now, you can start the service with the [**docker compose**](https://docs.docker.com/compose/) command:
+
+```bash
+docker-compose up
+```
+
+### [Receipt](#tab/receipt)
+
+Below is a self-contained `docker compose` example to run Form Recognizer Receipt and Read containers together. With `docker compose`, you use a YAML file to configure your applicationΓÇÖs services. Then, with `docker-compose up` command, you create and start all the services from your configuration. Enter {FORM_RECOGNIZER_ENDPOINT_URI} and {FORM_RECOGNIZER_API_KEY} values for your Receipt container. Enter {COMPUTER_VISION_ENDPOINT_URI} and {COMPUTER_VISION_API_KEY} values for your Computer Vision Read container.
+
+```yml
+version: "3.9"
+
+ azure-cognitive-service-receipt:
+ container_name: azure-cognitive-service-receipt
+ image: mcr.microsoft.com/azure-cognitive-services/form-recognizer/receipt
+ environment:
+ - EULA=accept
+ - billing={FORM_RECOGNIZER_ENDPOINT_URI}
+ - apikey={FORM_RECOGNIZER_API_KEY}
+ - AzureCognitiveServiceReadHost=http://azure-cognitive-service-read:5000
+ ports:
+ - "5000:5050"
+ networks:
+ - ocrvnet
+ azure-cognitive-service-read:
+ container_name: azure-cognitive-service-read
+ image: mcr.microsoft.com/azure-cognitive-services/vision/read:3.2
+ environment:
+ - EULA=accept
+ - billing={COMPUTER_VISION_ENDPOINT_URI}
+ - apikey={COMPUTER_VISION_API_KEY}
+ networks:
+ - ocrvnet
+
+networks:
+ ocrvnet:
+ driver: bridge
+```
+
+Now, you can start the service with the [**docker compose**](https://docs.docker.com/compose/) command:
+
+```bash
+docker-compose up
+```
+
+### [Custom](#tab/custom)
+
+In addition to the [prerequisites](#prerequisites) mentioned above, you will need to do the following to process a custom document:
+
+#### &bullet; Create a folder to store the following files:
+
+ 1. [**.env**](#-create-an-environment-file)
+ 1. [**nginx.conf**](#-create-a-nginx-file)
+ 1. [**docker-compose.yml**](#-create-a-docker-compose-file)
+
+#### &bullet; Create a folder to store your input data
+
+ 1. Name this folder **shared**.
+ 1. We will reference the file path for this folder as **{SHARED_MOUNT_PATH}**.
+ 1. Copy the file path in a convenient location, such as *Microsoft Notepad*. You'll need to add it to your **.env** file, below.
+
+#### &bullet; Create a folder to store the logs written by the Form Recognizer service on your local machine.
+
+ 1. Name this folder **output**.
+ 1. We will reference the file path for this folder as **{OUTPUT_MOUNT_PATH}**.
+ 1. Copy the file path in a convenient location, such as *Microsoft Notepad*. You'll need to add it to your **.env** file, below.
+
+#### &bullet; Create an environment file
+
+ 1. Name this file **.env**.
+
+ 1. Declare the following environment variables:
+
+ ```text
+ SHARED_MOUNT_PATH="<file-path-to-shared-folder>"
+ OUTPUT_MOUNT_PATH="<file -path-to-output-folder>"
+ FORM_RECOGNIZER_ENDPOINT_URI="<your-form-recognizer-endpoint>"
+ FORM_RECOGNIZER_API_KEY="<your-form-recognizer-apiKey>"
+ RABBITMQ_HOSTNAME="rabbitmq"
+ RABBITMQ_PORT=5672
+ NGINX_CONF_FILE="<file-path>"
+ ```
+
+#### &bullet; Create a **nginx** file
+
+ 1. Name this file **nginx.conf**.
+
+ 1. Enter the following configuration:
+
+```text
+worker_processes 1;
+
+events { worker_connections 1024; }
+
+http {
+
+ sendfile on;
+
+ upstream docker-api {
+ server azure-cognitive-service-custom-api:5000;
+ }
+
+ upstream docker-layout {
+ server azure-cognitive-service-layout:5000;
+ }
+
+ server {
+ listen 5000;
+
+ location = / {
+ proxy_pass http://docker-api/;
+
+ }
+
+ location /status {
+ proxy_pass http://docker-api/status;
+
+ }
+
+ location /ready {
+ proxy_pass http://docker-api/ready;
+
+ }
+
+ location /swagger {
+ proxy_pass http://docker-api/swagger;
+
+ }
+
+ location /formrecognizer/v2.1/custom/ {
+ proxy_pass http://docker-api/formrecognizer/v2.1/custom/;
+
+ }
+
+ location /formrecognizer/v2.1/layout/ {
+ proxy_pass http://docker-layout/formrecognizer/v2.1/layout/;
+
+ }
+ }
+}
+```
+
+* Gather a set of at least six forms of the same type. You'll use this data to train the model and test a form. You can use a [sample data set](https://go.microsoft.com/fwlink/?linkid=2090451) (download and extract *sample_data.zip*). Download the training files to the **shared** folder you created above.
+
+* If you want to label your data, download the [Form Recognizer sample labeling tool for Windows](https://github.com/microsoft/OCR-Form-Tools/releases/tag/v2.1-ga). The download will import the labeling tool .exe file that you'll use to label the data present on your local file system. You can ignore any warnings that occur during the download process.
+
+#### Create a new sample labeling tool project
+
+* Open the labeling tool by double-clicking on the sample labeling tool .exe file.
+* On the left pane of the tool, select the connections tab.
+* Select to create a new project and give it a name and description.
+* For the provider, choose the local file system option. For the local folder, make sure you enter the path to the folder where you stored the sample data files.
+* Navigate back to the home tab and select the ΓÇ£Use custom to train a model with labels and key value pairs optionΓÇ¥.
+* Select the train button on the left pane to train the labeled model.
+* Save this connection and use it to label your requests.
+* You can choose to analyze the file of your choice against the trained model.
+
+#### &bullet; Create a **docker compose** file
+
+1. Name this file **docker-compose.yml**
+
+2. Below is a self-contained `docker compose` example to run Form Recognizer Layout, Label Tool, Custom API, and Custom Supervised containers together. With `docker compose`, you use a YAML file to configure your applicationΓÇÖs services. Then, with `docker-compose up` command, you create and start all the services from your configuration.
+
+ ```yml
+ version: '3.3'
+
+ nginx:
+ image: nginx:alpine
+ container_name: reverseproxy
+ volumes:
+ - ${NGINX_CONF_FILE}:/etc/nginx/nginx.conf
+ ports:
+ - "5000:5000"
+ rabbitmq:
+ container_name: ${RABBITMQ_HOSTNAME}
+ image: rabbitmq:3
+ expose:
+ - "5672"
+ layout:
+ container_name: azure-cognitive-service-layout
+ image: mcr.microsoft.com/azure-cognitive-services/form-recognizer/layout
+ depends_on:
+ - rabbitmq
+ environment:
+ eula: accept
+ apikey: ${FORM_RECOGNIZER_API_KEY}
+ billing: ${FORM_RECOGNIZER_ENDPOINT_URI}
+ Queue:RabbitMQ:HostName: ${RABBITMQ_HOSTNAME}
+ Queue:RabbitMQ:Port: ${RABBITMQ_PORT}
+ Logging:Console:LogLevel:Default: Information
+ SharedRootFolder: /shared
+ Mounts:Shared: /shared
+ Mounts:Output: /logs
+ volumes:
+ - type: bind
+ source: ${SHARED_MOUNT_PATH}
+ target: /shared
+ - type: bind
+ source: ${OUTPUT_MOUNT_PATH}
+ target: /logs
+ expose:
+ - "5000"
+
+ custom-api:
+ container_name: azure-cognitive-service-custom-api
+ image: mcr.microsoft.com/azure-cognitive-services/form-recognizer/custom-api
+ restart: always
+ depends_on:
+ - rabbitmq
+ environment:
+ eula: accept
+ apikey: ${FORM_RECOGNIZER_API_KEY}
+ billing: ${FORM_RECOGNIZER_ENDPOINT_URI}
+ Logging:Console:LogLevel:Default: Information
+ Queue:RabbitMQ:HostName: ${RABBITMQ_HOSTNAME}
+ Queue:RabbitMQ:Port: ${RABBITMQ_PORT}
+ SharedRootFolder: /shared
+ Mounts:Shared: /shared
+ Mounts:Output: /logs
+ volumes:
+ - type: bind
+ source: ${SHARED_MOUNT_PATH}
+ target: /shared
+ - type: bind
+ source: ${OUTPUT_MOUNT_PATH}
+ target: /logs
+ expose:
+ - "5000"
+
+ custom-supervised:
+ container_name: azure-cognitive-service-custom-supervised
+ image: mcr.microsoft.com/azure-cognitive-services/form-recognizer/custom-supervised
+ restart: always
+ depends_on:
+ - rabbitmq
+ environment:
+ eula: accept
+ apikey: ${FORM_RECOGNIZER_API_KEY}
+ billing: ${FORM_RECOGNIZER_ENDPOINT_URI}
+ CustomFormRecognizer:ContainerPhase: All
+ CustomFormRecognizer:LayoutAnalyzeUri: http://azure-cognitive-service-layout:5000/formrecognizer/v2.1/layout/analyze
+ Logging:Console:LogLevel:Default: Information
+ Queue:RabbitMQ:HostName: ${RABBITMQ_HOSTNAME}
+ Queue:RabbitMQ:Port: ${RABBITMQ_PORT}
+ SharedRootFolder: /shared
+ Mounts:Shared: /shared
+ Mounts:Output: /logs
+ volumes:
+ - type: bind
+ source: ${SHARED_MOUNT_PATH}
+ target: /shared
+ - type: bind
+ source: ${OUTPUT_MOUNT_PATH}
+ target: /logs
+ ```
+
+### Ensure the service is running
+
+To ensure that the service is up and running. Run these commands in an Ubuntu shell.
+
+```bash
+$cd <folder containing the docker-compose file>
+
+$source .env
+
+$docker-compose up
+```
+
+### Create a new connection
+
+* On the left pane of the tool, select the **connections** tab.
+* Select **create a new project** and give it a name and description.
+* For the provider, choose the **local file system** option. For the local folder, make sure you enter the path to the folder where you stored the **sample data** files.
+* Navigate back to the home tab and select **Use custom to train a model with labels and key value pairs**.
+* Select the **train button** on the left pane to train the labeled model.
+* **Save** this connection and use it to label your requests.
+* You can choose to analyze the file of your choice against the trained model.
+++
+## Validate that the service is running
+
+There are several ways to validate that the container is running:
+
+* The container provides a homepage at `\` as a visual validation that the container is running.
+
+* You can open your favorite web browser and navigate to the external IP address and exposed port of the container in question. Use the various request URLs below to validate the container is running. The example request URLs listed below are `http://localhost:5000`, but your specific container may vary. Keep in mind that you're navigating to your container's **External IP address** and exposed port.
+
+ Request URL | Purpose
+ -- | --
+ |**http://<span></span>localhost:5000/** | The container provides a home page.
+ |**http://<span></span>localhost:5000/ready** | Requested with GET, this provides a verification that the container is ready to accept a query against the model. This request can be used for Kubernetes liveness and readiness probes.
+ |**http://<span></span>localhost:5000/status** | Requested with GET, this verifies if the api-key used to start the container is valid without causing an endpoint query. This request can be used for Kubernetes liveness and readiness probes.
+ |**http://<span></span>localhost:5000/swagger** | The container provides a full set of documentation for the endpoints and a Try it out feature. With this feature, you can enter your settings into a web-based HTML form and make the query without having to write any code. After the query returns, an example CURL command is provided to demonstrate the HTTP headers and body format that's required.
+ |
++
+## Stop the containers
+
+To stop the containers, use the following command:
+
+```console
+docker-compose down
+```
+
+## Billing
+
+The Form Recognizer containers send billing information to Azure by using a Form Recognizer resource on your Azure account.
+
+Queries to the container are billed at the pricing tier of the Azure resource that's used for the `ApiKey`. You will be billed for each container instance used to process your documents and images. Thus, If you use the business card feature, you will be billed for the Form Recognizer `BusinessCard` and `Compuer Vision Read` container instances. For the invoice feature, you will be billed for the Form Recognizer `Invoice` and `Layout` container instances. *See*, [Form Recognizer](https://azure.microsoft.com/pricing/details/form-recognizer/) and Computer Vision [Read feature](https://azure.microsoft.com/pricing/details/cognitive-services/computer-vision/) container pricing.
+
+Azure Cognitive Services containers aren't licensed to run without being connected to the metering / billing endpoint. You must enable the containers to communicate billing information with the billing endpoint at all times. Cognitive Services containers don't send customer data, such as the image or text that's being analyzed, to Microsoft.
+
+### Connect to Azure
+
+The container needs the billing argument values to run. These values allow the container to connect to the billing endpoint. The container reports usage about every 10 to 15 minutes. If the container doesn't connect to Azure within the allowed time window, the container continues to run but doesn't serve queries until the billing endpoint is restored. The connection is attempted 10 times at the same time interval of 10 to 15 minutes. If it can't connect to the billing endpoint within the 10 tries, the container stops serving requests. See the [Cognitive Services container FAQ](../../../cognitive-services/containers/container-faq.yml#how-does-billing-work) for an example of the information sent to Microsoft for billing.
+
+### Billing arguments
+
+The [**docker-compose up**](https://docs.docker.com/engine/reference/commandline/compose_up/) command will start the container when all three of the following options are provided with valid values:
+
+| Option | Description |
+|--|-|
+| `ApiKey` | The API key of the Cognitive Services resource that's used to track billing information.<br/>The value of this option must be set to an API key for the provisioned resource that's specified in `Billing`. |
+| `Billing` | The endpoint of the Cognitive Services resource that's used to track billing information.<br/>The value of this option must be set to the endpoint URI of a provisioned Azure resource.|
+| `Eula` | Indicates that you accepted the license for the container.<br/>The value of this option must be set to **accept**. |
+
+For more information about these options, see [Configure containers](form-recognizer-container-configuration.md).
+
+## Summary
+
+That's it! In this article, you learned concepts and workflows for downloading, installing, and running Form Recognizer containers. In summary:
+
+* Form Recognizer provides seven Linux containers for Docker.
+* Container images are downloaded from mcr.
+* Container images run in Docker.
+* You must specify the billing information when you instantiate a container.
+
+> [!IMPORTANT]
+> Cognitive Services containers are not licensed to run without being connected to Azure for metering. Customers need to enable the containers to communicate billing information with the metering service at all times. Cognitive Services containers do not send customer data (for example, the image or text that is being analyzed) to Microsoft.
+
+## Next steps
+
+* [Form Recognizer container configuration settings](form-recognizer-container-configuration.md)
+* [Form Recognizer container image tags](../../../cognitive-services/containers/container-image-tags.md?tabs=current#form-recognizer)
+* [Cognitive Services container support page and release notes](../../../cognitive-services/containers/container-image-tags.md?tabs=current#form-recognizer)
applied-ai-services Deploy Label Tool https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/applied-ai-services/form-recognizer/deploy-label-tool.md
+
+ Title: How to deploy the Form Recognizer sample labeling tool
+
+description: Learn the different ways you can deploy the Form Recognizer sample labeling tool to help with supervised learning.
+++++ Last updated : 07/02/2021+++
+# Deploy the sample labeling tool
+
+The Form Recognizer sample labeling tool is an application that provides a simple user interface (UI), which you can use to manually label forms (documents) for supervised learning. In this article, we'll provide links and instructions that teach you how to:
+
+* [Run the sample labeling tool locally](#run-the-sample-labeling-tool-locally)
+* [Deploy the sample labeling tool to an Azure Container Instance (ACI)](#deploy-with-azure-container-instances-aci)
+* [Use and contribute to the open-source OCR Form Labeling Tool](#open-source-on-github)
+
+## Run the sample labeling tool locally
+
+The fastest way to start labeling data is to run the sample labeling tool locally. The following quickstart uses the Form Recognizer REST API and the sample labeling tool to train a custom model with manually labeled data.
+
+* [Get started with Azure Form Recognizer](label-tool.md).
+
+## Deploy with Azure Container Instances (ACI)
+
+Before we get started, it's important to note that there are two ways to deploy the sample labeling tool to an Azure Container Instance (ACI). Both options are used to run the sample labeling tool with ACI:
+
+* [Using the Azure portal](#azure-portal)
+* [Using the Azure CLI](#azure-cli)
+
+### Azure portal
+
+Follow these steps to create a new resource using the Azure portal:
+
+1. Sign in to the [Azure portal](https://portal.azure.com/signin/index/).
+2. Select **Create a resource**.
+3. Next, select **Web App**.
+
+ > [!div class="mx-imgBorder"]
+ > ![Select web app](./media/quickstarts/create-web-app.png)
+
+4. First, make sure that the **Basics** tab is selected. Now, you're going to need to provide some information:
+
+ > [!div class="mx-imgBorder"]
+ > ![Select Basics](./media/quickstarts/select-basics.png)
+ * Subscription - Select an existing Azure subscription
+ * Resource Group - You can reuse an existing resource group or create a new one for this project. Creating a new resource group is recommended.
+ * Name - Give your web app a name.
+ * Publish - Select **Docker Container**
+ * Operating System - Select **Linux**
+ * Region - Choose a region that makes sense for you.
+ * Linux Plan - Select a pricing tier/plan for your app service.
+
+ > [!div class="mx-imgBorder"]
+ > ![Configure your web app](./media/quickstarts/select-docker.png)
+
+5. Next, select the **Docker** tab.
+
+ > [!div class="mx-imgBorder"]
+ > ![Select Docker](./media/quickstarts/select-docker.png)
+
+6. Now let's configure your Docker container. All fields are required unless otherwise noted:
+<!-- markdownlint-disable MD025 -->
+
+* Options - Select **Single Container**
+* Image Source - Select **Private Registry**
+* Server URL - Set to `https://mcr.microsoft.com`
+* Username (Optional) - Create a username.
+* Password (Optional) - Create a secure password that you'll remember.
+* Image and tag - Set to `mcr.microsoft.com/azure-cognitive-services/custom-form/labeltool:latest-2.1`
+* Continuous Deployment - Set to **On** if you want to receive automatic updates when the development team makes changes to the sample labeling tool.
+* Startup command - Set to `./run.sh eula=accept`
+
+> [!div class="mx-imgBorder"]
+> ![Configure Docker](./media/quickstarts/configure-docker.png)
+
+* Next, select **Review + Create**, then **Create** to deploy your web app. When complete, you can access your web app at the URL provided in the **Overview** for your resource.
+
+### Continuous deployment
+
+After you have created your web app, you can enable the continuous deployment option:
+
+* From the left pane, choose **Container settings**.
+* In the main window, navigate to Continuous deployment and toggle between the **On** and **Off** buttons to set your preference:
++
+> [!NOTE]
+> When creating your web app, you can also configure authorization/authentication. This is not necessary to get started.
+
+> [!IMPORTANT]
+> You may need to enable TLS for your web app in order to view it at its `https` address. Follow the instructions in [Enable a TLS endpoint](../../container-instances/container-instances-container-group-ssl.md) to set up a sidecar container than enables TLS/SSL for your web app.
+<!-- markdownlint-disable MD001 -->
+### Azure CLI
+
+As an alternative to using the Azure portal, you can create a resource using the Azure CLI. Before you continue, you'll need to install the [Azure CLI](/cli/azure/install-azure-cli). You can skip this step if you're already working with the Azure CLI.
+
+There's a few things you need know about this command:
+
+* `DNS_NAME_LABEL=aci-demo-$RANDOM` generates a random DNS name.
+* This sample assumes that you have a resource group that you can use to create a resource. Replace `<resource_group_name>` with a valid resource group associated with your subscription.
+* You'll need to specify where you want to create the resource. Replace `<region name>` with your desired region for the web app.
+* This command automatically accepts EULA.
+
+From the Azure CLI, run this command to create a web app resource for the sample labeling tool:
+
+<!-- markdownlint-disable MD024 -->
+
+```azurecli
+DNS_NAME_LABEL=aci-demo-$RANDOM
+
+az container create \
+ --resource-group <resource_group_name> \
+ --name <name> \
+ --image mcr.microsoft.com/azure-cognitive-services/custom-form/labeltool:latest-2.1 \
+ --ports 3000 \
+ --dns-name-label $DNS_NAME_LABEL \
+ --location <region name> \
+ --cpu 2 \
+ --memory 8 \
+ --command-line "./run.sh eula=accept"
+
+```
+
+### Connect to Azure AD for authorization
+
+It's recommended that you connect your web app to Azure Active Directory (Azure AD). This connection ensures that only users with valid credentials can sign in and use your web app. Follow the instructions in [Configure your App Service app](../../app-service/configure-authentication-provider-aad.md) to connect to Azure Active Directory.
+
+## Open source on GitHub
+
+The OCR Form Labeling Tool is also available as an open-source project on GitHub. The tool is a web application built using React + Redux, and is written in TypeScript. To learn more or contribute, see [OCR Form Labeling Tool](https://github.com/microsoft/OCR-Form-Tools/blob/master/README.md).
+
+## Next steps
+
+Use the [Train with labels](label-tool.md) quickstart to learn how to use the tool to manually label training data and perform supervised learning.
applied-ai-services Disaster Recovery https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/applied-ai-services/form-recognizer/disaster-recovery.md
+
+ Title: Disaster recovery guidance for Azure Form Recognizer
+
+description: Learn how to use the copy model API to back up your Form Recognizer resources.
+++++ Last updated : 03/15/2021+++
+# Back up and recover your Form Recognizer models
+
+When you create a Form Recognizer resource in the Azure portal, you specify a region. From then on, your resource and all of its operations stay associated with that particular Azure server region. It's rare, but not impossible, to encounter a network issue that hits an entire region. If your solution needs to always be available, then you should design it to either fail-over into another region or split the workload between two or more regions. Both approaches require at least two Form Recognizer resources in different regions and the ability to sync custom models across regions.
+
+The Copy API enables this scenario by allowing you to copy custom models from one Form Recognizer account or into others, which can exist in any supported geographical region. This guide shows you how to use the Copy REST API with cURL. You can also use an HTTP request service like Postman to issue the requests.
+
+## Business scenarios
+
+If your app or business depends on the use of a Form Recognizer custom model, we recommend you copy your model to another Form Recognizer account in another region. If a regional outage occurs, you can then access your model in the region where it was copied.
+
+## Prerequisites
+
+1. Two Form Recognizer Azure resources in different Azure regions. If you don't have them, go to the Azure portal and <a href="https://ms.portal.azure.com/#create/Microsoft.CognitiveServicesFormRecognizer" title="Create a new Form Recognizer resource" target="_blank">create a new Form Recognizer resource </a>.
+1. The subscription key, endpoint URL, and subscription ID of your Form Recognizer resource. You can find these values on the resource's **Overview** tab on the Azure portal.
++
+## Copy API overview
+
+The process for copying a custom model consists of the following steps:
+
+1. First you issue a copy authorization request to the target resource&mdash;that is, the resource that will receive the copied model. You get back the URL of the newly created target model, which will receive the copied data.
+1. Next you send the copy request to the source resource&mdash;the resource that contains the model to be copied. You'll get back a URL that you can query to track the progress of the operation.
+1. You'll use your source resource credentials to query the progress URL until the operation is a success. You can also query the new model ID in the target resource to get the status of the new model.
+
+## Generate Copy authorization request
+
+The following HTTP request gets copy authorization from your target resource. You'll need to enter the endpoint and key of your target resource as headers.
+
+```
+POST https://{TARGET_FORM_RECOGNIZER_RESOURCE_ENDPOINT}/formrecognizer/v2.1/custom/models/copyAuthorization
+Ocp-Apim-Subscription-Key: {TARGET_FORM_RECOGNIZER_RESOURCE_API_KEY}
+```
+
+You'll get a `201\Created` response with a `modelId` value in the body. This string is the ID of the newly created (blank) model. The `accessToken` is needed for the API to copy data to this resource, and the `expirationDateTimeTicks` value is the expiration of the token. Save all three of these values to a secure location.
+
+```
+HTTP/1.1 201 Created
+Location: https://{TARGET_FORM_RECOGNIZER_RESOURCE_ENDPOINT}/formrecognizer/v2.1/custom/models/33f4d42c-cd2f-4e74-b990-a1aeafab5a5d
+{"modelId":"<your model ID>","accessToken":"<your access token>","expirationDateTimeTicks":637233481531659440}
+```
+
+## Start Copy operation
+
+The following HTTP request starts the Copy operation on the source resource. You'll need to enter the endpoint and key of your source resource as headers. Notice that the request URL contains the model ID of the source model you want to copy.
+
+```
+POST https://{SOURCE_FORM_RECOGNIZER_RESOURCE_ENDPOINT}/formrecognizer/v2.1/custom/models/<your model ID>/copy HTTP/1.1
+Ocp-Apim-Subscription-Key: {SOURCE_FORM_RECOGNIZER_RESOURCE_API_KEY}
+```
+
+The body of your request needs to have the following format. You'll need to enter the resource ID and region name of your target resource. You can find your resource ID on the **Properties** tab of your resource in the Azure portal, and you can find the region name on the **Keys and endpoint** tab. You'll also need the model ID, access token, and expiration value that you copied from the previous step.
+
+```json
+{
+ "targetResourceId": "{TARGET_AZURE_FORM_RECOGNIZER_RESOURCE_ID}",
+ "targetResourceRegion": "{TARGET_AZURE_FORM_RECOGNIZER_RESOURCE_REGION_NAME}",
+ "copyAuthorization": {"modelId":"<your model ID>","accessToken":"<your access token>","expirationDateTimeTicks":637233481531659440}
+}
+```
+
+> [!NOTE]
+> The Copy API transparently supports the [AEK/CMK](https://msazure.visualstudio.com/Cognitive%20Services/_wiki/wikis/Cognitive%20Services.wiki/52146/Customer-Managed-Keys) feature. This doesn't require any special treatment, but note that if you're copying between an unencrypted resource to an encrypted resource, you need to include the request header `x-ms-forms-copy-degrade: true`. If this header is not included, the copy operation will fail and return a `DataProtectionTransformServiceError`.
+
+You'll get a `202\Accepted` response with an Operation-Location header. This value is the URL that you'll use to track the progress of the operation. Copy it to a temporary location for the next step.
+
+```
+HTTP/1.1 202 Accepted
+Operation-Location: https://{SOURCE_FORM_RECOGNIZER_RESOURCE_ENDPOINT}/formrecognizer/v2.1/custom/models/eccc3f13-8289-4020-ba16-9f1d1374e96f/copyresults/02989ba8-1296-499f-aaf4-55cfff41b8f1
+```
+
+### Common errors
+
+|Error|Resolution|
+|:--|:--|
+| 400 / Bad Request with `"code:" "1002"` | Indicates validation error or badly formed copy request. Common issues include: a) Invalid or modified `copyAuthorization` payload. b) Expired value for `expirationDateTimeTicks` token (`copyAuhtorization` payload is valid for 24 hours). c) Invalid or unsupported `targetResourceRegion`. d) Invalid or malformed `targetResourceId` string.
+|
+
+## Track Copy progress
+
+Track your progress by querying the **Get Copy Model Result** API against the source resource endpoint.
+
+```
+GET https://{SOURCE_FORM_RECOGNIZER_RESOURCE_ENDPOINT}/formrecognizer/v2.1/custom/models/eccc3f13-8289-4020-ba16-9f1d1374e96f/copyresults/02989ba8-1296-499f-aaf4-55cfff41b8f1 HTTP/1.1
+Ocp-Apim-Subscription-Key: {SOURCE_FORM_RECOGNIZER_RESOURCE_API_KEY}
+```
+
+Your response will vary depending on the status of the operation. Look for the `"status"` field in the JSON body. If you're automating this API call in a script, we recommend querying the operation once every second.
+
+```
+HTTP/1.1 200 OK
+Content-Type: application/json; charset=utf-8
+{"status":"succeeded","createdDateTime":"2020-04-23T18:18:01.0275043Z","lastUpdatedDateTime":"2020-04-23T18:18:01.0275048Z","copyResult":{}}
+```
+
+### Common errors
+
+|Error|Resolution|
+|:--|:--|
+|"errors":[{"code":"AuthorizationError",<br>"message":"Authorization failure due to <br>missing or invalid authorization claims."}] | Occurs when the `copyAuthorization` payload or content is modified from what was returned by the `copyAuthorization` API. Ensure that the payload is the same exact content that was returned from the earlier `copyAuthorization` call.|
+|"errors":[{"code":"AuthorizationError",<br>"message":"Could not retrieve authorization <br>metadata. If this issue persists use a different <br>target model to copy into."}] | Indicates that the `copyAuthorization` payload is being reused with a copy request. A copy request that succeeds will not allow any further requests that use the same `copyAuthorization` payload. If you raise a separate error (like the ones noted below) and you subsequently retry the copy with the same authorization payload, this error gets raised. The resolution is to generate a new `copyAuthorization` payload and then reissue the copy request.|
+|"errors":[{"code":"DataProtectionTransformServiceError",<br>"message":"Data transfer request is not allowed <br>as it downgrades to a less secure data protection scheme. Refer documentation or contact your service administrator <br>for details."}] | Occurs when copying between an `AEK` enabled resource to a non `AEK` enabled resource. To allow copying encrypted model to the target as unencrypted specify `x-ms-forms-copy-degrade: true` header with the copy request.|
+|"errors":[{"code":"ResourceResolverError",<br>"message":"Could not fetch information for Cognitive resource with Id '...'. Ensure the resource is valid and exists in the specified region 'westus2'.."}] | Indicates that the Azure resource indicated by the `targetResourceId` is not a valid Cognitive resource or does not exist. Verify and reissue the copy request to resolve this issue.|
++
+### [Optional] Track the target model ID
+
+You can also use the **Get Custom Model** API to track the status of the operation by querying the target model. Call this API using the target model ID that you copied down in the first step.
+
+```
+GET https://{TARGET_FORM_RECOGNIZER_RESOURCE_ENDPOINT}/formrecognizer/v2.1/custom/models/33f4d42c-cd2f-4e74-b990-a1aeafab5a5d HTTP/1.1
+Ocp-Apim-Subscription-Key: {TARGET_FORM_RECOGNIZER_RESOURCE_API_KEY}
+```
+
+In the response body, you'll see information about the model. Check the `"status"` field for the status of the model.
+
+```
+HTTP/1.1 200 OK
+Content-Type: application/json; charset=utf-8
+{"modelInfo":{"modelId":"33f4d42c-cd2f-4e74-b990-a1aeafab5a5d","status":"ready","createdDateTime":"2020-02-26T16:59:28Z","lastUpdatedDateTime":"2020-02-26T16:59:34Z"},"trainResult":{"trainingDocuments":[{"documentName":"0.pdf","pages":1,"errors":[],"status":"succeeded"},{"documentName":"1.pdf","pages":1,"errors":[],"status":"succeeded"},{"documentName":"2.pdf","pages":1,"errors":[],"status":"succeeded"},{"documentName":"3.pdf","pages":1,"errors":[],"status":"succeeded"},{"documentName":"4.pdf","pages":1,"errors":[],"status":"succeeded"}],"errors":[]}}
+```
+
+## cURL sample code
+
+The following code snippets use cURL to make the API calls outlined in the steps above. You'll still need to fill in the model IDs and subscription information specific to your own resources.
+
+### Generate Copy authorization request
+
+```bash
+curl -i -X POST "https://{TARGET_FORM_RECOGNIZER_RESOURCE_ENDPOINT}/formrecognizer/v2.1/custom/models/copyAuthorization" -H "Ocp-Apim-Subscription-Key: {TARGET_FORM_RECOGNIZER_RESOURCE_API_KEY}"
+```
+
+### Start Copy operation
+
+```bash
+curl -i -X POST "https://{TARGET_FORM_RECOGNIZER_RESOURCE_ENDPOINT}/formrecognizer/v2.1/custom/models/copyAuthorization" -H "Content-Type: application/json" -H "Ocp-Apim-Subscription-Key: {TARGET_FORM_RECOGNIZER_RESOURCE_API_KEY}" --data-ascii "{ \"targetResourceId\": \"{TARGET_AZURE_FORM_RECOGNIZER_RESOURCE_ID}\", \"targetResourceRegion\": \"{TARGET_AZURE_FORM_RECOGNIZER_RESOURCE_REGION_NAME}\", \"copyAuthorization\": "{\"modelId\":\"33f4d42c-cd2f-4e74-b990-a1aeafab5a5d\",\"accessToken\":\"1855fe23-5ffc-427b-aab2-e5196641502f\",\"expirationDateTimeTicks\":637233481531659440}"}"
+```
+
+### Track Copy progress
+
+```bash
+curl -i GET "https://<SOURCE_FORM_RECOGNIZER_RESOURCE_ENDPOINT>/formrecognizer/v2.1/custom/models/{SOURCE_MODELID}/copyResults/{RESULT_ID}" -H "Content-Type: application/json" -H "Ocp-Apim-Subscription-Key: {SOURCE_FORM_RECOGNIZER_RESOURCE_API_KEY}"
+```
+
+## Next steps
+
+In this guide, you learned how to use the Copy API to back up your custom models to a secondary Form Recognizer resource. Next, explore the API reference docs to see what else you can do with Form Recognizer.
+* [REST API reference documentation](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/AnalyzeWithCustomForm)
applied-ai-services Encrypt Data At Rest https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/applied-ai-services/form-recognizer/encrypt-data-at-rest.md
+
+ Title: Form Recognizer service encryption of data at rest
+
+description: Microsoft offers Microsoft-managed encryption keys, and also lets you manage your Cognitive Services subscriptions with your own keys, called customer-managed keys (CMK). This article covers data encryption at rest for Form Recognizer, and how to enable and manage CMK.
+++++ Last updated : 08/28/2020+
+#Customer intent: As a user of the Form Recognizer service, I want to learn how encryption at rest works.
++
+# Form Recognizer encryption of data at rest
+
+Azure Form Recognizer automatically encrypts your data when persisting it to the cloud. Form Recognizer encryption protects your data to help you to meet your organizational security and compliance commitments.
++
+> [!IMPORTANT]
+> Customer-managed keys are only available resources created after 11 May, 2020. To use CMK with Form Recognizer, you will need to create a new Form Recognizer resource. Once the resource is created, you can use Azure Key Vault to set up your managed identity.
++
+## Next steps
+
+* [Form Recognizer Customer-Managed Key Request Form](https://aka.ms/cogsvc-cmk)
+* [Learn more about Azure Key Vault](../../key-vault/general/overview.md)
applied-ai-services Label Tool https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/applied-ai-services/form-recognizer/label-tool.md
+
+ Title: "How-to: Analyze documents, Label forms, train a model, and analyze forms with Form Recognizer"
+
+description: In this how-to, you'll use the Form Recognizer sample tool to analyze documents, invoices, receipts etc. Label and create a custom model to extract text, tables, selection marks, structure and key value pairs from documents.
+++++ Last updated : 05/11/2021++
+keywords: document processing
+
+<!-- markdownlint-disable MD001 -->
+<!-- markdownlint-disable MD024 -->
+<!-- markdownlint-disable MD033 -->
+<!-- markdownlint-disable MD034 -->
+# Train a custom model using the sample labeling tool
+
+In this article, you'll use the Form Recognizer REST API with the sample labeling tool to train a custom document processing model with manually labeled data. See the [Train with labels](overview.md#train-with-labels) section of the overview to learn more about supervised learning with Form Recognizer.
+
+> [!VIDEO https://channel9.msdn.com/Shows/Docs-Azure/Azure-Form-Recognizer/player]
+
+## Prerequisites
+
+To complete this quickstart, you must have:
+
+* Azure subscription - [Create one for free](https://azure.microsoft.com/free/cognitive-services)
+* Once you have your Azure subscription, <a href="https://ms.portal.azure.com/#create/Microsoft.CognitiveServicesFormRecognizer" title="Create a Form Recognizer resource" target="_blank">create a Form Recognizer resource </a> in the Azure portal to get your key and endpoint. After it deploys, select **Go to resource**.
+ * You will need the key and endpoint from the resource you create to connect your application to the Form Recognizer API. You'll paste your key and endpoint into the code below later in the quickstart.
+ * You can use the free pricing tier (`F0`) to try the service, and upgrade later to a paid tier for production.
+* A set of at least six forms of the same type. You'll use this data to train the model and test a form. You can use a [sample data set](https://go.microsoft.com/fwlink/?linkid=2090451) (download and extract *sample_data.zip*) for this quickstart. Upload the training files to the root of a blob storage container in a standard-performance-tier Azure Storage account.
+
+## Create a Form Recognizer resource
++
+## Try it out
+
+Try out the [**Form Recognizer sample labeling tool**](https://fott-2-1.azurewebsites.net/) online:
+
+> [!div class="nextstepaction"]
+> [Try Prebuilt Models](https://fott-2-1.azurewebsites.net/)
+
+You will need an Azure subscription ([create one for free](https://azure.microsoft.com/free/cognitive-services)) and a [Form Recognizer resource](https://ms.portal.azure.com/#create/Microsoft.CognitiveServicesFormRecognizer) endpoint and key to try out the Form Recognizer service.
+
+## Set up the sample labeling tool
+
+> [!NOTE]
+>
+> If your storage data is behind a VNet or firewall, you must deploy the **Form Recognizer sample labeling tool** behind your VNet or firewall and grant access by creating a [system-assigned managed identity](managed-identity-byos.md "Azure managed identity is a service principal that creates an Azure Active Directory (Azure AD) identity and specific permissions for Azure managed resources").
+
+You'll use the Docker engine to run the sample labeling tool. Follow these steps to set up the Docker container. For a primer on Docker and container basics, see the [Docker overview](https://docs.docker.com/engine/docker-overview/).
+
+> [!TIP]
+> The OCR Form Labeling Tool is also available as an open source project on GitHub. The tool is a TypeScript web application built using React + Redux. To learn more or contribute, see the [OCR Form Labeling Tool](https://github.com/microsoft/OCR-Form-Tools/blob/master/README.md#run-as-web-application) repo. To try out the tool online, go to the [Form Recognizer sample labeling tool website](https://fott-2-1.azurewebsites.net/).
+
+1. First, install Docker on a host computer. This guide will show you how to use local computer as a host. If you want to use a Docker hosting service in Azure, see the [Deploy the sample labeling tool](deploy-label-tool.md) how-to guide.
+
+ The host computer must meet the following hardware requirements:
+
+ | Container | Minimum | Recommended|
+ |:--|:--|:--|
+ |Sample labeling tool|2 core, 4-GB memory|4 core, 8-GB memory|
+
+ Install Docker on your machine by following the appropriate instructions for your operating system:
+
+ * [Windows](https://docs.docker.com/docker-for-windows/)
+ * [macOS](https://docs.docker.com/docker-for-mac/)
+ * [Linux](https://docs.docker.com/install/)
+
+1. Get the sample labeling tool container with the `docker pull` command.
+
+ ```console
+ docker pull mcr.microsoft.com/azure-cognitive-services/custom-form/labeltool:latest-2.1
+ ```
+
+1. Now you're ready to run the container with `docker run`.
+
+ ```console
+ docker run -it -p 3000:80 mcr.microsoft.com/azure-cognitive-services/custom-form/labeltool:latest-2.1 eula=accept
+ ```
+
+ This command will make the sample labeling tool available through a web browser. Go to `http://localhost:3000`.
+
+> [!NOTE]
+> You can also label documents and train models using the Form Recognizer REST API. To train and Analyze with the REST API, see [Train with labels using the REST API and Python](https://github.com/Azure-Samples/cognitive-services-quickstart-code/blob/master/python/FormRecognizer/rest/python-labeled-data.md).
+
+## Set up input data
+
+First, make sure all the training documents are of the same format. If you have forms in multiple formats, organize them into subfolders based on common format. When you train, you'll need to direct the API to a subfolder.
+
+### Configure cross-domain resource sharing (CORS)
+
+Enable CORS on your storage account. Select your storage account in the Azure portal and then choose the **CORS** tab on the left pane. On the bottom line, fill in the following values. Select **Save** at the top.
+
+* Allowed origins = *
+* Allowed methods = \[select all\]
+* Allowed headers = *
+* Exposed headers = *
+* Max age = 200
+
+> [!div class="mx-imgBorder"]
+> ![CORS setup in the Azure portal](media/label-tool/cors-setup.png)
+
+## Connect to the sample labeling tool
+
+ The sample labeling tool connects to a source (your original uploaded forms) and a target (created labels and output data).
+
+Connections can be set up and shared across projects. They use an extensible provider model, so you can easily add new source/target providers.
+
+To create a new connection, select the **New Connections** (plug) icon, in the left navigation bar.
+
+Fill in the fields with the following values:
+
+* **Display Name** - The connection display name.
+* **Description** - Your project description.
+* **SAS URL** - The shared access signature (SAS) URL of your Azure Blob Storage container. [!INCLUDE [get SAS URL](includes/sas-instructions.md)]
+
+ :::image type="content" source="media/quickstarts/get-sas-url.png" alt-text="SAS URL retrieval":::
++
+## Create a new project
+
+In the sample labeling tool, projects store your configurations and settings. Create a new project and fill in the fields with the following values:
+
+* **Display Name** - the project display name
+* **Security Token** - Some project settings can include sensitive values, such as API keys or other shared secrets. Each project will generate a security token that can be used to encrypt/decrypt sensitive project settings. You can find security tokens in the Application Settings by selecting the gear icon at the bottom of the left navigation bar.
+* **Source Connection** - The Azure Blob Storage connection you created in the previous step that you would like to use for this project.
+* **Folder Path** - Optional - If your source forms are located in a folder on the blob container, specify the folder name here
+* **Form Recognizer Service Uri** - Your Form Recognizer endpoint URL.
+* **API Key** - Your Form Recognizer subscription key.
+* **Description** - Optional - Project description
++
+## Label your forms
+
+When you create or open a project, the main tag editor window opens. The tag editor consists of three parts:
+
+* A resizable preview pane that contains a scrollable list of forms from the source connection.
+* The main editor pane that allows you to apply tags.
+* The tags editor pane that allows users to modify, lock, reorder, and delete tags.
+
+### Identify text and tables
+
+Select **Run OCR on all files** on the left pane to get the text and table layout information for each document. The labeling tool will draw bounding boxes around each text element.
+
+The labeling tool will also show which tables have been automatically extracted. Select the table/grid icon on the left hand of the document to see the extracted table. In this quickstart, because the table content is automatically extracted, we will not be labeling the table content, but rather rely on the automated extraction.
++
+In v2.1, if your training document does not have a value filled in, you can draw a box where the value should be. Use **Draw region** on the upper left corner of the window to make the region taggable.
+
+### Apply labels to text
+
+Next, you'll create tags (labels) and apply them to the text elements that you want the model to analyze.
+
+1. First, use the tags editor pane to create the tags you'd like to identify.
+ 1. Select **+** to create a new tag.
+ 1. Enter the tag name.
+ 1. Press Enter to save the tag.
+1. In the main editor, select words from the highlighted text elements or a region you drew in.
+1. Select the tag you want to apply, or press the corresponding keyboard key. The number keys are assigned as hotkeys for the first 10 tags. You can reorder your tags using the up and down arrow icons in the tag editor pane.
+ > [!Tip]
+ > Keep the following tips in mind when you're labeling your forms:
+ >
+ > * You can only apply one tag to each selected text element.
+ > * Each tag can only be applied once per page. If a value appears multiple times on the same form, create different tags for each instance. For example: "invoice# 1", "invoice# 2" and so on.
+ > * Tags cannot span across pages.
+ > * Label values as they appear on the form; don't try to split a value into two parts with two different tags. For example, an address field should be labeled with a single tag even if it spans multiple lines.
+ > * Don't include keys in your tagged fields&mdash;only the values.
+ > * Table data should be detected automatically and will be available in the final output JSON file. However, if the model fails to detect all of your table data, you can manually tag these fields as well. Tag each cell in the table with a different label. If your forms have tables with varying numbers of rows, make sure you tag at least one form with the largest possible table.
+ > * Use the buttons to the right of the **+** to search, rename, reorder, and delete your tags.
+ > * To remove an applied tag without deleting the tag itself, select the tagged rectangle on the document view and press the delete key.
+ >
++
+Follow the steps above to label at least five of your forms.
+
+### Specify tag value types
+
+You can set the expected data type for each tag. Open the context menu to the right of a tag and select a type from the menu. This feature allows the detection algorithm to make assumptions that will improve the text-detection accuracy. It also ensures that the detected values will be returned in a standardized format in the final JSON output. Value type information is saved in the **fields.json** file in the same path as your label files.
+
+> [!div class="mx-imgBorder"]
+> ![Value type selection with sample labeling tool](media/whats-new/value-type.png)
+
+The following value types and variations are currently supported:
+
+* `string`
+ * default, `no-whitespaces`, `alphanumeric`
+
+* `number`
+ * default, `currency`
+
+* `date`
+ * default, `dmy`, `mdy`, `ymd`
+
+* `time`
+* `integer`
+* `selectionMark`
+
+> [!NOTE]
+> See these rules for date formatting:
+>
+> You must specify a format (`dmy`, `mdy`, `ymd`) for date formatting to work.
+>
+> The following characters can be used as date delimiters: `, - / . \`. Whitespace cannot be used as a delimiter. For example:
+>
+> * 01,01,2020
+> * 01-01-2020
+> * 01/01/2020
+>
+> The day and month can each be written as one or two digits, and the year can be two or four digits:
+>
+> * 1-1-2020
+> * 1-01-20
+>
+> If a date string has eight digits, the delimiter is optional:
+>
+> * 01012020
+> * 01 01 2020
+>
+> The month can also be written as its full or short name. If the name is used, delimiter characters are optional. However, this format may be recognized less accurately than others.
+>
+> * 01/Jan/2020
+> * 01Jan2020
+> * 01 Jan 2020
+
+### Label tables (v2.1 only)
+
+At times, your data might lend itself better to being labeled as a table rather than key-value pairs. In this case, you can create a table tag by clicking on "Add a new table tag," specify whether the table will have a fixed number of rows or variable number of rows depending on the document, and define the schema.
++
+Once you have defined your table tag, tag the cell values.
++
+## Train a custom model
+
+Choose the Train icon on the left pane to open the Training page. Then select the **Train** button to begin training the model. Once the training process completes, you'll see the following information:
+
+* **Model ID** - The ID of the model that was created and trained. Each training call creates a new model with its own ID. Copy this string to a secure location; you'll need it if you want to do prediction calls through the [REST API](quickstarts/client-library.md?pivots=programming-language-rest-api&tabs=preview%2Cv2-1) or [client library guide](quickstarts/client-library.md).
+* **Average Accuracy** - The model's average accuracy. You can improve model accuracy by labeling additional forms and retraining to create a new model. We recommend starting by labeling five forms and adding more forms as needed.
+* The list of tags, and the estimated accuracy per tag.
+++
+After training finishes, examine the **Average Accuracy** value. If it's low, you should add more input documents and repeat the steps above. The documents you've already labeled will remain in the project index.
+
+> [!TIP]
+> You can also run the training process with a REST API call. To learn how to do this, see [Train with labels using Python](https://github.com/Azure-Samples/cognitive-services-quickstart-code/blob/master/python/FormRecognizer/rest/python-labeled-data.md).
+
+## Compose trained models
+
+With Model Compose, you can compose up to 100 models to a single model ID. When you call Analyze with the composed `modelID`, Form Recognizer will first classify the form you submitted, choose the best matching model, and then return results for that model. This operation is useful when incoming forms may belong to one of several templates.
+
+To compose models in the sample labeling tool, select the Model Compose (merging arrow) icon on the left. On the left, select the models you wish to compose together. Models with the arrows icon are already composed models.
+Choose the **Compose button**. In the pop-up, name your new composed model and select **Compose**. When the operation completes, your newly composed model should appear in the list.
++
+## Analyze a form
+
+Select the Analyze (light bulb) icon on the left to test your model. Select source 'Local file'. Browse for a file and select a file from the sample dataset that you unzipped in the test folder. Then choose the **Run analysis** button to get key/value pairs, text and tables predictions for the form. The tool will apply tags in bounding boxes and will report the confidence of each tag.
++
+> [!TIP]
+> You can also run the Analyze API with a REST call. To learn how to do this, see [Train with labels using Python](https://github.com/Azure-Samples/cognitive-services-quickstart-code/blob/master/python/FormRecognizer/rest/python-labeled-data.md).
+
+## Improve results
+
+Depending on the reported accuracy, you may want to do further training to improve the model. After you've done a prediction, examine the confidence values for each of the applied tags. If the average accuracy training value was high, but the confidence scores are low (or the results are inaccurate), you should add the prediction file to the training set, label it, and train again.
+
+The reported average accuracy, confidence scores, and actual accuracy can be inconsistent when the analyzed documents differ from documents used in training. Keep in mind that some documents look similar when viewed by people but can look distinct to the AI model. For example, you might train with a form type that has two variations, where the training set consists of 20% variation A and 80% variation B. During prediction, the confidence scores for documents of variation A are likely to be lower.
+
+## Save a project and resume later
+
+To resume your project at another time or in another browser, you need to save your project's security token and reenter it later.
+
+### Get project credentials
+
+Go to your project settings page (slider icon) and take note of the security token name. Then go to your application settings (gear icon), which shows all of the security tokens in your current browser instance. Find your project's security token and copy its name and key value to a secure location.
+
+### Restore project credentials
+
+When you want to resume your project, you first need to create a connection to the same blob storage container. To do so, repeat the steps above. Then, go to the application settings page (gear icon) and see if your project's security token is there. If it isn't, add a new security token and copy over your token name and key from the previous step. Select **Save** to retain your settings..
+
+### Resume a project
+
+Finally, go to the main page (house icon) and select **Open Cloud Project**. Then select the blob storage connection, and select your project's **.fott** file. The application will load all of the project's settings because it has the security token.
+
+## Next steps
+
+In this quickstart, you've learned how to use the Form Recognizer sample labeling tool to train a model with manually labeled data. If you'd like to build your own utility to label training data, use the REST APIs that deal with labeled data training.
+
+> [!div class="nextstepaction"]
+> [Train with labels using Python](https://github.com/Azure-Samples/cognitive-services-quickstart-code/blob/master/python/FormRecognizer/rest/python-labeled-data.md)
+
+* [What is Form Recognizer?](overview.md)
+* [Form Recognizer quickstart](quickstarts/client-library.md)
applied-ai-services Language Support https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/applied-ai-services/form-recognizer/language-support.md
+
+ Title: Language support - Form Recognizer
+
+description: Learn more about the human languages that are available with Form Recognizer.
++++++ Last updated : 05/10/2021+++
+# Language support for Form Recognizer
+
+ This table lists the written languages supported by each Form Recognizer service.
+
+<!-- markdownlint-disable MD001 -->
+<!-- markdownlint-disable MD024 -->
+
+## Layout and custom model
+
+|Language| Language code |
+|:--|:-:|
+|Afrikaans|`af`|
+|Albanian |`sq`|
+|Asturian |`ast`|
+|Basque |`eu`|
+|Bislama |`bi`|
+|Breton |`br`|
+|Catalan |`ca`|
+|Cebuano |`ceb`|
+|Chamorro |`ch`|
+|Chinese (Simplified) | `zh-Hans`|
+|Chinese (Traditional) | `zh-Hant`|
+|Cornish |`kw`|
+|Corsican |`co`|
+|Crimean Tatar (Latin) |`crh`|
+|Czech | `cs` |
+|Danish | `da` |
+|Dutch | `nl` |
+|English (printed and handwritten) | `en` |
+|Estonian |`et`|
+|Fijian |`fj`|
+|Filipino |`fil`|
+|Finnish | `fi` |
+|French | `fr` |
+|Friulian | `fur` |
+|Galician | `gl` |
+|German | `de` |
+|Gilbertese | `gil` |
+|Greenlandic | `kl` |
+|Haitian Creole | `ht` |
+|Hani | `hni` |
+|Hmong Daw (Latin) | `mww` |
+|Hungarian | `hu` |
+|Indonesian | `id` |
+|Interlingua | `ia` |
+|Inuktitut (Latin) | `iu` |
+|Irish | `ga` |
+|Italian | `it` |
+|Japanese | `ja` |
+|Javanese | `jv` |
+|KΓÇÖicheΓÇÖ | `quc` |
+|Kabuverdianu | `kea` |
+|Kachin (Latin) | `kac` |
+|Kara-Kalpak | `kaa` |
+|Kashubian | `csb` |
+|Khasi | `kha` |
+|Korean | `ko` |
+|Kurdish (latin) | `kur` |
+|Luxembourgish | `lb` |
+|Malay (Latin) | `ms` |
+|Manx | `gv` |
+|Neapolitan | `nap` |
+|Norwegian | `no` |
+|Occitan | `oc` |
+|Polish | `pl` |
+|Portuguese | `pt` |
+|Romansh | `rm` |
+|Scots | `sco` |
+|Scottish Gaelic | `gd` |
+|Slovenian | `slv` |
+|Spanish | `es` |
+|Swahili (Latin) | `sw` |
+|Swedish | `sv` |
+|Tatar (Latin) | `tat` |
+|Tetum | `tet` |
+|Turkish | `tr` |
+|Upper Sorbian | `hsb` |
+|Uzbek (Latin) | `uz` |
+|Volap├╝k | `vo` |
+|Walser | `wae` |
+|Western Frisian | `fy` |
+|Yucatec Maya | `yua` |
+|Zhuang | `za` |
+|Zulu | `zu` |
+
+## Prebuilt receipt and business card
+
+>[!NOTE]
+ > It's not necessary to specify a locale. This is an optional parameter. The Form Recognizer deep-learning technology will auto-detect the language of the text in your image.
+
+Pre-Built Receipt and Business Cards support all English receipts and business cards with the following locales:
+
+|Language| Locale code |
+|:--|:-:|
+|English (Australia)|`en-au`|
+|English (Canada)|`en-ca`|
+|English (United Kingdom)|`en-gb`|
+|English (India|`en-in`|
+|English (United States)| `en-us`|
+
+## Prebuilt invoice
+
+Language| Locale code |
+|:--|:-:|
+|English (United States)|en-us|
+
+## Prebuilt identity documents
+
+This technology is currently available for US driver licenses and the biographical page from international passports (excluding visa and other travel documents).
+
+> [!div class="nextstepaction"]
+> [Try Form Recognizer](https://aka.ms/fott-2.1-ga)
applied-ai-services Managed Identity Byos https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/applied-ai-services/form-recognizer/managed-identity-byos.md
+
+ Title: Create and use managed identity with bring-your-own-storage (BYOS)
+
+description: Understand how to create and use managed identity with BYOS accounts
+++++ Last updated : 07/08/2021+++
+# Create and use managed identity for your Form Recognizer resource
+
+> [!IMPORTANT]
+> Azure role-based access control (Azure RBAC) assignment is currently in preview and not recommended for production workloads. Certain features may not be supported or have constrained capabilities. Azure RBAC assignments are used to grant permissions for managed identity.
+
+## What is managed identity?
+
+Azure managed identity is a service principal that creates an Azure Active Directory (Azure AD) identity and specific permissions for Azure managed resources. You can use a managed identity to grant access to any resource that supports Azure AD authentication. To grant access, assign a role to a managed identity using [Azure role-based access control](../../role-based-access-control/overview.md) (Azure RBAC). There is no added cost to use managed identity in Azure.
+
+Managed identity supports both privately and publicly accessible Azure blob storage accounts. For storage accounts with public access, you can opt to use a shared access signature (SAS) to grant limited access. In this article, you'll learn to enable a system-assigned managed identity for your Form Recognizer instance.
+
+## Private storage account access
+
+ Private Azure storage account access and authentication is supported by [managed identities for Azure resources](../../active-directory/managed-identities-azure-resources/overview.md). If you have an Azure storage account protected by a Virtual Network (VNet) or firewall or have enabled bring-your-own-storage (BYOS), Form Recognizer cannot directly access your storage account data; however, once a managed identity is enabled, the Form Recognizer service can access your storage account using an assigned managed identity credential.
+
+> [!NOTE]
+>
+> * If you intend to analyze your storage data with the [**Form Recognizer sample labeling tool (FOTT)**](https://fott-2-1.azurewebsites.net/), you must deploy the tool behind your VNet or firewall.
+>
+> * The Analyze [**Receipt**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/AnalyzeReceiptAsync), [**Business Card**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/AnalyzeBusinessCardAsync), [**Invoice**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/5ed8c9843c2794cbb1a96291), [**Identity Document**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/5f74a7738978e467c5fb8707), and [**Custom Form**](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/AnalyzeWithCustomForm) APIs can extract data from a single document by posting requests as raw binary content. In these scenarios, there is no requirement for a managed identity credential.
+
+## Prerequisites
+
+To get started, you'll need:
+
+* An active [**Azure account**](https://azure.microsoft.com/free/cognitive-services/)ΓÇöif you don't have one, you can [**create a free account**](https://azure.microsoft.com/free/).
+
+* A [**Form Recognizer**](https://ms.portal.azure.com/#create/Microsoft.CognitiveServicesTextTranslation) or [**Cognitive Services**](https://ms.portal.azure.com/#create/Microsoft.CognitiveServicesAllInOne) resource in the Azure portal. For detailed steps, _see_ [Create a Cognitive Services resource using the Azure portal](../../cognitive-services/cognitive-services-apis-create-account.md?tabs=multiservice%2cwindows).
+
+* An [**Azure blob storage account**](https://ms.portal.azure.com/#create/Microsoft.StorageAccount-ARM). You will create containers to store and organize your blob data within your storage account. If the account has a firewall, you must have the [exception for trusted Azure services](../../storage/common/storage-network-security.md?tabs=azure-portal#manage-exceptions) checkbox enabled.
+
+ :::image type="content" source="media/managed-identities/allow-trusted-services-checkbox-portal-view.png" alt-text="Screenshot: allow trusted services checkbox, portal view":::
+
+* A brief understanding of [**Azure role-based access control (Azure RBAC)**](../../role-based-access-control/role-assignments-portal.md) using the Azure portal.
+
+## Managed identity assignments
+
+There are two types of managed identity: **system-assigned** and **user-assigned**. Currently, Form Recognizer is supported by system-assigned managed identity. A system-assigned managed identity is **enabled** directly on a service instance. It is not enabled by default; you have to go to your resource and update the identity setting. The system-assigned managed identity is tied to your resource throughout its lifecycle. If you delete your resource, the managed identity will be deleted as well.
+
+In the following steps, we will enable a system-assigned managed identity and grant Form Recognizer limited access to your Azure blob storage account.
+
+## Enable a system-assigned managed identity
+
+>[!IMPORTANT]
+>
+> To enable a system-assigned managed identity, you need **Microsoft.Authorization/roleAssignments/write** permissions, such as [**Owner**](../../role-based-access-control/built-in-roles.md#owner) or [**User Access Administrator**](../../role-based-access-control/built-in-roles.md#user-access-administrator). You can specify a scope at four levels: management group, subscription, resource group, or resource.
+
+1. Sign in to the [Azure portal](https://portal.azure.com) using an account associated with your Azure subscription.
+
+1. Navigate to your **Form Recognizer** resource page in the Azure portal.
+
+1. In the left rail, Select **Identity** from the **Resource Management** list:
+
+ :::image type="content" source="media/managed-identities/resource-management-identity-tab.png" alt-text="Screenshot: resource management identity tab in the Azure portal.":::
+
+1. In the main window, toggle the **System assigned Status** tab to **On**.
+
+1. Under **Permissions** select **Azure role assignments**:
+
+ :::image type="content" source="media/managed-identities/enable-system-assigned-managed-identity-portal.png" alt-text="Screenshot: enable system-assigned managed identity in Azure portal.":::
+
+1. An Azure role assignments page will open. Choose your subscription from the drop-down menu then select **&plus; Add role assignment**.
+
+ :::image type="content" source="media/managed-identities/azure-role-assignments-page-portal.png" alt-text="Screenshot: Azure role assignments page in the Azure portal.":::
+
+ > [!NOTE]
+ >
+ > If you're unable to assign a role in the Azure portal because the Add > Add role assignment option is disabled or you get the permissions error, "you do not have permissions to add role assignment at this scope", check that you're currently signed in as a user with an assigned a role that has Microsoft.Authorization/roleAssignments/write permissions such as Owner or User Access Administrator at the Storage scope for the storage resource.
+
+ 7. Next, you're going to assign a **Storage Blob Data Reader** role to your Form Recognizer service resource. In the **Add role assignment** pop-up window complete the fields as follows and select **Save**:
+
+ | Field | Value|
+ ||--|
+ |**Scope**| ***Storage***|
+ |**Subscription**| ***The subscription associated with your storage resource***.|
+ |**Resource**| ***The name of your storage resource***|
+ |**Role** | ***Storage Blob Data Reader***ΓÇöallows for read access to Azure Storage blob containers and data.|
+
+ :::image type="content" source="media/managed-identities/add-role-assignment-window.png" alt-text="Screenshot: add role assignments page in the Azure portal.":::
+
+1. After you've received the _Added Role assignment_ confirmation message, refresh the page to see the added role assignment.
+
+ :::image type="content" source="media/managed-identities/add-role-assignment-confirmation.png" alt-text="Screenshot: Added role assignment confirmation pop-up message.":::
+
+1. If you don't see the change right away, wait and try refreshing the page once more. When you assign or remove role assignments, it can take up to 30 minutes for changes to take effect.
+
+ :::image type="content" source="media/managed-identities/assigned-roles-window.png" alt-text="Screenshot: Azure role assignments window.":::
+
+ That's it! You have completed the steps to enable a system-assigned managed identity. With this identity credential, you can grant Form Recognizer specific access rights to documents and files stored in your BYOS account.
+
+## Learn more about managed identity
+
+> [!div class="nextstepaction"]
+> [Managed identities for Azure resources: frequently asked questions - Azure AD](../../active-directory/managed-identities-azure-resources/managed-identities-faq.md)
applied-ai-services Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/applied-ai-services/form-recognizer/overview.md
+
+ Title: What is Azure Form Recognizer?
+
+description: The Azure Form Recognizer service allows you to identify and extract key/value pairs and table data from your form documents, as well as extract major information from sales receipts and business cards.
+++++ Last updated : 03/15/2021++
+keywords: automated data processing, document processing, automated data entry, forms processing
+#Customer intent: As a developer of form-processing software, I want to learn what the Form Recognizer service does so I can determine if I should use it.
++
+# What is Azure Form Recognizer?
++
+Azure Form Recognizer is a part of [Azure Applied AI Services](../../applied-ai-services/index.yml) that lets you build automated data processing software using machine learning technology. Identify and extract text, key/value pairs, selection marks, tables, and structure from your documents&mdash;the service outputs structured data that includes the relationships in the original file, bounding boxes, confidence and more. You quickly get accurate results that are tailored to your specific content without heavy manual intervention or extensive data science expertise. Use Form Recognizer to automate data entry in your applications and enrich your documents search capabilities.
+
+Form Recognizer is composed of custom document processing models, prebuilt models for invoices, receipts, IDs and business cards, and the layout model. You can call Form Recognizer models by using a REST API or client library SDKs to reduce complexity and integrate it into your workflow or application.
+
+This documentation contains the following article types:
+
+* [**Concepts**](concept-layout.md) provide in-depth explanations of the service functionality and features.
+* [**Quickstarts**](quickstarts/client-library.md) are getting-started instructions to guide you through making requests to the service.
+* [**How-to guides**](build-training-data-set.md) contain instructions for using the service in more specific or customized ways.
+* [**Tutorials**](tutorial-ai-builder.md) are longer guides that show you how to use the service as a component in broader business solutions.
+
+## Form Recognizer features
+
+With Form Recognizer, you can easily extract and analyze document data with these features:
+
+### [Layout](concept-layout.md)
+
+Extract text, selection marks, and tables structures, along with their bounding box coordinates, from documents.
+
+Form Recognizer can extract text, selection marks, and table structure (the row and column numbers associated with the text) using high-definition optical character recognition (OCR) and an enhanced deep learning model from documents.
++
+### [Custom models](concept-custom.md)
+
+Extract text, key/value pairs, selection marks, and table data from forms. These models are trained with your own data, so they're tailored to your forms.
+
+Form Recognizer custom models train to your own data, and you only need five sample input forms to start. A trained document processing model can output structured data that includes the relationships in the original form document. After you train the model, you can test and retrain it and eventually use it to reliably extract data from more forms according to your needs.
+
+You have the following options when you train custom models: training with labeled data and without labeled data.
+
+#### Train without labels
+
+Form Recognizer uses unsupervised learning to understand the layout and relationships between fields and entries in your forms. When you submit your input forms, the algorithm clusters the forms by type, discovers what keys and tables are present, and associates values to keys and entries to tables. Training without labels doesn't require manual data labeling or intensive coding and maintenance, and we recommend you try this method first.
+
+See [Build a training data set](./build-training-data-set.md) for tips on how to collect your training documents.
+
+#### Train with labels
+
+When you train with labeled data, the model uses supervised learning to extract values of interest, using the labeled forms you provide. Labeled data results in better-performing models and can produce models that work with complex forms or forms containing values without keys.
+
+Form Recognizer uses the [Layout](#layout) API to learn the expected sizes and positions of printed and handwritten text elements and extract tables. Then it uses user-specified labels to learn the key/value associations and tables in the documents. We recommend that you use five manually labeled forms of the same type (same structure) to get started when training a new model and add more labeled data as needed to improve the model accuracy. Form Recognizer enables training a model to extract key value pairs and tables using supervised learning capabilities.
+
+[Get started with Train with labels](label-tool.md)
+
+> [!VIDEO https://channel9.msdn.com/Shows/Docs-Azure/Azure-Form-Recognizer/player]
++
+### Prebuilt models
+
+ Form Recognizer also includes Prebuilt models for automated data processing of receipts, business cards, invoices, and identity documents.
+
+### [Receipts](concept-receipts.md)
+
+The Prebuilt Receipt model is used for reading English sales receipts from Australia, Canada, Great Britain, India, and the United States&mdash;the type used by restaurants, gas stations, retail, and so on. This model extracts key information such as the time and date of the transaction, merchant information, amounts of taxes, line items, totals and more. In addition, the prebuilt receipt model is trained to analyze and return all of the text on a receipt.
++
+### [Business cards](concept-business-cards.md)
+
+The Business Cards model enables you to extract information such as the person's name, job title, address, email, company, and phone numbers from business cards in English.
++
+### [Invoices](concept-invoices.md)
+
+The Prebuilt Invoice model extracts data from invoices in various formats and returns structured data. This model extracts key information such as the invoice ID, customer details, vendor details, ship to, bill to, total, tax, subtotal, line items and more. In addition, the prebuilt invoice model is trained to analyze and return all of the text and tables on the invoice.
++
+### [Identity documents](concept-identification-cards.md)
+
+The Identity documents (ID) model enables you to extract key information from world-wide passports and US driver licenses. It extracts data such as the document ID, expiration date of birth, date of expiration, name, country, region, machine-readable zone and more.
++
+## Get started
+
+Use the Sample Form Recognizer Tool to try out Layout, Pre-built models and train a custom model for your documents. You will need an Azure subscription ([**create one for free**](https://azure.microsoft.com/free/cognitive-services)) and a [**Form Recognizer resource**](https://ms.portal.azure.com/#create/Microsoft.CognitiveServicesFormRecognizer) endpoint and key to try out the Form Recognizer service.
+
+>
+> [!div class="nextstepaction"]
+> [Try Form Recognizer](https://aka.ms/fott-2.1-ga/)
+>
+
+Follow the [client library / REST API quickstart](./quickstarts/client-library.md) to get started extracting data from your documents. We recommend that you use the free service when you're learning the technology. Remember that the number of free pages is limited to 500 per month.
+
+Explore the [REST API reference documentation](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-1/operations/AnalyzeWithCustomForm) to learn more. If you're familiar with a previous version of the API, see the [What's new](./whats-new.md) article to learn about recent changes.
+
+## Input requirements
++
+## Service availability and redundancy
+
+### Is Form Recognizer service zone-resilient?
+
+Yes. The Form Recognizer service is zone-resilient by default.
+
+### How do I configure the Form Recognizer service to be zone-resilient?
+
+No customer configuration is necessary to enable zone-resiliency. Zone-resiliency for Form Recognizer resources is available by default and managed by the service itself.
+
+## Data privacy and security
+
+* As with all the cognitive services, developers using the Form Recognizer service should be aware of Microsoft policies on customer data. See the [Cognitive Services page](https://www.microsoft.com/trustcenter/cloudservices/cognitiveservices) on the Microsoft Trust Center to learn more.
+
+* Form Recognizer doesn't store or process customer data outside the region where the customer deploys the service instance.
+
+## Next steps
+
+Try our online tool and quickstart to learn more about the Form Recognizer service.
+
+* [**Form Recognizer tool**](https://aka.ms/fott-2.1-ga)
+* [**Client library and REST API quickstart**](quickstarts/client-library.md)
applied-ai-services Client Library https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/applied-ai-services/form-recognizer/quickstarts/client-library.md
+
+ Title: "Quickstart: Form Recognizer client library or REST API"
+
+description: Use the Form Recognizer client library or REST API to create a forms processing app that extracts key/value pairs and table data from your custom documents.
++++++ Last updated : 04/14/2021+
+zone_pivot_groups: programming-languages-set-formre
++
+keywords: forms processing, automated data processing
++
+# Quickstart: get started with the client library SDKs or REST API
+
+Get started with Azure Form Recognizer using the programming language of your choice. Azure Form Recognizer is an [Azure Applied AI Service](../../../applied-ai-services/index.yml) that lets you build automated data processing software using machine learning technology. Identify and extract text, key/value pairs, selection marks, table data, and more from your form documents&mdash;the service outputs structured data that includes the relationships in the original file. You can use Form Recognizer via the REST API or SDK. We recommend that you use the free service when you're learning the technology. Remember that the number of free pages is limited to 500 per month.
+
+You'll use the following APIs to extract structured data from forms and documents:
+
+* [Authenticate the client](#authenticate-the-client)
+* [Analyze Layout](#analyze-layout)
+* [Analyze receipts](#analyze-receipts)
+* [Analyze business cards](#analyze-business-cards)
+* [Analyze invoices](#analyze-invoices)
+* [Analyze identity documents](#analyze-identity-documents)
+* [Train a custom model](#train-a-custom-model)
+* [Analyze forms with a custom model](#analyze-forms-with-a-custom-model)
+* [Manage custom models](#manage-custom-models)
+++++++++++++++
applied-ai-services Get Started With Form Recognizer https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/applied-ai-services/form-recognizer/quickstarts/get-started-with-form-recognizer.md
+
+ Title: "Quickstart: Label forms, train a model, and analyze forms using the sample labeling tool - Form Recognizer"
+
+description: In this quickstart, you'll use the Form Recognizer sample labeling tool to manually label form documents. Then you'll train a custom document processing model with the labeled documents and use the model to extract key/value pairs.
+++++ Last updated : 05/14/2021++
+keywords: document processing
+
+<!-- markdownlint-disable MD001 -->
+<!-- markdownlint-disable MD024 -->
+<!-- markdownlint-disable MD033 -->
+<!-- markdownlint-disable MD034 -->
+<!-- markdownlint-disable MD029 -->
+# Get started with Form Recognizer
+
+Get started with the Form Recognizer using the Form Recognizer Sample Tool. Azure Form Recognizer is a cognitive service that lets you build automated data processing software using machine learning technology. Identify and extract text, key/value pairs, selection marks, table data and more from your form documentsΓÇöthe service outputs structured data that includes the relationships in the original file. You can use Form Recognizer via the sample tool or REST API or SDK. Follow these steps to try out Form Recognizer via the sample tool.
+
+Use Form Recognizer to:
+
+* Analyze Layout
+* Analyze using a Prebuilt model (invoices, receipts, ID documents)
+* Train & Analyze a custom Form
+
+## Prerequisites
+
+To complete this quickstart, you must have:
+
+* Azure subscription - [Create one for free](https://azure.microsoft.com/free/cognitive-services)
+* Once you have your Azure subscription, <a href="https://ms.portal.azure.com/#create/Microsoft.CognitiveServicesFormRecognizer" title="Create a Form Recognizer resource" target="_blank">create a Form Recognizer resource </a> in the Azure portal to get your key and endpoint.
+ * You can use the free pricing tier (`F0`) to try the service, and upgrade later to a paid tier for production.
+* (Optional) download and unzip the following quickstart sample documents
+
+## Create a Form Recognizer resource
++
+## Analyze Layout
+
+Extract text, tables, selection marks and structure from a document.
+
+1. Go to the [Form Recognizer Sample Tool](https://fott-2-1.azurewebsites.net/)
+2. At the sample tool home page select "use layout to get text, tables and selection marks"
+
+ :::image type="content" source="../media/label-tool/layout-1.jpg" alt-text="Connection settings for Layout Form Recognizer tool.":::
+
+3. Replace {need Endpoint} with the endpoint that you obtained with your Form Recognizer subscription.
+
+4. Replace {need apiKey} with the subscription key you obtained from your Form Recognizer resource.
+
+ :::image type="content" source="../media/label-tool/layout-2.jpg" alt-text="Connection settings of Layout Form Recognizer tool.":::
+
+5. Select source url, paste the following url of the sample document `https://raw.githubusercontent.com/Azure-Samples/cognitive-services-REST-api-samples/master/curl/form-recognizer/layout-page-001.jpg` click the Fetch button.
+
+1. Click "Run Layout"
+The Form Recognizer sample labeling tool will call the Analyze Layout API and analyze the document.
+
+1. View the results - see the highlighted text extracted, selection marks detected and tables detected.
+
+ :::image type="content" source="../media/label-tool/layout-3.jpg" alt-text="Connection settings for Form Recognizer tool.":::
+
+1. Download the JSON output file to view the detailed Layout Results.
+ * The "readResults" node contains every line of text with its respective bounding box placement on the page.
+ * The "selectionMarks" node shows every selection mark (checkbox, radio mark) and whether its status is "selected" or "unselected".
+ * The "pageResults" section includes the tables extracted. For each table, the text, row, and column index, row and column spanning, bounding box, and more are extracted.
+
+## Analyze using a Prebuilt model (Invoices, Receipts, IDs ..)
+
+Extract text, tables and key value pairs from invoices, sales receipts, identity documents, or business cards using a Form Recognizer Prebuilt model.
+
+1. Go to the [Form Recognizer Sample Tool](https://fott-2-1.azurewebsites.net/)
+2. At the sample tool home page select "use prebuilt model to get data"
+
+ :::image type="content" source="../media/label-tool/prebuilt-1.jpg" alt-text="Analyze results of Form Recognizer Layout":::
+
+3. Select source url
+
+4. Choose the file you would like to analyze from the below options:
+
+ * A URL for an image of an invoice. You can use a [sample invoice document](https://raw.githubusercontent.com/Azure/azure-sdk-for-python/master/sdk/formrecognizer/azure-ai-formrecognizer/samples/sample_forms/forms/Invoice_1.pdf) for this quickstart.
+ * A URL for an image of a receipt. You can use a [sample ID document](https://raw.githubusercontent.com/Azure-Samples/cognitive-services-REST-api-samples/master/curl/form-recognizer/id-license.jpg) for this quickstart.
+ * A URL for an image of a receipt. You can use a [sample receipt image](https://raw.githubusercontent.com/Azure-Samples/cognitive-services-REST-api-samples/master/curl/form-recognizer/contoso-allinone.jpg) for this quickstart.
+ * A URL for an image of a business card. You can use a [sample business card image](https://raw.githubusercontent.com/Azure/azure-sdk-for-python/master/sdk/formrecognizer/azure-ai-formrecognizer/samples/sample_forms/business_cards/business-card-english.jpg) for this quickstart.
+
+5. Replace {need Endpoint} with the endpoint that you obtained with your Form Recognizer subscription.
+
+6. Replace {need apiKey} with the subscription key you obtained from your Form Recognizer resource.
+
+ :::image type="content" source="../media/label-tool/prebuilt-3.jpg" alt-text="Connection settings of Prebuilt Form Recognizer tool.":::
+
+7. Select the Form Type you would like to analyze - invoice, receipt, business cards or ID based on the type of document you want to analyze and selected.
+
+8. Click "Run analysis". The Form Recognizer sample labeling tool will call the Analyze Prebuilt API and analyze the document.
+9. View the results - see the key value pairs extracted, line items, highlighted text extracted and tables detected.
+
+ :::image type="content" source="../media/label-tool/prebuilt-2.jpg" alt-text="Analyze Results of Form Recognizer Prebuilt Invoice":::
+
+10. Download the JSON output file to view the detailed results.
+
+ * The "readResults" node contains every line of text with its respective bounding box placement on the page.
+ * The "selectionMarks" node shows every selection mark (checkbox, radio mark) and whether its status is "selected" or "unselected".
+ * The "pageResults" section includes the tables extracted. For each table, the text, row, and column index, row and column spanning, bounding box, and more are extracted.
+ * The "documentResults" field contains key/value pairs information and line items information for the most relevant parts of the document.
+
+## Train a custom form model
+
+Train a custom form model tailored to your documents. Extract text, tables, selection marks and key value pairs from your documents with Form Recognizer Custom.
+
+### Prerequisites for training a custom form model
+
+* An Azure Storage blob container that contains a set of training data. First, make sure all the training documents are of the same format. If you have forms in multiple formats, organize them into subfolders based on common format. For this quickstart, you can use the files under the Train folder of the [sample data set](https://github.com/Azure-Samples/cognitive-services-REST-api-samples/blob/master/curl/form-recognizer/sample_data_without_labels.zip) (download and extract sample_data.zip).
+* Configure cross-domain resource sharing (CORS) on the Azure Storage blob
+Enable CORS on your storage account. Select your storage account in the Azure portal and then choose the **CORS** tab on the left pane. On the bottom line, fill in the following values. Select **Save** at the top. </br></br>
+
+ * Allowed origins = *
+ * Allowed methods = \[select all\]
+ * Allowed headers = *
+ * Exposed headers = *
+ * Max age = 200
+
+> [!div class="mx-imgBorder"]
+> ![CORS setup in the Azure portal](../media/label-tool/cors-setup.png)
+
+### Use the sample labeling tool
+
+1. Go to the [Form Recognizer Sample Tool](https://fott-2-1.azurewebsites.net/)
+
+1. At the sample tool home page select "use custom form to train a model with labels and get key value pairs"
+
+ :::image type="content" source="../media/label-tool/custom-1.jpg" alt-text="Train a custom model.":::
+
+2. Select "New Project"
+
+#### Create a new project
+
+Configure the project settings fill in the fields with the following values:
+
+* **Display Name** - the project display name
+* **Security Token** - Some project settings can include sensitive values, such as API keys or other shared secrets. Each project will generate a security token that can be used to encrypt/decrypt sensitive project settings. You can find security tokens in the Application Settings by selecting the gear icon at the bottom of the left navigation bar.
+
+* **Source connection** - The sample labeling tool connects to a source (your original uploaded forms) and a target (created labels and output data). Connections can be set up and shared across projects. They use an extensible provider model, so you can easily add new source/target providers. Create a new connection, click the **Add Connection** button. Fill in the fields with the following values:
+ * **Display Name** - The connection display name.
+ * **Description** - Your project description.
+ * **SAS URL** - The shared access signature (SAS) URL of your Azure Blob Storage container.
+
+ * [!INCLUDE [get SAS URL](../includes/sas-instructions.md)]
+
+ :::image type="content" source="../media/quickstarts/get-sas-url.png" alt-text="SAS location.":::
+
+* **Folder Path** -- Optional - If your source forms are located in a folder on the blob container, specify the folder name here
+* **Form Recognizer Service Uri** - Your Form Recognizer endpoint URL.
+* **API Key** - Your Form Recognizer subscription key.
+* **Description** - Optional - Project description
+
+ :::image type="content" source="../media/label-tool/connections.png" alt-text="Connection settings":::
+
+#### Label your forms
+
+ :::image type="content" source="../media/label-tool/new-project.png" alt-text="New project page":::
+
+When you create or open a project, the main tag editor window opens. The tag editor consists of three parts:
+
+* A resizable preview pane that contains a scrollable list of forms from the source connection.
+* The main editor pane that allows you to apply tags.
+* The tags editor pane that allows users to modify, lock, reorder, and delete tags.
+
+##### Identify text and tables
+
+Select **Run OCR on all files** on the left pane to get the text and table layout information for each document. The labeling tool will draw bounding boxes around each text element.
+
+The labeling tool will also show which tables have been automatically extracted. Select the table/grid icon on the left hand of the document to see the extracted table. In this quickstart, because the table content is automatically extracted, we will not be labeling the table content, but rather rely on the automated extraction.
+
+ :::image type="content" source="../media/label-tool/table-extraction.png" alt-text="Table visualization in sample labeling tool.":::
+
+##### Apply labels to text
+
+Next, you will create tags (labels) and apply them to the text elements that you want the model to analyze. Note the sample label data set includes labeled fields already we will add another field.
+
+1. First, use the tags editor pane to create a new tag you'd like to identify.
+ 1. Select **+** to create a new tag.
+ 1. Enter the tag name. Add a 'Total' tag
+ 1. Press Enter to save the tag.
+1. In the main editor, select the total value from the highlighted text elements.
+1. Select the Total tag you want to apply to the value, or press the corresponding keyboard key. The number keys are assigned as hotkeys for the first 10 tags. You can reorder your tags using the up and down arrow icons in the tag editor pane.
+
+ > [!Tip]
+ > Keep the following tips in mind when you're labeling your forms:
+ >
+ > * You can only apply one tag to each selected text element.
+ > * Each tag can only be applied once per page. If a value appears multiple times on the same form, create different tags for each instance. For example: "invoice# 1", "invoice# 2" and so on.
+ > * Tags cannot span across pages.
+ > * Label values as they appear on the form; don't try to split a value into two parts with two different tags. For example, an address field should be labeled with a single tag even if it spans multiple lines.
+ > * Don't include keys in your tagged fields&mdash;only the values.
+ > * Table data should be detected automatically and will be available in the final output JSON file in the 'pageResults' section. However, if the model fails to detect all of your table data, you can also label and train a model to detect tables, see How to train and label << route to the how to >>
+ > * Use the buttons to the right of the **+** to search, rename, reorder, and delete your tags.
+ > * To remove an applied tag without deleting the tag itself, select the tagged rectangle on the document view and press the delete key.
+ >
+
+Follow the steps above to label for the five forms in the sample dataset.
+
+ :::image type="content" source="../media/label-tool/custom-1.jpg" alt-text="Label the samples.":::
+
+#### Train a custom model
+
+Choose the Train icon on the left pane to open the Training page. Then select the **Train** button to begin training the model. Once the training process completes, you'll see the following information:
+
+* **Model ID** - The ID of the model that was created and trained. Each training call creates a new model with its own ID. Copy this string to a secure location; you'll need it if you want to do prediction calls through the [REST API](./client-library.md?pivots=programming-language-rest-api) or [client library](./client-library.md).
+* **Average Accuracy** - The model's average accuracy. You can improve model accuracy by labeling additional forms and retraining to create a new model. We recommend starting by labeling five forms analyzing and testing the results and then if needed adding more forms as needed.
+* The list of tags, and the estimated accuracy per tag.
+
+ :::image type="content" source="../media/label-tool/custom-3.jpg" alt-text="Training view tool.":::
+
+
+
+#### Analyze a custom form
+
+Select the Analyze (light bulb) icon on the left to test your model. Select source 'Local file'. Browse for a file and select a file from the sample dataset that you unzipped in the test folder. Then choose the **Run analysis** button to get key/value pairs, text and tables predictions for the form. The tool will apply tags in bounding boxes and will report the confidence of each tag.
+
+ :::image type="content" source="../media/analyze.png" alt-text="Training view.":::
+
+## Next steps
+
+In this quickstart, you've learned how to use the Form Recognizer sample tool to try out Layout, Pre-built and train a custom model and analyze a custom form with manually labeled data. Now you can try the client library SDK or REST API to use Form Recognizer.
+
+> [!div class="nextstepaction"]
+> [Explore Form Recognizer client library SDK and REST API quickstart](client-library.md)
applied-ai-services Resource Customer Stories https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/applied-ai-services/form-recognizer/resource-customer-stories.md
+
+ Title: Customer spotlight
+
+description: Highlight customer stories with Form Recognizer.
++++++ Last updated : 05/10/2021+++
+# Customer spotlight
+
+The following customers and partners have adopted Form Recognizer across a wide range of business and technical scenarios.
+
+| Customer/Partner | Description | Link |
+||-|-|
+| <font size=5>Acumatica</font>| [**Acumatica**](https://www.acumatica.com/) is a technology provider that develops cloud- and browser-based enterprise resource planning (ERP) software for small and medium-sized businesses (SMBs). To bring expense claims into the modern age, Acumatica incorporated Form Recognizer, part of Microsoft Azure Cognitive Services, into its native application. By using the prebuilt receipt API and machine learning capabilities in Form Recognizer to automatically extract data from receipts, AcumaticaΓÇÖs customers can file multiple, error-free claims in a matter of seconds, freeing up more time to focus on whatΓÇÖs important. | [Customer story](https://customers.microsoft.com/story/762684-acumatica-partner-professional-services-azure) |
+|<font size=5> Arkas Logistics</font> | [**Arkas Logistics**](http://www.arkaslojistik.com.tr/) operates in one of the main business lines of Arkas Holding, Turkey's leading institution operating in 23 countries. Arkas Logistics provides outstanding "complete logisticsΓÇ¥ services, maintains the continuity of the supply chain, and continues to provide uninterrupted service thanks to its focus on contactless operation and digitalization steps taken during the COVID-19 crisisΓÇöpowered by Microsoft solutions. | [Customer story](https://customers.microsoft.com/story/842149-arkas-logistics-transportation-azure-en-turkey ) |
+|<font size=5>Automation Anywhere</font>| [**Automation Anywhere**](https://www.automationanywhere.com/) is on a singular and unwavering mission to democratize automation and create a better future for everyone, liberating people from mundane, repetitive tasks, and allowing them more time to use their intellect and creativity with cloud-native robotic process automation (RPA)software. To protect the citizens of the United Kingdom, healthcare providers must process tens of thousands of COVID-19 tests daily, each one accompanied by a form for the World Health Organization (WHO). Manually completing and processing these forms would potentially slow testing and divert resources away from patient care. In response, Automation Anywhere bui