+| Australia East| ✅ | | | |✅ | ✅| ✅|

+ endpoint = "<your_custom_subdomain>.cognitiveservices.azure.com"

+ conn = http.client.HTTPSConnection(endpoint)

+ "reasoning": False

+* **Variation**. Custom generative models can generalize across different document templates of the same document type. As a best practice, create a single model for all variations of a document type. Ideally, include a visual template for each type, especially for ones that involve distinct formatting or structural elements, to improve the model's accuracy and consistency in generating or processing documents.

+* Uniform Residential Appraisal Report (Form 1004)

+* Verification of employment form (Form 1005)

+|**Mortgage model**|&bullet; [**Document Intelligence Studio**](https://formrecognizer.appliedai.azure.com)</br>&bullet; [**REST API**](/rest/api/aiservices/operation-groups?view=rest-aiservices-v4.0%20(2024-07-31-preview)&preserve-view=true)</br>&bullet; [**C# SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>&bullet; [**Python SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>&bullet; [**Java SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)</br>&bullet; [**JavaScript SDK**](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-4.0.0&preserve-view=true)|**&bullet; prebuilt-mortgage.us.1003</br>&bullet; prebuilt-mortgage.us.1004</br>&bullet; prebuilt-mortgage.us.1005</br>&bullet; prebuilt-mortgage.us.1008</br>&bullet; prebuilt-mortgage.us.closingDisclosure**|

+

+Assistants automatically truncate text to ensure it stays within the model's maximum context length. You can customize this behavior by specifying the maximum tokens you'd like a run to utilize and/or the maximum number of recent messages you'd like to include in a run.

+For example, initiating a Run with `max_prompt_tokens` set to 500 and `max_completion_tokens` set to 1000 means the first completion will truncate the thread to 500 tokens and cap the output at 1,000 tokens. If only 200 prompt tokens and 300 completion tokens are used in the first completion, the second completion will have available limits of 300 prompt tokens and 700 completion tokens.

+You can also specify a truncation strategy to control how your thread should be rendered into the model's context window. Using a truncation strategy of type `auto` will use OpenAI's default truncation strategy. Using a truncation strategy of type `last_messages` will allow you to specify the number of the most recent messages to include in the context window.

+With the improved quality of content from generative AI models, there is an increased need for more transparency on the origin of AI-generated content. All AI-generated images from Azure OpenAI Service now include Content Credentials, a tamper-evident way to disclose the origin and history of content. Content Credentials are based on an open technical specification from the [Coalition for Content Provenance and Authenticity (C2PA)](https://www.c2pa.org), a Joint Development Foundation project.

+| `"softwareAgent"` | This field has a value of `"Azure OpenAI DALL-E"` for all images generated by DALL-E series models in Azure OpenAI Service. |

+Content Credentials in the Azure OpenAI Service can help people understand when visual content is AI-generated. For more information on how to responsibly build solutions with Azure OpenAI Service image-generation models, visit the [Azure OpenAI transparency note](/legal/cognitive-services/openai/transparency-note?tabs=text).

+> [!IMPORTANT]

+> Vision enhancements preview features including Optical Character Recognition (OCR), object grounding, video prompts will be retired and no longer available once `gpt-4` Version: `vision-preview` is upgraded to `turbo-2024-04-09`. If you are currently relying on any of these preview features, this automatic model upgrade will be a breaking change.

+ * vision-preview (Vision enhancements feature will no longer be supported once this model is retired/upgraded.)

+1. After you've tested your copilot, you can provision, deploy, and publish your Teams app by selecting the **Teams Toolkit Extension** on the left pane in Visual Studio Code. Run the separate provision, deploy, and publish stages in the **Lifecycle** section. You might be asked to sign in to your Microsoft 365 account where you have permissions to upload custom apps and your Azure Account.

+You can define a role that you want your assistant. For example, if you are building a support bot, you can add *"You are an expert incident support assistant that helps users solve new issues."*

+* Define the topic or scope of your dataset, like "financial report," "academic paper," or "incident report." For example, for technical support you might add *"You answer queries using information from similar incidents in the retrieved documents."*

+* If your data has certain characteristics, you can add these details to the system message. For example, if your documents are in Japanese, you can add *"You retrieve Japanese documents and you should read them carefully in Japanese and answer in Japanese."*

+* If your documents include structured data like tables from a financial report, you can also add this fact into the system prompt. For example, if your data has tables, you might add *"You are given data in form of tables pertaining to financial results and you should read the table line by line to perform calculations to answer user questions."*

+You can also change the model's output by defining a system message. For example, if you want to ensure that the assistant answers are in French, you can add a prompt like *"You are an AI assistant that helps users who understand French find information. The user questions can be in English or French. Please read the retrieved documents carefully and answer them in French. Please translate the knowledge from documents to French to ensure all answers are in French."*

+Azure OpenAI On Your Data works by sending instructions to a large language model in the form of prompts to answer user queries using your data. If there is a certain behavior that is critical to the application, you can repeat the behavior in system message to increase its accuracy. For example, to guide the model to only answer from documents, you can add "*Please answer using retrieved documents only, and without using your knowledge. Please generate citations to retrieved documents for every claim in your answer. If the user question cannot be answered using retrieved documents, please explain the reasoning behind why documents are relevant to user queries. In any case, don't answer using your own knowledge."*

+There are many tricks in prompt engineering that you can try to improve the output. One example is chain-of-thought prompting where you can add *"LetΓÇÖs think step by step about information in retrieved documents to answer user queries. Extract relevant knowledge to user queries from documents step by step and form an answer bottom up from the extracted information from relevant documents."*

+Each user message can translate to multiple search queries, all of which get sent to the search resource in parallel. This can produce throttling behavior when the number of search replicas and partitions is low. The maximum number of queries per second that a single partition and single replica can support might not be sufficient. In this case, consider increasing your replicas and partitions, or adding sleep/retry logic in your application. See the [Azure AI Search documentation](../../../search/performance-benchmarks.md) for more information.

+The dashboards are grouped into four categories: **HTTP Requests**, **Tokens-Based Usage**, **PTU Utilization**, and **Fine-tuning**.

+> Usage tiers only apply to standard and global standard deployment types. Usage tiers do not apply to global batch and provisioned throughput deployments.

+These links reference the OpenAI API for Python. There's no Azure-specific OpenAI Python SDK. [Learn how to switch between the OpenAI services and Azure OpenAI services](/azure/ai-services/openai/how-to/switching-endpoints).

+In this quickstart, you can use your own data with Azure OpenAI models. Using Azure OpenAI's models on your data can provide you with a powerful conversational AI platform that enables faster and more accurate communication.

+- [Long Term Support (LTS) versions of Node.js](https://github.com/nodejs/release#release-schedule)

+ Title: Convert speech to text with Azure OpenAI Service

+description: Learn how to use the Azure OpenAI Whisper model for speech to text conversion.

+This quickstart explains how to use the [Azure OpenAI Whisper model](../speech-service/whisper-overview.md) for speech to text conversion. The Whisper model can transcribe human speech in numerous languages, and it can also translate other languages into English.

+The file size limit for the Whisper model is 25 MB. If you need to transcribe a file larger than 25 MB, you can use the Azure AI Speech [batch transcription](../speech-service/batch-transcription-create.md#use-a-whisper-model) API.

+> [!NOTE]

+> The OpenAI Whisper model is currently in Limited Access Public Preview.

+- An Azure subscription. You can [create one for free](https://azure.microsoft.com/free/cognitive-services?azure-portal=true).

+- An Azure OpenAI resource with a Whisper model deployed in a [supported region](./concepts/models.md#whisper-models). For more information, see [Create a resource and deploy a model with Azure OpenAI](how-to/create-resource.md).

+To successfully make a call against Azure OpenAI, you need an *endpoint* and a *key*.

+* To learn how to convert audio data to text in batches, see [Create a batch transcription](../speech-service/batch-transcription-create.md).

+* For more examples, check out the [Azure OpenAI Samples GitHub repository](https://aka.ms/AOAICodeSamples).

+Built-in prompt used by the Large Language Model judge to score this metric:

+Built-in prompt used by the Large Language Model judge to score this metric (For question answering data format):

+Built-in prompt used by the Large Language Model judge to score this metric (For conversation data format) (without Ground Truth available):

+Built-in prompt used by the Large Language Model judge to score this metric (For conversation data format) (with Ground Truth available):

+Built-in prompt used by the Large Language Model judge to score this metric:

+Built-in prompt used by the Large Language Model judge to score this metric:

+Built-in prompt used by the Large Language Model judge to score this metric:

+Built-in prompt used by the Large Language Model judge to score this metric:

+- You need a local copy of product data. The [Azure-Samples/rag-data-openai-python-promptflow repository on GitHub](https://github.com/Azure-Samples/rag-data-openai-python-promptflow/) contains sample retail product information that's relevant for this tutorial scenario. [Download the example Contoso Trek retail product data in a ZIP file](https://github.com/Azure-Samples/rag-data-openai-python-promptflow/tree/main/tutorial/data) to your local machine.

+1. Use your own data or [download the example Contoso Trek retail product data in a ZIP file](https://github.com/Azure-Samples/rag-data-openai-python-promptflow/tree/main/tutorial/data) to your local machine. Unzip the file into your **rag-tutorial** folder. This data is a collection of markdown files that represent product information. The data is structured in a way that is easy to ingest into a search index. You build a search index from this data.

+| [stv1 platform retirement - Global Azure][stv12024] | August 31, 2024 |

+| [stv1 platform retirement - Azure Government, Azure in China][stv1sov2025] | February 28, 2025 |

+| [Workspaces preview breaking changes, part 2][workspaces2025march] | March 31, 2025 |

+[stv1sov2025]: ./stv1-platform-retirement-sovereign-clouds-february-2025.md

+ Title: Azure API Management - global Azure - stv1 platform retirement (August 2024)

+description: In the global Azure cloud, Azure API Management will retire stv1 compute platform effective 31 August 2024. Instances must be migrated to stv2 platform.

+# API Management stv1 platform retirement - Global Azure cloud (August 2024)

+As a cloud platform-as-a-service (PaaS), Azure API Management abstracts many details of the infrastructure used to host and run your service. **The infrastructure associated with the API Management `stv1` compute platform version will be retired effective 31 August 2024 in the global Microsoft Azure cloud.** A more current compute platform version (`stv2`) is already available, and provides enhanced service capabilities.

+> [!NOTE]

+> For API Management instances deployed in Microsoft Azure Government cloud or Microsoft Azure operated by 21Vianet cloud (Azure in China), the retirement date for the `stv1` platform is 28 February 2025. [Learn more](stv1-platform-retirement-sovereign-clouds-february-2025.md)

+ Title: Azure API Management - stv1 platform retirement - Azure Government, Azure in China (February 2025)

+description: In Azure Government and Azure operated by 21Vianet, API Management will retire stv1 platform effective 28 February 2025. Instances must be migrated to stv2 platform.

+# API Management stv1 platform retirement - Azure Government and Azure operated by 21Vianet (February 2025)

+As a cloud platform-as-a-service (PaaS), Azure API Management abstracts many details of the infrastructure used to host and run your service. **The infrastructure associated with the API Management `stv1` compute platform version will be retired effective 28 February 2025 in Microsoft Azure Government and in Microsoft Azure operated by 21 Vianet (Azure in China).** A more current compute platform version (`stv2`) is already available, and provides enhanced service capabilities.

+> [!NOTE]

+> For API Management instances deployed in global Microsoft Azure, the retirement date for the `stv1` platform is 31 August 2024. [Learn more](stv1-platform-retirement-august-2024.md)

+The following table summarizes the compute platforms currently used for instances in the different API Management service tiers.

+| Version | Description | Architecture | Tiers |

+| -| -| -- | - |

+| `stv2` | Single-tenant v2 | Azure-allocated compute infrastructure that supports availability zones, private endpoints | Developer, Basic, Standard, Premium |

+| `stv1` | Single-tenant v1 | Azure-allocated compute infrastructure | Developer, Basic, Standard, Premium |

+| `mtv1` | Multi-tenant v1 | Shared infrastructure that supports native autoscaling and scaling down to zero in times of no traffic | Consumption |

+**For continued support and to take advantage of upcoming features, customers must [migrate](../migrate-stv1-to-stv2.md) their Azure API Management instances from the `stv1` compute platform to the `stv2` compute platform.** The `stv2` compute platform comes with additional features and improvements such as support for Azure Private Link and other networking features.

+New instances created in service tiers other than the Consumption tier are mostly hosted on the `stv2` platform already. Existing instances on the `stv1` compute platform will continue to work normally until the retirement date, but those instances wonΓÇÖt receive the latest features available to the `stv2` platform.

+## Is my service affected by this?

+If the value of the `platformVersion` property of your service is `stv1`, it's hosted on the `stv1` platform. See [How do I know which platform hosts my API Management instance?](../compute-infrastructure.md#how-do-i-know-which-platform-hosts-my-api-management-instance)

+## What is the deadline for the change?

+In Azure Government and Azure operated by 21Vianet, support for API Management instances hosted on the `stv1` platform will be retired by 28 February 2025.

+## What do I need to do?

+**Migrate all your existing instances hosted on the `stv1` compute platform to the `stv2` compute platform by 28 February 2025.**

+If you have existing instances hosted on the `stv1` platform, follow our **[migration guide](../migrate-stv1-to-stv2.md)** to ensure a successful migration.

+## Related content

+* [Migrate from stv1 platform to stv2](../migrate-stv1-to-stv2.md)

+* See all [upcoming breaking changes and feature retirements](overview.md).

+This article provides steps to migrate an API Management instance hosted on the `stv1` compute platform in-place to the `stv2` platform when the instance is injected (deployed) in an [external](api-management-using-with-vnet.md) or [internal](api-management-using-with-internal-vnet.md) VNet. [Find out if you need to do this](compute-infrastructure.md#how-do-i-know-which-platform-hosts-my-api-management-instance).

+For a VNet-inject instance, you have the following migration options:

+* [**Option 1: Keep the same subnet**](#option-1-migrate-and-keep-same-subnet) - Migrate the instance in-place and keep the instances's existing subnet configuration. You can choose whether the API Management instance's original VIP address is preserved (recommended) or whether a new VIP address will be generated. Currently, the [Migrate to Stv2](/rest/api/apimanagement/api-management-service/migratetostv2) REST API supports migrating the instance using the same subnet configuration.

+* [**Option 2: Change to a new subnet**](#option-2-migrate-and-change-to-new-subnet) - Migrate your instance by specifying a different subnet in the same or a different VNet. After migration, optionally migrate back to the instance's original subnet. The migration process changes the VIP address(es) of the instance. After migration, you need to update any network dependencies including DNS, firewall rules, and VNets to use the new VIP address(es). Currently, the **Platform migration** blade in the Azure portal supports this migration option.

+* For certain migration options, the VIP address (or addresses, for a multi-region deployment) of the instance will change. If you migrate and keep the same subnet configuration, you can choose to preserve the VIP address or a new public VIP will be generated.

+* For migration scenarios when a new VIP address is generated:

+ * Azure manages the migration.

+ * The gateway DNS still points to the old compute if a custom domain is in use.

+ * If custom DNS isn't in use, the gateway and portal DNS points to the new compute immediately.

+ * For an instance in internal VNet mode, customer manages the DNS, so the DNS entries continue to point to old compute until updated by the customer.

+ * It's the DNS that points to either the new or the old compute and hence no downtime to the APIs.

+ * Changes are required to your firewall rules, if any, to allow the new compute subnet to reach the backends.

+ * After successful migration, the old compute is automatically decommissioned after a short period. Using the **Platform migration** blade in the portal, you can enable a migration setting to retain the old gateway for 48 hours. *The 48 hour delay option is only available for VNet-injected services.*

+* An API Management instance hosted on the `stv1` compute platform. To confirm that your instance is hosted on the `stv1` platform, see [How do I know which platform hosts my API Management instance?](compute-infrastructure.md#how-do-i-know-which-platform-hosts-my-api-management-instance)

+* The instance must currently be deployed in an external or internal VNet.

+Other prerequisites are specific to the migration options in the following sections.

+## Option 1: Migrate and keep same subnet

+You can migrate your API Management instance to the `stv2` platform keeping the existing subnet configuration, which simplifies your migration. Currently, you can use the Migrate to Stv2 REST API to migrate the instance using the same subnet configuration.

+### Prerequisites

+* A network security group must be attached to each subnet, and [NSG rules](virtual-network-reference.md#required-ports) for API Management on the `stv2` platform must be configured. The following are minimum connectivity settings:

+ * Outbound to Azure Storage over port 443

+ * Outbound to Azure SQL over port 1433

+ * Outbound to Azure Key Vault over port 443

+ * Inbound from Azure Load Balancer over port 6390

+ * Inbound from ApiManagement service tag over port 3443

+ * Inbound over port 80/443 for clients calling API Management service

+ * The subnet must have service endpoints enabled for Azure Storage, Azure SQL, and Azure Key Vault

+* The address space of each existing subnet must be large enough to host a copy of your existing service side-by side with your existing service during migration.

+* Other network considerations:

+ * Turn off any autoscale rules configured for API Management instances deployed in the subnet. Autoscale rules can interfere with the migration process.

+ * If you have multiple API Management instances in the same subnet, migrate each instance in sequence. We recommend that you promptly migrate all instances in the subnet to avoid any potential issues with instances hosted on different platforms in the same subnet.

+### Public IP address options - same-subnet migration

+You can choose whether the API Management instance's original VIP address is preserved (recommended) or whether a new VIP address will be generated.

+* **Preserve virtual IP address** - If you preserve the VIP address in a VNet in external mode, API requests can remain responsive during migration (see [Expected downtime](#expected-downtime-and-compute-retention)); for a VNet in internal mode, temporary downtime is expected. Infrastructure configuration (such as custom domains, locations, and CA certificates) will be locked for 45 minutes. No further configuration is required after migration.

+ With this option, the `stv1` compute is deleted permanently after the migration is complete. There is no option to retain it temporarily.

+* **New virtual IP address** - If you choose this option, API Management generates a new VIP address for your instance. API requests remain responsive during migration. Infrastructure configuration (such as custom domains, locations, and CA certificates) will be locked for 30 minutes. After migration, you'll need to update any network dependencies including DNS, firewall rules, and VNets to use the new VIP address.

+ With this option, the `stv1` compute is retained for a period by default after migration is complete so that you can validate the migrated instance and confirm the network and DNS configuration.

+### Precreated IP address for migration

+API Management precreates a public IP address for the migration process. Find the precreated IP address in the JSON output of your API Management instance's properties. Under `customProperties`, the precreated IP address is the value of the `Microsoft.WindowsAzure.ApiManagement.Stv2MigrationPreCreatedIps` property. For a multi-region deployment, the value is a comma-separated list of precreated IP addresses.

+Use the precreated IP address (or addresses) to help you manage the migration process:

+* When you migrate and preserve the VIP address, the precreated IP address is assigned temporarily to the new `stv2` deployment, before the original IP address is assigned to the `stv2` deployment. If you have firewall rules limiting access to the API Management instance, for example, you can add the precreated IP address to the allowlist to preserve continuity of client access during migration. After migration is complete, you can remove the precreated IP address from your allowlist.

+* When you migrate and generate a new VIP address, the precreated IP address is assigned to the new `stv2` deployment during migration and persists after migration is complete. Use the precreated IP address to update your network dependencies, such as DNS and firewall rules, to point to the new IP address.

+### Expected downtime and compute retention

+When migrating a VNet-injected instance and keeping the same subnet configuration, minimal or no downtime for the API gateway is expected. The following table summarizes the expected downtime and `stv1` compute retention for each migration scenario when keeping the same subnet:

+|VNet mode |Public IP option |Expected downtime | `stv1` compute retention |

+||||--|

+|External | Preserve VIP | No downtime; traffic is served on a temporary IP address for up to 20 minutes during migration to the new `stv2` deployment | No retention |

+|External | New VIP | No downtime | Retained by default for 15 minutes to allow you to update network dependencies |

+|Internal | Preserve VIP | Downtime for approximately 20 minutes during migration while the existing IP address is assigned to the new `stv2` deployment. | No retention |

+|Internal | New VIP | No downtime | Retained by default for 4 hours to allow you to update network dependencies |

+### Migration script

+> [!NOTE]

+> If your API Management instance is deployed in multiple regions, the REST API migrates the VNet settings for all locations of your instance using a single call.

+## Option 2: Migrate and change to new subnet

+Using the Azure portal, you can migrate your instance by specifying a different subnet in the same or a different VNet. After migration, optionally migrate back to the instance's original subnet.

+The following image shows a high level overview of what happens during migration to a new subnet.

+### Prerequisites

+* A new subnet in the current virtual network, in each region where the API Management instance is deployed. (Alternatively, set up a subnet in a different virtual network in the same regions and subscription as your API Management instance). A network security group must be attached to each subnet, and [NSG rules](virtual-network-reference.md#required-ports) for API Management on the `stv2` platform must be configured.

+* (Optional) A new Standard SKU [public IPv4 address](../virtual-network/ip-services/public-ip-addresses.md#sku) resource in the same region(s) and subscription as your API Management instance. For details, see [Prerequisites for network connections](virtual-network-injection-resources.md).

+### Migration steps

+ * Select either **Return to original subnet as soon as possible** or **Stay in the new subnet and keep stv1 compute around for 48 hours** after migration. If you choose the former, the `stv1` compute will be deleted approximately 15 minutes after migration, allowing you to proceed directly with [manual migration back to the original subnet](#optional-migrate-back-to-original-subnet) if desired. If you choose the latter, the `stv1` compute is retained for 48 hours. You can use this period to validate your network settings and connectivity.

+ :::image type="content" source="media/migrate-stv1-to-stv2-vnet/enable-retain-gateway.png" alt-text="Screenshot of options to retain stv1 compute in the portal." lightbox="media/migrate-stv1-to-stv2-vnet/enable-retain-gateway.png":::

+### (Optional) Migrate back to original subnet

+If you migrated and changed to a new subnet, optionally migrate back to the original subnet you used in each region. To do so, update the VNet configuration again, this time specifying the original VNet and subnet in each region. As in the preceding migration, expect a long-running operation, and expect the VIP address to change.

+#### Additional prerequisites

+* The unlocked original subnet, in each region where the API Management instance is deployed. A network security group must be attached to the subnet, and [NSG rules](virtual-network-reference.md#required-ports) for API Management must be configured.

+#### Update VNet configuration

+ For VNet-injected instances, see the prerequisites for the options to [migrate and keep the same subnet](#option-1-migrate-and-keep-same-subnet) or to [migrate and change to a new subnet](#option-2-migrate-and-change-to-new-subnet).

+ When migrating a VNet-injected instance and keeping the same subnet configuration, minimal or no downtime for the API gateway is expected. See the summary table in [Expected downtime](#expected-downtime-and-compute-retention).

+ When migrating and changing to a new VIP address, there shouldn't be any downtime if default hostnames are in use. It's critical that all network dependencies are taken care of upfront, for the impacted APIs to be functional. However, if custom domains are in use, they'll be pointing to the purged compute until they're updated which may cause a downtime. Alternatively, for certain migration options, enable a migration setting to retain the old gateway for 48 hours. Having the old and the new compute coexist will facilitate validation, and then you can update the custom DNS entries at will.

+ - First of all, make sure that the subnet(s) you use for the migration retain the following configuration (they should be already configured if you are migrating and keeping your current subnet):

+ - The [requirements for NSG configuration for stv2](virtual-network-reference.md#required-ports) remain the same whether you have firewall or not; make sure your new subnet has it

+ Yes, VNet-injected instances can be migrated by using the **Platform migration** blade.

+ Yes, you can preserve the IP address by [migrating and keeping the same subnet](#option-1-migrate-and-keep-same-subnet).

+

+ API requests remain responsive during migration. Infrastructure configuration (such as custom domains, locations, and CA certificates) is locked for 30 minutes. In scenarios where you migrate to a new subnet, after migration, you'll need to update any network dependencies including DNS, firewall rules, and VNets to use the new VIP address.

+ If you plan to change subnet during migration, you can deploy a new API Management instance with the VNet, subnet, and (optional) IP address resource that you will use for the actual migration. Navigate to the **Network status** page after the deployment is completed, and verify if every endpoint connectivity status is green. If yes, you can remove this new API Management instance and proceed with the real migration with your original `stv1`-hosted service.

+ When migrating and changing to a new VIP, after migration there is a short window if time during which the old gateway continues to serve traffic and you can confirm your network settings. See [Confirm settings before old gateway is purged](#confirm-settings-before-old-gateway-is-purged)

+ With VNet-injected instances in internal mode and changing to a new VIP, you'll need to update the private DNS zones to the new VNet IP address acquired after the migration. Pay attention to update non-Azure DNS zones, too (for example, your on-premises DNS servers pointing to API Management private IP address). However, in external mode, the migration process will automatically update the default domains if in use.

+ Multi-region deployments include more managed gateways deployed in other locations. When you migrate using the **Platform migration** blade in the portal, you migrate each location separately. The Migrate to Stv2 REST API migrates all locations in one call. The instance is considered migrated to the new platform only when all the locations are migrated. All regional gateways continue to operate normally throughout the migration process.

+ - Currently, you can only upgrade to the same subnet in a single pass when using the [Migrate to stv2 REST API](#option-1-migrate-and-keep-same-subnet).

+

+ Currently, if you use the **Platform migration** blade in the portal, you need to migrate to a new subnet and then migrate back to the original subnet:

+ - The old gateway takes between 15 mins to 45 mins to vacate the subnet, so that you can initiate the move. However, you can enable a migration setting to retain the old gateway for 48 hours.

+ - Ensure that the old subnet's networking for [NSG](./virtual-network-reference.md#required-ports) and [firewall](./api-management-using-with-vnet.md?tabs=stv2#force-tunnel-traffic-to-on-premises-firewall-using-expressroute-or-network-virtual-appliance) is updated for `stv2` dependencies.

+ - Subnet IP address allocation is nondeterministic, therefore the original ILB (ingress) IP for "internal mode" deployments may change when you move back to the original subnet. This would require a DNS change if you're using A records.

+

+There are two different in-place migration scenarios, depending on whether or not your API Management instance is currently deployed (injected) in a VNet. Choose the migration guide for your scenario.

+Migrate your instance in-place to the `stv2` platform using the **Platform migration** blade in the portal or the [Migrate to stv2](/rest/api/apimanagement/current-ga/api-management-service/migratetostv2) REST API.

+* [**Scenario 1: Migrate a non-VNet-injected API Management instance**](migrate-stv1-to-stv2-no-vnet.md)

+* [**Scenario 2: Migrate a VNet-injected API Management instance**](migrate-stv1-to-stv2-vnet.md)

+All publicly available service tags are supported in access restriction rules. Each service tag represents a list of IP ranges from Azure services. A list of these services and links to the specific ranges can be found in the [service tag documentation][servicetags]. Use Azure Resource Manager templates or scripting to configure more advanced rules like regional scoped rules.

+> [!NOTE]

+> When creating service tag-based rules through Azure portal or Azure CLI you will need read access at the subscription level to get the full list of service tags for selection/validation. In addition, the `Microsoft.Network` resource provider needs to be registered on the subscription.

+Application Gateway deployments that contain only a private frontend IP configuration (do not have a public IP frontend configuration associated to a request routing rule) aren't able to egress traffic destined to the Internet. This configuration affects communication to backend targets that are publicly accessible via the Internet.

+1. Use a secure HTTP test tool to send an HTTP POST request to the URL endpoint. This example is a cURL command that sends a POST request to the durable function:

+ Make sure to choose an HTTP test tool that keeps your data secure. For more information, see [HTTP test tools](../functions-develop-local.md#http-test-tools).

+* An HTTP test tool that keeps your data secure. For more information, see [HTTP test tools](../functions-develop-local.md#http-test-tools).

+1. Use an HTTP test tool to send an HTTP POST request to the URL endpoint.

+Durable Functions is developed in the open as OSS. Users are welcome to contribute to it's development, request features, and to report issues in the appropriate repositories:

+* An HTTP test tool that keeps your data secure. For more information, see [HTTP test tools](../functions-develop-local.md#http-test-tools).

+

+1. Use an HTTP test tool to send an HTTP POST request to the URL endpoint.

+* An HTTP test tool that keeps your data secure. For more information, see [HTTP test tools](../functions-develop-local.md#http-test-tools).

+

+5. Use your browser or an HTTP test tool to send an HTTP POST request to the URL endpoint.

+5. Use your browser or an HTTP test tool to send an HTTP POST request to the URL endpoint.

+* An HTTP test tool that keeps your data secure. For more information, see [HTTP test tools](../functions-develop-local.md#http-test-tools).

+1. Use your browser or an HTTP test tool to send an HTTP POST request to the URL endpoint.

+* An HTTP test tool that keeps your data secure. For more information, see [HTTP test tools](../functions-develop-local.md#http-test-tools).

+5. Use your browser or an HTTP test tool to send an HTTP POST request to the URL endpoint.

+5. Use your browser or an HTTP test tool to send an HTTP POST request to the URL endpoint.

+* An HTTP test tool that keeps your data secure. For more information, see [HTTP test tools](../functions-develop-local.md#http-test-tools).

+

+5. Use your browser or an HTTP test tool to send an HTTP POST request to the URL endpoint.

+5. Use your browser or an HTTP test tool to send an HTTP POST request to the URL endpoint.

+To send an HTTP post request, you need an HTTP test tool. Make sure to choose a tool that keeps your data secure. For more information, see [HTTP test tools](functions-develop-local.md#http-test-tools).

+* An HTTP test tool that keeps your data secure. For more information, see [HTTP test tools](functions-develop-local.md#http-test-tools).

+1. You can also call the endpoint with another HTTP method to confirm that the function isn't executed. For HTTP methods other than GET, you need to use a secure [HTTP test tool](functions-develop-local.md#http-test-tools).

+Custom handler apps are a web server process, so it may be helpful to start it on its own and test function invocations by sending mock [HTTP requests](#request-payload). For sending HTTP requests with payloads, make sure to choose a tool that keeps your data secure. For more information, see [HTTP test tools](functions-develop-local.md#http-test-tools).

+## HTTP test tools

+During development, it's easy to call any of your function endpoints from a web browser when they support the HTTP GET method. However, for other HTTP methods that support payloads, such as POST or PUT, you need to use an HTTP test tool to create and send these HTTP requests to your function endpoints.

+> [!CAUTION]

+> For scenarios where your requests must include sensitive data, make sure to use a tool that protects your data and reduces the risk of exposing any sensitive data to the public. Sensitive data you should protect might include: credentials, secrets, access tokens, API keys, geolocation data, even personally-identifiable information (PII).

+You can keep your data secure by choosing an HTTP test tool that works either offline or locally, doesn't sync your data to the cloud, and doesn't require that you sign in to an online account. Some tools can also protect your data from accidental exposure by implementing specific security features.

+Avoid using tools that centrally store your HTTP request history (including sensitive information), don't follow best security practices, or don't respect data privacy concerns.

+Consider using one of these tools for securely sending HTTP requests to your function endpoints:

+- [Visual Studio Code](https://code.visualstudio.com/download) with an [extension from Visual Studio Marketplace](https://marketplace.visualstudio.com/vscode), such as [REST Client](https://marketplace.visualstudio.com/items?itemName=humao.rest-client)

+- [PowerShell Invoke-RestMethod](/powershell/module/microsoft.powershell.utility/invoke-restmethod)

+- [Microsoft Edge - Network Console tool](/microsoft-edge/devtools-guide-chromium/network-console/network-console-tool)

+- [Bruno](https://www.usebruno.com/)

+- [curl](https://curl.se/)

+The examples in this article use an HTTP test tool. Make sure to choose a tool that keeps your data secure. For more information, see [HTTP test tools](functions-develop-local.md#http-test-tools).

+ * [Azure Monitor Application Insights agent](application-insights-asp-net-agent.md)

+ * [Azure monitoring for VMs or virtual machine scale sets](./azure-vm-vmss-apps.md)

+ * [Application Insights `collectd` writer](/previous-versions/azure/azure-monitor/app/deprecated-java-2x#collectd-linux-performance-metrics-in-application-insights-deprecated).

+ The minidump is compressed during upload, which consumes both CPU and memory in the Snapshot Uploader process. The CPU, memory, and disk overhead for this is proportional to the size of the process snapshot. Snapshot Uploader processes snapshots serially.

+For the latest updates and bug fixes [consult the release notes](https://github.com/microsoft/ApplicationInsights-SnapshotCollector/blob/main/CHANGELOG.md).

+- [On-premises virtual or physical machines](snapshot-debugger-vm.md?toc=/azure/azure-monitor/toc.json)

+|Containers|[Customize scraping of Prometheus metrics in Azure Monitor managed service for Prometheus](containers/prometheus-metrics-scrape-configuration.md)|Updated and refreshed|

+Snapshot-Debugger|[Release notes for Microsoft.ApplicationInsights.SnapshotCollector](https://github.com/microsoft/ApplicationInsights-SnapshotCollector/blob/main/CHANGELOG.md)|Removing the TSG from the Azure Monitor TOC and adding to the support TOC.|

+ These fields configure [Azure NetApp Files storage with cool access](cool-access-introduction.md). For descriptions, see [Manage Azure NetApp Files storage with cool access](manage-cool-access.md).

+ These fields configure [Azure NetApp Files storage with cool access](cool-access-introduction.md). For descriptions, see [Manage Azure NetApp Files storage with cool access](manage-cool-access.md).

+| Cool access | Use the cool access option of Azure NetApp Files Standard service level to move inactive data transparently from Azure NetApp Files Standard service-level storage (the hot tier) to an Azure Storage account (the cool tier). | Save money by transitioning data that resides within Azure NetApp Files volumes (the hot tier) by moving blocks to the lower-cost storage (the cool tier). |

+* [Azure NetApp Files storage with cool access](cool-access-introduction.md)

+* [Manage Azure NetApp Files storage with cool access](manage-cool-access.md)

+* Storage with cool access:

+ Cool access storage is available with the Standard, Premium, and Ultra service levels. The throughput experience for any of these service levels with cool access is the same for cool access as it is for data in the hot tier. It may differ when data that resides in the cool tier is accessed. For more information, see [Azure NetApp Files storage with cool access](cool-access-introduction.md#effects-of-cool-access-on-data).

+ * **Enable cool access**

+ This option specifies whether volumes in the capacity pool support cool access. For details about using this option, see [Manage Azure NetApp Files storage with cool access](manage-cool-access.md).

+- You can configure a Standard, Premium, or Ultra service-level capacity pool with the cool access option. For more information about cool access, see [Azure NetApp Files storage with cool access](cool-access-introduction.md).

+ Title: Azure NetApp Files storage with cool access

+description: Explains how to use Azure NetApp Files storage with cool access to configure inactive data to move from Azure NetApp Files service-level storage (the hot tier) to an Azure storage account (the cool tier).

+# Azure NetApp Files storage with cool access

+Using Azure NetApp Files storage with cool access, you can configure inactive data to move from Azure NetApp Files storage (the *hot tier*) to an Azure storage account (the *cool tier*). Enabling cool access moves inactive data blocks from the volume and the volume's snapshots to the cool tier, resulting in cost savings.

+Azure NetApp Files supports cool access with three [service levels](azure-netapp-files-service-levels.md) (Standard, Premium and Ultra).

+Azure NetApp Files storage with cool access is supported for the following regions:

+You can enable tiering at the volume level for a newly created capacity pool. How you're billed is based on the following factors:

+* The capacity and the service level

+* The capacity in the cool tier

+Billing calculation for a capacity pool is at the hot-tier rate for the data that isn't tiered to the cool tier; this includes unallocated capacity within the capacity pool. When you enable tiering for volumes, the capacity in the cool tier will be at the rate of the cool tier, and the remaining capacity will be at the rate of the hot tier. The rate of the cool tier is lower than the hot tier's rate.

+> You can use the [Azure NetApp Files storage with cool access cost savings estimator](https://aka.ms/anfcoolaccesscalc) to interactively estimate cost savings based on changeable input parameters.

+* [Manage Azure NetApp Files storage with cool access](manage-cool-access.md)

+ These fields configure [Azure NetApp Files storage with cool access](cool-access-introduction.md). For descriptions, see [Manage Azure NetApp Files storage with cool access](manage-cool-access.md).

+* If you use the cool access feature, see [Manage Azure NetApp Files storage with cool access](manage-cool-access.md#considerations) for more considerations.

+You can change the service level of an existing volume by moving the volume to another capacity pool in the same NetApp account that uses the [service level](azure-netapp-files-service-levels.md) you want for the volume. This in-place service-level change for the volume doesn't require that you migrate data nor does it affect access to the volume.

+This functionality enables you to meet your workload needs on demand. You can change an existing volume to use a higher service level for better performance, or to use a lower service level for cost optimization. For example, if the volume is currently in a capacity pool that uses the *Standard* service level and you want the volume to use the *Premium* service level, you can move the volume dynamically to a capacity pool that uses the *Premium* service level.

+The capacity pool that you want to move the volume to must already exist. The capacity pool can contain other volumes. If you want to move the volume to a brand-new capacity pool, you need to [create the capacity pool](azure-netapp-files-set-up-capacity-pool.md) before you move the volume.

+* After the volume is moved to another capacity pool, you no longer have access to the previous volume activity logs and volume metrics. The volume will start with new activity logs and metrics under the new capacity pool.

+* If you use cool access, see [Manage Azure NetApp Files storage with cool access](manage-cool-access.md#considerations) for more considerations.

+* Large volumes aren't currently supported with cool access.

+ Title: Manage Azure NetApp Files storage with cool access

+# Manage Azure NetApp Files storage with cool access

+Using Azure NetApp Files [storage with cool access](cool-access-introduction.md), you can configure inactive data to move from Azure NetApp Files storage (the *hot tier*) to an Azure storage account (the *cool tier*). In doing so, you reduce the total cost of ownership of your data stored in Azure NetApp Files.

+The cool access feature allows you to configure a capacity pool with cool access. The storage service level with cool access feature moves cold (infrequently accessed) data from the volume and the volume's snapshots to the Azure storage account to help you reduce the cost of storage. Throughput requirements remain the same for the service level (Standard, Premium, Ultra) enabled with cool access. However, there can be a difference in data access latency because the data needs to be read from the Azure storage account.

+The storage with cool access feature provides options for the ΓÇ£coolness periodΓÇ¥ to optimize the network transfer cost, based on your workload and read/write patterns. This feature is provided at the volume level. See the [Set options for coolness period section](#modify_cool) for details. The storage with cool access feature also provides metrics on a per-volume basis. See the [Metrics section](cool-access-introduction.md#metrics) for details.

+* Although cool access is available for the Standard, Premium, and Ultra service levels, how you're billed for using the feature differs from the hot tier service level charges. See the [Billing section](cool-access-introduction.md#billing) for details and examples.

+* You can convert an existing capacity pool into a cool-access capacity pool to create cool access volumes. However, once the capacity pool is enabled for cool access, you can't convert it back to a non-cool-access capacity pool.

+* You can't use [large volume](large-volumes-requirements-considerations.md) with cool access.

+## Enable cool access

+You must register for cool access before you can enable it at the capacity pool and volume levels.

+### Register the feature

+Azure NetApp Files storage with cool access is generally available. Before using cool access for the first time, you must register for the feature with the service level you intend to use it for.

+# [Standard](#tab/standard)

+After registration, the feature is enabled and works in the background. No UI control is required.

+# [Premium](#tab/premium)

+You must submit a waitlist request to accessing this feature using the [request form](https://aka.ms/ANFcoolaccesssignup). The feature can take approximately one week to be enabled after you submit the waitlist request. Check the status of feature registration by using the command:

+```azurepowershell-interactive

+Get-AzProviderFeature -ProviderNamespace Microsoft.NetApp -FeatureName ANFCoolAccessPremium

+```

+# [Ultra](#tab/ultra)

+You must submit a waitlist request to accessing this feature using the [request form](https://aka.ms/ANFcoolaccesssignup). The feature can take approximately one week to be enabled after you submit the waitlist request. Check the status of feature registration by using the command:

+```azurepowershell-interactive

+Get-AzProviderFeature -ProviderNamespace Microsoft.NetApp -FeatureName ANFCoolAccessUltra

+```

+Before creating or enabling a cool-access volume, you need to configure a capacity pool with cool access. You can do so in one of the following ways:

+* [Create a new capacity pool with cool access.](#enable-cool-access-new-pool)

+* [Modify an existing capacity pool to support cool-access volumes.](#enable-cool-access-existing-pool)

+1. [Set up a capacity pool](azure-netapp-files-set-up-capacity-pool.md).

+1. Check the **Enable Cool Access** checkbox then select **Create**.

+You can enable cool access support on an existing capacity pool. This action allows you to add or modify volumes in the pool to use cool access.

+1. Right-click the capacity pool for which you want to enable cool access.

+Azure NetApp Files storage with cool access can be enabled during the creation of a volume and on existing volumes that are part of a capacity pool that has cool access enabled.

+ This option specifies under which conditions data moves back to the hot tier. You can set this option to `Default`, `On-Read`, or `Never`.

+ The retrieval policy will be set to `Default`, and cold data will be retrieved to the hot tier only when performing random reads. Sequential reads will be served directly from the cool tier.

+ Cold data will be retrieved only by performing random reads.

+ Cold data will be retrieved by performing both sequential and random reads.

+ Cold data is served directly from the cool tier and not be retrieved to the hot tier.

+In a cool-access enabled capacity pool, you can enable an existing volume to support cool access.

+ This option specifies whether the volume will support cool access.

+ This option specifies under which conditions data moves back to the hot tier. You can set this option to `Default`, `On-Read`, or `Never`.

+ The retrieval policy will be set to `Default`, and cold data will be retrieved to the hot tier only when performing random reads. Sequential reads will be served directly from the cool tier.

+ Cold data will be retrieved only by performing random reads.

+ Cold data will be retrieved by performing both sequential and random reads.

+ Cold data will be served directly from the cool tier and not be retrieved to the hot tier.

+* [Azure NetApp Files storage with cool access](cool-access-introduction.md)

+* If you use the cool access feature, see [Manage Azure NetApp Files storage with cool access](manage-cool-access.md#considerations) for more considerations.

+* [**Azure NetApp Files storage with cool access cost savings estimator**](https://aka.ms/anfcoolaccesscalc)

+ Azure NetApp Files storage with cool access enables you to transparently move infrequently accessed data to less expensive storage. This cost savings estimator helps you understand how much money you can save by enabling storage with cool access.

+* [Azure NetApp Files storage with cool access](cool-access-introduction.md) is now generally available (GA) and supported with the Standard, Premium, and Ultra service levels. Cool access is also now supported for destination volumes in cross-region/cross-zone relationships.

+ With the announcement of cool access's general availability, you can now enable cool access for volumes in Premium and Ultra service level capacity pools, in addition to volumes in Standard service levels capacity pools. With cool access, you can transparently store data in a more cost effective manner on Azure storage accounts based on the data's access pattern.

+ The cool access feature provides the ability to configure a capacity pool with cool access, that moves cold (infrequently accessed) data transparently to Azure storage account to help you reduce the total cost of storage. There's a difference in data access latency as data blocks might be tiered to Azure storage account. The cool access feature provides options for the "coolness period" to optimize the days in which infrequently accessed data moves to cool tier and network transfer cost, based on your workload and read/write patterns. The "coolness period" feature is provided at the volume level.

+ In a cross-region or cross-zone replication setting, cool access can now be configured for destination only volumes to ensure data protection. This capability provides cost savings without any latency impact on source volumes.

+ You still must [register the feature](manage-cool-access.md#register-the-feature) before enabling cool access.

+> Tags on virtual machine extensions can only be updated when the VM is running.

+Azure VMware Solution was approved to be added as a service within the DoD SRG Impact Level 4 Provisional Authorization (PA) in [Microsoft Azure Government](https://azure.microsoft.com/explore/global-infrastructure/government/#why-azure).

+## Daylight savings

+Azure Backup doesn't support automatic clock adjustment for daylight saving time for Azure VM backups. It doesn't shift the hour of the backup forward or backwards. To ensure the backup runs at the desired time, modify the backup policies manually as required.

+## Support for customer-managed failover

+This section describes how your backups and restores are affected after customer-managed failovers.

+The following table lists the behavior of backups due to customer-initiated failovers:

+| Failover type | Backups | Restore | Enabling protection (re-protection) of failed over account in secondary region |

+| | | | |

+| Customer-managed planned failover | Supported | Supported | Not supported |

+| Customer-managed unplanned failover | Not supported | Only cross-region restore from the vault is supported. | Not supported |

+| `participants` | List of participants to a `room`. Specified as a `CommunicationUserIdentifier`. |

+### Add PSTN participant

+### Remove PSTN participant

+### Call recording

+### Terminate a call

+## Other actions

+# What's new in Azure Communication Services

+We created this page to keep you updated on new features, blog posts, and other useful information related to Azure Communication Services.

+## May 2024

+### Data Retention with Chat threads

+Developers can now create chat threads with a retention policy between 30 and 90 days. This feature is in public preview.

+This policy is optional ΓÇô developers can choose to create a chat thread with infinite retention (as always) or set a retention policy between 30 and 90 days. If the thread needs to be kept for longer than 90 days, you can extend the time using the update chat thread property API. The policy is geared for data management in organizations that need to move data into their archives for historical purposes or delete the data within a given period.

+Existing chat threads aren't affected by the policy.

+For more information, see:

+- [Chat concepts](./concepts/chat/concepts.md#chat-data)

+- [Create Chat Thread - REST API](/rest/api/communication/chat/chat/create-chat-thread#noneretentionpolicy)

+- [Update Chat Thread Properties - REST API](/rest/api/communication/chat/chat-thread/update-chat-thread-properties#noneretentionpolicy)

+### PowerPoint Live

+Now in general availability, PPT Live gives both the presenter and audience an inclusive and engaging experience. PPT Live combines the best parts of presenting in PowerPoint with the connection and collaboration of a Microsoft Teams meeting.

+Meeting participants can now view PowerPoint Live sessions initiated by a Teams client using the Azure Communication Services Web UI Library. Participants can follow along with a presentation and view presenter annotations. Developers can use this function via our composites including `CallComposite` and `CallWithChatComposite`, and through components such as `VideoGallery`.

+For more information, see [Introducing PowerPoint Live in Microsoft Teams](https://techcommunity.microsoft.com/t5/microsoft-365-blog/introducing-powerpoint-live-in-microsoft-teams/ba-p/2140980) and [Present from PowerPoint Live in Microsoft Teams](https://support.microsoft.com/en-us/office/present-from-powerpoint-live-in-microsoft-teams-28b20e74-7165-499c-9bd4-0ad975d448ad).

+### Live Reactions

+During live calls, participants can react with emojis: like, love, applause, laugh, and surprise.

+Now generally available, the updated UI library composites and components include call reactions. The UI Library supports the following list of live call reactions: &#128077; like reaction, &#129505; heart reaction, &#128079; applause reaction, &#128514; laughter reaction, &#128558; surprise reaction.

+Call reactions are associated with the participant sending it and are visible to all types of participants (in-tenant, guest, federated, anonymous). Call reactions are supported in all types of calls such as Rooms, groups, and meetings (scheduled, private, channel) of all sizes (small, large, extra-large).

+Adding this feature encourages greater engagement within calls, as people can now react in real time without needing to speak or interrupt.

+- The ability to have live call reactions added to `CallComposite` and `CallwithChatComposite` on web.

+- Call reactions added at the component level.

+For more information, see [Reactions](./how-tos/calling-sdk/reactions.md).

+### Closed Captions

+Promote accessibility by displaying text of the audio in video calls. Already available for app-to-Teams calls, this general availability release adds support for closed captions in all app-to-app calls.

+For more information, see [Closed Captions overview](./concepts/voice-video-calling/closed-captions.md).

+You can also learn more about [Azure Communication Services interoperability with Teams](./concepts/teams-interop.md).

+### Copilot for Call Diagnostics

+

+AI can help app developers across every step of the development lifecycle: designing, building, and operating. Developers with [Microsoft Copilot for Azure (public preview)](/azure/copilot/overview) can use Copilot within Call Diagnostics to understand and resolve many calling issues. For example, developers can ask Copilot questions, such as:

+- How do I run network diagnostics in Azure Communication Services VoIP calls?

+- How can I optimize my calls for poor network conditions?

+- How do I fix common causes of poor media streams in Azure Communication calls?

+- How can I fix the subcode 41048, which caused the video part of my call to fail?

+Developers can use Call Diagnostics to understand call quality and reliability across the organization to deliver a great customer calling experience. Many issues can affect the quality of your calls, such as poor internet connectivity, software compatibility issues, and technical difficulties with devices.

+Getting to the root cause of these issues can alleviate potentially frustrating situations for all call participants, whether they're a patient checking in for a doctorΓÇÖs call, or a student taking a lesson with their teacher. Call Diagnostics enables developers to drill down into the data to identify root problems and find a solution. You can use the built-in visualizations in Azure portal or connect underlying usage and quality data to your own systems.

+For more information, see [Call Diagnostics](./concepts/voice-video-calling/call-diagnostics.md).

+## April 2024

+### Business-to-consumer extensibility with Microsoft Teams for Calling

+Now in general availability, developers can take advantage of calling interoperability for Microsoft Teams users in Azure Communication Services Calling workflows.

+Developers can use [Call Automation APIs](./concepts/call-automation/call-automation.md) to bring Teams users into business-to-consumer (B2C) calling workflows and interactions, helping you deliver advanced customer service solutions. This interoperability is offered over VoIP to reduce telephony infrastructure overhead. Developers can add Teams users to Azure Communication Services calls using the participant's Entra object ID (OID).

+#### Use Cases

+- **Teams as an extension of agent desktop**: Connect your CCaaS solution to Teams and enable your agents to handle customer calls on Teams. Having Teams as the single-pane-of-glass solution for both internal and B2C communication increases agent productivity and empowers them to deliver first-class service to customers.

+- **Expert Consultation**: Businesses can use Teams to invite subject matter experts into their customer service workflows for expedient issue resolution and improve first call resolution rate.

+Azure Communication Services B2C extensibility with Microsoft Teams makes it easy for customers to reach sales and support teams and for businesses to deliver effective customer experiences.

+For more information, see [Call Automation workflows interop with Microsoft Teams](./concepts/call-automation/call-automation-teams-interop.md).

+### Image Sharing in Microsoft Teams meetings

+Microsoft Teams users can now share images with Azure Communication Services users in the context of a Teams meeting. This feature is now generally available. Image sharing enhances collaboration in real time for meetings. Image overlay is also supported for users to look at it in detail.

+Image sharing is helpful in many scenarios, such as a business sharing photos showcasing their work or doctors sharing images with patients for after care instructions.

+Try out this feature using either our UI Library or the Chat SDK. The SDK is available in C# (.NET), JavaScript, Python, and Java:

+- [Enable inline image using UI Library in Teams Meetings](./tutorials/inline-image-tutorial-interop-chat.md)

+- [Sample: Image Sharing](https://azure.github.io/communication-ui-library/?path=/docs/composites-call-with-chat-jointeamsmeeting--join-teams-meeting#adding-image-sharing)

+### Deep Noise Suppression for Desktop

+Deep noise suppression is currently in public preview. Noise suppression improves VoIP and video calls by eliminating background noise, making it easier to talk and listen. For example, if you're taking an Azure Communication Services WebJS call in a coffee shop with considerable noise, turning on noise suppression can significantly improve the calling experience by eliminating the background noise from the shop.

+For more information, see [Add audio quality enhancements to your audio calling experience](./tutorials/audio-quality-enhancements/add-noise-supression.md).

+### Calling native SDKs for Android, iOS, and Windows

+We updated the Calling native SDKs to improve the customer experience. This release includes:

+- Custom background for video calls

+- Proxy configuration

+- Android TelecomManager

+- Unidirectional Data Channel

+- Time To Live lifespan for push notifications

+#### Custom background for video calls

+Custom background for video calls is generally available. This feature enables customers to remove distractions behind them. The custom image backgrounds feature enables customers to upload their own personalized images for use as background.

+For example, business owners can use the Calling SDK to show custom backgrounds in place of the actual background. You can, for example, upload an image of a modern and spacious office and set it as its background for video calls. Anyone who joins the call sees the customized background, which looks realistic and natural. You can also use custom branding images as background to show a fresh image to your customers.

+For more information, see [QuickStart: Add video effects to your video calls](./quickstarts/voice-video-calling/get-started-video-effects.md).

+#### Proxy configuration

+Proxy configuration is now generally available. Some environments such as highly regulated industries or those dealing with confidential information require proxies to secure and control network traffic. You can use the Calling SDK to configure the HTTP and media proxies for your Azure Communication Services calls. This way, you can ensure that your communications are compliant with the network policies and regulations. You can use the native SDK methods to set the proxy configuration for your app.

+For more information, see [Tutorial: Proxy your calling traffic](./tutorials/proxy-calling-support-tutorial.md?pivots=platform-android).

+#### Android TelecomManager

+Android TelecomManager manages audio and video calls on Android devices. Use Android TelecomManager to provide a consistent user experience across different Android apps and devices, such as showing incoming and outgoing calls in the system UI, routing audio to the device, and handling call interruptions. Now you can integrate your app with the Android TelecomManager to take advantage of its features for your custom calling scenarios.

+For more information, see [Integrate with TelecomManager on Android](./how-tos/calling-sdk/telecommanager-integration.md).

+#### Unidirectional Data Channel

+The Data Channel API is generally available. Data Channel includes unidirectional communication, which enables real-time messaging during audio and video calls. Using this API, you can integrate data exchange functions into the applications, providing a seamless communication experience for users. The Data Channel API enables users to instantly send and receive messages during an ongoing audio or video call, promoting smooth and efficient communication. In group call scenarios, a participant can send messages to a single participant, a specific set of participants, or all participants within the call. This flexibility enhances communication and collaboration among users during group interactions.

+For more information, see [Data Channel](./concepts/voice-video-calling/data-channel.md).

+#### Time To Live lifespan for push notifications

+The Time To Live (TTL) for push notifications is now generally available. TTL is the duration for which a push notification token is valid. Using a longer duration TTL can help your app reduce the number of new token requests from your users and improve the experience.

+For example, suppose you created an app that enables patients to book virtual medical appointments. The app uses push notifications to display incoming call UI when the app isn't in the foreground. Previously, the app had to request a new push notification token from the user every 24 hours, which could be annoying and disruptive. With the extended TTL feature, you can now configure the push notification token to last for up to six months, depending on your business needs. This way, the app can avoid frequent token requests and provide a smoother calling experience for your customers.

+For more information, see [TTL token in Enable push notifications for calls](./how-tos/calling-sdk/push-notifications.md).

+### Calling SDK native UI Library updates

+This update includes Troubleshooting on the native UI Library for Android and iOS, and Audio only mode in the UI Library.

+Using the Azure Communication Services Calling SDK native UI Library, you can now generate encrypted logs for troubleshooting and provide your customers with an optional Audio only mode for joining calls.

+#### Troubleshooting on the native UI Library for Android and iOS

+Now in general availability, you can encrypt logs when troubleshooting on the Calling SDK native UI Library for Android and iOS. You can easily generate encrypted logs to share with Azure support. While ideally calls just work, or developers self-remediate issues, customers always have Azure support as a last-line-of-defense. And we strive to make those engagements as easy and fast as possible.

+For more information, see [Troubleshoot the UI Library](./how-tos/ui-library-sdk/troubleshooting.md).

+#### Audio only mode in the UI Library

+The Audio only mode in the Calling SDK UI Library is now generally available. It enables participants to join calls using only their audio, without sharing or receiving video. Participants can use this feature to conserve bandwidth and maximize privacy. When activated, the Audio only mode automatically disables the video function for both sending and receiving streams and adjusts the UI to reflect this change by removing video-related controls.

+For more information, see [Enable audio only mode in the UI Library](./how-tos/ui-library-sdk/audio-only-mode.md).

+## March 2024

+### Calling to Microsoft Teams Call Queues and Auto Attendants

+Azure Communication Services Calling to Teams call queues and auto attendants and click-to-call for Teams Phone are now generally available. Organizations can enable customers to easily reach their sales and support members on Microsoft Teams with just a single click. When you add a [click-to-call widget](./tutorials/calling-widget/calling-widget-tutorial.md) onto a website, such as a **Sales** button that points to a sales department, or a **Purchase** button that points to procurement, customers are just one click away from a direct connection into a Teams call queue or auto attendant.

+Learn more about joining your calling app to a Teams [call queue](./quickstarts/voice-video-calling/get-started-teams-call-queue.md) or [auto attendant](./quickstarts/voice-video-calling/get-started-teams-auto-attendant.md), and about [building contact center applications](./tutorials/contact-center.md).

+### Email Updates

+Updates to Azure Communication Services Email service:

+- SMTP

+- Opt-out management

+- PowerShell cmdlets

+- CLI extension

+#### SMTP

+SMTP as a Service for Email is now generally available. Developers can use the SMTP support in Azure Communication Services to easily send emails, improve security features, and have more control over outgoing communications.

+The SMTP Relay Service acts as a link between email clients and mail servers and helps deliver emails more effectively. It sets up a specialized relay infrastructure that not only handles higher throughput needs and successful email delivery, but also improves authentication to protect communication. This service also offers businesses a centralized platform that lets them manage outgoing emails for all B2C communications and get insights into email traffic.

+With this capability, customers can switch from on-premises SMTP solutions or link their line of business applications to a cloud-based solution platform with Azure Communication Services Email. SMTP as a Service enables:

+- Secure and reliable SMTP endpoint with TLS 1.2 encryptions

+- Access with Microsoft Entra Application ID to secure authentication for sending emails using SMTP.

+- High volume sending support for B2C communications using SMTP and REST APIs.

+- The security and compliance to honor and respect data handling and privacy requirements that Azure promises to our customers.

+Learn more about [SMTP as a Service](./concepts/email/email-smtp-overview.md).

+#### Opt-out Management

+Email opt-out management, now in public preview, offers a powerful platform with a centralized managed unsubscribe list and opt-out preferences saved to our data store. This feature helps developers meet guidelines of email providers who often require one-click list-unsubscribe implementation in the emails sent from their platforms. Opt-out Management helps you identify and avoid significant delivery problems. You can maintain compliance by adding suppression list features to help improve reputation and enable customers to easily manage opt-outs.

+Get started with [Manage email opt-out capabilities](./concepts/email/email-optout-management.md).

+#### PowerShell Cmdlets & CLI extension

+##### PowerShell Cmdlets

+To enhance the developer experience, Azure Communication Services is introducing more PowerShell cmdlets and Azure CLI extensions for working with Azure Communication Service Email.

+With the addition of these new cmdlets developers can now use Azure PowerShell cmdlets for all CRUD operations for Email Service including:

+- Create Communication Service Resource (existing)

+- Create Email Service Resource (new)

+- Create Domain (Azure Managed or Custom Domain) Resource (new)

+- Initiate/Cancel Custom Domain verification (new)

+- Add a sender username to a domain (new)

+- Link a Domain Resource to a Communication Service Resource (existing)

+Learn more at [PowerShell cmdlets](/powershell/module/az.communication/).

+##### Azure CLI extension for Email Service Resources management

+Developers can use Azure CLI extensions for their end-to-end send email flow including:

+- Create Communication Service Resource (existing)

+- Create Email Service Resource (new)

+- Create Domain (Azure Managed or Custom Domain) Resource (new)

+- Add a sender username to a domain (new)

+- Link a Domain Resource to a Communication Service Resource (existing)

+- Send an Email (existing)

+Learn more in [Extensions](/cli/azure/communication/email).

+## February 2024

+### Limited Access User Tokens

+New, limited access user tokens are now in general availability. Limited access user tokens enable customers to exercise finer grain control over user capabilities such as to start a new call/chat or participate in an ongoing call/chat.

+When a customer creates an Azure Communication Services user identity, the user is granted the capability to participate in chats or calls, using access tokens. For example, a user must have a chat-token to participate in chat threads. Similarly, a VoIP token is required to participate in VoIP call. A user can have multiple tokens simultaneously.

+With the limited access tokens, Azure Communication Services supports controlling full access versus limited access within chat and calling. Customers can now control the userΓÇÖs ability to initiate a new call or chat as opposed to participating in existing calls or chats.

+These tokens solve the cold-call or cold-chat issue. For example, without limited access tokens if a user has VoIP token, they can initiate calls and participate in calls. So theoretically, a defendant could call a judge directly or a patient could call a doctor directly. This is undesirable for most businesses. With new limited access tokens, developers are able to give a limited access token to a patient so they can join a call but can't initiate a direct call to anyone.

+For more information, see [Identity model](./concepts/identity-model.md).

+### Try Phone Calling

+Try Phone Calling, now in public preview, is a tool in Azure portal that helps customers confirm the setup of a telephony connection by making a phone call. It applies to both Voice Calling (PSTN) and direct routing. Try Phone Calling enables developers to quickly test Azure Communication Services calling capabilities, without an existing app or code on their end.

+Learn more about [Try Phone Calling](./concepts/telephony/try-phone-calling.md).

+### UI Native Library Updates

+Updates to the UI Native Library including moving User facing diagnostics to general availability and releasing 1:1 Calling and an iOS CallKit integration.

+### User Facing Diagnostics

+User Facing Diagnostics (UFD) is now available in general availability. User Facing Diagnostics enhance the user experience by providing a set of events that can be triggered when some signal of the call is triggered, for example, when some participant is talking but the microphone is muted, or if the device isn't connected to a network. Developers can subscribe to triggers such as weak network signals or muted microphones, ensuring that you're always aware of any factors impacting your calls.

+By bringing UFD into the UI Library, we help customers implement events. This provides a more fluid experience. Customers can use UFDs to notify end-users in real time if they face connectivity and quality issues during the call. Issues can include muted microphones, network issues, or other problems. Customers receive a toast notification during the call to indicate quality issues. This also helps by sending telemetry to help you track any event and review the call status.

+For more information, see [User Facing Diagnostics](./concepts/voice-video-calling/user-facing-diagnostics.md).

+### 1:1 Calling

+One-on-one calling for Android and iOS is now available. With this latest public preview release, starting a call is as simple as a tap. Recipients are promptly alerted with a push notification to answer or decline the call. If the iOS native application requires direct calling between two entities, developers can use the 1:1 calling function to make it happen. For example, a client needing to make a call to their financial advisor to make account changes. This feature is currently in public preview version 1.6.0.

+For more information, see [Set up one-to-one calling and push notifications in the UI Library](./how-tos/ui-library-sdk/one-to-one-calling.md).

+### iOS CallKit Integrations

+Azure Communication Services seamlessly integrates CallKit, in public preview, for a native iOS call experience. Now, calls made through the Native UI SDK have the same iOS calling features such as notification, call history, and call on hold. These iOS features blend perfectly with the existing native experience.

+UI Library developers can use this integration to avoid spending time on integration. The iOS CallKit provides an out of the box experience, meaning that integrated apps use the same interfaces as regular cellular calls. For end-users, incoming VoIP calls display the familiar iOS call screen, providing a consistent and intuitive experience.

+For more information, see [Integrate CallKit into the UI Library](./how-tos/ui-library-sdk/callkit.md).

+### PSTN Direct Offers

+Azure Communication Services has continued to expand Direct Offers to new geographies. We just launched PSTN Direct Offers in general availability for 42 countries.

+The full list of countries where we offer PSTN Direct Offers:

+Argentina, Australia, Austria, Belgium, Brazil, Canada, Chile, China, Colombia, Denmark, Finland, France, Germany, Hong Kong, Indonesia, Ireland, Israel, Italy, Japan, Luxembourg, Malaysia, Mexico, Netherlands, New Zealand, Norway, Philippines, Poland, Portugal, Puerto Rico, Saudi Arabia, Singapore, Slovakia, South Africa, South Korea, Spain, Sweden, Switzerland, Taiwan, Thailand, UAE (United Arab Emirates), United Kingdom, and United States

+In addition to getting all current offers into general availability, we have introduced over 400 new cross-country offers.

+Check all the new countries, phone number types, and capabilities at [Country/regional availability of telephone numbers and subscription eligibility](./concepts/numbers/sub-eligibility-number-capability.md).

+## January 2024

+### Dial out to a PSTN number

+Virtual Rooms support VoIP audio and video calling. Now you can also dial out PSTN numbers and include the PSTN participants in an ongoing call. Virtual Rooms empowers developers to exercise control over PSTN dial out capability in two ways. Developers can not only enable/disable PSTN dial-out capability for specific Virtual Rooms but can also control which users in Virtual Rooms can initiate PSTN dial-out. Only the users with Presenter role can initiate a PSTN Dial-out ensuring secure and structured communication.

+For more information, see [Quickstart: Create and manage a room resource](./quickstarts/rooms/get-started-rooms.md).

+### Remote mute call participants

+Participants can now mute other participants in Virtual Rooms calls. Previously, participants in Virtual Rooms calls could only mute/unmute themselves. There are times when you want to mute other participants due to background noise or if someoneΓÇÖs microphone is left unmuted.

+Participants in the Presenter role can mute a participant, multiple participants, or all other participants. Users retain the ability to unmute themselves as needed. For privacy reasons, no one can unmute other participants.

+For more information, see [Mute other participants](./how-tos/calling-sdk/manage-calls.md#mute-other-participants).

+### Call Recording in Virtual Rooms

+Developers can now start, pause, and stop call recording in calls conducted in Virtual Rooms. Call Recording is a service-side capability, and developers start, pause, stop recording using server-side API calls. This feature enables invited participants who might not make the original session to view the recording and stay up-to-date asynchronously.

+For more information, see [Manage call recording on the client](./how-tos/calling-sdk/record-calls.md).

+### Closed Captions in Virtual Rooms

+Closed captions is the conversion of a voice or video call audio track into written words that appear in real time. Closed captions are also a useful tool for participants who prefer to read the audio text in order to engage more actively in conversations and meetings. Closed captions also help in scenarios where participants might be in noisy environments or have audio equipment problems.

+Closed captions are never saved and are only visible to the user that enabled it.

+For more information, see [Closed Captions overview](./concepts/voice-video-calling/closed-captions.md).

+## December 2023

+### Call Diagnostics

+Azure Communication Services Call Diagnostics (CD) is available in Public Preview. Call Diagnostics help developers troubleshoot and improve their voice and video calling applications.

+Call Diagnostics is an Azure Monitor experience that offers specialized telemetry and diagnostic pages in the Azure portal. With Call Diagnostics, you can access and analyze data, visualizations, and insights for each call. Then you can identify and resolve issues that affect the end-user experience.

+Call Diagnostics works with other ACS features, such as noise suppression and pre-call troubleshooting, to deliver beautiful, reliable video calling experiences that are easy to develop and operate. Call Diagnostics is now available in Public Preview. Try it today and see how Azure can help you make every call a success.

+For more information, see [Call Diagnostics](./concepts/voice-video-calling/call-diagnostics.md).

+### WebJS Calling Updates

+Several WebJS Calling features moved to general availability: Media Quality Statics, Video Constraints, and Data Channel.

+#### Media Quality Statistics

+Developers can leverage the Media Quality Statistics API to better understand their video calling quality and reliability experience real time from within the calling SDK. By giving developers the ability to understand from the client side what their end customers are experiencing they can delve deeper into understanding and mitigating any issues that arise for their end users.

+ For more information, see [Media Quality Statistics](./concepts/voice-video-calling/media-quality-sdk.md).

+#### Video Constraints

+Developers can use Video Constraints to better manage the overall quality of calls. For example, if a developer knows that a participant has a poor internet connection, the developer can limit video resolution size on the sender side to use less bandwidth. The result is an improved calling experience for the participant.

+Improve your calling experience as described in [Quickstart: Set video constraints in your calling app](./quickstarts/voice-video-calling/get-started-video-constraints.md).

+#### Data Channel

+The Data Channel API enables real-time messaging during audio and video calls. This function enables developers to manage their own data pipeline and send their own unique messages to remote participants on a call. The data channel enhances communication capabilities by enabling local participants to connect directly to remote participants when the scenario requires.

+Get started with [Quickstart: Add Data Channel messaging to your calling app](./quickstarts/voice-video-calling/get-started-data-channel.md).

+## Related articles

+For a complete list of new features and bug fixes, see the [releases page](https://github.com/Azure/Communication/releases) on GitHub. For more blog posts, see the [Azure Communication Services blog](https://techcommunity.microsoft.com/t5/azure-communication-services/bg-p/AzureCommunicationServicesBlog).

+ | **Time zone** | `timeZone` | No | String | Applies only when you specify a start time because this trigger doesn't accept [UTC offset](https://en.wikipedia.org/wiki/UTC_offset). Select the time zone that you want to apply. For more information, see [Default Time Zones](/windows-hardware/manufacture/desktop/default-time-zones#time-zones). |

+> - Assign a user-assigned identity to a container app and supply it with the appropriate role assignment to authenticate to the Dapr state store

+If you're using an Azure Container Registry, include the `--registry-server <REGISTRY_NAME>.azurecr.io` flag in the command.

+If you're using an Azure Container Registry, include the `RegistryServer = '<REGISTRY_NAME>.azurecr.io'` flag in the command.

+If you're using an Azure Container Registry, include the `--registry-server <REGISTRY_NAME>.azurecr.io` flag in the command.

+If you're using an Azure Container Registry, include the `RegistryServer = '<REGISTRY_NAME>.azurecr.io'` flag in the command.

+ --env-vars "key1=value1" "key2=value2" \

+ --location <LOCATION>

+| `--location` | `"Supported Location"` | The location of the session pool. |

+If your new billing profile doesn't have the new plan enabled, you see the following error. You must enable the plan before you can transition your enrollment. Contact your Microsoft representative for assistance.

+### When should the setup get completed?

+Before you select **Start transition**, you can close the browser. You can come back to the setup using the link you got in the email and start the transition. If you close the browser, after the transition is started, your transition will keep on running. To monitor the latest status of your transition, return to the transition status page. You get an email when the transition is completed.

+- The total canceled commitment can't exceed 50,000 USD in a 12-month rolling window for a billing profile or single enrollment. For example, assume you have a three-year reservation (36 months). It costs 100 USD per month. It gets refunded in the 12th month. The canceled commitment is 2,400 USD (for the remaining 24 months). After the refund, your new available limit for refund is 47,600 USD (50,000-2,400). In 365 days from the refund, the 47,600 USD limit increases by 2,400 USD. Your new pool is 50,000 USD. Any other reservation cancellation for the billing profile or EA enrollment depletes the same pool, and the same replenishment logic applies. This example also applies to the monthly payment method.

+### Download the sample applications

+## Solution architecture

+You'll be attaching Azure SignalR Service to Azure Digital Twins through the path below. Sections A, B, and C in the diagram are taken from the architecture diagram of the [end-to-end tutorial prerequisite](tutorial-end-to-end.md). In this how-to article, you'll build section D on the existing architecture, which includes two new Azure functions that communicate with SignalR and client apps.

+## Create Azure SignalR instance

+Next, create an Azure SignalR instance to use in this article by following the instructions in [Create an Azure SignalR Service instance](../azure-signalr/signalr-quickstart-azure-functions-csharp.md#create-an-azure-signalr-service-instance) (for now, only complete the steps in this section).

+ dotnet add package Microsoft.Azure.WebJobs.Extensions.SignalRService --version 1.14.0

+ 1. Open a console window on your machine (if you're using the local Azure CLI, it can be the same window), and navigate into the *digital-twins-samples-main\AdtSampleApp\SampleFunctionsApp* folder inside your downloaded sample project.

+ The last step will be done in the Azure CLI.

+To access the Education Hub, you must first receive an email notification that confirms your approval for an academic sponsorship and contains your approved credit amount.

+The email that you received to confirm your approval for an academic sponsorship includes a [link to the Azure Education Hub](https://aka.ms/startedu) and an approved credit amount. Most sponsored academic offers include a Developer tier of Azure support for free.

+To use your academic sponsorship, you must create a lab in the Education Hub and use subscriptions within the lab that will access your Azure credit. Start by signing in to the [Azure portal](https://portal.azure.com) so you can access the Education Hub.

+- [Manage your academic sponsorship by using the Overview page](hub-overview-page.md)

+- An academic sponsorship with an approved credit amount

+- [Manage your academic sponsorship by using the Overview page](hub-overview-page.md)

+## Azure Classroom

+You can access your Azure course credits by creating a new Azure Academic Sponsorship subscription. Select the **Activate** button in the sponsorship approval email.

+- [Manage your academic sponsorship by using the Overview page](hub-overview-page.md)

+- [Manage your academic sponsorship by using the Overview page](hub-overview-page.md)

+- [Manage your academic sponsorship by using the Overview page](hub-overview-page.md)

+ Title: Manage your academic sponsorship in the Azure Education Hub

+description: Learn how to view and update the details of your academic sponsorship on the Overview page of the Azure Education Hub.

+# Manage your academic sponsorship in the Azure Education Hub

+Your main landing page in the Azure Education Hub is the **Overview** page. This page contains all the relevant information about your academic sponsorship, such as the number of labs that you established and your total running credit allocated and used from those labs. It also displays other resources available to help you get started with allocating credits and tracking your spend.

+- An academic sponsorship with an approved credit amount

+In this article, you use a Bicep file to create a Blob storage account, subscribe to events for that blob storage, and trigger an event to view the result. Typically, you send events to an endpoint that processes the event data and takes actions. However, to simplify this article, you send the events to a web app that collects and displays the messages.

+> [!NOTE]

+> If you are new to Azure Event Grid, see [What's Azure Event Grid](overview.md) to get an overview of the service before going through this tutorial.

+Before subscribing to the events for the Blob storage, let's create the endpoint for the event message. Typically, the endpoint takes actions based on the event data. To simplify this quickstart, you deploy a [prebuilt web app](https://github.com/Azure-Samples/azure-event-grid-viewer) that displays the event messages. The deployed solution includes an App Service plan, an App Service web app, and source code from GitHub.

+1. The deployment can take a few minutes to complete. After the deployment succeeds, view your web app to make sure it's running. In a web browser, navigate to:

+1. You see the site but no events are posted to it yet.

+View your web app again, and notice that a subscription validation event was sent to it. Select the eye icon to expand the event data. Event Grid sends the validation event so the endpoint can verify that it wants to receive event data. The web app includes code to validate the subscription.

+You trigger an event for the Blob storage by uploading a file. The file doesn't need any specific content. The article assumes you have a file named testfile.txt, but you can use any file.

+## Related content

+In this article, you use an Azure Resource Manager template (ARM template) to create a Blob storage account, subscribe to events for that blob storage, and trigger an event to view the result. Typically, you send events to an endpoint that processes the event data and takes actions. However, to simplify this article, you send the events to a web app that collects and displays the messages.

+> [!NOTE]

+> If you are new to Azure Event Grid, see [What's Azure Event Grid](overview.md) to get an overview of the service before going through this tutorial.

+Before subscribing to the events for the Blob storage, let's create the endpoint for the event message. Typically, the endpoint takes actions based on the event data. To simplify this quickstart, you deploy a [prebuilt web app](https://github.com/Azure-Samples/azure-event-grid-viewer) that displays the event messages. The deployed solution includes an App Service plan, an App Service web app, and source code from GitHub.

+1. The deployment can take a few minutes to complete. After the deployment succeeds, view your web app to make sure it's running. In a web browser, navigate to:

+1. You see the site but no events are posted to it yet.

+You trigger an event for the Blob storage by uploading a file. The file doesn't need any specific content. The article assumes you have a file named testfile.txt, but you can use any file.

+* [Azure Quickstart Templates](https://azure.microsoft.com/resources/templates/)

+2. Once you are in the resource, click on the **Topics** option in the **Event broker** section.

+2. Click on the **Topics** option in the **Event broker** section.

+2. Click on the **Topics** option in the **Event broker** section.

+In this article, you use the Azure PowerShell to create a custom topic, subscribe to the topic, and trigger the event to view the result. Typically, you send events to an endpoint that processes the event data and takes actions. However, to simplify this article, you send the events to a web app that collects and displays the messages.

+> [!NOTE]

+> If you are new to Azure Event Grid, see [What's Azure Event Grid](overview.md) to get an overview of the service before going through this tutorial.

+An Event Grid topic provides a user-defined endpoint that you post your events to. The following example creates the custom topic in your resource group. Replace `<your-topic-name>` with a unique name for your topic. The topic name must be unique because it's part of the Domain Name System (DNS) entry. Additionally, it must be between 3-50 characters and contain only values a-z, A-Z, 0-9, and "-"

+description: 'Quickstart uses Azure Event Grid and Azure CLI to publish a custom topic, and subscribe to events for that topic. The events are handled by a web application.'

+In this article, you use the Azure CLI to create a custom topic in Azure Event Grid, subscribe to the custom topic, and trigger the event to view the result.

+> [!NOTE]

+> If you are new to Azure Event Grid, see [What's Azure Event Grid](overview.md) to get an overview of the service before going through this tutorial.

+Azure Relay Hybrid Connections is one of the supported event handlers. You use hybrid connections as the event handler when you need to process events from applications that don't have a public endpoint. These applications might be within your corporate enterprise network. In this article, you use the Azure CLI to create a custom topic, subscribe to the custom topic, and trigger the event to view the result. You send the events to the hybrid connection.

+> [!NOTE]

+> If you are new to Azure Event Grid, see [What's Azure Event Grid](overview.md) to get an overview of the service before going through this tutorial.

+An Event Grid topic provides a user-defined endpoint that you post your events to. The following example creates the custom topic in your resource group. Replace `<topic_name>` with a unique name for your custom topic. The Event Grid topic name must be unique because it's represented by a Domain Name System (DNS) entry.

+* Manage multitenant event-driven architectures at scale.

+- You're developing an event-driven solution that requires events from Microsoft Entra ID, Outlook, Teams, etc. to react to resource changes. You require the robust event-driven model and publish-subscribe capabilities that Event Grid provides. For an overview of Event Grid, see [Event Grid concepts](concepts.md).

+Azure regions are global datacenters where Azure compute, networking, and storage resources are hosted. When creating an Azure resource, you need to select the resource location, which determines the specific Azure datacenter (or availability zone) where the resource is deployed.

+ExpressRoute locations, also known as peering locations or meet-me locations, are co-location facilities where Microsoft Enterprise Edge (MSEE) devices are situated. These locations serve as the entry points to Microsoft's network and are globally distributed, offering the ability to connect to Microsoft's network worldwide. ExpressRoute partners and ExpressRoute Direct user establish cross connections to Microsoft's network at these locations. Generally, the ExpressRoute location doesn't need to correspond with the Azure region. For instance, you can create an ExpressRoute circuit with the resource location in *East US* for the *Seattle* peering location.

+You have access to Azure services across all regions within a geopolitical region if you're connecting to at least one ExpressRoute location within the geopolitical region.

+* **Local Azure Regions** refers to the regions that can be accessed by [ExpressRoute Local](expressroute-faqs.md#expressroute-local) at each peering location. **&cross;** indicates that ExpressRoute Local isn't available at that peering location.

+#### [A-C](#tab/a-c)

+| Location | Address | Zone | Local Azure regions | ER Direct | Service providers |

+|--|--|--|--|--|--|

+| **Abu Dhabi** | Etisalat KDC | 3 | UAE Central | &check; | |

+| **Amsterdam** | [Equinix AM5](https://www.equinix.com/locations/europe-colocation/netherlands-colocation/amsterdam-data-centers/am5/) | 1 | West Europe | &check; | Aryaka Networks<br/>AT&T NetBond<br/>British Telecom<br/>Colt<br/>Deutsche Telekom AG<br/>Equinix<br/>euNetworks<br/>GÉANT<br/>GlobalConnect<br/>InterCloud<br/>Interxion (Digital Realty)<br/>KPN<br/>IX Reach<br/>Level 3 Communications<br/>Megaport<br/>NTT Communications<br/>Orange<br/>Tata Communications<br/>Telecom Italia Sparkle<br/>Telefonica<br/>Telenor<br/>Telia Carrier<br/>Verizon<br/>Zayo |

+| **Amsterdam2** | [Interxion AMS8](https://www.interxion.com/Locations/amsterdam/schiphol/) | 1 | West Europe | &check; | BICS<br/>British Telecom<br/>CenturyLink Cloud Connect<br/>Cinia<br/>Colt<br/>DE-CIX<br/>Equinix<br/>euNetworks<br/>GÉANT<br/>Interxion (Digital Realty)<br/>Megaport<br/>NL-IX<br/>NOS<br/>NTT Global DataCenters EMEA<br/>Orange<br/>Vodafone |

+| **Atlanta** | [Equinix AT1](https://www.equinix.com/data-centers/americas-colocation/united-states-colocation/atlanta-data-centers/at1) | 1 | &cross; | &check; | Equinix<br/>Megaport<br/>Momentum Telecom<br/>PacketFabric |

+| **Auckland** | [Vocus Group NZ Albany](https://www.vocus.co.nz/business/cloud-data-centres) | 2 | &cross; | &check; | Devoli<br/>Kordia<br/>Megaport<br/>REANNZ<br/>Spark NZ<br/>Vocus Group NZ |

+| **Bangkok** | [AIS](https://business.ais.co.th/solution/en/azure-expressroute.html) | 2 | &cross; | &check; | AIS<br/>National Telecom UIH |

+| **Berlin** | [NTT GDC](https://services.global.ntt/en-us/newsroom/ntt-ltd-announces-access-to-microsoft-azure-expressroute-at-ntts-berlin-1-data-center) | 1 | Germany North | &check; | Colt<br/>Equinix<br/>NTT Global DataCenters EMEA |

+| **Busan** | [LG CNS](https://www.lgcns.com/business/cloud/datacenter/) | 2 | Korea South | &cross; | LG CNS |

+| **Campinas** | [Ascenty](https://www.ascenty.com/en/data-centers-en/campinas/) | 3 | Brazil South | &check; | Ascenty |

+| **Canberra** | [CDC](https://cdcdatacentres.com.au/about-us/) | 1 | Australia Central | &check; | CDC<br/>Telstra Corporation |

+| **Canberra2** | [CDC](https://cdcdatacentres.com.au/about-us/) | 1 | Australia Central 2 | &check; | CDC<br/>Equinix |

+| **Cape Town** | [Teraco CT1](https://www.teraco.co.za/data-centre-locations/cape-town/) | 3 | South Africa West | &check; | BCX<br/>Internet Solutions - Cloud Connect<br/>Liquid Telecom<br/>MTN Global Connect<br/>Teraco<br/>Vodacom |

+| **Chennai** | Tata Communications | 2 | South India | &check; | BSNL<br/>DE-CIX<br/>Global CloudXchange (GCX)<br/>Lightstorm<br/>SIFY<br/>Tata Communications<br/>VodafoneIdea |

+| **Chennai2** | Airtel | 2 | South India | &check; | Airtel |

+| **Chicago** | [Equinix CH1](https://www.equinix.com/locations/americas-colocation/united-states-colocation/chicago-data-centers/ch1/) | 1 | North Central US | &check; | Aryaka Networks<br/>AT&T Dynamic Exchange<br/>AT&T NetBond<br/>British Telecom<br/>CenturyLink Cloud Connect<br/>Cologix<br/>Colt<br/>Comcast<br/>Coresite<br/>Equinix<br/>InterCloud<br/>Internet2<br/>Level 3 Communications<br/>Megaport<br/>Momentum Telecom<br/>PacketFabric<br/>PCCW Global Limited<br/>Sprint<br/>Tata Communications<br/>Telia Carrier<br/>Verizon<br/>Vodafone<br/>Zayo |

+| **Chicago2** | [CoreSite CH1](https://www.coresite.com/data-center/ch1-chicago-il) | 1 | North Central US | &check; | CoreSite<br/>DE-CIX |

+| **Copenhagen** | [Interxion CPH1](https://www.interxion.com/Locations/copenhagen/) | 1 | &cross; | &check; | DE-CIX<br/>GlobalConnect<br/>Interxion (Digital Realty) |

+#### [D-I](#tab/d-h)

+| Location | Address | Zone | Local Azure regions | ER Direct | Service providers |

+|--|--|--|--|--|--|

+| **Dallas** | [Equinix DA3](https://www.equinix.com/locations/americas-colocation/united-states-colocation/dallas-data-centers/da3/)<br/>[Equinix DA6](https://www.equinix.com/data-centers/americas-colocation/united-states-colocation/dallas-data-centers/da6) | 1 | &cross; | &check; | Aryaka Networks<br/>AT&T Connectivity Plus<br/>AT&T Dynamic Exchange<br/>AT&T NetBond<br/>Cologix<br/>Cox Business Cloud Port<br/>Equinix<br/>GTT<br/>Intercloud<br/>Internet2<br/>Level 3 Communications<br/>MCM Telecom<br/>Megaport<br/>Momentum Telecom<br/>Neutrona Networks<br/>Orange<br/>PacketFabric<br/>Telmex Uninet<br/>Telia Carrier<br/>Telefonica<br/>Transtelco<br/>Verizon<br/>Vodafone<br/>Zayo |

+| **Dallas2** | [Digital Realty DFW10](https://www.digitalrealty.com/data-centers/americas/dallas/dfw10) | 1 | &cross; | &check; | Digital Realty |

+| **Denver** | [CoreSite DE1](https://www.coresite.com/data-centers/locations/denver/de1) | 1 | West Central US | &check; | CoreSite<br/>Megaport<br/>PacketFabric<br/>Zayo |

+| **Doha** | [MEEZA MV2](https://www.meeza.net/services/data-centre-services/) | 3 | Qatar Central | &check; | Ooredoo Cloud Connect<br/>Vodafone |

+| **Doha2** | [Ooredoo](https://www.ooredoo.qa/) | 3 | Qatar Central | &check; | Ooredoo Cloud Connect |

+| **Dubai** | [PCCS](http://www.pacificcontrols.net/cloudservices/) | 3 | UAE North | &check; | Etisalat UAE |

+| **Dubai2** | [du datamena](http://datamena.com/solutions/data-centre) | 3 | UAE North | &cross; | DE-CIX<br/>du datamena<br/>Equinix<br/>GBI<br/>Lightstorm<br/>Megaport<br/>Orange<br/>Orixcom |

+| **Dublin** | [Equinix DB3](https://www.equinix.com/locations/europe-colocation/ireland-colocation/dublin-data-centers/db3/) | 1 | North Europe | &check; | CenturyLink Cloud Connect<br/>Colt<br/>eir<br/>Equinix<br/>GEANT<br/>euNetworks<br/>Interxion (Digital Realty)<br/>Megaport<br/>Zayo |

+| **Dublin2** | [Interxion DUB2](https://www.interxion.com/locations/europe/dublin) | 1 | North Europe | &check; | InterCloud<br/>Interxion (Digital Realty)<br/>KPN<br/><br/>Megaport<br/>NL-IX<br/>Orange |

+| **Frankfurt** | [Interxion FRA11](https://www.digitalrealty.com/data-centers/emea/frankfurt) | 1 | Germany West Central | &check; | AT&T NetBond<br/>British Telecom<br/>CenturyLink Cloud Connect<br/>China Unicom Global<br/>Colt<br/>DE-CIX<br/>Equinix<br/>euNetworks<br/>GBI<br/>GEANT<br/>InterCloud<br/>Interxion (Digital Realty)<br/>Megaport<br/>NTT Global DataCenters EMEA<br/>Orange<br/>Telia Carrier<br/>T-Systems<br/>Verizon<br/>Zayo |

+| **Frankfurt2** | [Equinix FR7](https://www.equinix.com/locations/europe-colocation/germany-colocation/frankfurt-data-centers/fr7/) | 1 | Germany West Central | &check; | DE-CIX<br/>Deutsche Telekom AG<br/>Equinix<br/>InterCloud<br/>Telefonica |

+| **Geneva** | [Equinix GV2](https://www.equinix.com/locations/europe-colocation/switzerland-colocation/geneva-data-centers/gv2/) | 1 | Switzerland West | &check; | Colt<br/>Equinix<br/>InterCloud<br/>Megaport<br/>Swisscom |

+| **Hong Kong** | [Equinix HK1](https://www.equinix.com/data-centers/asia-pacific-colocation/hong-kong-colocation/hong-kong-data-centers/hk1) | 2 | East Asia | &check; | Aryaka Networks<br/>British Telecom<br/>CenturyLink Cloud Connect<br/>Chief Telecom<br/>China Telecom Global<br/>China Unicom Global<br/>Colt<br/>Equinix<br/>InterCloud<br/>Megaport<br/>NTT Communications<br/>Orange<br/>PCCW Global Limited<br/>Tata Communications<br/>Telia Carrier<br/>Telefonica<br/>Verizon<br/>Zayo |

+| **Hong Kong2** | [iAdvantage MEGA-i](https://www.iadvantage.net/index.php/locations/mega-i) | 2 | East Asia | &check; | China Mobile International<br/>China Telecom Global<br/>Deutsche Telekom AG<br/>Equinix<br/>iAdvantage<br/>Megaport<br/>PCCW Global Limited<br/>SingTel<br/>Vodafone |

+#### [J-M](#tab/j-m)

+| Location | Address | Zone | Local Azure regions | ER Direct | Service providers |

+|--|--|--|--|--|--|

+| **Jakarta** | [Telin](https://www.telin.net/) | 4 | &cross; | &check; | NTT Communications<br/>Telin<br/>XL Axiata |

+| **Johannesburg** | [Teraco JB1](https://www.teraco.co.za/data-centre-locations/johannesburg/#jb1) | 3 | South Africa North | &check; | BCX<br/>British Telecom<br/>Internet Solutions - Cloud Connect<br/>Liquid Telecom<br/>MTN Business<br/>MTN Global Connect<br/>Orange<br/>Teraco<br/>Vodacom |

+| **Kuala Lumpur** | [TIME dotCom Menara AIMS](https://www.time.com.my/enterprise/connectivity/direct-cloud) | 2 | &cross; | &cross; | DE-CIX<br/>TIME dotCom |

+| **Las Vegas** | [Switch LV](https://www.switch.com/las-vegas) | 1 | &cross; | &check; | CenturyLink Cloud Connect<br/>Megaport<br/>PacketFabric |

+| **London** | [Equinix LD5](https://www.equinix.com/locations/europe-colocation/united-kingdom-colocation/london-data-centers/ld5/) | 1 | UK South | &check; | AT&T NetBond<br/>Bezeq International<br/>British Telecom<br/>CenturyLink<br/>Colt<br/>Equinix<br/>euNetworks<br/>Intelsat<br/>InterCloud<br/>Internet Solutions - Cloud Connect<br/>Interxion (Digital Realty)<br/>Jisc<br/>Level 3 Communications<br/>Megaport<br/>MTN<br/>NTT Communications<br/>Orange<br/>PCCW Global Limited<br/>Tata Communications<br/>Telehouse - KDDI<br/>Telenor<br/>Telia Carrier<br/>Verizon<br/>Vodafone<br/>Zayo |

+| **London2** | [Telehouse North Two](https://www.telehouse.net/data-centres/emea/uk-data-centres/london-data-centres/north-two) | 1 | UK South | &check; | BICS<br/>British Telecom<br/>CenturyLink Cloud Connect<br/>Colt<br/>Equinix<br/>Epsilon Global Communications<br/>GTT<br/>Interxion (Digital Realty)<br/>IX Reach<br/>JISC<br/>Megaport<br/>NTT Global DataCenters EMEA<br/>Ooredoo Cloud Connect<br/>Orange<br/>SES<br/>Sohonet<br/>Telehouse - KDDI<br/>Zayo<br/>Vodafone |

+| **Los Angeles** | [CoreSite LA1](https://www.coresite.com/data-centers/locations/los-angeles/one-wilshire) | 1 | &cross; | &check; | AT&T Dynamic Exchange<br/>CoreSite<br/>China Unicom Global<br/>Cloudflare<br/>Equinix*<br/>Megaport<br/>Neutrona Networks<br/>NTT<br/>Zayo</br></br> **New ExpressRoute circuits are no longer supported with Equinix in Los Angeles. Create new circuits in Los Angeles2.* |

+| **Los Angeles2** | [Equinix LA1](https://www.equinix.com/locations/americas-colocation/united-states-colocation/los-angeles-data-centers/la1/) | 1 | &cross; | &check; | Crown Castle<br/>Equinix<br/>GTT<br/>PacketFabric |

+| **Madrid** | [Interxion MAD1](https://www.interxion.com/es/donde-estamos/europa/madrid) | 1 | &cross; | &check; | DE-CIX<br/>InterCloud<br/>Interxion (Digital Realty)<br/>Megaport<br/>Telefonica |

+| **Madrid2** | [Equinix MD2](https://www.equinix.com/data-centers/europe-colocation/spain-colocation/madrid-data-centers/md2) | 1 | &cross; | &check; | Equinix |

+| **Marseille** | [Interxion MRS1](https://www.interxion.com/Locations/marseille/) | 1 | France South | &cross; | Colt<br/>DE-CIX<br/>GEANT<br/>Interxion (Digital Realty)<br/>Jaguar Network<br/>Ooredoo Cloud Connect |

+| **Melbourne** | [NextDC M1](https://www.nextdc.com/data-centres/m1-melbourne-data-centre) | 2 | Australia Southeast | &check; | AARNet<br/>Devoli<br/>Equinix<br/>Megaport<br/>NETSG<br/>NEXTDC<br/>Optus<br/>Orange<br/>Telstra Corporation<br/>TPG Telecom |

+| **Miami** | [Equinix MI1](https://www.equinix.com/locations/americas-colocation/united-states-colocation/miami-data-centers/mi1/) | 1 | &cross; | &check; | AT&T Dynamic Exchange<br/>Claro<br/>C3ntro<br/>Equinix<br/>Megaport<br/>Momentum Telecom<br/>Neutrona Networks<br/>PitChile |

+| **Milan** | [IRIDEOS](https://irideos.it/en/data-centers/) | 1 | Italy North | &check; | Colt<br/>Equinix<br/>Fastweb<br/>IRIDEOS<br/>Noovle<br/>Retelit<br/>Vodafone |

+| **Milan2** | [DATA4](https://www.data4group.com/it/data-center-a-milano-italia/) | 1 | Italy North | &check; | |

+| **Minneapolis** | [Cologix MIN1](https://www.cologix.com/data-centers/minneapolis/min1/) and [Cologix MIN3](https://www.cologix.com/data-centers/minneapolis/min3/) | 1 | &cross; | &check; | Cologix<br/>Megaport |

+| **Montreal** | [Cologix MTL3](https://www.cologix.com/data-centers/montreal/mtl3/)<br/>[Cologix MTL7](https://cologix.com/data-centers/montreal/mtl7/) | 1 | &cross; | &check; | Bell Canada<br/>CenturyLink Cloud Connect<br/>Cologix<br/>Fibrenoire<br/>Megaport<br/>RISQ<br/>Telus<br/>Zayo |

+| **Mumbai** | Tata Communications | 2 | West India | &check; | BSNL<br/>British Telecom<br/>DE-CIX<br/>Global CloudXchange (GCX)<br/>InterCloud<br/>Lightstorm<br/>Reliance Jio<br/>Sify<br/>Tata Communications<br/>Verizon |

+| **Mumbai2** | Airtel | 2 | West India | &check; | Airtel<br/>Equinix<br/>Sify<br/>Orange<br/>Vodafone Idea |

+| **Munich** | [EdgeConneX](https://www.edgeconnex.com/locations/europe/munich/) | 1 | &cross; | &check; | Colt<br/>DE-CIX<br/>Megaport |

+#### [N-Q](#tab/n-q)

+| **New York** | [Equinix NY5](https://www.equinix.com/locations/americas-colocation/united-states-colocation/new-york-data-centers/ny5/) | 1 | &cross; | &check; | CenturyLink Cloud Connect<br/>Coresite<br/>Crown Castle<br/>DE-CIX<br/>Equinix<br/>InterCloud<br/>Lightpath<br/>Megaport<br/>Momentum Telecom<br/>NTT Communications<br/>Packet<br/>Zayo |

+| **Newport(Wales)** | [Next Generation Data](https://www.nextgenerationdata.co.uk) | 1 | UK West | &check; | British Telecom<br/>Colt<br/>Jisc<br/>Level 3 Communications<br/>Next Generation Data |

+| **Osaka** | [Equinix OS1](https://www.equinix.com/locations/asia-colocation/japan-colocation/osaka-data-centers/os1/) | 2 | Japan West | &check; | AT TOKYO<br/>BBIX<br/>Colt<br/>DE-CIX<br/>Equinix<br/>Internet Initiative Japan Inc. - IIJ<br/>Megaport<br/>NTT Communications<br/>NTT SmartConnect<br/>Softbank<br/>Tokai Communications |

+| **Oslo** | DigiPlex Ulven | 1 | Norway East | &check; | GlobalConnect<br/>Megaport<br/>Telenor<br/>Telia Carrier |

+| **Paris** | [Interxion PAR5](https://www.interxion.com/Locations/paris/) | 1 | France Central | &check; | British Telecom<br/>CenturyLink Cloud Connect<br/>Colt<br/>Equinix<br/>euNetworks<br/>Intercloud<br/>Interxion<br/>Jaguar Network<br/>Megaport<br/>Orange<br/>Telia Carrier<br/>Zayo<br/>Verizon |

+| **Paris2** | [Equinix](https://www.equinix.com/data-centers/europe-colocation/france-colocation/paris-data-centers/pa4) | 1 | France Central | &check; | Equinix<br/>InterCloud<br/>Orange |

+| **Perth** | [NextDC P1](https://www.nextdc.com/data-centres/p1-perth-data-centre) | 2 | &cross; | &check; | Equinix<br/>Megaport<br/>NextDC |

+| **Phoenix** | [EdgeConneX PHX01](https://www.cyrusone.com/data-centers/north-america/arizona/phx1-phx8-phoenix) | 1 | West US 3 | &check; | AT&T NetBond<br/>Cox Business Cloud Port<br/>CenturyLink Cloud Connect<br/>DE-CIX<br/>Megaport<br/>Zayo |

+| **Phoenix2** | [PhoenixNAP](https://phoenixnap.com/) | 1 | West US 3 | &check; | |

+| **Portland** | [EdgeConnex POR01](https://www.edgeconnex.com/locations/north-america/portland-or/) | 1 | West US 2 | &check; | |

+| **Pune** | [STT GDC Pune DC1](https://www.sttelemediagdc.in/our-data-centres-in-india) | 2 | Central India | &check; | Airtel<br/>Lightstorm<br/>Tata Communications |

+| **Quebec City** | [Vantage](https://vantage-dc.com/data_centers/quebec-city-data-center-campus/) | 1 | Canada East | &check; | Bell Canada<br/>Equinix<br/>Megaport<br/>RISQ<br/>Telus |

+| **Queretaro (Mexico)** | [KIO Networks QR01](https://www.kionetworks.com/es-mx/) | 4 | &cross; | &check; | Cirion Technologies<br/>Equinix<br/>MCM Telecom<br/>Megaport<br/>Transtelco |

+| **Quincy** | Sabey Datacenter - Building A | 1 | West US 2 | &check; | |

+#### [R-S](#tab/r-s)

+| Location | Address | Zone | Local Azure regions | ER Direct | Service providers |

+|--|--|--|--|--|--|

+| **Rio de Janeiro** | [Equinix-RJ2](https://www.equinix.com/locations/americas-colocation/brazil-colocation/rio-de-janeiro-data-centers/rj2/) | 3 | Brazil Southeast | &check; | Cirion Technologies<br/>Equinix |

+| **San Antonio** | [CyrusOne SA1](https://cyrusone.com/locations/texas/san-antonio-texas/) | 1 | South Central US | &check; | CenturyLink Cloud Connect<br/>Megaport<br/>Zayo |

+| **Santiago** | [EdgeConnex SCL](https://www.edgeconnex.com/locations/south-america/santiago/) | 3 | &cross; | &check; | Cirion Technologies<br/>PitChile |

+| **Sao Paulo** | [Equinix SP2](https://www.equinix.com/locations/americas-colocation/brazil-colocation/sao-paulo-data-centers/sp2/) | 3 | Brazil South | &check; | Aryaka Networks<br/>Ascenty Data Centers<br/>British Telecom<br/>Equinix<br/>InterCloud<br/>Level 3 Communications<br/>Neutrona Networks<br/>Orange<br/>RedCLARA<br/>Tata Communications<br/>Telefonica<br/>UOLDIVEO |

+| **Sao Paulo2** | [TIVIT TSM](https://www.tivit.com/en/tivit/) | 3 | Brazil South | &check; | Ascenty Data Centers<br/>Tivit |

+| **Seattle** | [Equinix SE2](https://www.equinix.com/locations/americas-colocation/united-states-colocation/seattle-data-centers/se2/) | 1 | West US 2 | &check; | Aryaka Networks<br/>CenturyLink Cloud Connect<br/>DE-CIX<br/>Digital Realty<br/>Equinix<br/>Level 3 Communications<br/>Megaport<br/>Pacific Northwest Gigapop<br/>PacketFabric<br/>Telus<br/>Zayo |

+| **Seoul** | [KINX Gasan IDC](https://www.kinx.net/?lang=en) | 2 | Korea Central | &check; | KINX<br/>KT<br/>LG CNS<br/>LGUplus<br/>Equinix<br/>Sejong Telecom<br/>SK Telecom |

+| **Seoul2** | [KT IDC](https://www.kt-idc.com/eng/introduce/sub1_4_10.jsp#tab) | 2 | Korea Central | &cross; | KT |

+| **Silicon Valley** | [Equinix SV1](https://www.equinix.com/locations/americas-colocation/united-states-colocation/silicon-valley-data-centers/sv1/) | 1 | West US | &check; | Aryaka Networks<br/>AT&T Dynamic Exchange<br/>AT&T NetBond<br/>British Telecom<br/>CenturyLink Cloud Connect<br/>China Unicom Global<br/>Colt<br/>Comcast<br/>Coresite<br/>Cox Business Cloud Port<br/>Digital Realty<br/>Equinix<br/>InterCloud<br/>Internet2<br/>IX Reach<br/>Packet<br/>PacketFabric<br/>Level 3 Communications<br/>Megaport<br/>Momentum Telecom<br/>Orange<br/>Sprint<br/>Tata Communications<br/>Telia Carrier<br/>Verizon<br/>Vodafone<br/>Zayo |

+| **Silicon Valley2** | [Coresite SV7](https://www.coresite.com/data-centers/locations/silicon-valley/sv7) | 1 | West US | &check; | Colt<br/>Coresite |

+| **Singapore** | [Equinix SG1](https://www.equinix.com/data-centers/asia-pacific-colocation/singapore-colocation/singapore-data-center/sg1) | 2 | Southeast Asia | &check; | Aryaka Networks<br/>AT&T NetBond<br/>British Telecom<br/>China Mobile International<br/>Epsilon Global Communications<br/>Equinix<br/>GTT<br/>InterCloud<br/>Level 3 Communications<br/>Megaport<br/>NTT Communications<br/>Orange<br/>PCCW Global Limited<br/>SingTel<br/>Tata Communications<br/>Telstra Corporation<br/>Telefonica<br/>Verizon<br/>Vodafone |

+| **Singapore2** | [Global Switch Tai Seng](https://www.globalswitch.com/locations/singapore-data-centres/) | 2 | Southeast Asia | &check; | CenturyLink Cloud Connect<br/>China Unicom Global<br/>Colt<br/>DE-CIX<br/>Epsilon Global Communications<br/>Equinix<br/>Lightstorm<br/>Megaport<br/>PCCW Global Limited<br/>SingTel<br/>Telehouse - KDDI |

+| **Stavanger** | [Green Mountain DC1](https://greenmountain.no/dc1-stavanger/) | 1 | Norway West | &check; | GlobalConnect<br/>Megaport<br/>Telenor |

+| **Stockholm** | [Equinix SK1](https://www.equinix.com/locations/europe-colocation/sweden-colocation/stockholm-data-centers/sk1/) | 1 | Sweden Central | &check; | Cinia<br/>Equinix<br/>GlobalConnect<br/>Interxion (Digital Realty)<br/>Megaport<br/>Telia Carrier |

+| **Sydney** | [Equinix SY2](https://www.equinix.com/locations/asia-colocation/australia-colocation/sydney-data-centers/sy2/) | 2 | Australia East | &check; | AARNet<br/>AT&T NetBond<br/>British Telecom<br/>Cello<br/>Devoli<br/>Equinix<br/>GTT<br/>Kordia<br/>Megaport<br/>NEXTDC<br/>NTT Communications<br/>Optus<br/>Orange<br/>Spark NZ<br/>Telstra Corporation<br/>TPG Telecom<br/>Verizon<br/>Vocus Group NZ |

+| **Sydney2** | [NextDC S1](https://www.nextdc.com/data-centres/s1-sydney-data-centre) | 2 | Australia East | &check; | Megaport<br/>NETSG<br/>NextDC |

+#### [T-Z](#tab/t-z)

+| Location | Address | Zone | Local Azure regions | ER Direct | Service providers |

+|--|--|--|--|--|--|

+| **Taipei** | Chief Telecom | 2 | &cross; | &check; | Chief Telecom<br/>Chunghwa Telecom<br/>FarEasTone |

+| **Taipei2** | Chunghwa Telecom | 2 | &cross; | &check; | |

+| **Tel Aviv** | Bezeq International | 2 | Israel Central | &check; | Bezeq International |

+| **Tel Aviv2** | SDS | 2 | Israel Central | &check; | |

+| **Tokyo** | [Equinix TY4](https://www.equinix.com/locations/asia-colocation/japan-colocation/tokyo-data-centers/ty4/) | 2 | Japan East | &check; | Aryaka Networks<br/>AT&T NetBond<br/>BBIX<br/>British Telecom<br/>CenturyLink Cloud Connect<br/>Colt<br/>Equinix<br/>Intercloud<br/>Internet Initiative Japan Inc. - IIJ<br/>Megaport<br/>NTT Communications<br/>NTT EAST<br/>Orange<br/>Softbank<br/>Telehouse - KDDI<br/>Verizon </br></br> |

+| **Tokyo2** | [AT TOKYO](https://www.attokyo.com/) | 2 | Japan East | &check; | AT TOKYO<br/>China Unicom Global<br/>Colt<br/>DE-CIX<br/>Equinix<br/>IX Reach<br/>Megaport<br/>PCCW Global Limited<br/>Tokai Communications |

+| **Tokyo3** | [NEC](https://www.nec.com/en/global/solutions/cloud/inzai_datacenter.html) | 2 | Japan East | &check; | NEC<br/>SCSK |

+| **Toronto** | [Cologix TOR1](https://www.cologix.com/data-centers/toronto/tor1/) | 1 | Canada Central | &check; | AT&T NetBond<br/>Bell Canada<br/>CenturyLink Cloud Connect<br/>Cologix<br/>Equinix<br/>IX Reach Megaport<br/>Orange<br/>Telus<br/>Verizon<br/>Zayo |

+| **Toronto2** | [Allied REIT](https://www.alliedreit.com/property/905-king-st-w/) | 1 | Canada Central | &check; | Fibrenoire<br/>Zayo |

+| **Vancouver** | [Cologix VAN1](https://www.cologix.com/data-centers/vancouver/van1/) | 1 | &cross; | &check; | Bell Canada<br/>Cologix<br/>Megaport<br/>Telus<br/>Zayo |

+| **Warsaw** | [Equinix WA1](https://www.equinix.com/data-centers/europe-colocation/poland-colocation/warsaw-data-centers/wa1) | 1 | Poland Central | &check; | Equinix<br/>Exatel<br/>Orange Poland<br/>T-mobile Poland |

+| **Washington DC** | [Equinix DC2](https://www.equinix.com/locations/americas-colocation/united-states-colocation/washington-dc-data-centers/dc2/)<br/>[Equinix DC6](https://www.equinix.com/data-centers/americas-colocation/united-states-colocation/washington-dc-data-centers/dc6) | 1 | East US<br/>East US 2 | &check; | Aryaka Networks<br/>AT&T NetBond<br/>British Telecom<br/>CenturyLink Cloud Connect<br/>Cologix<br/>Colt<br/>Comcast<br/>Coresite<br/>Cox Business Cloud Port<br/>Crown Castle<br/>Digital Realty<br/>Equinix<br/>IPC<br/>Internet2<br/>InterCloud<br/>IPC<br/>Iron Mountain<br/>IX Reach<br/>Level 3 Communications<br/>Lightpath<br/>Megaport<br/>Neutrona Networks<br/>NTT Communications<br/>Orange<br/>PacketFabric<br/>SES<br/>Sprint<br/>Tata Communications<br/>Telia Carrier<br/>Telefonica<br/>Verizon<br/>Zayo |

+| **Washington DC2** | [Coresite VA2](https://www.coresite.com/data-center/va2-reston-va) | 1 | East US<br/>East US 2 | &cross; | CenturyLink Cloud Connect<br/>Coresite<br/>Intelsat<br/>Megaport<br/>Momentum Telecom<br/>Viasat<br/>Zayo |

+| **Zurich** | [Interxion ZUR2](https://www.interxion.com/Locations/zurich/) | 1 | Switzerland North | &check; | Colt<br/>Equinix<br/>Intercloud<br/>Interxion (Digital Realty)<br/>Megaport<br/>Swisscom<br/>Zayo |

+| **Zurich2** | [Equinix ZH5](https://www.equinix.com/data-centers/europe-colocation/switzerland-colocation/zurich-data-centers/zh5) | 1 | Switzerland North | &check; | Equinix |

+| **Atlanta** | [Equinix AT1](https://www.equinix.com/locations/americas-colocation/united-states-colocation/atlanta-data-centers/at1/) | &cross; | &check; | Equinix |

+| **Chicago** | [Equinix CH1](https://www.equinix.com/locations/americas-colocation/united-states-colocation/chicago-data-centers/ch1/) | &cross; | &check; | AT&T NetBond<br/>British Telecom<br/>Equinix<br/>Level 3 Communications<br/>Verizon |

+| **Dallas** | [Equinix DA3](https://www.equinix.com/locations/americas-colocation/united-states-colocation/dallas-data-centers/da3/) | &cross; | &check; | Equinix<br/>Internet2<br/>Megaport<br/>Verizon |

+| **New York** | [Equinix NY5](https://www.equinix.com/locations/americas-colocation/united-states-colocation/new-york-data-centers/ny5/) | &cross; | &check; | Equinix<br/>CenturyLink Cloud Connect<br/>Verizon |

+| **Phoenix** | [CyrusOne Chandler](https://www.cyrusone.com/data-centers/north-america/arizona/phx1-phx8-phoenix) | US Gov Arizona | &check; | AT&T NetBond<br/>CenturyLink Cloud Connect<br/>Megaport |

+| **San Antonio** | [CyrusOne SA2](https://cyrusone.com/locations/texas/san-antonio-texas-ii/) | US Gov Texas | &check; | CenturyLink Cloud Connect<br/>Megaport |

+| **Silicon Valley** | [Equinix SV4](https://www.equinix.com/locations/americas-colocation/united-states-colocation/silicon-valley-data-centers/sv4/) | &cross; | &check; | AT&T<br/>Equinix<br/>Level 3 Communications<br/>Verizon |

+| **Seattle** | [Equinix SE2](https://www.equinix.com/locations/americas-colocation/united-states-colocation/seattle-data-centers/se2/) | &cross; | &check; | Equinix<br/>Megaport |

+| **Washington DC** | [Equinix DC2](https://www.equinix.com/locations/americas-colocation/united-states-colocation/washington-dc-data-centers/dc2/) | US DoD East<br/>US Gov Virginia | &check; | AT&T NetBond<br/>CenturyLink Cloud Connect<br/>Equinix<br/>Level 3 Communications<br/>Megaport<br/>Verizon |

+| **Beijing** | China Telecom | &cross; | &check; | China Telecom |

+| **Beijing2** | GDS | &cross; | &check; | China Telecom<br/>China Mobile<br/>China Unicom<br/>GDS |

+| **Shanghai** | China Telecom | &cross; | &check; | China Telecom |

+| **Shanghai2** | GDS | &cross; | &check; | China Mobile<br/>China Telecom<br/>China Unicom<br/>GDS |

+#### [A-K](#tab/a-k)

+#### [L-Q](#tab/l-q)

+| Location | Exchange | Connectivity providers |

+|--|--|--|

+#### [S-Z](#tab/s-z)

+| Location | Exchange | Connectivity providers |

+|--|--|--|

+Azure regions are global datacenters where Azure compute, networking, and storage resources are hosted. When creating an Azure resource, you need to select the resource location, which determines the specific Azure datacenter (or availability zone) where the resource is deployed.

+ExpressRoute locations, also known as peering locations or meet-me locations, are co-location facilities where Microsoft Enterprise Edge (MSEE) devices are situated. These locations serve as the entry points to Microsoft's network and are globally distributed, offering the ability to connect to Microsoft's network worldwide. ExpressRoute partners and ExpressRoute Direct user establish cross connections to Microsoft's network at these locations. Generally, the ExpressRoute location doesn't need to correspond with the Azure region. For instance, you can create an ExpressRoute circuit with the resource location in *East US* for the *Seattle* peering location.

+You have access to Azure services across all regions within a geopolitical region if you're connecting to at least one ExpressRoute location within the geopolitical region.

+#### [A-C](#tab/a-c)

+|Service provider | Microsoft Azure | Microsoft 365 | Locations |

+| | | | |

+| **[AARNet](https://www.aarnet.edu.au/network-and-services/connectivity-services/azure-expressroute)** |&check; |&check; | Melbourne<br/>Sydney |

+| **[Airtel](https://www.airtel.in/business/#/)** | &check; | &check; | Chennai2<br/>Mumbai2<br/>Pune |

+| **[AIS](https://business.ais.co.th/solution/en/azure-expressroute.html)** | &check; | &check; | Bangkok |

+| **[Aryaka Networks](https://www.aryaka.com/)** | &check; | &check; | Amsterdam<br/>Chicago<br/>Dallas<br/>Hong Kong<br/>Sao Paulo<br/>Seattle<br/>Silicon Valley<br/>Singapore<br/>Tokyo<br/>Washington DC |

+| **[Ascenty Data Centers](https://www.ascenty.com/en/cloud/microsoft-express-route)** | &check; | &check; | Campinas<br/>Sao Paulo<br/>Sao Paulo2 |

+| **AT&T Connectivity Plus** | &check; | &check; | Dallas |

+| **AT&T Dynamic Exchange** | &check; | &check; | Chicago<br/>Dallas<br/>Los Angeles<br/>Miami<br/>Silicon Valley |

+| **[AT&T NetBond](https://www.synaptic.att.com/clouduser/html/productdetail/ATT_NetBond.htm)** | &check; | &check; | Amsterdam<br/>Chicago<br/>Dallas<br/>Frankfurt<br/>London<br/>Phoenix<br/>Silicon Valley<br/>Singapore<br/>Sydney<br/>Tokyo<br/>Toronto<br/>Washington DC |

+| **[AT TOKYO](https://www.attokyo.com/connectivity/azure.html)** | &check; | &check; | Osaka<br/>Tokyo2 |

+| **[BBIX](https://www.bbix.net/en/service/ix/)** | &check; | &check; | Osaka<br/>Tokyo<br/>Tokyo2 |

+| **[BCX](https://www.bcx.co.za/solutions/connectivity/)** | &check; | &check; | Cape Town<br/>Johannesburg|

+| **[Bell Canada](https://business.bell.ca/shop/enterprise/cloud-connect-access-to-cloud-partner-services)** | &check; | &check; | Montreal<br/>Toronto<br/>Quebec City<br/>Vancouver |

+| **[Bezeq International](https://selfservice.bezeqint.net/web/guest/english/company-profile)** | &check; | &check; | London<br/>Tel Aviv |

+| **[BICS](https://www.bics.com/cloud-connect/)** | &check; | &check; | Amsterdam2<br/>London2 |

+| **[British Telecom](https://www.globalservices.bt.com/en/solutions/products/cloud-connect-azure)** | &check; | &check; | Amsterdam<br/>Amsterdam2<br/>Chicago<br/>Frankfurt<br/>Hong Kong<br/>Johannesburg<br/>London<br/>London2<br/>Mumbai<br/>Newport(Wales)<br/>Paris<br/>Sao Paulo<br/>Silicon Valley<br/>Singapore<br/>Sydney<br/>Tokyo<br/>Washington DC |

+| **BSNL** | &check; | &check; | Chennai<br/>Mumbai |

+| **[C3ntro](https://www.c3ntro.com/)** | &check; | &check; | Miami |

+| **Cello** | &check; | &check; | Sydney |

+| **CDC** | &check; | &check; | Canberra<br/>Canberra2 |

+| **[CenturyLink Cloud Connect](https://www.centurylink.com/cloudconnect)** | &check; | &check; | Amsterdam2<br/>Chicago<br/>Dallas<br/>Dublin<br/>Frankfurt<br/>Hong Kong<br/>Las Vegas<br/>London<br/>London2<br/>Montreal<br/>New York<br/>Paris<br/>Phoenix<br/>San Antonio<br/>Seattle<br/>Silicon Valley<br/>Singapore2<br/>Tokyo<br/>Toronto<br/>Washington DC<br/>Washington DC2 |

+| **[Chief Telecom](https://www.chief.com.tw/)** |&check; |&check; | Hong Kong<br/>Taipei |

+| **China Mobile International** |&check; |&check; | Hong Kong<br/>Hong Kong2<br/>Singapore |

+| **China Telecom Global** |&check; |&check; | Hong Kong<br/>Hong Kong2 |

+| **China Unicom Global** |&check; |&check; | Frankfurt<br/>Hong Kong<br/>Los Angeles<br/>Silicon Valley<br/>Singapore2<br/>Tokyo2 |

+| **Chunghwa Telecom** |&check; |&check; | Taipei |

+| **[Cinia](https://www.cinia.fi/)** |&check; |&check; | Amsterdam2<br/>Stockholm |

+| **[Cirion Technologies](https://lp.ciriontechnologies.com/cloud-connect-lp-latam?c_campaign=HOTSITE&c_tactic=&c_subtactic=&utm_source=SOLUCIONES-CTA&utm_medium=Organic&utm_content=&utm_term=&utm_campaign=HOTSITE-ESP)** | &check; | &check; | Queretaro<br/>Rio De Janeiro<br/>Santiago |

+| **Claro** |&check; |&check; | Miami |

+| **Cloudflare** |&check; |&check; | Los Angeles |

+| **[Cologix](https://cologix.com/connectivity/cloud/cloud-connect/microsoft-azure/)** |&check; |&check; | Chicago<br/>Dallas<br/>Minneapolis<br/>Montreal<br/>Toronto<br/>Vancouver<br/>Washington DC |

+| **[Claro](https://www.usclaro.com/enterprise-mnc/connectivity/mpls/)** |&check; |&check; | Miami |

+| **Cloudflare** |&check; |&check; | Los Angeles |

+| **[Cologix](https://cologix.com/connectivity/cloud/cloud-connect/microsoft-azure/)** | &check; | &check; | Chicago<br/>Dallas<br/>Minneapolis<br/>Montreal<br/>Toronto<br/>Vancouver<br/>Washington DC |

+| **[Colt](https://www.colt.net/direct-connect/azure/)** | &check; | &check; | Amsterdam<br/>Amsterdam2<br/>Berlin<br/>Chicago<br/>Dublin<br/>Frankfurt<br/>Frankfurt2<br/>Geneva<br/>Hong Kong<br/>London<br/>London2<br/>Marseille<br/>Milan<br/>Munich<br/>Newport<br/>Osaka<br/>Paris<br/>Paris2<br/>Seoul<br/>Silicon Valley<br/>Singapore2<br/>Tokyo<br/>Tokyo2<br/>Washington DC<br/>Zurich |

+| **[Comcast](https://business.comcast.com/landingpage/microsoft-azure)** | &check; | &check; | Chicago<br/>Silicon Valley<br/>Washington DC |

+| **[CoreSite](https://www.coresite.com/solutions/cloud-services/public-cloud-providers/microsoft-azure-expressroute)** | &check; | &check; | Chicago<br/>Chicago2<br/>Denver<br/>Los Angeles<br/>New York<br/>Silicon Valley<br/>Silicon Valley2<br/>Washington DC<br/>Washington DC2 |

+| **[Cox Business Cloud Port](https://www.cox.com/business/networking/cloud-connectivity.html)** | &check; | &check; | Dallas<br/>Phoenix<br/>Silicon Valley<br/>Washington DC |

+| **Crown Castle** | &check; | &check; | Los Angeles2<br/>New York<br/>Washington DC |

+#### [D-I](#tab/d-i)

+|Service provider | Microsoft Azure | Microsoft 365 | Locations |

+| | | | |

+| **[DE-CIX](https://www.de-cix.net/en/services/directcloud/microsoft-azure)** | &check; |&check; | Amsterdam2<br/>Chennai<br/>Chicago2<br/>Copenhagen<br/>Dallas<br/>Dubai2<br/>Frankfurt<br/>Frankfurt2<br/>Kuala Lumpur<br/>Madrid<br/>Marseille<br/>Mumbai<br/>Munich<br/>New York<br/>Osaka<br/>Oslo<br/>Phoenix<br/>Seattle<br/>Singapore2<br/>Tokyo2 |

+| **[Devoli](https://devoli.com/expressroute)** | &check; |&check; | Auckland<br/>Melbourne<br/>Sydney |

+| **[Deutsche Telekom AG IntraSelect](https://geschaeftskunden.telekom.de/vernetzung-digitalisierung/produkt/intraselect)** | &check; |&check; | Frankfurt |

+| **[Deutsche Telekom AG](https://www.t-systems.com/de/en/cloud-services/solutions/public-cloud/azure-managed-cloud-services/cloud-connect-for-azure)** | &check; |&check; | Amsterdam<br/>Frankfurt2<br/>Hong Kong2 |

+| **[Digital Realty](https://www.digitalrealty.com/partners/microsoft-azure)** | &check; | &check; | Dallas2<br/>Seattle<br/>Silicon Valley<br/>Washington DC |

+| **du datamena** |&check; |&check; | Dubai2 |

+| **[eir evo](https://www.eirevo.ie/cloud-services/cloud-connectivity)** |&check; |&check; | Dublin |

+| **[Epsilon Global Communications](https://epsilontel.com/solutions/cloud-connect/)** | &check; | &check; | Hong Kong2<br/>London2<br/>Singapore<br/>Singapore2 |

+| **[Equinix](https://www.equinix.com/partners/microsoft-azure/)** | &check; | &check; | Amsterdam<br/>Amsterdam2<br/>Atlanta<br/>Berlin<br/>Canberra2<br/>Chicago<br/>Dallas<br/>Dubai2<br/>Dublin<br/>Frankfurt<br/>Frankfurt2<br/>Geneva<br/>Hong Kong<br/>Hong Kong2<br/>London<br/>London2<br/>Los Angeles*<br/>Los Angeles2<br/>Madrid2<br/>Melbourne<br/>Miami<br/>Milan<br/>Mumbai2<br/>New York<br/>Osaka<br/>Paris<br/>Paris2<br/>Perth<br/>Quebec City<br/>Queretaro (Mexico)<br/>Rio de Janeiro<br/>Sao Paulo<br/>Seattle<br/>Seoul<br/>Silicon Valley<br/>Singapore<br/>Singapore2<br/>Stockholm<br/>Sydney<br/>Tokyo<br/>Tokyo2<br/>Toronto<br/>Washington DC<br/>Warsaw<br/>Zurich</br>Zurich2</br></br> **New ExpressRoute circuits are no longer supported with Equinix in Los Angeles. Create new circuits in Los Angeles2.* |

+| **Etisalat UAE** |&check; |&check; | Dubai |

+| **[euNetworks](https://eunetworks.com/services/solutions/cloud-connect/microsoft-azure-expressroute/)** | &check; | &check; | Amsterdam<br/>Amsterdam2<br/>Dublin<br/>Frankfurt<br/>London<br/>Paris |

+| **Exatel** |&check; |&check; | Warsaw |

+| **[FarEasTone](https://www.fetnet.net/corporate/en/Enterprise.html)** | &check; | &check; | Taipei |

+| **[Fastweb](https://www.fastweb.it/grandi-aziende/dati-voce/scheda-prodotto/fast-company/)** | &check; |&check; | Milan |

+| **[Fibrenoire](https://fibrenoire.ca/en/services/cloudextn-2/)** | &check; | &check; | Montreal<br/>Quebec City<br/>Toronto2 |

+| **[GBI](https://www.gbiinc.com/microsoft-azure/)** | &check; | &check; | Dubai2<br/>Frankfurt |

+| **[GÉANT](https://www.geant.org/Networks)** | &check; | &check; | Amsterdam<br/>Amsterdam2<br/>Dublin<br/>Frankfurt<br/>Marseille |

+| **[GlobalConnect](https://www.globalconnect.no/)** | &check; | &check; | Amsterdam<br/>Copenhagen<br/>Oslo<br/>Stavanger<br/>Stockholm |

+| **[GlobalConnect DK](https://www.globalconnect.no/)** | &check; | &check; | Amsterdam |

+| **GTT** |&check; |&check; | Amsterdam<br/>Dallas<br/>Los Angeles2<br/>London2<br/>Singapore<br/>Sydney<br/>Washington DC |

+| **[Global Cloud Xchange (GCX)](https://globalcloudxchange.com/cloud-platform/cloud-x-fusion/)** | &check;| &check; | Chennai<br/>Mumbai |

+| **[iAdvantage](https://www.scx.sunevision.com/)** | &check; | &check; | Hong Kong2 |

+| **Intelsat** | &check; | &check; | London2<br/>Washington DC2 |

+| **[InterCloud](https://www.intercloud.com/)** |&check; |&check; | Amsterdam<br/>Chicago<br/>Dallas<br/>Dublin2<br/>Frankfurt<br/>Frankfurt2<br/>Geneva<br/>Hong Kong<br/>London<br/>Madrid<br/>Mumbai<br/>New York<br/>Paris<br/>Paris2<br/>Sao Paulo<br/>Silicon Valley<br/>Singapore<br/>Tokyo<br/>Washington DC<br/>Zurich |

+| **[Internet2](https://internet2.edu/services/cloud-connect/#service-cloud-connect)** | &check; | &check; | Chicago<br/>Dallas<br/>Silicon Valley<br/>Washington DC |

+| **[Internet Initiative Japan Inc. - IIJ](https://www.iij.ad.jp/en/news/pressrelease/2015/1216-2.html)** | &check; | &check; | Osaka<br/>Tokyo<br/>Tokyo2 |

+| **[Internet Solutions - Cloud Connect](https://www.is.co.za/solution/cloud-connect/)** | &check; | &check; | Cape Town<br/>Johannesburg<br/>London |

+| **[Interxion (Digital Realty)](https://www.digitalrealty.com/partners/microsoft-azure)** | &check; | &check; | Amsterdam<br/>Amsterdam2<br/>Copenhagen<br/>Dublin<br/>Dublin2<br/>Frankfurt<br/>London<br/>London2<br/>Madrid<br/>Marseille<br/>Paris<br/>Stockholm<br/>Zurich |

+| **IPC** | &check; |&check; | Washington DC |

+| **[IRIDEOS](https://irideos.it/)** | &check; | &check; | Milan |

+| **Iron Mountain** | &check; |&check; | Washington DC |

+| **[IX Reach](https://www.ixreach.com/partners/cloud-partners/microsoft-azure/)**| &check; | &check; | Amsterdam<br/>London2<br/>Silicon Valley<br/>Tokyo2<br/>Toronto<br/>Washington DC |

+#### [J-M](#tab/j-m)

+| **Jaguar Network** |&check; |&check; | Marseille<br/>Paris |

+| **[Jisc](https://www.jisc.ac.uk/microsoft-azure-expressroute)** | &check; | &check; | London<br/>London2<br/>Newport(Wales) |

+| **KDDI** | &check; | &check; | Osaka<br/>Tokyo<br/>Tokyo2 |

+| **[KINX](https://www.kinx.net/service/cloudhub/clouds/microsoft_azure_expressroute/?lang=en)** | &check; | &check; | Seoul |

+| **[Kordia](https://www.kordia.co.nz/cloudconnect)** | &check; | &check; | Auckland<br/>Sydney |

+| **[KPN](https://www.kpn.com/zakelijk/cloud/connect.htm)** | &check; | &check; | Amsterdam<br/>Dublin2|

+| **[KT](https://cloud.kt.com/)** | &check; | &check; | Seoul<br/>Seoul2 |

+| **[Level 3 Communications](https://www.lumen.com/en-us/edge-cloud/cloud-connect.html)** | &check; | &check; | Amsterdam<br/>Chicago<br/>Dallas<br/>London<br/>Newport (Wales)<br/>Sao Paulo<br/>Seattle<br/>Silicon Valley<br/>Singapore<br/>Washington DC |

+| **LG CNS** | &check; | &check; | Busan<br/>Seoul |

+| **Lightpath** | &check; | &check; | New York<br/>Washington DC |

+| **[Lightstorm](https://polarin.lightstorm.net/)** | &check; | &check; | Chennai<br/>Dubai2<br/>Mumbai<br/>Pune<br/>Singapore2 |

+| **[Liquid Intelligent Technologies](https://liquidcloud.africa/connect/)** | &check; | &check; | Cape Town<br/>Johannesburg |

+| **[LGUplus](http://www.uplus.co.kr/)** |&check; |&check; | Seoul |

+| **[MCM Telecom](https://www.mcmtelecom.com/alianza-microsoft)** | &check; | &check; | Dallas<br/>Queretaro (Mexico)|

+| **[Megaport](https://www.megaport.com/services/microsoft-expressroute/)** | &check; | &check; | Amsterdam<br/>Amsterdam2<br/>Atlanta<br/>Auckland<br/>Chicago<br/>Dallas<br/>Denver<br/>Dubai2<br/>Dublin<br/>Dublin2<br/>Frankfurt<br/>Geneva<br/>Hong Kong<br/>Hong Kong2<br/>Las Vegas<br/>London<br/>London2<br/>Los Angeles<br/>Madrid<br/>Melbourne<br/>Miami<br/>Minneapolis<br/>Montreal<br/>Munich<br/>New York<br/>Osaka<br/>Oslo<br/>Paris<br/>Perth<br/>Phoenix<br/>Quebec City<br/>Queretaro (Mexico)<br/>San Antonio<br/>Seattle<br/>Silicon Valley<br/>Singapore<br/>Singapore2<br/>Stavanger<br/>Stockholm<br/>Sydney<br/>Sydney2<br/>Tokyo<br/>Tokyo2<br/>Toronto<br/>Vancouver<br/>Washington DC<br/>Washington DC2<br/>Zurich |

+| **[Momentum Telecom](https://gomomentum.com/)** | &check; | &check; | Atlanta<br/>Chicago<br/>Dallas<br/>Miami<br/>New York<br/>Silicon Valley<br/>Washington DC2 |

+| **[MTN](https://www.mtnbusiness.co.za/en/Cloud-Solutions/Pages/microsoft-express-route.aspx)** | &check; | &check; | London |

+| **MTN Global Connect** | &check; | &check; | Cape Town<br/>Johannesburg|

+#### [N-Q](#tab/n-q)

+|Service provider | Microsoft Azure | Microsoft 365 | Locations |

+| | | | |

+| **[National Telecom](https://www.nc.ntplc.co.th/cat/category/264/855/CAT+Direct+Cloud+Connect+for+Microsoft+ExpressRoute?lang=en_EN)** | &check; | &check; | Bangkok |

+| **NEC** | &check; | &check; | Tokyo3 |

+| **[NETSG](https://www.netsg.co/dc-cloud/cloud-and-dc-interconnect/)** | &check; | &check; | Melbourne<br/>Sydney2 |

+| **[Neutrona Networks](https://flo.net/)** | &check; | &check; | Dallas<br/>Los Angeles<br/>Miami<br/>Sao Paulo<br/>Washington DC |

+| **[Next Generation Data](https://vantage-dc-cardiff.co.uk/)** | &check; | &check; | Newport(Wales) |

+| **[NEXTDC](https://www.nextdc.com/services/axon-ethernet/microsoft-expressroute)** | &check; | &check; | Melbourne<br/>Perth<br/>Sydney<br/>Sydney2 |

+| **NL-IX** | &check; | &check; | Amsterdam2<br/>Dublin2 |

+| **[NOS](https://www.nos.pt/empresas/solucoes/cloud/cloud-publica/nos-cloud-connect)** | &check; | &check; | Amsterdam2<br/>Madrid |

+| **Noovle** | &check; | &check; | Milan |

+| **[NTT Communications](https://www.ntt.com/en/services/network/virtual-private-network.html)** | &check; | &check; | Amsterdam<br/>Hong Kong<br/>London<br/>Los Angeles<br/>New York<br/>Osaka<br/>Singapore<br/>Sydney<br/>Tokyo<br/>Washington DC |

+| **NTT Communications India Network Services Pvt Ltd** | &check; | &check; | Chennai<br/>Mumbai |

+| **[NTT Communications - Flexible InterConnect](https://sdpf.ntt.com/)** |&check; |&check; | Jakarta<br/>Osaka<br/>Singapore2<br/>Tokyo<br/>Tokyo2 |

+| **[NTT EAST](https://business.ntt-east.co.jp/service/crossconnect/)** |&check; |&check; | Tokyo |

+| **[NTT Global DataCenters EMEA](https://hello.global.ntt/)** |&check; |&check; | Amsterdam2<br/>Berlin<br/>Frankfurt<br/>London2 |

+| **[NTT SmartConnect](https://cloud.nttsmc.com/cxc/azure.html)** |&check; |&check; | Osaka |

+| **[Ooredoo Cloud Connect](https://www.ooredoo.com.kw/portal/en/b2bOffConnAzureExpressRoute)** |&check; |&check; | Doha<br/>Doha2<br/>London2<br/>Marseille |

+| **[Optus](https://www.optus.com.au/enterprise/networking/network-connectivity/express-link/)** |&check; |&check; | Melbourne<br/>Sydney |

+| **[Orange](https://www.orange-business.com/en/products/business-vpn-galerie)** |&check; |&check; | Amsterdam<br/>Amsterdam2<br/>Chicago<br/>Dallas<br/>Dubai2<br/>Dublin2<br/>Frankfurt<br/>Hong Kong<br/>Johannesburg<br/>London<br/>London2<br/>Mumbai2<br/>Melbourne<br/>Paris<br/>Paris2<br/>Sao Paulo<br/>Silicon Valley<br/>Singapore<br/>Sydney<br/>Tokyo<br/>Toronto<br/>Washington DC |

+| **[Orange Poland](https://www.orange.pl/duze-firmy/rozwiazania-chmurowe)** | &check; | &check; | Warsaw |

+| **[Orixcom](https://www.orixcom.com/solutions/azure-expressroute)** | &check; | &check; | Dubai2 |

+| **Pacific Northwest Gigapop** | &check; | &check; | Seattle |

+| **[PacketFabric](https://www.packetfabric.com/cloud-connectivity/microsoft-azure)** | &check; | &check; | Amsterdam<br/>Atlanta<br/>Chicago<br/>Dallas<br/>Denver<br/>Las Vegas<br/>London<br/>Los Angeles2<br/>Miami<br/>New York<br/>Seattle<br/>Silicon Valley<br/>Toronto<br/>Washington DC |

+| **[PCCW Global Limited](https://consoleconnect.com/clouds/#azureRegions)** | &check; | &check; | Chicago<br/>Hong Kong<br/>Hong Kong2<br/>London<br/>Singapore<br/>Singapore2<br/>Tokyo2 |

+| **PitChile** | &check; | &check; | Santiago<br/>Miami |

+#### [R-S](#tab/r-s)

+|Service provider | Microsoft Azure | Microsoft 365 | Locations |

+| | | | |

+| **[REANNZ](https://www.reannz.co.nz/products-and-services/cloud-connect/)** | &check; | &check; | Auckland |

+| **RedCLARA** | &check; | &check; | Sao Paulo |

+| **[Reliance Jio](https://www.jio.com/business/jio-cloud-connect)** | &check; | &check; | Mumbai |

+| **[Retelit](https://www.retelit.it/EN/Home.aspx)** | &check; | &check; | Milan |

+| **RISQ** |&check; | &check; | Quebec City<br/>Montreal |

+| **SCSK** |&check; | &check; | Tokyo3 |

+| **[Sejong Telecom](https://www.sejongtelecom.net/)** | &check; | &check; | Seoul |

+| **[SES](https://www.ses.com/networks/signature-solutions/signature-cloud/ses-and-azure-expressroute)** | &check; | &check; | London2<br/>Washington DC |

+| **[SIFY](https://sifytechnologies.com/)** | &check; | &check; | Chennai<br/>Mumbai2 |

+| **[SingTel](https://www.singtel.com/about-us/news-releases/singtel-provide-secure-private-access-microsoft-azure-public-cloud)** |&check; |&check; | Hong Kong2<br/>Singapore<br/>Singapore2 |

+| **[SK Telecom](http://b2b.tworld.co.kr/bizts/solution/solutionTemplate.bs?solutionId=0085)** | &check; | &check; | Seoul |

+| **[Softbank](https://www.softbank.jp/biz/cloud/cloud_access/direct_access_for_az/)** |&check; |&check; | Osaka<br/>Tokyo<br/>Tokyo2 |

+| **[Sohonet](https://www.sohonet.com/product/fastlane/)** | &check; | &check; | Los Angeles<br/>London2 |

+| **[Spark NZ](https://www.sparkdigital.co.nz/solutions/connectivity/cloud-connect/)** | &check; | &check; | Auckland<br/>Sydney |

+| **[Swisscom](https://www.swisscom.ch/en/business/enterprise/offer/cloud-data-center/microsoft-cloud-services/microsoft-azure-von-swisscom.html)** | &check; | &check; | Geneva<br/>Zurich |

+#### [T-Z](#tab/t-z)

+|Service provider | Microsoft Azure | Microsoft 365 | Locations |

+| | | | |

+| **[Tata Communications](https://www.tatacommunications.com/solutions/network/cloud-ready-networks/)** | &check; | &check; | Amsterdam<br/>Chennai<br/>Chicago<br/>Hong Kong<br/>London<br/>Mumbai<br/>Pune<br/>Sao Paulo<br/>Silicon Valley<br/>Singapore<br/>Washington DC |

+| **[Telefonica](https://www.telefonica.com/es/)** | &check; | &check; | Amsterdam<br/>Dallas<br/>Frankfurt2<br/>Hong Kong<br/>Madrid<br/>Sao Paulo<br/>Singapore<br/>Washington DC |

+| **[Telehouse - KDDI](https://www.telehouse.net/solutions/cloud-services/cloud-link)** | &check; | &check; | London<br/>London2<br/>Singapore2 |

+| **Telenor** |&check; |&check; | Amsterdam<br/>London<br/>Oslo<br/>Stavanger |

+| **[Telia Carrier](https://www.arelion.com/products-and-services/internet-and-cloud/cloud-connect)** | &check; | &check; | Amsterdam<br/>Chicago<br/>Dallas<br/>Frankfurt<br/>Hong Kong<br/>London<br/>Oslo<br/>Paris<br/>Seattle<br/>Silicon Valley<br/>Stockholm<br/>Washington DC |

+| **[Telin](https://telin.net/)** | &check; | &check; | Jakarta |

+| **Telmex Uninet**| &check; | &check; | Dallas |

+| **[Telstra Corporation](https://www.telstra.com.au/business-enterprise/network-services/networks/cloud-direct-connect/)** | &check; | &check; | Canberra<br/>Melbourne<br/>Singapore<br/>Sydney |

+| **[Telus](https://www.telus.com)** | &check; | &check; | Montreal<br/>Quebec City<br/>Seattle<br/>Toronto<br/>Vancouver |

+| **[Teraco](https://www.teraco.co.za/services/africa-cloud-exchange/)** | &check; | &check; | Cape Town<br/>Johannesburg |

+| **[TIME dotCom](https://www.time.com.my/enterprise/connectivity/direct-cloud)** | &check; | &check; | Kuala Lumpur |

+| **[Tivit](https://tivit.com/en/home-ingles/)** |&check; |&check; | Sao Paulo2 |

+| **[Tokai Communications](https://www.tokai-com.co.jp/en/)** | &check; | &check; | Osaka<br/>Tokyo2 |

+| **TPG Telecom**| &check; | &check; | Melbourne<br/>Sydney |

+| **[Transtelco](https://transtelco.net/enterprise-services/)** | &check; | &check; | Dallas<br/>Queretaro(Mexico City)|

+| **[T-Mobile/Sprint](https://www.t-mobile.com/business/solutions/networking/cloud-networking)** |&check; |&check; | Chicago<br/>Silicon Valley<br/>Washington DC |

+| **[T-Mobile Poland](https://biznes.t-mobile.pl/pl/produkty-i-uslugi/sieci-teleinformatyczne/cloud-on-edge)** |&check; |&check; | Warsaw |

+| **[T-Systems](https://geschaeftskunden.telekom.de/vernetzung-digitalisierung/produkt/intraselect)** | &check; | &check; | Frankfurt |

+| **UOLDIVEO** | &check; | &check; | Sao Paulo |

+| **[UIH](https://www.uih.co.th/products-services/managed-services/cloud-direct/)** | &check; | &check; | Bangkok |

+| **[Verizon](https://enterprise.verizon.com/products/network/application-enablement/secure-cloud-interconnect/)** | &check; | &check; | Amsterdam<br/>Chicago<br/>Dallas<br/>Frankfurt<br/>Hong Kong<br/>London<br/>Mumbai<br/>Paris<br/>Silicon Valley<br/>Singapore<br/>Sydney<br/>Tokyo<br/>Toronto<br/>Washington DC |

+| **[Viasat](https://news.viasat.com/newsroom/press-releases/viasat-introduces-direct-cloud-connect-a-new-service-providing-fast-secure-private-connections-to-business-critical-cloud-services)** | &check; | &check; | Washington DC2 |

+| **[Vocus Group NZ](https://www.vocus.co.nz/business/cloud-data-centres)** | &check; | &check; | Auckland<br/>Sydney |

+| **Vodacom** | &check; | &check; | Cape Town<br/>Johannesburg|

+| **[Vodafone](https://www.vodafone.com/business/products/cloud-and-edge)** | &check; | &check; | Amsterdam2<br/>Chicago<br/>Dallas<br/>Hong Kong2<br/>London<br/>London2<br/>Milan<br/>Silicon Valley<br/>Singapore |

+| **[Vi (Vodafone Idea)](https://www.myvi.in/business/enterprise-solutions/connectivity/vpn-extended-connect)** | &check; | &check; | Chennai<br/>Mumbai2 |

+| **Vodafone Qatar** | &check; | &check; | Doha |

+| **XL Axiata** | &check; | &check; | Jakarta |

+| **[Zayo](https://www.zayo.com/services/packet/cloudlink/)** | &check; | &check; | Amsterdam<br/>Chicago<br/>Dallas<br/>Denver<br/>Dublin<br/>Frankfurt<br/>Hong Kong<br/>London<br/>London2<br/>Los Angeles<br/>Montreal<br/>New York<br/>Paris<br/>Phoenix<br/>San Antonio<br/>Seattle<br/>Silicon Valley<br/>Toronto<br/>Toronto2<br/>Vancouver<br/>Washington DC<br/>Washington DC2<br/>Zurich|

+Azure national clouds are isolated from each other and from the Azure public cloud. ExpressRoute for one Azure cloud can't connect to the Azure regions in the others.

+#### [US Government cloud](#tab/us-government-cloud)

+| **[AT&T NetBond](https://www.synaptic.att.com/clouduser/html/productdetail/ATT_NetBond.htm)** |&check; |&check; |Chicago<br/>Phoenix<br/>Silicon Valley<br/>Washington DC |

+| **[CenturyLink Cloud Connect](https://www.centurylink.com/cloudconnect)** |&check; |&check; |New York<br/>Phoenix<br/>San Antonio<br/>Washington DC |

+| **[Equinix](https://www.equinix.com/partners/microsoft-azure/)** |&check; |&check; |Atlanta<br/>Chicago<br/>Dallas<br/>New York<br/>Seattle<br/>Silicon Valley<br/>Washington DC |

+| **[Internet2](https://internet2.edu/services/microsoft-azure-expressroute/)** |&check; |&check; |Dallas |

+| **[Level 3 Communications](https://www.lumen.com/en-us/edge-cloud/cloud-connect.html)** |&check; |&check; |Chicago<br/>Silicon Valley<br/>Washington DC |

+| **[Megaport](https://www.megaport.com/services/microsoft-expressroute/)** |&check; | &check; | Chicago<br/>Dallas<br/>San Antonio<br/>Seattle<br/>Washington DC |

+| **[Verizon](http://news.verizonenterprise.com/2014/04/secure-cloud-interconnect-solutions-enterprise/)** |&check; |&check; |Chicago<br/>Dallas<br/>New York<br/>Silicon Valley<br/>Washington DC |

+#### [China cloud](#tab/china-cloud)

+| **China Telecom** |&check; |&cross; |Beijing<br/>Beijing2<br/>Shanghai<br/>Shanghai2 |

+| **China Mobile** | &check; | &cross; | Beijing2<br/>Shanghai2 |

+| **China Unicom** | &check; | &cross; | Beijing2<br/>Shanghai2 |

+| **[GDS](http://www.gds-services.com/en/about_2.html)** |&check; |&cross; |Beijing2<br/>Shanghai2 |

+To learn more, see [ExpressRoute in China](https://www.azure.cn/home/features/expressroute/).

+#### [A-C](#tab/a-C)

+#### [D-M](#tab/d-m)

+| Connectivity provider | Exchange | Locations |

+| | | |

+#### [N-Z](#tab/n-z)

+| Connectivity provider | Exchange | Locations |

+| | | |

+> [!NOTE]

+> If your connectivity provider isn't listed here, you can verify if they are connected to any of the other ExpressRoute Exchange Partners mentioned previously.

+Enabling private connectivity to meet your needs can be challenging, depending on the scale of your network. You can collaborate with any of the system integrators listed in the following table to assist with onboarding to ExpressRoute.

+| **[Bright Skies GmbH](https://www.rackspace.com/bright-skies)** | Europe |

+| **[Optus](https://www.optus.com.au/enterprise/networking/network-connectivity/express-link/)** | Australia |

+* Ensure that all prerequisites are met. For more information, see [ExpressRoute prerequisites](expressroute-prerequisites.md).

+### Understanding when to combine Traffic Manager and Front Door

+The `modify` effect is used to add, update, or remove properties or tags on a subscription or resource during creation or update. Existing non-compliant resources can also be remediated with a [remediation task](../how-to/remediate-resources.md). Policy assignments with effect set as Modify require a [managed identity](../how-to/remediate-resources.md) to do remediation. A common example using `modify` effect is updating tags on resources such as 'costCenter'.

+There are some nuances in modification behavior for resource properties. Learn more about scenarios when modification is [skipped](#skipped-modification).

+A single `modify` rule can have any number of operations. Supported operations are:

+### Skipped modification

+- **Existing resources:** When a policy definition using the `modify` effect is run as part of an evaluation cycle, it doesn't make changes to resources that already exist. Instead, it marks any resource that meets the `if` condition as non-compliant, so they can be remediated through a remediation task.

+- **Not applicable:** When the condition of an operation in the `operations` array is evaluated to _false_, that particular operation is skipped.

+- **Property not modifiable:** If an alias specified for an operation isn't modifiable in the request's API version, then evaluation uses the conflict effect. If the conflict effect is set to _deny_, the request is blocked. If the conflict effect is set to _audit_, the request is allowed through but the `modify` operation is skipped.

+- **Property not present:** If a property is not present in the resource payload of the request, then the modification may be skipped. In some cases, modifiable properties are nested within other properties and have an alias like `Microsoft.Storage/storageAccounts/blobServices/deleteRetentionPolicy.enabled`. If the "parent" property, in this case `deleteRetentionPolicy`, isn't present in the request, modification is skipped because that property is assumed to be omitted intentionally. For a practical example, go to section [Example of property not present](#example-of-property-not-present).

+- **Non VM or VMSS identity operation:** When a modify operation attempts to add or replace the `identity.type` field on a resource other than a Virtual Machine or Virtual Machine Scale Set, policy evaluation is skipped altogether so the modification isn't performed. In this case, the resource is considered not [applicable](../concepts/policy-applicability.md) to the policy.

+#### Example of property not present

+Modification of resource properties depends on the API request and the updated resource payload. The payload can depend on client used, such as Azure portal, and other factors like resource provider.

+Imagine you apply a policy that modifies tags on a virtual machine (VM). Every time the VM is updated, such as during resizing or disk changes, the tags are updated accordingly regardless of the contents of the VM payload. This is because tags are independent of the VM properties.

+However, if you apply a policy that modifies properties on a VM, modification is dependent on the resource payload. If you attempt to modify properties that are not included in the update payload, the modification will not take place. For instance, this can happen when patching the `assessmentMode` property of a VM (alias `Microsoft.Compute/virtualMachines/osProfile.windowsConfiguration.patchSettings.assessmentMode`). The property is "nested", so if its parent properties are not included in the request, this omission is assumed to be intentional and modification is skipped. For modification to take place, the resource payload should contain this context.

+ * **Reusing Ranger 4.X Databases in 5.X**. HDInsight 5.1 has [Apache Ranger version 2.3.0](https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+2.3.0+-+Release+Notes) which is major version upgrade from 1.2.0 in HDInsight 4.X clusters. Reuse of an HDInsight 4.X Ranger database in HDInsight 5.1 would prevent the Ranger service from starting due to differences in the DB schema. You would need to create an empty Ranger database to successfully deploy HDInsight 5.1 ESP clusters.

+> [!NOTE]

+> It is recommended to plan appropriate down time with the users during the scale down schedules.

+You can use different tools to assign built-in roles. Select the tab that applies for details.

+The scope for a de-identification service (preview) is in the form `/subscriptions/<Subscription ID>/resourceGroups/<Resource Group Name>/providers/Microsoft.HealthDataAIServices/deidServices/<De-identification Service Name>`

+ -Scope "/subscriptions/<Subscription ID>/resourceGroups/<Resource Group Name>/providers/Microsoft.HealthDataAIServices/deidServices/<De-identification Service Name>"

+RoleAssignmentId : /subscriptions/<Subscription ID>/resourceGroups/<Resource Group Name>/providers/Microsoft.HealthDataAIServices/deidServices/<De-identification Service Name>/providers/Microsoft.Authorization/roleAssignments/<Role Assignment ID>

+Scope : /subscriptions/<Subscription ID>/resourceGroups/<Resource Group Name>/providers/Microsoft.HealthDataAIServices/deidServices/<De-identification Service Name>

+The scope for a de-identification service (preview) is in the form `/subscriptions/<Subscription ID>/resourceGroups/<Resource Group Name>/providers/Microsoft.HealthDataAIServices/deidServices/<De-identification Service Name>`

+ --scope "/subscriptions/<Subscription ID>/resourceGroups/<Resource Group Name>/providers/Microsoft.HealthDataAIServices/deidServices/<De-identification Service Name>"

+Managed identities provide Azure services with a secure, automatically managed identity in Microsoft Entra ID. Using managed identities eliminates the need for developers to manage credentials by providing an identity. There are two types of managed identities: system-assigned and user-assigned. The de-identification service supports both.

+- Understand the differences between **system-assigned** and **user-assigned** managed identities, described in [What are managed identities for Azure resources?](/entra/identity/managed-identities-azure-resources/overview)

+Managed identities assigned to the de-identification service (preview) can be used to allow access to Azure Blob Storage for batch de-identification jobs. The service acquires a token as the managed identity to access Blob Storage, and de-identify blobs that match a specified pattern. For more information, including how to grant access to your managed identity, see [Quickstart: Azure Health De-identification client library for .NET](quickstart-sdk-net.md).

+when you delete the de-identification service (preview), described as follows.

+ Title: Overview of the De-identification service (preview) in Azure Health Data Services

+description: Learn how the De-identification service (preview) in Azure Health Data Services anonymizes clinical data, ensuring HIPAA compliance while retaining data relevance for research and analytics.

+The de-identification service (preview) in Azure Health Data Services enables healthcare organizations to anonymize clinical data so that the resulting data retains its clinical relevance and distribution while also adhering to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. The service uses state-of-the-art machine learning models to automatically extract, redact, or surrogate 28 entities - including the HIPAA 18 Protected Health Information (PHI) identifiers ΓÇô from unstructured text such as clinical notes, transcripts, messages, or clinical trial studies.

+ Title: "Quickstart: Azure Health de-identification client library for .NET"

+### Create an Azure Storage account

+### Authorize de-identification service (preview) on the Azure Storage account

+- [Create a de-identification Client](#create-a-de-identification-client)

+- [Create a de-identification Job](#create-a-de-identification-job)

+- [Get the status of a de-identification Job](#get-the-status-of-a-de-identification-job)

+### Create a de-identification client

+Before you can create the client, you need to find your **de-identification service (preview) endpoint URL**.

+### Create a de-identification job

+### Get the status of a de-identification job

+### Delete de-identification service

+### Delete Azure Storage account

+### Delete role assignment

+Ensure the permissions are given, and the Managed Identity for the de-identification service (preview) is set up properly.

+See [Authorize de-identification service (preview) on the Azure Storage account](#authorize-de-identification-service-preview-on-the-azure-storage-account)

+- How to create a de-identification client

+1. To add a user-assigned managed identity, select **Add** to use the selection pane to assign an existing identity.

+ | ns=3;s=FastUInt10 | temperature | None |

+ | ns=3;s=FastUInt100 | Tag 10 | None |

+ | NodeID | TagName | QueueSize | ObservabilityMode | Sampling Interval Milliseconds |

+ ||-|--|-|--|

+ | ns=3;s=FastUInt1000 | Tag 1000 | 5 | None | 1000 |

+ | ns=3;s=FastUInt1001 | Tag 1001 | 5 | None | 1000 |

+ | ns=3;s=FastUInt1002 | Tag 1002 | 10 | None | 5000 |

+| ns=3;s=FastUInt10 | temperature | None |

+| ns=3;s=FastUInt100 | Tag 10 | None |

+The **Observability mode** is one of the following values: `None`, `Gauge`, `Counter`, `Histogram`, or `Log`.

+ | **Interval** | Yes | **30** | The number of intervals to wait between feed checks. <br><br>This example uses **30** as the interval because this value is the [minimum interval for the **RSS** trigger](/connectors/rss/#general-limits). |

+ :::image type="content" source="media/quickstart-create-example-consumption-workflow/send-email-open-dynamic-content.png" alt-text="Screenshot shows the action named Send an email, cursor in box named Subject, and selected option for dynamic content list." lightbox="media/quickstart-create-example-consumption-workflow/send-email-open-dynamic-content.png":::

+ :::image type="content" source="media/quickstart-create-example-consumption-workflow/send-email-feed-title.png" alt-text="Screenshot shows the action named Send an email, with example email subject and included property named Feed title." lightbox="media/quickstart-create-example-consumption-workflow/send-email-feed-title.png":::

+ :::image type="content" source="media/quickstart-create-example-consumption-workflow/send-email-body.png" alt-text="Screenshot shows the action named Send an email, with descriptive text and properties in the box named Body." lightbox="media/quickstart-create-example-consumption-workflow/send-email-body.png":::

+To work with text that has other character encoding, apply base64ToBinary encoding to the non-Unicode payload. This step prevents Azure Logic Apps from assuming the text is in UTF-8 format. You can then convert any .NET-supported encoding to UTF-8 using Azure Functions.

+This solution works with both *multitenant* and *single-tenant* workflows. You can also [use this solution with the AS2 connector](#convert-payloads-for-as2).

+First, check that your trigger can correctly identify the content type. This step ensures that Azure Logic Apps no longer assumes the text is UTF-8.

+In triggers and actions that have the property **Infer Content Type**, select **No**. You can usually find this property in the operation's **Advanced parameters** list. However, if the operation doesn't include this property, the content type is set by the inbound message.

+If you're using the **Request** trigger for `text/plain` content, you must set the `charset` parameter that is in the call's `Content-Type` header. Otherwise, characters might become corrupted, or the parameter doesn't match the payload's encoding format. For more information, review [how to handle the `text/plain` content type](logic-apps-content-type.md#text-plain).

+Before you [base64 encode](workflow-definition-language-functions-reference.md#base64) content to a string, make sure that you [convert the text to UTF-8](#convert-payload-encoding). Otherwise, characters might return corrupted.

+When you consume the return value from Azure Functions, make sure to use the [**base64ToBinary** function](workflow-definition-language-functions-reference.md#base64tobinary), not the **base64ToString** function.

+For more detailed information about creating a workspace, see [Manage Azure Machine Learning workspaces in the portal or with the Python SDK (v2)](how-to-manage-workspace.md).

+For more detailed information about creating compute, see:

+* [Create an Azure Machine Learning compute instance](how-to-create-compute-instance.md)

+* [Create an Azure Machine Learning compute cluster](how-to-create-attach-compute-cluster.md)

+For more detailed information about environments, see [Create and manage environments in Azure Machine Learning](how-to-manage-environments-v2.md).

+## Related content

+- Interactive applications can't be enabled on distributed training runs where the distribution type is anything other than Pytorch, TensorFlow, or MPI. Custom distributed training setup (configuring multi-node training without using the above distribution frameworks) isn't currently supported.

+4. In the **Training script** step, add your training code (and input/output data) and reference it in your command to make sure it's mounted to your job.

+5. In **Compute** settings, expand the option for **Training applications**. Select at least one training application you want to use to interact with the job. If you don't select an application, the debug feature won't be available.

+1. During job submission (either through the UI, the CLI or the SDK) use the debugpy command to run your python script. For example, the following screenshot shows a sample command that uses debugpy to attach the debugger for a tensorflow script (`tfevents.py` can be replaced with the name of your training script).

+To create or overwrite a named compute resource, you'll use a PUT request. In the following example, in addition to the now-familiar replacements of `YOUR-SUBSCRIPTION-ID`, `YOUR-RESOURCE-GROUP`, `YOUR-WORKSPACE-NAME`, and `YOUR-ACCESS-TOKEN`, replace `YOUR-COMPUTE-NAME`, and values for `location`, `vmSize`, `vmPriority`, and `scaleSettings`. The following command creates a dedicated, single-node Standard_D1 (a basic CPU compute resource) that will scale down after 30 minutes:

+The management of Key Vault secrets differs significantly in V2 compared to V1. The V1 set_secret and get_secret SDK methods are not available in V2. Instead, direct access using Key Vault client libraries should be used. When accessing secrets from a training script, you can use either the managed identity of the compute or your identity.

+> [!IMPORTANT]

+> If you are using a no public IP serverless compute and the workspace uses an IP allow list, you must add an outbound private endpoint to the workspace. The serverless compute needs to communicate with the workspace, but when configured for no public IP it uses the Azure Default Outbound for internet access. The public IP for this outbound is dynamic, and can't be added to the IP allow list. Creating an outbound private endpoint to the workspace allows traffic from the serverless compute bound for the workspace to bypass the IP allow list.

+description: Learn how to securely get secrets from Azure Key Vault in your training jobs by using the Key Vault Secrets client library.

+# Customer intent: As a data scientist, I want to securely access secrets from Azure Key Vault in my training jobs so that I can use them in my training scripts.

+* If your job runs on a compute cluster, grant the managed identity for the compute cluster access to the secrets stored in key vault. Or, if the job runs on serverless compute, grant the managed identity specified for the job access to the secrets. The method used to grant access depends on how your key vault is configured:

+## Get secrets

+There are two ways to get secrets during training:

+- Using a managed identity associated with the compute resource the training job runs on.

+- Using your identity by having the compute run the job on your behalf.

+# [Managed identity](#tab/managed)

+# [Your identity](#tab/user)

+1. Add the `azure-keyvault-secrets`, `azure-identity`, and `azure-ai-ml` packages to the [Azure Machine Learning environment](concept-environments.md) used when training the model. For example, by adding them to the conda file used to build the environment.

+ The environment is used to build the Docker image that the training job runs in on the compute cluster.

+1. From your training code, use the [Azure Machine Learning SDK](/python/api/overview/azure/ai-ml-readme) and [Key Vault client library](/python/api/overview/azure/keyvault-secrets-readme) to get the managed identity credentials and authenticate to key vault. The `AzureMLOnBehalfOfCredential` class is used to authenticate on behalf of your user identity:

+ ```python

+ from azure.ai.ml.identity import AzureMLOnBehalfOfCredential

+ from azure.keyvault.secrets import SecretClient

+ credential = AzureMLOnBehalfOfCredential()

+ secret_client = SecretClient(vault_url="https://my-key-vault.vault.azure.net/", credential=credential)

+ ```

+ After authenticating, use the Key Vault client library to retrieve a secret by providing the associated key:

+ ```python

+ secret = secret_client.get_secret("secret-name")

+ print(secret.value)

+ ```

+1. When you submit the training job, you must specify that it runs on behalf of your identity by using `identity=UserIdentityConfiguration()`. The following example submits a job using this parameter:

+ ```python

+ from azure.ai.ml import Input, command

+ from azure.ai.ml.constants import AssetTypes

+ from azure.ai.ml.entities import UserIdentityConfiguration

+ job = command(

+ code="./sdk/ml/azure-ai-ml/samples/src",

+ command="python read_data.py --input_data ${{inputs.input_data}}",

+ inputs={"input_data": Input(type=AssetTypes.MLTABLE, path="./sample_data")},

+ environment="AzureML-sklearn-1.0-ubuntu20.04-py38-cpu:1",

+ compute="cpu-cluster",

+ identity=UserIdentityConfiguration(),

+ )

+ ```

+ For an example of using the Azure CLI to submit a job that uses your identity, visit [Https://github.com/Azure/azureml-examples/blob/d4c90eead3c1fd97393d0657f7a78831490adf1c/cli/jobs/single-step/on-behalf-of/README.md](https://github.com/Azure/azureml-examples/blob/d4c90eead3c1fd97393d0657f7a78831490adf1c/cli/jobs/single-step/on-behalf-of/README.md).

+## Related content

+These examples would be in the form of YAML files and used from the CLI. For example, `az ml connection create -f <file-name>.yaml`.

+These examples would be in the form of YAML files and used from the CLI. For example, `az ml connection create -f <file-name>.yaml`.

+These examples would be in the form of YAML files and used from the CLI. For example, `az ml connection create -f <file-name>.yaml`.

+These examples would be in the form of YAML files and used from the CLI. For example, `az ml connection create -f <file-name>.yaml`.

+These examples would be in the form of YAML files and used from the CLI. For example, `az ml connection create -f <file-name>.yaml`.

+These examples would be in the form of YAML files and used from the CLI. For example, `az ml connection create -f <file-name>.yaml`.

+These examples would be in the form of YAML files and used from the CLI. For example, `az ml connection create -f <file-name>.yaml`.

+These examples would be in the form of YAML files and used from the CLI. For example, `az ml connection create -f <file-name>.yaml`.

+These examples would be in the form of YAML files and used from the CLI. For example, `az ml connection create -f <file-name>.yaml`.

+These examples would be in the form of YAML files and used from the CLI. For example, `az ml connection create -f <file-name>.yaml`.

+These examples would be in the form of YAML files and used from the CLI. For example, `az ml connection create -f <file-name>.yaml`.

+These examples would be in the form of YAML files and used from the CLI. For example, `az ml connection create -f <file-name>.yaml`.

+These examples would be in the form of YAML files and used from the CLI. For example, `az ml connection create -f <file-name>.yaml`.

+These examples would be in the form of YAML files and used from the CLI. For example, `az ml connection create -f <file-name>.yaml`.

+These examples would be in the form of YAML files and used from the CLI. For example, `az ml connection create -f <file-name>.yaml`.

+These examples would be in the form of YAML files and used from the CLI. For example, `az ml connection create -f <file-name>.yaml`.

+- Azure Cosmos DB for Mongo DB ([Only for Request Unit (RU) architecture](/azure/cosmos-db/mongodb/introduction#request-unit-ru-architecture))

+ **Network Requirements** | Access to the following endpoints: <br/><br/> *.docker.io <br/></br> *.docker.com <br/><br/>api.snapcraft.io <br/><br/> https://dc.services.visualstudio.com/v2/track <br/><br/> https://legoonboarding.blob.core.windows.net </br></br> [Azure Arc-enabled Kubernetes network requirements](../azure-arc/kubernetes/network-requirements.md) <br/><br/>[Azure CLI endpoints for proxy bypass](/cli/azure/azure-cli-endpoints)

+ **Network Requirements** | Access to the following endpoints: <br/><br/> https://dc.services.visualstudio.com/v2/track <br/><br/> https://legoonboarding.blob.core.windows.net <br/><br/> [Azure CLI endpoints for proxy bypass](/cli/azure/azure-cli-endpoints)

+ Title: Availability and redundancy

+description: Azure Programmable Connectivity availability and redundancy.

+# Availability and redundancy

+Azure Programmable Connectivity (APC) is a regional service that can withstand and automatically handle loss of one of the datacenters within a region. However it doesn't automatically

+fail over or replicate data if there's a full regional outage. Customers must take extra actions to implement regional redundancy.

+## Enabling regional redundancy

+To enable regional redundancy, customers must manually create multiple APC gateways in the regions of their choice. The gateways must have similar sets of Network APIs enabled. Lastly, the calling code should be configured with the URLs of all provisioned gateways and invoke appropriate resiliency strategies.

+> [!IMPORTANT]

+> Curretnly, APC does not guarantee presence of all possible combinations of Network APIs and Operators in all regions.

+We also recommend testing your components with an API testing tool like one of the following:

+ - [Visual Studio Code](https://code.visualstudio.com/download) with an [extension from Visual Studio Marketplace](https://marketplace.visualstudio.com/vscode)

+ - [PowerShell Invoke-RestMethod](/powershell/module/microsoft.powershell.utility/invoke-restmethod)

+ - [Microsoft Edge - Network Console tool](/microsoft-edge/devtools-guide-chromium/network-console/network-console-tool)

+ - [Bruno](https://www.usebruno.com/)

+ - [curl](https://curl.se/)

+ > [!CAUTION]

+ > For scenarios where you have sensitive data, such as credentials, secrets, access tokens,

+ > API keys, and other similar information, make sure to use a tool that protects your data

+ > with the necessary security features, works offline or locally, doesn't sync your data to

+ > the cloud, and doesn't require that you sign in to an online account. This way, you reduce

+ > the risk around exposing sensitive data to the public.

+> Azure Service Bus supports authorizing access to a Service Bus namespace and its entities using Microsoft Entra ID. Authorizing users or applications using OAuth 2.0 token returned by Microsoft Entra ID provides superior security and ease of use over shared access signatures (SAS). SAS Keys lack fine grained access control, are difficult to manage/rotate and do not have the audit capabilities to associate its use with a specific user or service principal. For these reasons we recommend using Microsoft Entra ID.

+> Microsoft recommends using Microsoft Entra ID with your Azure Service Bus applications when possible. For more information, see the following articles:

+- [Authenticate and authorize an application with Microsoft Entra ID to access Azure Service Bus entities](authenticate-application.md).

+- [Authenticate a managed identity with Microsoft Entra ID to access Azure Service Bus resources](service-bus-managed-service-identity.md)

+> You can disable local or SAS key authentication for a Service Bus namespace and allow only Microsoft Entra authentication. For step-by-step instructions, see [Disable local authentication](disable-local-authentication.md).

+| Supported version | vCenter Server 8.0, 7.0, 6.7, and 6.5| Windows Server 2016, Windows Server 2012 R2 | NA |Windows Server 2016, Windows Server 2012 R2|NA |

+ Title: Upload, analyze files with Azure Functions and Blob Storage

+#Customer intent: As a JavaScript developer, I want to know how to upload files to blob storage within an application, so that I can adopt this functionality into my own solution.

+In this tutorial, you learn how to upload an image to Azure Blob Storage and process it using Azure Functions, Computer Vision, and Cosmos DB. You'll also learn how to implement Azure Function triggers and bindings as part of this process. Together, these services analyze an uploaded image that contains text, extract the text out of it, and then store the text in a database row for later analysis or other purposes.

+```json

+## Clean up resources

+If you're not going to continue to use this application, you can delete the resources you created by removing the resource group.

+1. Select **Resource groups** from the Azure explorer

+1. Find and right-click the `msdocs-storage-function` resource group from the list.

+1. Select **Delete**. The process to delete the resource group may take a few minutes to complete.

+### Code samples

+- View [synchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob_devguide_create_container.py) or [asynchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob_devguide_create_container_async.py) code samples from this article (GitHub)

+### Code samples

+- View [synchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob_devguide_delete_container.py) or [asynchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob_devguide_delete_container_async.py) code samples from this article (GitHub)

+### Code samples

+- View [synchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob_devguide_lease_container.py) or [asynchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob_devguide_lease_container_async.py) code samples from this article (GitHub)

+### Code samples

+- View [synchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob_devguide_container_properties_metadata.py) or [asynchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob_devguide_container_properties_metadata_async.py) code samples from this article (GitHub)

+### Code samples

+- [View code samples from this article (GitHub)](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob_devguide_create_sas.py)

+### Code samples

+- View [synchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob_devguide_list_containers.py) or [asynchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob_devguide_list_containers_async.py) code samples from this article (GitHub)

+### See also

+- [Enumerating Blob Resources](/rest/api/storageservices/enumerating-blob-resources)

+### Code samples

+- [View code samples from this article (GitHub)](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob_devguide_copy_blob.py)

+### Code samples

+- View [synchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob_devguide_copy_put_from_url.py) or [asynchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob_devguide_copy_put_from_url_async.py) code samples from this article (GitHub)

+To learn more about how to delete blobs and restore soft-deleted blobs using the Azure Blob Storage client library for Python, see the following resources.

+### Code samples

+- View [synchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob_devguide_delete_blobs.py) or [asynchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob_devguide_delete_blobs_async.py) code samples from this article (GitHub)

+- [Blob versioning](versioning-overview.md)

+### Code samples

+- View [synchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob_devguide_download.py) or [asynchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob_devguide_download_async.py) code samples from this article (GitHub)

+### Code samples

+- View [synchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob_devguide_lease_blobs.py) or [asynchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob_devguide_lease_blobs_async.py) code samples from this article (GitHub)

+- [Managing Concurrency in Blob storage](concurrency-manage.md)

+### Code samples

+- View [synchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob_devguide_blobs_properties_metadata_tags.py) or [asynchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob_devguide_blobs_properties_metadata_tags_async.py) code samples from this article (GitHub)

+ The `import asyncio` statement is only required if you're using the library in your code. It's added here for clarity, as the examples in the [developer guide articles](#build-your-app) use the `asyncio` library.

+To connect an app to Blob Storage, create an instance of the [BlobServiceClient](/python/api/azure-storage-blob/azure.storage.blob.blobserviceclient) class. This object is your starting point to interact with data resources at the storage account level. You can use it to operate on the storage account and its containers. You can also use the service client to create container clients or blob clients, depending on the resource you need to work with.

+To authorize with Microsoft Entra ID, you need to use a [security principal](../../active-directory/develop/app-objects-and-service-principals.md). Which type of security principal you need depends on where your app runs. Use the following table as a guide:

+| Where the app runs | Security principal | Guidance |

+## Build your app

+As you build apps to work with data resources in Azure Blob Storage, your code primarily interacts with three resource types: storage accounts, containers, and blobs. To learn more about these resource types, how they relate to one another, and how apps interact with resources, see [Understand how apps interact with Blob Storage data resources](storage-blob-object-model.md).

+The following guides show you how to access data and perform specific actions using the Azure Storage client library for Python:

+| | |

+| [Configure a retry policy](storage-retry-policy-python.md) | Implement retry policies for client operations. |

+| [Copy blobs](storage-blob-copy-python.md) | Copy a blob from one location to another. |

+| [Create a container](storage-blob-container-create-python.md) | Create blob containers. |

+| [Create a user delegation SAS (blobs)](storage-blob-user-delegation-sas-create-python.md) | Create a user delegation SAS for a blob. |

+| [Create a user delegation SAS (containers))](storage-blob-container-user-delegation-sas-create-python.md) | Create a user delegation SAS for a container. |

+| [Create and manage container leases](storage-blob-container-lease-python.md) | Establish and manage a lock on a container. |

+| [Delete and restore](storage-blob-delete-python.md) | Delete blobs and restore soft-deleted blobs. |

+| [Delete and restore containers](storage-blob-container-delete-python.md) | Delete containers and restore soft-deleted containers. |

+| [List blobs](storage-blobs-list-python.md) | List blobs in different ways. |

+| [List containers](storage-blob-containers-list-python.md) | List containers in an account and the various options available to customize a listing. |

+| [Manage properties and metadata (containers)](storage-blob-container-properties-metadata-python.md) | Get and set properties and metadata for containers. |

+| [Performance tuning for data transfers](storage-blobs-tune-upload-download-python.md) | Optimize performance for data transfer operations. |

+| [Upload blobs](storage-blob-upload-python.md) | Learn how to upload blobs by using strings, streams, file paths, and other methods. |

+### Code samples

+- View [synchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob_devguide_blobs_properties_metadata_tags.py) or [asynchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob_devguide_blobs_properties_metadata_tags_async.py) code samples from this article (GitHub)

+- [Use blob index tags to manage and find data on Azure Blob Storage](storage-blob-index-how-to.md)

+### Code samples

+- View [synchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob_devguide_upload.py) or [asynchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob_devguide_upload_async.py) code samples from this article (GitHub)

+- [Use blob index tags to manage and find data on Azure Blob Storage](storage-blob-index-how-to.md)

+### Code samples

+- [View code samples from this article (GitHub)](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob_devguide_create_sas.py)

+### Code samples

+- View [synchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob_devguide_list_blobs.py) or [asynchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob_devguide_list_blobs_async.py) code samples from this article (GitHub)

+- [Blob versioning](versioning-overview.md)

+- This article is part of the Blob Storage developer guide for Python. See the full list of developer guide articles at [Build your app](storage-blob-python-get-started.md#build-your-app).

+## Next steps

+- This article is part of the Blob Storage developer guide for Python. See the full list of developer guide articles at [Build your app](storage-blob-python-get-started.md#build-your-app).

+- [Azure Container Storage](../container-storage/container-storage-introduction.md): A volume management, deployment, and orchestration service built natively for containers.

+## Azure Container Storage

+For more information about Azure Container Storage, see [What is Azure Container Storage? ](../container-storage/container-storage-introduction.md).

+1. Run the following script. Replace `<ResourceGroup>`, `<StorageAccount>`, and `<FileShare>` with your information.

+ Remove-AzRmStorageShare `

+ -ResourceGroupName <ResourceGroup> `

+ -StorageAccountName <StorageAccount> `

+ -Name <FileShare>

+You can delete an Azure file share with the [`az storage share delete`](/cli/azure/storage/share#az-storage-share-delete) command. Replace `<ResourceGroup>`, `<StorageAccount>`, and `<FileShare>` with your information.

+az storage share-rm delete \

+ --resource-group <ResourceGroup> \

+ --storage-account <StorageAccount> \

+ --name <FileShare>

+1. Sign in to the Azure portal using an account with [conditional access administrator permissions](/entra/identity/role-based-access-control/permissions-reference#conditional-access-administrator), and select **Microsoft Entra ID**, choose **Security** from the menu.

+On your session host VM, go to **Event Viewer** > **Windows Logs** > **Application**. If you see an event with ID 3277 with the description `INVALID_REGISTRATION_TOKEN` or `EXPIRED_MACHINE_TOKEN`, the registration key that has been used isn't recognized as valid.

+To resolve this issue:

+1. Create a new registration key by following the steps in [Generate a registration key](add-session-hosts-host-pool.md#generate-a-registration-key).

+1. Open a PowerShell prompt as an administrator and run the following commands to add the new registration key to the registry. Replace `<RegistrationToken>` with the new registration token you generated.

+ ```powershell

+ $newKey = '<RegistrationToken>'

+

+ Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\RDInfraAgent" -Name "IsRegistered" -Value 0 -Force

+ Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\RDInfraAgent" -Name "RegistrationToken" -Value $newKey -Force

+ ```

+1. Next, run the following command to restart the `RDAgentBootLoader` service:

+ ```powershell

+ Restart-Service RDAgentBootLoader

+ ```

+1. Run the following commands to verify that **IsRegistered** is set to 1 and **RegistrationToken** is blank.

+ Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\RDInfraAgent" -Name IsRegistered | FL IsRegistered

+ Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\RDInfraAgent" -Name RegistrationToken | FL RegistrationToken

+ The output should be similar to the following output:

+ ```output

+ IsRegistered : 1

+ RegistrationToken :

+ ```

+1. Check your session host is no available in the host pool. If it isn't, view the Event Viewer entries and see if there are any errors that are preventing the agent from starting.

+3. Confirm that the *-ExpirationTime* parameter is set to three days.

+description: Learn how to configure NAT rules for your Virtual WAN VPN gateway using PowerShell.

+ Title: Migrate VPN gateways from Classic to Resource Manager

+description: Learn about migrating VPN Gateway resources from the classic deployment model to the Resource Manager deployment model.

+# VPN Gateway classic to Resource Manager migration

+VPN gateways can now be migrated from the classic deployment model to [Resource Manager deployment model](../azure-resource-manager/management/deployment-models.md). For more information, see [Resource Manager deployment model](../azure-resource-manager/management/overview.md). In this article, we discuss how to migrate from classic deployments to the Resource Manager model.

+> [!IMPORTANT]

+> [!INCLUDE [classic gateway restrictions](../../includes/vpn-gateway-classic-gateway-restrict-create.md)]

+VPN gateways are migrated as part of VNet migration from classic to Resource Manager. This migration is done one VNet at a time. There aren't additional requirements in terms of tools or prerequisites to migrate. Migration steps are identical to the existing VNet migration and are documented at [IaaS resources migration page](../virtual-machines/migration-classic-resource-manager-ps.md).

+There isn't a data path downtime during migration and thus existing workloads continue to function without the loss of on-premises connectivity during migration. The public IP address associated with the VPN gateway doesn't change during the migration process. This implies that you won't need to reconfigure your on-premises router once the migration is completed.

+The Resource Manager model is different from the classic model and is composed of virtual network gateways, local network gateways and connection resources. These represent the VPN gateway itself, the local-site representing on premises address space and connectivity between the two respectively. Once migration is completed, your gateways won't be available in the classic model and all management operations on virtual network gateways, local network gateways, and connection objects must be performed using the Resource Manager model.

+## Supported scenarios

+Most common VPN connectivity scenarios are covered by classic to Resource Manager migration. The supported scenarios include:

+* Point-to-site connectivity

+* Site-to-site connectivity with VPN Gateway connected to on premises location

+* VNet-to-VNet connectivity between two VNets using VPN gateways

+* Multiple VNets connected to same on-premises location

+* Multi-site connectivity

+* Forced tunneling enabled VNets

+Scenarios that aren't supported include:

+* VNet with both an ExpressRoute gateway and a VPN gateway isn't currently supported.

+* Transit scenarios where VM extensions are connected to on-premises servers. Transit VPN connectivity limitations are detailed in the next sections.

+> [!NOTE]

+> CIDR validation in the Resource Manager model is stricter than the one in the classic model. Before migrating, ensure that classic address ranges given conform to valid CIDR format before beginning the migration. CIDR can be validated using any common CIDR validators. VNet or local sites with invalid CIDR ranges when migrated result in a failed state.

+>

+## VNet-to-VNet connectivity migration

+VNet-to-VNet connectivity in the classic deployment model was achieved by creating a local site representation of the connected VNet. Customers were required to create two local sites that represented the two VNets which needed to be connected together. These were then connected to the corresponding VNets using IPsec tunnel to establish connectivity between the two VNets. This model has manageability challenges, since any address range changes in one VNet must also be maintained in the corresponding local site representation. In the Resource Manager model, this workaround is no longer needed. The connection between the two VNets can be directly achieved using 'Vnet2Vnet' connection type in the Connection resource.

+During VNet migration, we detect that the connected entity to the current VNet's VPN gateway is another VNet. We ensure that once migration of both VNets is completed, you no longer see two local sites representing the other VNet. The classic model of two VPN gateways, two local sites, and two connections between them is transformed to the Resource Manager model with two VPN gateways and two connections of type Vnet2Vnet.

+## Transit VPN connectivity

+You can configure VPN gateways in a topology such that on-premises connectivity for a VNet is achieved by connecting to another VNet that is directly connected to on-premises. This is transit VPN connectivity, where instances in first VNet are connected to on-premises resources via transit to the VPN gateway in the connected VNet that's directly connected to on-premises. To achieve this configuration in classic deployment model, you need to create a local site that has aggregated prefixes representing both the connected VNet and on-premises address space. This representational local site is then connected to the VNet to achieve transit connectivity. The classic model also has similar manageability challenges since any change in the on-premises address range must also be maintained on the local site representing the aggregate of VNet and on-premises. Introduction of BGP support in Resource Manager supported gateways simplifies manageability, since the connected gateways can learn routes from on-premises without manual modification to prefixes.

+Since we transform VNet-to-VNet connectivity without requiring local sites, the transit scenario loses on-premises connectivity for the VNet that is indirectly connected to on-premises. The loss of connectivity can be mitigated in the following two ways, after migration is completed:

+* Enable BGP on VPN gateways that are connected together and to the on-premises location. Enabling BGP restores connectivity without any other configuration changes since routes are learned and advertised between VNet gateways. Note that the BGP option is only available on Standard and higher SKUs.

+* Establish an explicit connection from affected VNet to the local network gateway that represents the on-premises location. This would also require changing configuration on the on-premises router to create and configure the IPsec tunnel.

+## Next steps

+After learning about VPN gateway migration support, go to [platform-supported migration of IaaS resources from classic to Resource Manager](../virtual-machines/migration-classic-resource-manager-ps.md) to get started.