Service | Microsoft Docs article | Related commit history on GitHub | Change details |
---|---|---|---|
active-directory-b2c | Partner Onfido | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/partner-onfido.md | REST API settings: #### Upload your files 1. Store the UI folder files in your blob container.-2. [Use Azure Storage Explorer to manage Azure managed disks](../virtual-machines/disks-use-storage-explorer-managed-disks.md) and access permissions. +2. [Use Azure Storage Explorer to manage Azure managed disks](/azure/virtual-machines/disks-use-storage-explorer-managed-disks) and access permissions. ### Configure Azure AD B2C |
advisor | Advisor Cost Optimization Workbook | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/advisor/advisor-cost-optimization-workbook.md | Azure Hybrid Benefit represents an excellent opportunity to save on Virtual Mach #### Windows VM/VMSS Azure Hybrid Benefit represents an excellent opportunity to save on Virtual Machines OS costs.-If you have Software Assurance, you can enable the [Azure Hybrid Benefit](../virtual-machines/windows/hybrid-use-benefit-licensing.md). You can see potential savings using [Azure Hybrid Benefit Calculator](https://azure.microsoft.com/pricing/hybrid-benefit/#calculator). +If you have Software Assurance, you can enable the [Azure Hybrid Benefit](/azure/virtual-machines/windows/hybrid-use-benefit-licensing). You can see potential savings using [Azure Hybrid Benefit Calculator](https://azure.microsoft.com/pricing/hybrid-benefit/#calculator). > [!NOTE] > The query has a Quick Fix column that helps you to apply Azure Hybrid Benefit to Windows VMs. #### Linux VM/VMSS -[Azure Hybrid Benefit for Linux](../virtual-machines/linux/azure-hybrid-benefit-linux.md) is a licensing benefit that helps you to significantly reduce the costs of running your Red Hat Enterprise Linux (RHEL) and SUSE Linux Enterprise Server (SLES) virtual machines (VMs) in the cloud. +[Azure Hybrid Benefit for Linux](/azure/virtual-machines/linux/azure-hybrid-benefit-linux) is a licensing benefit that helps you to significantly reduce the costs of running your Red Hat Enterprise Linux (RHEL) and SUSE Linux Enterprise Server (SLES) virtual machines (VMs) in the cloud. #### SQL The following queries show compute resources that you can optimize to save money #### Virtual Machines in a Stopped State -This query identifies Virtual Machines that aren't properly deallocated. If a virtual machineΓÇÖs status is Stopped rather than Stopped (Deallocated), you're still billed for the resource as the hardware remains allocated for you. Learn more about [States and billing status of Azure Virtual Machines](../virtual-machines/states-billing.md). +This query identifies Virtual Machines that aren't properly deallocated. If a virtual machineΓÇÖs status is Stopped rather than Stopped (Deallocated), you're still billed for the resource as the hardware remains allocated for you. Learn more about [States and billing status of Azure Virtual Machines](/azure/virtual-machines/states-billing). #### Deallocated virtual machines |
advisor | Advisor Cost Recommendations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/advisor/advisor-cost-recommendations.md | Advisor recommends resizing virtual machines when it's possible to fit the curre ### Burstable recommendations -We evaluate if workloads are eligible to run on specialized SKUs called **Burstable SKUs** that support variable workload performance requirements and are less expensive than general purpose SKUs. Learn more about burstable SKUs here: [B-series burstable - Azure Virtual Machines](../virtual-machines/sizes-b-series-burstable.md). +We evaluate if workloads are eligible to run on specialized SKUs called **Burstable SKUs** that support variable workload performance requirements and are less expensive than general purpose SKUs. Learn more about burstable SKUs here: [B-series burstable - Azure Virtual Machines](/azure/virtual-machines/sizes-b-series-burstable). A burstable SKU recommendation is made if: |
advisor | Advisor Reference Performance Recommendations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/advisor/advisor-reference-performance-recommendations.md | Learn more about [Virtual machine - AccelNetDisengaged (Accelerated Networking m Ultra disk is available in the same region as your database workload. Ultra disk offers high throughput, high IOPS, and consistent low latency disk storage for your database workloads: For Oracle DBs, you can now use either 4k or 512E sector sizes with Ultra disk depending on your Oracle DB version. For SQL server, using Ultra disk for your log disk might offer more performance for your database. See instructions here for migrating your log disk to Ultra disk. -Learn more about [Virtual machine - AzureStorageVmUltraDisk (Take advantage of Ultra Disk low latency for your log disks and improve your database workload performance.)](../virtual-machines/disks-enable-ultra-ssd.md?tabs=azure-portal). +Learn more about [Virtual machine - AzureStorageVmUltraDisk (Take advantage of Ultra Disk low latency for your log disks and improve your database workload performance.)](/azure/virtual-machines/disks-enable-ultra-ssd?tabs=azure-portal). ### Upgrade the size of your most active virtual machines to prevent resource exhaustion and improve performance |
ai-services | Deploy Anomaly Detection On Container Instances | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/Anomaly-Detector/How-to/deploy-anomaly-detection-on-container-instances.md | -Learn how to deploy the Azure AI services [Anomaly Detector](../anomaly-detector-container-howto.md) container to Azure [Container Instances](../../../container-instances/index.yml). This procedure demonstrates the creation of an Anomaly Detector resource. Then we discuss pulling the associated container image. Finally, we highlight the ability to exercise the orchestration of the two from a browser. Using containers can shift the developers' attention away from managing infrastructure to instead focusing on application development. +Learn how to deploy the Azure AI services [Anomaly Detector](../anomaly-detector-container-howto.md) container to Azure [Container Instances](/azure/container-instances/). This procedure demonstrates the creation of an Anomaly Detector resource. Then we discuss pulling the associated container image. Finally, we highlight the ability to exercise the orchestration of the two from a browser. Using containers can shift the developers' attention away from managing infrastructure to instead focusing on application development. [!INCLUDE [Prerequisites](../../containers/includes/container-preview-prerequisites.md)] |
ai-services | Luis Concept Devops Automation | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/LUIS/luis-concept-devops-automation.md | Other options for deploying an app version include: * Leave the app version published to the direct version endpoint and implement a process to configure downstream production environments with the direct version endpoint as required. * Maintain different LUIS apps for each production environments and write automation steps to import the `.lu` into a new version in the LUIS app for the target production environment, to train, and publish it.-* Export the tested LUIS app version into a [LUIS docker container](./luis-container-howto.md?tabs=v3) and deploy the LUIS container to Azure [Container instances](../../container-instances/index.yml). +* Export the tested LUIS app version into a [LUIS docker container](./luis-container-howto.md?tabs=v3) and deploy the LUIS container to Azure [Container instances](/azure/container-instances/). ## Release management |
ai-services | Cognitive Services Container Support | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/cognitive-services-container-support.md | Containerization is an approach to software distribution in which an application - **Immutable infrastructure**: Enable DevOps teams to leverage a consistent and reliable set of known system parameters, while being able to adapt to change. Containers provide the flexibility to pivot within a predictable ecosystem and avoid configuration drift. - **Control over data**: Choose where your data gets processed by Azure AI services. This can be essential if you can't send data to the cloud but need access to Azure AI services APIs. Support consistency in hybrid environments ΓÇô across data, management, identity, and security. - **Control over model updates**: Flexibility in versioning and updating of models deployed in their solutions.-- **Portable architecture**: Enables the creation of a portable application architecture that can be deployed on Azure, on-premises and the edge. Containers can be deployed directly to [Azure Kubernetes Service](/azure/aks/), [Azure Container Instances](../container-instances/index.yml), or to a [Kubernetes](https://kubernetes.io/) cluster deployed to [Azure Stack](/azure-stack/operator). For more information, see [Deploy Kubernetes to Azure Stack](/azure-stack/user/azure-stack-solution-template-kubernetes-deploy).+- **Portable architecture**: Enables the creation of a portable application architecture that can be deployed on Azure, on-premises and the edge. Containers can be deployed directly to [Azure Kubernetes Service](/azure/aks/), [Azure Container Instances](/azure/container-instances/), or to a [Kubernetes](https://kubernetes.io/) cluster deployed to [Azure Stack](/azure-stack/operator). For more information, see [Deploy Kubernetes to Azure Stack](/azure-stack/user/azure-stack-solution-template-kubernetes-deploy). - **High throughput / low latency**: Provide customers the ability to scale for high throughput and low latency requirements by enabling Azure AI services to run physically close to their application logic and data. Containers don't cap transactions per second (TPS) and can be made to scale both up and out to handle demand if you provide the necessary hardware resources. - **Scalability**: With the ever growing popularity of containerization and container orchestration software, such as Kubernetes; scalability is at the forefront of technological advancements. Building on a scalable cluster foundation, application development caters to high availability. Additionally, some containers are supported in the [Azure AI services multi-serv You must satisfy the following prerequisites before using Azure AI containers: -**Docker Engine**: You must have Docker Engine installed locally. Docker provides packages that configure the Docker environment on [macOS](https://docs.docker.com/docker-for-mac/), [Linux](https://docs.docker.com/engine/installation/#supported-platforms), and [Windows](https://docs.docker.com/docker-for-windows/). On Windows, Docker must be configured to support Linux containers. Docker containers can also be deployed directly to [Azure Kubernetes Service](/azure/aks/) or [Azure Container Instances](../container-instances/index.yml). +**Docker Engine**: You must have Docker Engine installed locally. Docker provides packages that configure the Docker environment on [macOS](https://docs.docker.com/docker-for-mac/), [Linux](https://docs.docker.com/engine/installation/#supported-platforms), and [Windows](https://docs.docker.com/docker-for-windows/). On Windows, Docker must be configured to support Linux containers. Docker containers can also be deployed directly to [Azure Kubernetes Service](/azure/aks/) or [Azure Container Instances](/azure/container-instances/). Docker must be configured to allow the containers to connect with and send billing data to Azure. |
ai-services | Spatial Analysis Container | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/computer-vision/spatial-analysis-container.md | In this article, you'll download and install the following software packages. Th * [Azure IoT Edge](../../iot-edge/how-to-provision-single-device-linux-symmetric.md) runtime. #### [Azure VM with GPU](#tab/virtual-machine)-In our example, we utilize an [NCv3 series VM](../../virtual-machines/ncv3-series.md) that has one v100 GPU. +In our example, we utilize an [NCv3 series VM](/azure/virtual-machines/ncv3-series) that has one v100 GPU. Use the below steps to deploy the container using the Azure CLI. #### [Azure VM with GPU](#tab/virtual-machine) -An Azure Virtual Machine with a GPU can also be used to run Spatial Analysis. The example below will use a [NCv3 series VM](../../virtual-machines/ncv3-series.md) that has one v100 GPU. +An Azure Virtual Machine with a GPU can also be used to run Spatial Analysis. The example below will use a [NCv3 series VM](/azure/virtual-machines/ncv3-series) that has one v100 GPU. #### Create the VM To locate the VM size, select "See all sizes" and then view the list for "N-Seri Next, Create the VM. Once created, navigate to the VM resource in the Azure portal and select `Extensions` from the left pane. Select on "Add" to bring up the extensions window with all available extensions. Search for and select `NVIDIA GPU Driver Extension`, select create, and complete the wizard. -Once the extension is successfully applied, navigate to the VM main page in the Azure portal and select `Connect`. The VM can be accessed either through SSH or RDP. RDP is helpful as it enables viewing of the visualizer window (explained later). Configure the RDP access by following [these steps](../../virtual-machines/linux/use-remote-desktop.md) and opening a remote desktop connection to the VM. +Once the extension is successfully applied, navigate to the VM main page in the Azure portal and select `Connect`. The VM can be accessed either through SSH or RDP. RDP is helpful as it enables viewing of the visualizer window (explained later). Configure the RDP access by following [these steps](/azure/virtual-machines/linux/use-remote-desktop) and opening a remote desktop connection to the VM. ### Verify Graphics Drivers are Installed |
ai-services | Azure Container Instance Recipe | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/containers/azure-container-instance-recipe.md | -With the following steps, scale Azure AI services applications in the cloud easily with Azure [Container Instances](../../container-instances/index.yml). Containerization helps you focus on building your applications instead of managing the infrastructure. For more information on using containers, see [features and benefits](../cognitive-services-container-support.md#features-and-benefits). +With the following steps, scale Azure AI services applications in the cloud easily with Azure [Container Instances](/azure/container-instances/). Containerization helps you focus on building your applications instead of managing the infrastructure. For more information on using containers, see [features and benefits](../cognitive-services-container-support.md#features-and-benefits). ## Prerequisites |
ai-services | Install Run | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/containers/install-run.md | You also need the following to use Document Intelligence containers: The host is a x64-based computer that runs the Docker container. It can be a computer on your premises or a Docker hosting service in Azure, such as: * [Azure Kubernetes Service](/azure/aks/).-* [Azure Container Instances](../../../container-instances/index.yml). +* [Azure Container Instances](/azure/container-instances/). * A [Kubernetes](https://kubernetes.io/) cluster deployed to [Azure Stack](/azure-stack/operator). For more information, see [Deploy Kubernetes to Azure Stack](/azure-stack/user/azure-stack-solution-template-kubernetes-deploy). > [!NOTE] |
ai-services | Deploy Label Tool | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/deploy-label-tool.md | After you create your web app, you can enable the continuous deployment option: > When creating your web app, you can also configure authorization/authentication. This is not necessary to get started. > [!IMPORTANT]-> You may need to enable TLS for your web app in order to view it at its `https` address. Follow the instructions in [Enable a TLS endpoint](../../container-instances/container-instances-container-group-ssl.md) to set up a sidecar container than enables TLS/SSL for your web app. +> You may need to enable TLS for your web app in order to view it at its `https` address. Follow the instructions in [Enable a TLS endpoint](/azure/container-instances/container-instances-container-group-ssl) to set up a sidecar container than enables TLS/SSL for your web app. <!-- markdownlint-disable MD001 --> ### Azure CLI |
ai-services | Managed Identities Secured Access | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/managed-identities-secured-access.md | To ensure that the Document Intelligence resource can access the training datase :::image type="content" source="media/managed-identities/v2-stg-role-assign-role.png" alt-text="Screenshot of add role assignment window."::: -1. On the **Role** tab, search for and select the **Storage Blob Data Reader** permission and select **Next**. +1. On the **Role** tab, search for and select the **Storage Blob Data Contributor** permission and select **Next**. :::image type="content" source="media/managed-identities/v2-stg-role-assignment.png" alt-text="Screenshot of choose a role tab."::: That's it! You can now configure secure access for your Document Intelligence re :::image type="content" source="media/managed-identities/content-source-error.png" alt-text="Screenshot of content source not accessible error."::: - **Resolution**: Make sure you grant your Document Intelligence managed identity the role of **Storage Blob Data Reader** and enabled **Trusted services** access or **Resource instance** rules on the networking tab. + **Resolution**: Make sure you grant your Document Intelligence managed identity the role of **Storage Blob Data Contributor** and enabled **Trusted services** access or **Resource instance** rules on the networking tab. * **AccessDenied**: |
ai-services | Get Started Sdks Rest Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/quickstarts/get-started-sdks-rest-api.md | zone_pivot_groups: programming-languages-set-formre **This content applies to:** ![checkmark](../media/yes-icon.png) **v4.0 (preview)** **Earlier versions:** ![blue-checkmark](../media/blue-yes-icon.png) [v3.1 (GA)](?view=doc-intel-3.1.0&preserve-view=true) ![blue-checkmark](../media/blue-yes-icon.png) [v3.0 (GA)](?view=doc-intel-3.0.0&preserve-view=true) -* Get started with Azure AI Document Intelligence latest preview version (2024-02-29-preview). +* Get started with Azure AI Document Intelligence latest preview version (2024-07-31-preview). :::moniker-end |
ai-services | Studio Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/document-intelligence/studio-overview.md | Title: What is Document Intelligence (formerly Form Recognizer) Studio? + Title: Studio experience for Document Intelligence -description: Learn how to set up and use Document Intelligence Studio to test features of Azure AI Document Intelligence on the web. +description: Learn how to set up and use either Document Intelligence Studio or AI Studio to test features of Azure AI Document Intelligence on the web. -- - ignite-2023 Previously updated : 07/09/2024 Last updated : 08/21/2024 monikerRange: '>=doc-intel-3.0.0' -<!-- markdownlint-disable MD033 --> -# What is Document Intelligence Studio? +<!-- markdownlint-disable MD033 --> +# Studio experience for Document Intelligence [!INCLUDE [applies to v4.0 v3.1 v3.0](includes/applies-to-v40-v31-v30.md)] -> [!IMPORTANT] -> -> * There are separate URLs for Document Intelligence Studio sovereign cloud regions. -> * Azure for US Government: [Document Intelligence Studio (Azure Fairfax cloud)](https://formrecognizer.appliedai.azure.us/studio) -> * Microsoft Azure operated by 21Vianet: [Document Intelligence Studio (Azure in China)](https://formrecognizer.appliedai.azure.cn/studio) --[Document Intelligence Studio](https://documentintelligence.ai.azure.com/studio/) is an online tool to visually explore, understand, train, and integrate features from the Document Intelligence service into your applications. The studio provides a platform for you to experiment with the different Document Intelligence models and sample returned data in an interactive manner without the need to write code. Use the Document Intelligence Studio to: +The studio is an online tool to visually explore, understand, train, and integrate features from the Document Intelligence service into your applications. The studio provides a platform for you to experiment with the different Document Intelligence models and sample returned data in an interactive manner without the need to write code. You can use the studio experience to: * Learn more about the different capabilities in Document Intelligence. * Use your Document Intelligence resource to test models on sample documents or upload your own documents. monikerRange: '>=doc-intel-3.0.0' * Train custom extraction models to extract fields from documents. * Get sample code for the language specific `SDKs` to integrate into your applications. +Currently, we're undergoing the migration of features from the [Document Intelligence Studio](https://documentintelligence.ai.azure.com/studio) to the new [AI Studio](https://ai.azure.com/explore/aiservices/vision). There are some differences in the offerings for the two studios, which determine the correct studio for your use case. ++## Choosing the correct studio experience ++There are currently two studios, the [Azure AI Studio](https://ai.azure.com/explore/aiservices/vision) and the [Document Intelligence Studio](https://documentintelligence.ai.azure.com/studio) for building and validating Document Intelligence models. As the experiences migrate to the new AI Studio, some experiences are available in both studios, while other experiences/models are only available in only one of the studios. To follow are a few guidelines for choosing the Studio experience for your needs. All of our [prebuilt models](overview.md#prebuilt-models) and [general extraction models](overview.md#general-extraction-models) are available on both studios. ++### When to use [Document Intelligence Studio](https://documentintelligence.ai.azure.com/studio) ++Document Intelligence Studio is the legacy experience that contains all features released on or before July 2024. For any of the v2.1, v3.0, v3.1 features, continue to use the Document Intelligence Studio. Studios provide a visual experience for labeling, training, and validating custom models. For custom document field extraction models, use the Document Intelligence Studio for template and neural models. Custom classification models can only be trained and used on Document Intelligence Studio. Use Document Intelligence Studio if you want to try out GA versions of the models from version 2.1, v3.0 and v3.1. ++### When to use [AI Studio](https://ai.azure.com/explore/aiservices/vision) ++Start with the new Azure AI Studio and try any of the prebuilt document models from `2024-02-29-preview` version including general extraction models like Read or Layout. If you want to build and test a new [Document Field Extraction](https://ai.azure.com/explore/aiservices/vision/document/extraction) model, try our generative AI model, only available in the new AI Studio. ++## Learn more about Document Intelligence Studio ++Select the studio experience from the following tabs to learn more about each studio and how you can get started. ++### [**Document Intelligence Studio**](#tab/di-studio) ++> [!IMPORTANT] +> +> * There are separate URLs for Document Intelligence Studio sovereign cloud regions. +> * Azure for US Government: [Document Intelligence Studio (Azure Fairfax cloud)](https://formrecognizer.appliedai.azure.us/studio) +> * Microsoft Azure operated by 21Vianet: [Document Intelligence Studio (Azure in China)](https://formrecognizer.appliedai.azure.cn/studio) ++ The studio supports Document Intelligence v3.0 and later API versions for model analysis and custom model training. Previously trained v2.1 models with labeled data are supported, but not v2.1 model training. Refer to the [REST API migration guide](v3-1-migration-guide.md) for detailed information about migrating from v2.1 to v3.0. Use the [Document Intelligence Studio quickstart](quickstarts/try-document-intelligence-studio.md) to get started analyzing documents with document analysis or prebuilt models. Build custom models and reference the models in your applications using one of the [language specific `SDKs`](quickstarts/get-started-sdks-rest-api.md?view=doc-intel-3.0.0&preserve-view=true). To use Document Intelligence Studio, you need to acquire the following assets from the Azure portal: Use the [Document Intelligence Studio quickstart](quickstarts/try-document-intel * **An Azure AI services or Document Intelligence resource**. Once you have your Azure subscription, create a [single-service](https://portal.azure.com/#create/Microsoft.CognitiveServicesFormRecognizer) or [multi-service](https://portal.azure.com/#create/Microsoft.CognitiveServicesAIServices) resource, in the Azure portal to get your key and endpoint. Use the free pricing tier (`F0`) to try the service, and upgrade later to a paid tier for production. -## Authorization policies +#### Authorization policies Your organization can opt to disable local authentication and enforce Microsoft Entra (formerly Azure Active Directory) authentication for Azure AI Document Intelligence resources and Azure blob storage. Your organization can opt to disable local authentication and enforce Microsoft > * In Azure context, Contributor role can only perform actions to control and manage the resource itself, including listing the access keys. > * User accounts with a Contributor are only able to access the Document Intelligence service by calling with access keys. However, when setting up access with Entra ID, key-access will be disabled and **Cognitive Service User** role will be required for an account to use the resources. -## Document Intelligence model support +#### Document Intelligence model support Use the help wizard, labeling interface, training step, and interactive visualizations to understand how each feature works. Use the help wizard, labeling interface, training step, and interactive visualiz * **Add-on Capabilities**: Document Intelligence supports more sophisticated analysis capabilities. These optional capabilities can be enabled and disabled in the studio using the `Analyze Options` button in each model page. There are four add-on capabilities available: `highResolution`, `formula`, `font`, and `barcode extraction` capabilities. To learn more, *see* [Add-on capabilities](concept-add-on-capabilities.md). -## Try a Document Intelligence model +#### Try a Document Intelligence model * Once your resource is configured, you can try the different models offered by Document Intelligence Studio. From the front page, select any Document Intelligence model to try using with a no-code approach. Use the help wizard, labeling interface, training step, and interactive visualiz To learn more about each model, *see* our concept pages. -### View resource details +##### View resource details To view resource details such as name and pricing tier, select the **Settings** icon in the top-right corner of the Document Intelligence Studio home page and select the **Resource** tab. If you have access to other resources, you can switch resources as well. To learn more about each model, *see* our concept pages. With Document Intelligence, you can quickly automate your data processing in applications and workflows, easily enhance data-driven strategies, and skillfully enrich document search capabilities. -## Analyze options +#### Analyze options * Document Intelligence supports sophisticated analysis capabilities. The Studio allows one entry point (Analyze options button) for configuring the add-on capabilities with ease. * Depending on the document extraction scenario, configure the analysis range, document page range, optional detection, and premium detection features. With Document Intelligence, you can quickly automate your data processing in app > [!NOTE] > Font extraction is not visualized in Document Intelligence Studio. However, you can check the styles section of the JSON output for the font detection results. -### Auto label documents with prebuilt models or one of your own models +##### Auto label documents with prebuilt models or one of your own models * In custom extraction model labeling page, you can now auto label your documents using one of Document Intelligent Service prebuilt models or your trained models. With Document Intelligence, you can quickly automate your data processing in app :::image type="content" source="media/studio/duplicate-labels.png" alt-text="Screenshot showing duplicate label warning after auto labeling."::: -### Auto label tables +##### Auto label tables * In custom extraction model labeling page, you can now auto label the tables in the document without having to label the tables manually. :::image type="content" source="media/studio/auto-table-label.gif" alt-text="Animated screenshot showing auto table labeling in Studio."::: -### Add test files directly to your training dataset +##### Add test files directly to your training dataset * Once you train a custom extraction model, make use of the test page to improve your model quality by uploading test documents to training dataset if needed. With Document Intelligence, you can quickly automate your data processing in app :::image type="content" source="media/studio/add-from-test.gif" alt-text="Animated screenshot showing how to add test files to training dataset."::: -### Make use of the document list options and filters in custom projects +##### Make use of the document list options and filters in custom projects * Use the custom extraction model labeling page to navigate through your training documents with ease by making use of the search, filter, and sort by feature. With Document Intelligence, you can quickly automate your data processing in app :::image type="content" source="media/studio/document-options.png" alt-text="Screenshot of document list view options and filters."::: -### Project sharing +##### Project sharing Share custom extraction projects with ease. For more information, see [Project sharing with custom models](how-to-guides/project-share-custom-models.md). -## Troubleshooting +#### Troubleshooting |Scenario |Cause| Resolution| |-||-| Share custom extraction projects with ease. For more information, see [Project s |You receive the error message</br> `AuthorizationPermissionMismatch` when opening a custom project.|The request isn't authorized to perform the operation using the designated permission. It's likely the local (key-based) authentication is disabled for your storage account and you don't have the granted permission to access the blob data.|Reference [Azure role assignments](quickstarts/try-document-intelligence-studio.md#azure-role-assignments) to configure your access roles.| |You can't sign in to Document Intelligence Studio and receive the error message</br> `InteractionRequiredAuthError:login_required:AADSTS50058:A silent sign-request was sent but no user is signed in`|It's likely that your browser is blocking third-party cookies so you can't successfully sign in.|To resolve, see [Manage third-party settings](#manage-third-party-settings-for-studio-access) for your browser.| -### Manage third-party settings for Studio access +##### Manage third-party settings for Studio access **Edge**: -* Go to **Settings** for Edge +* Go to **Settings** for Microsoft Edge * Search for "**third*party**" * Go to **Manage and delete cookies and site data** * Turn off the setting of **Block third*party cookies** Share custom extraction projects with ease. For more information, see [Project s * Go to **Settings** for Firefox * Search for "**cookies**" * Under **Enhanced Tracking Protection**, select **Manage Exceptions**-* Add exception for **https://documentintelligence.ai.azure.com** or the Document Intelligence Studio URL of your environment +* Add exception for **`https://documentintelligence.ai.azure.com`** or the Document Intelligence Studio URL of your environment **Safari**: Share custom extraction projects with ease. For more information, see [Project s * Select **Privacy** * Deselect **Block all cookies** +### [**AI Studio**](#tab/ai-studio) ++Document Intelligence is part of the Azure AI services offerings in the Azure AI Studio. Each of the Azure AI services helps developers and organizations rapidly create intelligent, cutting-edge, market-ready, and responsible applications with out-of-the-box and prebuilt and customizable APIs and models. ++Learn how to [connect your AI services hub](../../ai-studio/ai-services/connect-ai-services.md) with AI services and get started using Document Intelligence. + ## Next steps * Visit [Document Intelligence Studio](https://formrecognizer.appliedai.azure.com/studio).-+* Visit [AI Studio](https://ai.azure.com/explore/aiservices/vision). * Get started with [Document Intelligence Studio quickstart](quickstarts/try-document-intelligence-studio.md). |
ai-services | Data Formats | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/custom-text-classification/concepts/data-formats.md | Your Labels file should be in the `json` format below. This will enable you to [ "projectFileVersion": "2022-05-01", "stringIndexType": "Utf16CodeUnit", "metadata": {- "projectKind": "CustomMultiLabelClassification", - "storageInputContainerName": "{CONTAINER-NAME}", - "projectName": "{PROJECT-NAME}", - "multilingual": false, - "description": "Project-description", - "language": "en-us" + "projectKind": "CustomMultiLabelClassification", + "storageInputContainerName": "{CONTAINER-NAME}", + "projectName": "{PROJECT-NAME}", + "multilingual": false, + "description": "Project-description", + "language": "en-us" }, "assets": {- "projectKind": "CustomMultiLabelClassification", - "classes": [ - { - "category": "Class1" - }, - { - "category": "Class2" - } - ], - "documents": [ - { - "location": "{DOCUMENT-NAME}", - "language": "{LANGUAGE-CODE}", - "dataset": "{DATASET}", - "classes": [ - { - "category": "Class1" - }, - { - "category": "Class2" - } - ] - } - ] - } + "projectKind": "CustomMultiLabelClassification", + "classes": [ + { + "category": "Class1" + }, + { + "category": "Class2" + } + ], + "documents": [ + { + "location": "{DOCUMENT-NAME}", + "language": "{LANGUAGE-CODE}", + "dataset": "{DATASET}", + "classes": [ + { + "category": "Class1" + }, + { + "category": "Class2" + } + ] + } + ] + } +} ``` |Key |Placeholder |Value | Example | Your Labels file should be in the `json` format below. This will enable you to [ "projectFileVersion": "2022-05-01", "stringIndexType": "Utf16CodeUnit", "metadata": {- "projectKind": "CustomSingleLabelClassification", - "storageInputContainerName": "{CONTAINER-NAME}", - "settings": {}, - "projectName": "{PROJECT-NAME}", - "multilingual": false, - "description": "Project-description", - "language": "en-us" + "projectKind": "CustomSingleLabelClassification", + "storageInputContainerName": "{CONTAINER-NAME}", + "settings": {}, + "projectName": "{PROJECT-NAME}", + "multilingual": false, + "description": "Project-description", + "language": "en-us" }, "assets": {- "projectKind": "CustomSingleLabelClassification", - "classes": [ - { - "category": "Class1" - }, - { - "category": "Class2" - } - ], - "documents": [ - { - "location": "{DOCUMENT-NAME}", - "language": "{LANGUAGE-CODE}", - "dataset": "{DATASET}", - "class": { - "category": "Class2" - } - }, - { - "location": "{DOCUMENT-NAME}", - "language": "{LANGUAGE-CODE}", - "dataset": "{DATASET}", - "class": { - "category": "Class1" - } - } - ] - } + "projectKind": "CustomSingleLabelClassification", + "classes": [ + { + "category": "Class1" + }, + { + "category": "Class2" + } + ], + "documents": [ + { + "location": "{DOCUMENT-NAME}", + "language": "{LANGUAGE-CODE}", + "dataset": "{DATASET}", + "class": { + "category": "Class2" + } + }, + { + "location": "{DOCUMENT-NAME}", + "language": "{LANGUAGE-CODE}", + "dataset": "{DATASET}", + "class": { + "category": "Class1" + } + } + ] + } +} ``` |Key |Placeholder |Value | Example | |||-|--| |
ai-services | Use Containers | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/text-analytics-for-health/how-to/use-containers.md | az webapp config appsettings set -g $resource_group_name -n $appservice_name --s You can also use an Azure Container Instance (ACI) to make deployment easier. ACI is a resource that allows you to run Docker containers on-demand in a managed, serverless Azure environment. See [How to use Azure Container Instances](../../../containers/azure-container-instance-recipe.md) for steps on deploying an ACI resource using the Azure portal. You can also use the below PowerShell script using Azure CLI, which will create an ACI on your subscription using the container image. Wait for the script to complete (approximately 25-30 minutes) before submitting the first request. Due to the limit on the maximum number of CPUs per ACI resource, do not select this option if you expect to submit more than 5 large documents (approximately 5000 characters each) per request.-See the [ACI regional support](../../../../container-instances/container-instances-region-availability.md) article for availability information. +See the [ACI regional support](/azure/container-instances/container-instances-region-availability) article for availability information. > [!NOTE] > Azure Container Instances don't include HTTPS support for the builtin domains. If you need HTTPS, you will need to manually configure it, including creating a certificate and registering a domain. You can find instructions to do this with NGINX below. |
ai-services | Whats New | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/language-service/whats-new.md | +## July 2024 ++* [Conversational PII redaction](https://techcommunity.microsoft.com/t5/ai-azure-ai-services-blog/announcing-conversational-pii-detection-service-s-general/ba-p/4162881) service in English-language contexts is now Generally Available (GA). +* Conversation Summarization now supports 12 additional languages in preview as listed [here](summarization/language-support.md). +* Summarization Meeting or Conversation Chapter titles features will now support reduced length to focus on the key topics. +* Enable support for data augmentation for diacritics to generate variations of training data for diacritic variations used in some natural languages which is especially useful for Germanic and Slavic languages. + ## February 2024 * Expanded [language detection](./language-detection/how-to/call-api.md#script-name-and-script-code) support for additional scripts according to the [ISO 15924 standard](https://wikipedia.org/wiki/ISO_15924) is now available starting in API version `2023-11-15-preview`. |
ai-services | Understand Embeddings | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/openai/concepts/understand-embeddings.md | An alternative method of identifying similar documents is to count the number of * Learn more about using Azure OpenAI and embeddings to perform document search with our [embeddings tutorial](../tutorials/embeddings.md). * Store your embeddings and perform vector (similarity) search using [Azure Cosmos DB for MongoDB vCore](/azure/cosmos-db/mongodb/vcore/vector-search), [Azure Cosmos DB for NoSQL](/azure/cosmos-db/rag-data-openai) , [Azure SQL Database](/azure/azure-sql/database/ai-artificial-intelligence-intelligent-applications?view=azuresql&preserve-view=true#vector-search) or [Azure Database for PostgreSQL - Flexible Server](/azure/postgresql/flexible-server/how-to-use-pgvector).+* Use an Eventhouse in Real-Time Intelligence in Microsoft Fabric as a [Vector database](/fabric/real-time-intelligence/vector-database) + * Use the [series_cosine_similarity](/kusto/query/series-cosine-similarity-function?view=microsoft-fabric&preserve-view=true) function for similarity search. |
ai-services | Embeddings | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/openai/how-to/embeddings.md | Our embedding models may be unreliable or pose social risks in certain cases, an * Learn more about using Azure OpenAI and embeddings to perform document search with our [embeddings tutorial](../tutorials/embeddings.md). * Learn more about the [underlying models that power Azure OpenAI](../concepts/models.md).-* Store your embeddings and perform vector (similarity) search using your choice of Azure service: +* Store your embeddings and perform vector (similarity) search using your choice of service: * [Azure AI Search](../../../search/vector-search-overview.md) * [Azure Cosmos DB for MongoDB vCore](/azure/cosmos-db/mongodb/vcore/vector-search) * [Azure SQL Database](/azure/azure-sql/database/ai-artificial-intelligence-intelligent-applications?view=azuresql&preserve-view=true#vector-search) Our embedding models may be unreliable or pose social risks in certain cases, an * [Azure Cosmos DB for PostgreSQL](/azure/cosmos-db/postgresql/howto-use-pgvector) * [Azure Database for PostgreSQL - Flexible Server](/azure/postgresql/flexible-server/how-to-use-pgvector) * [Azure Cache for Redis](../../../azure-cache-for-redis/cache-tutorial-vector-similarity.md)+ * [Use Eventhouse as a vector database - Real-Time Intelligence in Microsoft Fabric](/fabric/real-time-intelligence/vector-database) |
ai-services | How To Lower Speech Synthesis Latency | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/speech-service/how-to-lower-speech-synthesis-latency.md | For Linux and Windows, `GStreamer` is required to enable this feature. Refer [this instruction](how-to-use-codec-compressed-audio-input-streams.md) to install and configure `GStreamer` for Speech SDK. For Android, iOS and macOS, no extra configuration is needed starting version 1.20. -## Text streaming +## Input text streaming Text streaming allows real-time text processing for rapid audio generation. It's perfect for dynamic text vocalization, such as reading outputs from AI models like GPT in real-time. This feature minimizes latency and improves the fluidity and responsiveness of audio outputs, making it ideal for interactive applications, live events, and responsive AI-driven dialogues. ### How to use text streaming -To use the text streaming feature, connect to the websocket V2 endpoint: `wss://{region}.tts.speech.microsoft.com/cognitiveservices/websocket/v2` +Currently, only C#, C++ and Python are supported in the SDK. Support for Java and Objective-C is planned for future releases. ::: zone pivot="programming-language-csharp" +To use the text streaming feature, connect to the websocket V2 endpoint: `wss://{region}.tts.speech.microsoft.com/cognitiveservices/websocket/v2` + See the sample code for setting the endpoint: ```csharp For detailed implementation, see the [sample code on GitHub](https://github.com/ ::: zone pivot="programming-language-python" +To use the text streaming feature, connect to the websocket V2 endpoint: `wss://{region}.tts.speech.microsoft.com/cognitiveservices/websocket/v2` + See the sample code for setting the endpoint: ```python For detailed implementation, see the [sample code on GitHub](https://github.com/ ::: zone-end ++The C++ sample code isn't available now. For the sample code that shows how to use text streaming, see: ++- [C# sample code](https://github.com/Azure-Samples/cognitive-services-speech-sdk/tree/master/samples/csharp/tts-text-stream) +- [Python sample code](https://github.com/Azure-Samples/cognitive-services-speech-sdk/tree/master/samples/python/tts-text-stream) ++++For the sample code that shows how to use text streaming, see: ++- [C# sample code](https://github.com/Azure-Samples/cognitive-services-speech-sdk/tree/master/samples/csharp/tts-text-stream) +- [Python sample code](https://github.com/Azure-Samples/cognitive-services-speech-sdk/tree/master/samples/python/tts-text-stream) ++++For the sample code that shows how to use text streaming, see: ++- [C# sample code](https://github.com/Azure-Samples/cognitive-services-speech-sdk/tree/master/samples/csharp/tts-text-stream) +- [Python sample code](https://github.com/Azure-Samples/cognitive-services-speech-sdk/tree/master/samples/python/tts-text-stream) ++ ## Others tips ### Cache CRL files |
ai-services | Speech Container Howto | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/speech-service/speech-container-howto.md | Core and memory correspond to the `--cpus` and `--memory` settings, which are us The host is an x64-based computer that runs the Docker container. It can be a computer on your premises or a Docker hosting service in Azure, such as: * [Azure Kubernetes Service](/azure/aks/).-* [Azure Container Instances](~/articles/container-instances/index.yml). +* [Azure Container Instances](/azure/container-instances/). * A [Kubernetes](https://kubernetes.io/) cluster deployed to [Azure Stack](/azure-stack/operator). For more information, see [Deploy Kubernetes to Azure Stack](/azure-stack/user/azure-stack-solution-template-kubernetes-deploy). |
ai-services | Speech Container Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/speech-service/speech-container-overview.md | You can use container recipes to create containers that can be reused. Container - [Use Docker Compose to deploy multiple containers](../containers/docker-compose-recipe.md) For information about other container services, see the following Azure AI services articles:-- [Tutorial: Create a container image for deployment to Azure Container Instances](../../container-instances/container-instances-tutorial-prepare-app.md)+- [Tutorial: Create a container image for deployment to Azure Container Instances](/azure/container-instances/container-instances-tutorial-prepare-app) - [Quickstart: Create a private container registry using the Azure CLI](../../container-registry/container-registry-get-started-azure-cli.md) - [Tutorial: Prepare an application for Azure Kubernetes Service (AKS)](/azure/aks/tutorial-kubernetes-prepare-app) |
ai-services | Speech Synthesis Markup Voice | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/speech-service/speech-synthesis-markup-voice.md | The following table describes the usage of the `mstts:audioduration` element's a | Attribute | Description | Required or optional | | - | - | - |-| `value` | The requested duration of the output audio in either seconds, such as `2s`, or milliseconds, such as `2000ms`.<br/><br/>This value should be within `0.5` to `2` times the original audio without any other rate settings. For example, if the requested duration of your audio is `30s`, then the original audio must otherwise be between 15 and 60 seconds. If you set a value outside of these boundaries, the duration is set according to the respective minimum or maximum multiple.<br/><br/>Given your requested output audio duration, the Speech service adjusts the speaking rate accordingly. Use the [voice list](rest-text-to-speech.md#get-a-list-of-voices) API and check the `WordsPerMinute` attribute to find out the speaking rate of the neural voice that you're using. You can divide the number of words in your input text by the value of the `WordsPerMinute` attribute to get the approximate original output audio duration. The output audio sounds most natural when you set the audio duration closest to the estimated duration.| Required | +| `value` | The requested duration of the output audio in either seconds, such as `2s`, or milliseconds, such as `2000ms`.<br/><br/>The maximum value for output audio duration is 300 seconds. This value should be within `0.5` to `2` times the original audio without any other rate settings. For example, if the requested duration of your audio is `30s`, then the original audio must otherwise be between 15 and 60 seconds. If you set a value outside of these boundaries, the duration is set according to the respective minimum or maximum multiple. For output audio longer than 300 seconds, first generate the original audio without any other rate settings, then calculate the rate to adjust using the prosody rate to achieve the desired duration. | Required | ### mstts audio duration examples |
ai-studio | Content Filtering | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-studio/concepts/content-filtering.md | Now, you can go to the playground to test whether the content filter works as ex ### Configurability (preview) -The default content filtering configuration for the GPT model series is set to filter at the medium severity threshold for all four content harm categories (hate, violence, sexual, and self-harm) and applies to both prompts (text, multi-modal text/image) and completions (text). This means that content that is detected at severity level medium or high is filtered, while content detected at severity level low isn't filtered by the content filters. For DALL-E, the default severity threshold is set to low for both prompts (text) and completions (images), so content detected at severity levels low, medium, or high is filtered. The configurability feature is available in preview and allows customers to adjust the settings, separately for prompts and completions, to filter content for each content category at different severity levels as described in the table below: +The default content filtering configuration for the GPT model series is set to filter at the medium severity threshold for all four content harm categories (hate, violence, sexual, and self-harm) and applies to both prompts (text, multi-modal text/image) and completions (text). This means that content that is detected at severity level medium or high is filtered, while content detected at severity level low isn't filtered by the content filters. For DALL-E, the default severity threshold is set to low for both prompts (text) and completions (images), so content detected at severity levels low, medium, or high is filtered. ++The configurability feature allows customers to adjust the settings, separately for prompts and completions, to filter content for each content category at different severity levels as described in the table below: | Severity filtered | Configurable for prompts | Configurable for completions | Descriptions | |-|--||--| |
ai-studio | Deploy Models Jamba | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-studio/how-to/deploy-models-jamba.md | Title: How to use Jamba-Instruct chat models with Azure AI Studio + Title: How to deploy AI21's Jamba family models with Azure AI Studio -description: Learn how to use Jamba-Instruct chat models with Azure AI Studio. -+description: How to deploy AI21's Jamba family models with Azure AI Studio + Previously updated : 08/08/2024 Last updated : 08/06/2024+ reviewer: tgokal----zone_pivot_groups: azure-ai-model-catalog-samples-chat + -# How to use Jamba-Instruct chat models +# How to deploy AI21's Jamba family models with Azure AI Studio [!INCLUDE [Feature preview](~/reusable-content/ce-skilling/azure/includes/ai-studio/includes/feature-preview.md)] -In this article, you learn about Jamba-Instruct chat models and how to use them. -The Jamba-Instruct model is AI21's production-grade Mamba-based large language model (LLM) which uses AI21's hybrid Mamba-Transformer architecture. It's an instruction-tuned version of AI21's hybrid structured state space model (SSM) transformer Jamba model. The Jamba-Instruct model is built for reliable commercial use with respect to quality and performance. --> [!TIP] -> See our announcements of AI21's Jamba-Instruct model available now on Azure AI Model Catalog through [AI21's blog](https://aka.ms/ai21-jamba-instruct-blog) and [Microsoft Tech Community Blog](https://aka.ms/ai21-jamba-instruct-announcement). -----## Jamba-Instruct chat models ----You can learn more about the models in their respective model card: --* [AI21-Jamba-Instruct](https://aka.ms/azureai/landing/AI21-Jamba-Instruct) ---## Prerequisites --To use Jamba-Instruct chat models with Azure AI Studio, you need the following prerequisites: --### A model deployment --**Deployment to serverless APIs** --Jamba-Instruct chat models can be deployed to serverless API endpoints with pay-as-you-go billing. This kind of deployment provides a way to consume models as an API without hosting them on your subscription, while keeping the enterprise security and compliance that organizations need. --Deployment to a serverless API endpoint doesn't require quota from your subscription. If your model isn't deployed already, use the Azure AI Studio, Azure Machine Learning SDK for Python, the Azure CLI, or ARM templates to [deploy the model as a serverless API](deploy-models-serverless.md). --> [!div class="nextstepaction"] -> [Deploy the model to serverless API endpoints](deploy-models-serverless.md) --### The inference package installed --You can consume predictions from this model by using the `azure-ai-inference` package with Python. To install this package, you need the following prerequisites: --* Python 3.8 or later installed, including pip. -* The endpoint URL. To construct the client library, you need to pass in the endpoint URL. The endpoint URL has the form `https://your-host-name.your-azure-region.inference.ai.azure.com`, where `your-host-name` is your unique model deployment host name and `your-azure-region` is the Azure region where the model is deployed (for example, eastus2). -* Depending on your model deployment and authentication preference, you need either a key to authenticate against the service, or Microsoft Entra ID credentials. The key is a 32-character string. - -Once you have these prerequisites, install the Azure AI inference package with the following command: --```bash -pip install azure-ai-inference -``` --Read more about the [Azure AI inference package and reference](https://aka.ms/azsdk/azure-ai-inference/python/reference). --## Work with chat completions --In this section, you use the [Azure AI model inference API](https://aka.ms/azureai/modelinference) with a chat completions model for chat. --> [!TIP] -> The [Azure AI model inference API](https://aka.ms/azureai/modelinference) allows you to talk with most models deployed in Azure AI Studio with the same code and structure, including Jamba-Instruct chat models. --### Create a client to consume the model --First, create the client to consume the model. The following code uses an endpoint URL and key that are stored in environment variables. ---```python -import os -from azure.ai.inference import ChatCompletionsClient -from azure.core.credentials import AzureKeyCredential --client = ChatCompletionsClient( - endpoint=os.environ["AZURE_INFERENCE_ENDPOINT"], - credential=AzureKeyCredential(os.environ["AZURE_INFERENCE_CREDENTIAL"]), -) -``` --### Get the model's capabilities --The `/info` route returns information about the model that is deployed to the endpoint. Return the model's information by calling the following method: ---```python -model_info = client.get_model_info() -``` --The response is as follows: ---```python -print("Model name:", model_info.model_name) -print("Model type:", model_info.model_type) -print("Model provider name:", model_info.model_provider_name) -``` --```console -Model name: AI21-Jamba-Instruct -Model type: chat-completions -Model provider name: AI21 -``` --### Create a chat completion request --The following example shows how you can create a basic chat completions request to the model. --```python -from azure.ai.inference.models import SystemMessage, UserMessage --response = client.complete( - messages=[ - SystemMessage(content="You are a helpful assistant."), - UserMessage(content="How many languages are in the world?"), - ], -) -``` --The response is as follows, where you can see the model's usage statistics: ---```python -print("Response:", response.choices[0].message.content) -print("Model:", response.model) -print("Usage:") -print("\tPrompt tokens:", response.usage.prompt_tokens) -print("\tTotal tokens:", response.usage.total_tokens) -print("\tCompletion tokens:", response.usage.completion_tokens) -``` --```console -Response: As of now, it's estimated that there are about 7,000 languages spoken around the world. However, this number can vary as some languages become extinct and new ones develop. It's also important to note that the number of speakers can greatly vary between languages, with some having millions of speakers and others only a few hundred. -Model: AI21-Jamba-Instruct -Usage: - Prompt tokens: 19 - Total tokens: 91 - Completion tokens: 72 -``` --Inspect the `usage` section in the response to see the number of tokens used for the prompt, the total number of tokens generated, and the number of tokens used for the completion. --#### Stream content --By default, the completions API returns the entire generated content in a single response. If you're generating long completions, waiting for the response can take many seconds. --You can _stream_ the content to get it as it's being generated. Streaming content allows you to start processing the completion as content becomes available. This mode returns an object that streams back the response as [data-only server-sent events](https://html.spec.whatwg.org/multipage/server-sent-events.html#server-sent-events). Extract chunks from the delta field, rather than the message field. ---```python -result = client.complete( - messages=[ - SystemMessage(content="You are a helpful assistant."), - UserMessage(content="How many languages are in the world?"), - ], - temperature=0, - top_p=1, - max_tokens=2048, - stream=True, -) -``` --To stream completions, set `stream=True` when you call the model. --To visualize the output, define a helper function to print the stream. --```python -def print_stream(result): - """ - Prints the chat completion with streaming. - """ - import time - for update in result: - if update.choices: - print(update.choices[0].delta.content, end="") -``` --You can visualize how streaming generates content: ---```python -print_stream(result) -``` --#### Explore more parameters supported by the inference client --Explore other parameters that you can specify in the inference client. For a full list of all the supported parameters and their corresponding documentation, see [Azure AI Model Inference API reference](https://aka.ms/azureai/modelinference). --```python -from azure.ai.inference.models import ChatCompletionsResponseFormat --response = client.complete( - messages=[ - SystemMessage(content="You are a helpful assistant."), - UserMessage(content="How many languages are in the world?"), - ], - presence_penalty=0.1, - frequency_penalty=0.8, - max_tokens=2048, - stop=["<|endoftext|>"], - temperature=0, - top_p=1, - response_format={ "type": ChatCompletionsResponseFormat.TEXT }, -) -``` --> [!WARNING] -> Jamba doesn't support JSON output formatting (`response_format = { "type": "json_object" }`). You can always prompt the model to generate JSON outputs. However, such outputs are not guaranteed to be valid JSON. --If you want to pass a parameter that isn't in the list of supported parameters, you can pass it to the underlying model using *extra parameters*. See [Pass extra parameters to the model](#pass-extra-parameters-to-the-model). --### Pass extra parameters to the model --The Azure AI Model Inference API allows you to pass extra parameters to the model. The following code example shows how to pass the extra parameter `logprobs` to the model. --Before you pass extra parameters to the Azure AI model inference API, make sure your model supports those extra parameters. When the request is made to the underlying model, the header `extra-parameters` is passed to the model with the value `pass-through`. This value tells the endpoint to pass the extra parameters to the model. Use of extra parameters with the model doesn't guarantee that the model can actually handle them. Read the model's documentation to understand which extra parameters are supported. ---```python -response = client.complete( - messages=[ - SystemMessage(content="You are a helpful assistant."), - UserMessage(content="How many languages are in the world?"), - ], - model_extras={ - "logprobs": True - } -) -``` --### Apply content safety --The Azure AI model inference API supports [Azure AI content safety](https://aka.ms/azureaicontentsafety). When you use deployments with Azure AI content safety turned on, inputs and outputs pass through an ensemble of classification models aimed at detecting and preventing the output of harmful content. The content filtering system detects and takes action on specific categories of potentially harmful content in both input prompts and output completions. --The following example shows how to handle events when the model detects harmful content in the input prompt and content safety is enabled. ---```python -from azure.ai.inference.models import AssistantMessage, UserMessage, SystemMessage --try: - response = client.complete( - messages=[ - SystemMessage(content="You are an AI assistant that helps people find information."), - UserMessage(content="Chopping tomatoes and cutting them into cubes or wedges are great ways to practice your knife skills."), - ] - ) -- print(response.choices[0].message.content) --except HttpResponseError as ex: - if ex.status_code == 400: - response = ex.response.json() - if isinstance(response, dict) and "error" in response: - print(f"Your request triggered an {response['error']['code']} error:\n\t {response['error']['message']}") - else: - raise - raise -``` --> [!TIP] -> To learn more about how you can configure and control Azure AI content safety settings, check the [Azure AI content safety documentation](https://aka.ms/azureaicontentsafety). -----## Jamba-Instruct chat models ----You can learn more about the models in their respective model card: --* [AI21-Jamba-Instruct](https://aka.ms/azureai/landing/AI21-Jamba-Instruct) ---## Prerequisites --To use Jamba-Instruct chat models with Azure AI Studio, you need the following prerequisites: --### A model deployment --**Deployment to serverless APIs** --Jamba-Instruct chat models can be deployed to serverless API endpoints with pay-as-you-go billing. This kind of deployment provides a way to consume models as an API without hosting them on your subscription, while keeping the enterprise security and compliance that organizations need. --Deployment to a serverless API endpoint doesn't require quota from your subscription. If your model isn't deployed already, use the Azure AI Studio, Azure Machine Learning SDK for Python, the Azure CLI, or ARM templates to [deploy the model as a serverless API](deploy-models-serverless.md). --> [!div class="nextstepaction"] -> [Deploy the model to serverless API endpoints](deploy-models-serverless.md) --### The inference package installed --You can consume predictions from this model by using the `@azure-rest/ai-inference` package from `npm`. To install this package, you need the following prerequisites: --* LTS versions of `Node.js` with `npm`. -* The endpoint URL. To construct the client library, you need to pass in the endpoint URL. The endpoint URL has the form `https://your-host-name.your-azure-region.inference.ai.azure.com`, where `your-host-name` is your unique model deployment host name and `your-azure-region` is the Azure region where the model is deployed (for example, eastus2). -* Depending on your model deployment and authentication preference, you need either a key to authenticate against the service, or Microsoft Entra ID credentials. The key is a 32-character string. --Once you have these prerequisites, install the Azure Inference library for JavaScript with the following command: --```bash -npm install @azure-rest/ai-inference -``` --## Work with chat completions --In this section, you use the [Azure AI model inference API](https://aka.ms/azureai/modelinference) with a chat completions model for chat. --> [!TIP] -> The [Azure AI model inference API](https://aka.ms/azureai/modelinference) allows you to talk with most models deployed in Azure AI Studio with the same code and structure, including Jamba-Instruct chat models. --### Create a client to consume the model --First, create the client to consume the model. The following code uses an endpoint URL and key that are stored in environment variables. ---```javascript -import ModelClient from "@azure-rest/ai-inference"; -import { isUnexpected } from "@azure-rest/ai-inference"; -import { AzureKeyCredential } from "@azure/core-auth"; --const client = new ModelClient( - process.env.AZURE_INFERENCE_ENDPOINT, - new AzureKeyCredential(process.env.AZURE_INFERENCE_CREDENTIAL) -); -``` --### Get the model's capabilities --The `/info` route returns information about the model that is deployed to the endpoint. Return the model's information by calling the following method: ---```javascript -var model_info = await client.path("/info").get() -``` --The response is as follows: ---```javascript -console.log("Model name: ", model_info.body.model_name) -console.log("Model type: ", model_info.body.model_type) -console.log("Model provider name: ", model_info.body.model_provider_name) -``` --```console -Model name: AI21-Jamba-Instruct -Model type: chat-completions -Model provider name: AI21 -``` --### Create a chat completion request --The following example shows how you can create a basic chat completions request to the model. --```javascript -var messages = [ - { role: "system", content: "You are a helpful assistant" }, - { role: "user", content: "How many languages are in the world?" }, -]; --var response = await client.path("/chat/completions").post({ - body: { - messages: messages, - } -}); -``` --The response is as follows, where you can see the model's usage statistics: ---```javascript -if (isUnexpected(response)) { - throw response.body.error; -} --console.log("Response: ", response.body.choices[0].message.content); -console.log("Model: ", response.body.model); -console.log("Usage:"); -console.log("\tPrompt tokens:", response.body.usage.prompt_tokens); -console.log("\tTotal tokens:", response.body.usage.total_tokens); -console.log("\tCompletion tokens:", response.body.usage.completion_tokens); -``` --```console -Response: As of now, it's estimated that there are about 7,000 languages spoken around the world. However, this number can vary as some languages become extinct and new ones develop. It's also important to note that the number of speakers can greatly vary between languages, with some having millions of speakers and others only a few hundred. -Model: AI21-Jamba-Instruct -Usage: - Prompt tokens: 19 - Total tokens: 91 - Completion tokens: 72 -``` --Inspect the `usage` section in the response to see the number of tokens used for the prompt, the total number of tokens generated, and the number of tokens used for the completion. --#### Stream content --By default, the completions API returns the entire generated content in a single response. If you're generating long completions, waiting for the response can take many seconds. --You can _stream_ the content to get it as it's being generated. Streaming content allows you to start processing the completion as content becomes available. This mode returns an object that streams back the response as [data-only server-sent events](https://html.spec.whatwg.org/multipage/server-sent-events.html#server-sent-events). Extract chunks from the delta field, rather than the message field. ---```javascript -var messages = [ - { role: "system", content: "You are a helpful assistant" }, - { role: "user", content: "How many languages are in the world?" }, -]; --var response = await client.path("/chat/completions").post({ - body: { - messages: messages, - } -}).asNodeStream(); -``` --To stream completions, use `.asNodeStream()` when you call the model. --You can visualize how streaming generates content: ---```javascript -var stream = response.body; -if (!stream) { - stream.destroy(); - throw new Error(`Failed to get chat completions with status: ${response.status}`); -} --if (response.status !== "200") { - throw new Error(`Failed to get chat completions: ${response.body.error}`); -} --var sses = createSseStream(stream); --for await (const event of sses) { - if (event.data === "[DONE]") { - return; - } - for (const choice of (JSON.parse(event.data)).choices) { - console.log(choice.delta?.content ?? ""); - } -} -``` --#### Explore more parameters supported by the inference client --Explore other parameters that you can specify in the inference client. For a full list of all the supported parameters and their corresponding documentation, see [Azure AI Model Inference API reference](https://aka.ms/azureai/modelinference). --```javascript -var messages = [ - { role: "system", content: "You are a helpful assistant" }, - { role: "user", content: "How many languages are in the world?" }, -]; --var response = await client.path("/chat/completions").post({ - body: { - messages: messages, - presence_penalty: "0.1", - frequency_penalty: "0.8", - max_tokens: 2048, - stop: ["<|endoftext|>"], - temperature: 0, - top_p: 1, - response_format: { type: "text" }, - } -}); -``` --> [!WARNING] -> Jamba doesn't support JSON output formatting (`response_format = { "type": "json_object" }`). You can always prompt the model to generate JSON outputs. However, such outputs are not guaranteed to be valid JSON. --If you want to pass a parameter that isn't in the list of supported parameters, you can pass it to the underlying model using *extra parameters*. See [Pass extra parameters to the model](#pass-extra-parameters-to-the-model). --### Pass extra parameters to the model --The Azure AI Model Inference API allows you to pass extra parameters to the model. The following code example shows how to pass the extra parameter `logprobs` to the model. --Before you pass extra parameters to the Azure AI model inference API, make sure your model supports those extra parameters. When the request is made to the underlying model, the header `extra-parameters` is passed to the model with the value `pass-through`. This value tells the endpoint to pass the extra parameters to the model. Use of extra parameters with the model doesn't guarantee that the model can actually handle them. Read the model's documentation to understand which extra parameters are supported. ---```javascript -var messages = [ - { role: "system", content: "You are a helpful assistant" }, - { role: "user", content: "How many languages are in the world?" }, -]; --var response = await client.path("/chat/completions").post({ - headers: { - "extra-params": "pass-through" - }, - body: { - messages: messages, - logprobs: true - } -}); -``` --### Apply content safety --The Azure AI model inference API supports [Azure AI content safety](https://aka.ms/azureaicontentsafety). When you use deployments with Azure AI content safety turned on, inputs and outputs pass through an ensemble of classification models aimed at detecting and preventing the output of harmful content. The content filtering system detects and takes action on specific categories of potentially harmful content in both input prompts and output completions. --The following example shows how to handle events when the model detects harmful content in the input prompt and content safety is enabled. -+In this article, you learn how to use Azure AI Studio to deploy AI21's Jamba family models as a serverless API with pay-as-you-go billing. -```javascript -try { - var messages = [ - { role: "system", content: "You are an AI assistant that helps people find information." }, - { role: "user", content: "Chopping tomatoes and cutting them into cubes or wedges are great ways to practice your knife skills." }, - ]; -- var response = await client.path("/chat/completions").post({ - body: { - messages: messages, - } - }); -- console.log(response.body.choices[0].message.content); -} -catch (error) { - if (error.status_code == 400) { - var response = JSON.parse(error.response._content); - if (response.error) { - console.log(`Your request triggered an ${response.error.code} error:\n\t ${response.error.message}`); - } - else - { - throw error; - } - } -} -``` +The Jamba family models are AI21's production-grade Mamba-based large language model (LLM) which leverages AI21's hybrid Mamba-Transformer architecture. It's an instruction-tuned version of AI21's hybrid structured state space model (SSM) transformer Jamba model. The Jamba family models are built for reliable commercial use with respect to quality and performance. > [!TIP]-> To learn more about how you can configure and control Azure AI content safety settings, check the [Azure AI content safety documentation](https://aka.ms/azureaicontentsafety). -----## Jamba-Instruct chat models ----You can learn more about the models in their respective model card: --* [AI21-Jamba-Instruct](https://aka.ms/azureai/landing/AI21-Jamba-Instruct) ---## Prerequisites --To use Jamba-Instruct chat models with Azure AI Studio, you need the following prerequisites: --### A model deployment --**Deployment to serverless APIs** --Jamba-Instruct chat models can be deployed to serverless API endpoints with pay-as-you-go billing. This kind of deployment provides a way to consume models as an API without hosting them on your subscription, while keeping the enterprise security and compliance that organizations need. --Deployment to a serverless API endpoint doesn't require quota from your subscription. If your model isn't deployed already, use the Azure AI Studio, Azure Machine Learning SDK for Python, the Azure CLI, or ARM templates to [deploy the model as a serverless API](deploy-models-serverless.md). --> [!div class="nextstepaction"] -> [Deploy the model to serverless API endpoints](deploy-models-serverless.md) --### The inference package installed --You can consume predictions from this model by using the `Azure.AI.Inference` package from [Nuget](https://www.nuget.org/). To install this package, you need the following prerequisites: --* The endpoint URL. To construct the client library, you need to pass in the endpoint URL. The endpoint URL has the form `https://your-host-name.your-azure-region.inference.ai.azure.com`, where `your-host-name` is your unique model deployment host name and `your-azure-region` is the Azure region where the model is deployed (for example, eastus2). -* Depending on your model deployment and authentication preference, you need either a key to authenticate against the service, or Microsoft Entra ID credentials. The key is a 32-character string. --Once you have these prerequisites, install the Azure AI inference library with the following command: --```dotnetcli -dotnet add package Azure.AI.Inference --prerelease -``` --You can also authenticate with Microsoft Entra ID (formerly Azure Active Directory). To use credential providers provided with the Azure SDK, install the `Azure.Identity` package: --```dotnetcli -dotnet add package Azure.Identity -``` --Import the following namespaces: ---```csharp -using Azure; -using Azure.Identity; -using Azure.AI.Inference; -``` --This example also use the following namespaces but you may not always need them: ---```csharp -using System.Text.Json; -using System.Text.Json.Serialization; -using System.Reflection; -``` --## Work with chat completions --In this section, you use the [Azure AI model inference API](https://aka.ms/azureai/modelinference) with a chat completions model for chat. --> [!TIP] -> The [Azure AI model inference API](https://aka.ms/azureai/modelinference) allows you to talk with most models deployed in Azure AI Studio with the same code and structure, including Jamba-Instruct chat models. --### Create a client to consume the model --First, create the client to consume the model. The following code uses an endpoint URL and key that are stored in environment variables. ---```csharp -ChatCompletionsClient client = new ChatCompletionsClient( - new Uri(Environment.GetEnvironmentVariable("AZURE_INFERENCE_ENDPOINT")), - new AzureKeyCredential(Environment.GetEnvironmentVariable("AZURE_INFERENCE_CREDENTIAL")) -); -``` --### Get the model's capabilities --The `/info` route returns information about the model that is deployed to the endpoint. Return the model's information by calling the following method: ---```csharp -Response<ModelInfo> modelInfo = client.GetModelInfo(); -``` --The response is as follows: ---```csharp -Console.WriteLine($"Model name: {modelInfo.Value.ModelName}"); -Console.WriteLine($"Model type: {modelInfo.Value.ModelType}"); -Console.WriteLine($"Model provider name: {modelInfo.Value.ModelProviderName}"); -``` --```console -Model name: AI21-Jamba-Instruct -Model type: chat-completions -Model provider name: AI21 -``` --### Create a chat completion request --The following example shows how you can create a basic chat completions request to the model. --```csharp -ChatCompletionsOptions requestOptions = new ChatCompletionsOptions() -{ - Messages = { - new ChatRequestSystemMessage("You are a helpful assistant."), - new ChatRequestUserMessage("How many languages are in the world?") - }, -}; --Response<ChatCompletions> response = client.Complete(requestOptions); -``` --The response is as follows, where you can see the model's usage statistics: ---```csharp -Console.WriteLine($"Response: {response.Value.Choices[0].Message.Content}"); -Console.WriteLine($"Model: {response.Value.Model}"); -Console.WriteLine("Usage:"); -Console.WriteLine($"\tPrompt tokens: {response.Value.Usage.PromptTokens}"); -Console.WriteLine($"\tTotal tokens: {response.Value.Usage.TotalTokens}"); -Console.WriteLine($"\tCompletion tokens: {response.Value.Usage.CompletionTokens}"); -``` --```console -Response: As of now, it's estimated that there are about 7,000 languages spoken around the world. However, this number can vary as some languages become extinct and new ones develop. It's also important to note that the number of speakers can greatly vary between languages, with some having millions of speakers and others only a few hundred. -Model: AI21-Jamba-Instruct -Usage: - Prompt tokens: 19 - Total tokens: 91 - Completion tokens: 72 -``` --Inspect the `usage` section in the response to see the number of tokens used for the prompt, the total number of tokens generated, and the number of tokens used for the completion. --#### Stream content +> See our announcements of AI21's Jamba family models available now on Azure AI Model Catalog through [AI21's blog](https://aka.ms/ai21-jamba-1.5-large-announcement) and [Microsoft Tech Community Blog](https://aka.ms/ai21-jamba-1.5-large-microsoft-annnouncement). -By default, the completions API returns the entire generated content in a single response. If you're generating long completions, waiting for the response can take many seconds. +## Deploy the Jamba family models as a serverless API -You can _stream_ the content to get it as it's being generated. Streaming content allows you to start processing the completion as content becomes available. This mode returns an object that streams back the response as [data-only server-sent events](https://html.spec.whatwg.org/multipage/server-sent-events.html#server-sent-events). Extract chunks from the delta field, rather than the message field. +Certain models in the model catalog can be deployed as a serverless API with pay-as-you-go billing, providing a way to consume them as an API without hosting them on your subscription, while keeping the enterprise security and compliance organizations need. This deployment option doesn't require quota from your subscription. +# [AI21 Jamba 1.5 Large](#tab/ai21-jamba-1-5-large) -```csharp -static async Task StreamMessageAsync(ChatCompletionsClient client) -{ - ChatCompletionsOptions requestOptions = new ChatCompletionsOptions() - { - Messages = { - new ChatRequestSystemMessage("You are a helpful assistant."), - new ChatRequestUserMessage("How many languages are in the world? Write an essay about it.") - }, - MaxTokens=4096 - }; +The [AI21-Jamba 1.5 Large model](https://aka.ms/aistudio/landing/ai21-labs-jamba-1.5-large) deployed as a serverless API with pay-as-you-go billing is [offered by AI21 through Microsoft Azure Marketplace](https://aka.ms/azure-marketplace-offer-ai21-jamba-1.5-large). AI21 can change or update the terms of use and pricing of this model. - StreamingResponse<StreamingChatCompletionsUpdate> streamResponse = await client.CompleteStreamingAsync(requestOptions); +To get started with Jamba 1.5 large deployed as a serverless API, explore our integrations with [LangChain](https://aka.ms/ai21-jamba-1.5-large-langchain-sample), [LiteLLM](https://aka.ms/ai21-jamba-1.5-large-litellm-sample), [OpenAI](https://aka.ms/ai21-jamba-1.5-large-openai-sample) and the [Azure API](https://aka.ms/ai21-jamba-1.5-large-azure-api-sample). - await PrintStream(streamResponse); -} -``` --To stream completions, use `CompleteStreamingAsync` method when you call the model. Notice that in this example we the call is wrapped in an asynchronous method. --To visualize the output, define an asynchronous method to print the stream in the console. --```csharp -static async Task PrintStream(StreamingResponse<StreamingChatCompletionsUpdate> response) -{ - await foreach (StreamingChatCompletionsUpdate chatUpdate in response) - { - if (chatUpdate.Role.HasValue) - { - Console.Write($"{chatUpdate.Role.Value.ToString().ToUpperInvariant()}: "); - } - if (!string.IsNullOrEmpty(chatUpdate.ContentUpdate)) - { - Console.Write(chatUpdate.ContentUpdate); - } - } -} -``` -You can visualize how streaming generates content: +# [AI21 Jamba 1.5 Mini](#tab/ai21-jamba-1-5) +The [AI21 Jamba 1.5 Mini model](https://aka.ms/aistudio/landing/ai21-labs-jamba-1.5-mini) deployed as a serverless API with pay-as-you-go billing is [offered by AI21 through Microsoft Azure Marketplace](https://aka.ms/azure-marketplace-offer-ai21-jamba-1.5-mini). AI21 can change or update the terms of use and pricing of this model. -```csharp -StreamMessageAsync(client).GetAwaiter().GetResult(); -``` +To get started with Jamba 1.5 mini deployed as a serverless API, explore our integrations with [LangChain](https://aka.ms/ai21-jamba-1.5-mini-langchain-sample), [LiteLLM](https://aka.ms/ai21-jamba-1.5-mini-litellm-sample), [OpenAI](https://aka.ms/ai21-jamba-1.5-mini-openai-sample) and the [Azure API](https://aka.ms/ai21-jamba-1.5-mini-azure-api-sample). -#### Explore more parameters supported by the inference client + -Explore other parameters that you can specify in the inference client. For a full list of all the supported parameters and their corresponding documentation, see [Azure AI Model Inference API reference](https://aka.ms/azureai/modelinference). +### Prerequisites -```csharp -requestOptions = new ChatCompletionsOptions() -{ - Messages = { - new ChatRequestSystemMessage("You are a helpful assistant."), - new ChatRequestUserMessage("How many languages are in the world?") - }, - PresencePenalty = 0.1f, - FrequencyPenalty = 0.8f, - MaxTokens = 2048, - StopSequences = { "<|endoftext|>" }, - Temperature = 0, - NucleusSamplingFactor = 1, - ResponseFormat = new ChatCompletionsResponseFormatText() -}; --response = client.Complete(requestOptions); -Console.WriteLine($"Response: {response.Value.Choices[0].Message.Content}"); -``` +- An Azure subscription with a valid payment method. Free or trial Azure subscriptions won't work. If you don't have an Azure subscription, create a [paid Azure account](https://azure.microsoft.com/pricing/purchase-options/pay-as-you-go) to begin. +- An [AI Studio hub](../how-to/create-azure-ai-resource.md). The serverless API model deployment offering for Jamba family models is only available with hubs created in these regions: -> [!WARNING] -> Jamba doesn't support JSON output formatting (`response_format = { "type": "json_object" }`). You can always prompt the model to generate JSON outputs. However, such outputs are not guaranteed to be valid JSON. + * East US + * East US 2 + * North Central US + * South Central US + * West US + * West US 3 + * Sweden Central + + For a list of regions that are available for each of the models supporting serverless API endpoint deployments, see [Region availability for models in serverless API endpoints](deploy-models-serverless-availability.md). +- An Azure [AI Studio project](../how-to/create-projects.md). +- Azure role-based access controls (Azure RBAC) are used to grant access to operations in Azure AI Studio. To perform the steps in this article, your user account must be assigned the __owner__ or __contributor__ role for the Azure subscription. Alternatively, your account can be assigned a custom role that has the following permissions: -If you want to pass a parameter that isn't in the list of supported parameters, you can pass it to the underlying model using *extra parameters*. See [Pass extra parameters to the model](#pass-extra-parameters-to-the-model). + - On the Azure subscription—to subscribe the AI Studio project to the Azure Marketplace offering, once for each project, per offering: + - `Microsoft.MarketplaceOrdering/agreements/offers/plans/read` + - `Microsoft.MarketplaceOrdering/agreements/offers/plans/sign/action` + - `Microsoft.MarketplaceOrdering/offerTypes/publishers/offers/plans/agreements/read` + - `Microsoft.Marketplace/offerTypes/publishers/offers/plans/agreements/read` + - `Microsoft.SaaS/register/action` + + - On the resource group—to create and use the SaaS resource: + - `Microsoft.SaaS/resources/read` + - `Microsoft.SaaS/resources/write` + + - On the AI Studio project—to deploy endpoints (the Azure AI Developer role contains these permissions already): + - `Microsoft.MachineLearningServices/workspaces/marketplaceModelSubscriptions/*` + - `Microsoft.MachineLearningServices/workspaces/serverlessEndpoints/*` -### Pass extra parameters to the model + For more information on permissions, see [Role-based access control in Azure AI Studio](../concepts/rbac-ai-studio.md). -The Azure AI Model Inference API allows you to pass extra parameters to the model. The following code example shows how to pass the extra parameter `logprobs` to the model. -Before you pass extra parameters to the Azure AI model inference API, make sure your model supports those extra parameters. When the request is made to the underlying model, the header `extra-parameters` is passed to the model with the value `pass-through`. This value tells the endpoint to pass the extra parameters to the model. Use of extra parameters with the model doesn't guarantee that the model can actually handle them. Read the model's documentation to understand which extra parameters are supported. +### Create a new deployment +These steps demonstrate the deployment of `AI21 Jamba 1.5 Large` or `AI21 Jamba 1.5 Mini` models. To create a deployment: -```csharp -requestOptions = new ChatCompletionsOptions() -{ - Messages = { - new ChatRequestSystemMessage("You are a helpful assistant."), - new ChatRequestUserMessage("How many languages are in the world?") - }, - AdditionalProperties = { { "logprobs", BinaryData.FromString("true") } }, -}; --response = client.Complete(requestOptions, extraParams: ExtraParameters.PassThrough); -Console.WriteLine($"Response: {response.Value.Choices[0].Message.Content}"); -``` +1. Sign in to [Azure AI Studio](https://ai.azure.com). -### Apply content safety +1. Select **Model catalog** from the left sidebar. -The Azure AI model inference API supports [Azure AI content safety](https://aka.ms/azureaicontentsafety). When you use deployments with Azure AI content safety turned on, inputs and outputs pass through an ensemble of classification models aimed at detecting and preventing the output of harmful content. The content filtering system detects and takes action on specific categories of potentially harmful content in both input prompts and output completions. +1. Search for and select a AI21 model like `AI21 Jamba 1.5 Large` or `AI21 Jamba 1.5 Mini` or `AI21 Jamba Instruct` to open its Details page. -The following example shows how to handle events when the model detects harmful content in the input prompt and content safety is enabled. +1. Select **Deploy** to open a serverless API deployment window for the model. +1. Alternatively, you can initiate a deployment by starting from your project in AI Studio. -```csharp -try -{ - requestOptions = new ChatCompletionsOptions() - { - Messages = { - new ChatRequestSystemMessage("You are an AI assistant that helps people find information."), - new ChatRequestUserMessage( - "Chopping tomatoes and cutting them into cubes or wedges are great ways to practice your knife skills." - ), - }, - }; -- response = client.Complete(requestOptions); - Console.WriteLine(response.Value.Choices[0].Message.Content); -} -catch (RequestFailedException ex) -{ - if (ex.ErrorCode == "content_filter") - { - Console.WriteLine($"Your query has trigger Azure Content Safety: {ex.Message}"); - } - else - { - throw; - } -} -``` + 1. From the left sidebar of your project, select **Components** > **Deployments**. + 1. Select **+ Create deployment**. -> [!TIP] -> To learn more about how you can configure and control Azure AI content safety settings, check the [Azure AI content safety documentation](https://aka.ms/azureaicontentsafety). + 1. Search for and select a AI21 model like `AI21 Jamba 1.5 Large` or `AI21 Jamba 1.5 Mini` or `AI21 Jamba Instruct` to open the Model's Details page. + 1. Select **Confirm** to open a serverless API deployment window for the model. +1. Select the project in which you want to deploy your model. To deploy the AI21-Jamba family models, your project must be in one of the regions listed in the [Prerequisites](#prerequisites) section. +1. In the deployment wizard, select the link to **Azure Marketplace Terms**, to learn more about the terms of use. -## Jamba-Instruct chat models +1. Select the **Pricing and terms** tab to learn about pricing for the selected model. +1. Select the **Subscribe and Deploy** button. If this is your first time deploying the model in the project, you have to subscribe your project for the particular offering. This step requires that your account has the Azure subscription permissions and resource group permissions listed in the [Prerequisites](#prerequisites). Each project has its own subscription to the particular Azure Marketplace offering of the model, which allows you to control and monitor spending. Currently, you can have only one deployment for each model within a project. +1. Once you subscribe the project for the particular Azure Marketplace offering, subsequent deployments of the _same_ offering in the _same_ project don't require subscribing again. If this scenario applies to you, there's a **Continue to deploy** option to select. -You can learn more about the models in their respective model card: +1. Give the deployment a name. This name becomes part of the deployment API URL. This URL must be unique in each Azure region. -* [AI21-Jamba-Instruct](https://aka.ms/azureai/landing/AI21-Jamba-Instruct) +1. Select **Deploy**. Wait until the deployment is ready and you're redirected to the Deployments page. +1. Return to the Deployments page, select the deployment, and note the endpoint's **Target** URL and the Secret **Key**. For more information on using the APIs, see the [Reference](#reference-for-jamba-family-models-deployed-as-a-serverless-api) section. -## Prerequisites +1. You can always find the endpoint's details, URL, and access keys by navigating to your **Project overview** page. Then, from the left sidebar of your project, select **Components** > **Deployments**. -To use Jamba-Instruct chat models with Azure AI Studio, you need the following prerequisites: +To learn about billing for the AI21-Jamba family models deployed as a serverless API with pay-as-you-go token-based billing, see [Cost and quota considerations for Jamba Instruct deployed as a serverless API](#cost-and-quota-considerations-for-jamba-family-models-deployed-as-a-serverless-api). -### A model deployment -**Deployment to serverless APIs** +### Consume Jamba family models as a serverless API -Jamba-Instruct chat models can be deployed to serverless API endpoints with pay-as-you-go billing. This kind of deployment provides a way to consume models as an API without hosting them on your subscription, while keeping the enterprise security and compliance that organizations need. +You can consume Jamba family models as follows: -Deployment to a serverless API endpoint doesn't require quota from your subscription. If your model isn't deployed already, use the Azure AI Studio, Azure Machine Learning SDK for Python, the Azure CLI, or ARM templates to [deploy the model as a serverless API](deploy-models-serverless.md). +1. From your **Project overview** page, go to the left sidebar and select **Components** > **Deployments**. -> [!div class="nextstepaction"] -> [Deploy the model to serverless API endpoints](deploy-models-serverless.md) +1. Find and select the deployment you created. -### A REST client +1. Copy the **Target** URL and the **Key** value. -Models deployed with the [Azure AI model inference API](https://aka.ms/azureai/modelinference) can be consumed using any REST client. To use the REST client, you need the following prerequisites: +1. Make an API request. -* To construct the requests, you need to pass in the endpoint URL. The endpoint URL has the form `https://your-host-name.your-azure-region.inference.ai.azure.com`, where `your-host-name`` is your unique model deployment host name and `your-azure-region`` is the Azure region where the model is deployed (for example, eastus2). -* Depending on your model deployment and authentication preference, you need either a key to authenticate against the service, or Microsoft Entra ID credentials. The key is a 32-character string. +For more information on using the APIs, see the [reference](#reference-for-jamba-family-models-deployed-as-a-serverless-api) section. -## Work with chat completions -In this section, you use the [Azure AI model inference API](https://aka.ms/azureai/modelinference) with a chat completions model for chat. +## Reference for Jamba family models deployed as a serverless API -> [!TIP] -> The [Azure AI model inference API](https://aka.ms/azureai/modelinference) allows you to talk with most models deployed in Azure AI Studio with the same code and structure, including Jamba-Instruct chat models. +Jamba family models accept both of these APIs: -### Create a client to consume the model +- The [Azure AI Model Inference API](../reference/reference-model-inference-api.md) on the route `/chat/completions` for multi-turn chat or single-turn question-answering. This API is supported because Jamba family models are fine-tuned for chat completion. +- [AI21's Azure Client](https://docs.ai21.com/reference/jamba-instruct-api). For more information about the REST endpoint being called, visit [AI21's REST documentation](https://docs.ai21.com/reference/jamba-instruct-api). -First, create the client to consume the model. The following code uses an endpoint URL and key that are stored in environment variables. +### Azure AI model inference API -### Get the model's capabilities +The [Azure AI model inference API](../reference/reference-model-inference-api.md) schema can be found in the [reference for Chat Completions](../reference/reference-model-inference-chat-completions.md) article and an [OpenAPI specification can be obtained from the endpoint itself](../reference/reference-model-inference-api.md?tabs=rest#getting-started). -The `/info` route returns information about the model that is deployed to the endpoint. Return the model's information by calling the following method: +Single-turn and multi-turn chat have the same request and response format, except that question answering (single-turn) involves only a single user message in the request, while multi-turn chat requires that you send the entire chat message history in each request. -```http -GET /info HTTP/1.1 -Host: <ENDPOINT_URI> -Authorization: Bearer <TOKEN> -Content-Type: application/json -``` +In a multi-turn chat, the message thread has the following attributes: -The response is as follows: +- Includes all messages from the user and the model, ordered from oldest to newest. +- Messages alternate between `user` and `assistant` role messages +- Optionally, the message thread starts with a system message to provide context. +The following pseudocode is an example of the message stack for the fourth call in a chat request that includes an initial system message. ```json-{ - "model_name": "AI21-Jamba-Instruct", - "model_type": "chat-completions", - "model_provider_name": "AI21" -} +[ + {"role": "system", "message": "Some contextual information here"}, + {"role": "user", "message": "User message 1"}, + {"role": "assistant", "message": "System response 1"}, + {"role": "user", "message": "User message 2"}, + {"role": "assistant"; "message": "System response 2"}, + {"role": "user", "message": "User message 3"}, + {"role": "assistant", "message": "System response 3"}, + {"role": "user", "message": "User message 4"} +] ``` -### Create a chat completion request +### AI21's Azure client -The following example shows how you can create a basic chat completions request to the model. +Use the method `POST` to send the request to the `/v1/chat/completions` route: -```json -{ - "messages": [ - { - "role": "system", - "content": "You are a helpful assistant." - }, - { - "role": "user", - "content": "How many languages are in the world?" - } - ] -} -``` --The response is as follows, where you can see the model's usage statistics: +__Request__ --```json +```HTTP/1.1 +POST /v1/chat/completions HTTP/1.1 +Host: <DEPLOYMENT_URI> +Authorization: Bearer <TOKEN> +Content-type: application/json +``` ++#### Request schema ++Payload is a JSON formatted string containing the following parameters: ++| Key | Type | Required/Default | Allowed values | Description | +| - | -- | :--:| -- | | +| `model` | `string` | Y | Must be `jamba-1.5-large` or `jamba-1.5-mini` or `jamba-instruct`| +| `messages` | `list[object]` | Y | A list of objects, one per message, from oldest to newest. The oldest message can be role `system`. All later messages must alternate between user and assistant roles. See the message object definition below.| +| `max_tokens` | `integer` | N <br>`4096` | 0 – 4096 | The maximum number of tokens to allow for each generated response message. Typically the best way to limit output length is by providing a length limit in the system prompt (for example, "limit your answers to three sentences")| +| `temperature` | `float` | N <br>`1` | 0.0 – 2.0 | How much variation to provide in each answer. Setting this value to 0 guarantees the same response to the same question every time. Setting a higher value encourages more variation. Modifies the distribution from which tokens are sampled. We recommend altering this or `top_p`, but not both. | +| `top_p` | `float` | N <br>`1` | 0 < _value_ <=1.0 | Limit the pool of next tokens in each step to the top N percentile of possible tokens, where 1.0 means the pool of all possible tokens, and 0.01 means the pool of only the most likely next tokens. | +| `stop` | `string` OR `list[string]` | N <br> | "" | String or list of strings containing the word(s) where the API should stop generating output. Newlines are allowed as "\n". The returned text won't contain the stop sequence. | +| `n` | `integer` | N <br>`1` | 1 – 16 | How many responses to generate for each prompt. With Azure AI Studio's Playground, `n=1` as we work on multi-response Playground. | +| `stream` | `boolean` | N <br>`False` | `True` OR `False` | Whether to enable streaming. If true, results are returned one token at a time. If set to true, `n` must be 1, which is automatically set.| +| `tools` | `array[tool]` | N | "" | A list of `tools` the model may call. Currently, only functions are supported as a tool. Use this to provide a list of functions the model may generate JSON inputs for. A max of 128 functions are supported.| +| `response_format` | `object` | N <br>`null` | "" | Setting to `{ "type": "json_object" }` enables JSON mode, which guarantees the message the model generates is valid JSON.| +| `documents` | `array[document]` | N | "" | A list of relevant `documents` the model can ground its responses on, if the user explicitly says so in the prompt. Essentially acts as an extension to the prompt, with the ability to add metadata. each document is a dictionary.| ++The `messages` object has the following fields: + - `role`: [_string, required_] The author or purpose of the message. One of the following values: + - `user`: Input provided by the user. Any instructions given here that conflict with instructions given in the `system` prompt take precedence over the `system` prompt instructions. + - `assistant`: A response generated by the model. + - `system`: Initial instructions to provide general guidance on the tone and voice of the generated message. An initial system message is optional, but recommended to provide guidance on the tone of the chat. For example, "You are a helpful chatbot with a background in earth sciences and a charming French accent." + - `content`: [_string, required_] The content of the message. ++The `tool` object has the following fields: +- `type` (required; str) - The type of the tool. Currently, only "function" is supported. +- `function` (required; object) - The function details. + - `name` (required; str) - The name of the function to be called. + - `description` (optional; str) - A description of what the function does. + - `parameters` (optional; object) - The parameters the function accepts, described as a JSON Schema object. ++The `document` object has the following fields: +- `id` (optional; str) - unique identifier. will be linked to in citations. up to 128 characters. +- `content` (required; str) - the content of the document +- `metadata` (optional; array of **Metadata)** + - `key` (required; str) - type of metadata, like ‘author’, ‘date’, ‘url’, etc. Should be things the model understands. + - `value` (required; str) - value of the metadata ++#### Request example ++__Single-turn example Jamba 1.5 large and Jamba 1.5 mini__ ++```JSON {- "id": "0a1234b5de6789f01gh2i345j6789klm", - "object": "chat.completion", - "created": 1718726686, - "model": "AI21-Jamba-Instruct", - "choices": [ - { - "index": 0, - "message": { - "role": "assistant", - "content": "As of now, it's estimated that there are about 7,000 languages spoken around the world. However, this number can vary as some languages become extinct and new ones develop. It's also important to note that the number of speakers can greatly vary between languages, with some having millions of speakers and others only a few hundred.", - "tool_calls": null - }, - "finish_reason": "stop", - "logprobs": null - } - ], - "usage": { - "prompt_tokens": 19, - "total_tokens": 91, - "completion_tokens": 72 - } + "model":"jamba-1.5-large", <jamba-1.5-large|jamba-1.5-mini> + "messages":[ + { + "role":"user", + "content":"I need help with your product. Can you please assist?" + } + ], + "temperature":1, + "top_p":1, + "n":1, + "stop":"\n", + "stream":false } ```+__Single-turn example Jamba 1.5 large and Jamba 1.5 mini with documents__ -Inspect the `usage` section in the response to see the number of tokens used for the prompt, the total number of tokens generated, and the number of tokens used for the completion. --#### Stream content --By default, the completions API returns the entire generated content in a single response. If you're generating long completions, waiting for the response can take many seconds. --You can _stream_ the content to get it as it's being generated. Streaming content allows you to start processing the completion as content becomes available. This mode returns an object that streams back the response as [data-only server-sent events](https://html.spec.whatwg.org/multipage/server-sent-events.html#server-sent-events). Extract chunks from the delta field, rather than the message field. ---```json +```JSON {- "messages": [ - { - "role": "system", - "content": "You are a helpful assistant." - }, - { - "role": "user", - "content": "How many languages are in the world?" - } - ], - "stream": true, - "temperature": 0, - "top_p": 1, - "max_tokens": 2048 + "model":"jamba-1.5-large", <jamba-1.5-large|jamba-1.5-mini> + "messages":[ + { + "role":"system", + "content":'''<documents> + # Documents ++ You can use the following documents for reference: ++ ## Document ID: 0 + Text: Harry Potter is a series of seven fantasy novels written by British author J. K. Rowling. ++ ## Document ID: 1 + Text: The Great Gatsby is a novel by American writer F. Scott Fitzgerald. + </documents>'''}, ++ { + "role":"user", + "content":"Who wrote Harry Potter?" + } + ], + "temperature":0.4, + "top_p":1, + "n":1, + "stop":"\n", + "stream":false } ``` -You can visualize how streaming generates content: -+__Chat example (fourth request containing third user response)__ -```json +```JSON {- "id": "23b54589eba14564ad8a2e6978775a39", - "object": "chat.completion.chunk", - "created": 1718726371, - "model": "AI21-Jamba-Instruct", - "choices": [ - { - "index": 0, - "delta": { - "role": "assistant", - "content": "" - }, - "finish_reason": null, - "logprobs": null - } - ] + "model": "jamba-instruct", + "messages": [ + {"role": "system", + "content": "You are a helpful genie just released from a bottle. You start the conversation with 'Thank you for freeing me! I grant you one wish.'"}, + {"role":"user", + "content":"I want a new car"}, + {"role":"assistant", + "content":"🚗 Great choice, I can definitely help you with that! Before I grant your wish, can you tell me what kind of car you're looking for?"}, + {"role":"user", + "content":"A corvette"}, + {"role":"assistant", + "content":"Great choice! What color and year?"}, + {"role":"user", + "content":"1963 black split window Corvette"} + ], + "n":3 } ``` -The last message in the stream has `finish_reason` set, indicating the reason for the generation process to stop. +#### Response schema +The response depends slightly on whether the result is streamed or not. -```json -{ - "id": "23b54589eba14564ad8a2e6978775a39", - "object": "chat.completion.chunk", - "created": 1718726371, - "model": "AI21-Jamba-Instruct", - "choices": [ - { - "index": 0, - "delta": { - "content": "" - }, - "finish_reason": "stop", - "logprobs": null - } - ], - "usage": { - "prompt_tokens": 19, - "total_tokens": 91, - "completion_tokens": 72 - } -} -``` +In a _non-streamed result_, all responses are delivered together in a single response, which also includes a `usage` property. -#### Explore more parameters supported by the inference client +In a _streamed result_, -Explore other parameters that you can specify in the inference client. For a full list of all the supported parameters and their corresponding documentation, see [Azure AI Model Inference API reference](https://aka.ms/azureai/modelinference). +* Each response includes a single token in the `choices` field. +* The `choices` object structure is different. +* Only the last response includes a `usage` object. +* The entire response is wrapped in a `data` object. +* The final response object is `data: [DONE]`. -```json -{ - "messages": [ - { - "role": "system", - "content": "You are a helpful assistant." - }, - { - "role": "user", - "content": "How many languages are in the world?" - } - ], - "presence_penalty": 0.1, - "frequency_penalty": 0.8, - "max_tokens": 2048, - "stop": ["<|endoftext|>"], - "temperature" :0, - "top_p": 1, - "response_format": { "type": "text" } -} -``` +The response payload is a dictionary with the following fields. +| Key | Type | Description | +| | | - | +| `id` | `string` | A unique identifier for the request. | +| `model` | `string` | Name of the model used. | +| `choices` | `list[object`]|The model-generated response text. For a non-streaming response it is a list with `n` items. For a streaming response, it is a single object containing a single token. See the object description below. | +| `usage` | `object` | Usage statistics for the completion request. See below for details. | -```json -{ - "id": "0a1234b5de6789f01gh2i345j6789klm", - "object": "chat.completion", - "created": 1718726686, - "model": "AI21-Jamba-Instruct", - "choices": [ - { - "index": 0, - "message": { - "role": "assistant", - "content": "As of now, it's estimated that there are about 7,000 languages spoken around the world. However, this number can vary as some languages become extinct and new ones develop. It's also important to note that the number of speakers can greatly vary between languages, with some having millions of speakers and others only a few hundred.", - "tool_calls": null - }, - "finish_reason": "stop", - "logprobs": null - } - ], - "usage": { - "prompt_tokens": 19, - "total_tokens": 91, - "completion_tokens": 72 - } -} -``` +The `choices` response object contains the model-generated response. The object has the following fields: -> [!WARNING] -> Jamba doesn't support JSON output formatting (`response_format = { "type": "json_object" }`). You can always prompt the model to generate JSON outputs. However, such outputs are not guaranteed to be valid JSON. +| Key | Type | Description | +| | | | +| `index` | `integer` | Zero-based index of the message in the list of messages. Might not correspond to the position in the list. For streamed messages this is always zero.| +| `message` OR `delta` | `object` | The generated message (or token in a streaming response). Same object type as described in the request with two changes:<br> - In a non-streaming response, this object is called `message`. <br>- In a streaming response, it is called `delta`, and contains either `message` or `role` but never both. | +| `finish_reason` | `string` | The reason the model stopped generating tokens: <br>- `stop`: The model reached a natural stop point, or a provided stop sequence. <br>- `length`: Max number of tokens have been reached. <br>- `content_filter`: The generated response violated a responsible AI policy. <br>- `null`: Streaming only. In a streaming response, all responses except the last will be `null`. | -If you want to pass a parameter that isn't in the list of supported parameters, you can pass it to the underlying model using *extra parameters*. See [Pass extra parameters to the model](#pass-extra-parameters-to-the-model). +The `message` response object contains the model-generated response. The object has the following fields: -### Pass extra parameters to the model +| Key | Type | Description | +| | | | +| `role` | `string` | The role of the author of this message.| +| `content` | `string or null` | The contents of the message. | +| `tool_calls` | `array or null` | The tool calls generated by the model.| -The Azure AI Model Inference API allows you to pass extra parameters to the model. The following code example shows how to pass the extra parameter `logprobs` to the model. +The `tool_calls` response object contains the model-generated response. The object has the following fields: -Before you pass extra parameters to the Azure AI model inference API, make sure your model supports those extra parameters. When the request is made to the underlying model, the header `extra-parameters` is passed to the model with the value `pass-through`. This value tells the endpoint to pass the extra parameters to the model. Use of extra parameters with the model doesn't guarantee that the model can actually handle them. Read the model's documentation to understand which extra parameters are supported. +| Key | Type | Description | +| | | | +| `id` | `string` | The ID of the tool call.| +| `type` | `string` | The type of the tool. Currently, only `function` is supported. | +| `function` | `object` | The function that the model called.| -```http -POST /chat/completions HTTP/1.1 -Host: <ENDPOINT_URI> -Authorization: Bearer <TOKEN> -Content-Type: application/json -extra-parameters: pass-through -``` +The `function` response object contains the model-generated response. The object has the following fields: +| Key | Type | Description | +| | | | +| `name` | `string` | The name of the function to call.| +| `arguments` | `string` | The arguments to call the function with, as generated by the model in JSON format. | -```json -{ - "messages": [ - { - "role": "system", - "content": "You are a helpful assistant." - }, - { - "role": "user", - "content": "How many languages are in the world?" - } - ], - "logprobs": true -} -``` --### Apply content safety +The `usage` response object contains the following fields. -The Azure AI model inference API supports [Azure AI content safety](https://aka.ms/azureaicontentsafety). When you use deployments with Azure AI content safety turned on, inputs and outputs pass through an ensemble of classification models aimed at detecting and preventing the output of harmful content. The content filtering system detects and takes action on specific categories of potentially harmful content in both input prompts and output completions. +| Key | Type | Value | +| - | | -- | +| `prompt_tokens` | `integer` | Number of tokens in the prompt. Note that the prompt token count includes extra tokens added by the system to format the prompt list into a single string as required by the model. The number of extra tokens is typically proportional to the number of messages in the thread, and should be relatively small. | +| `completion_tokens` | `integer` | Number of tokens generated in the completion.| +| `total_tokens` | `integer` | Total tokens. -The following example shows how to handle events when the model detects harmful content in the input prompt and content safety is enabled. +#### Non-streaming response example --```json +```JSON {- "messages": [ - { - "role": "system", - "content": "You are an AI assistant that helps people find information." - }, - { - "role": "user", - "content": "Chopping tomatoes and cutting them into cubes or wedges are great ways to practice your knife skills." - } - ] + "id":"cmpl-524c73beb8714d878e18c3b5abd09f2a", + "choices":[ + { + "index":0, + "message":{ + "role":"assistant", + "content":"The human nose can detect over 1 trillion different scents, making it one of the most sensitive smell organs in the animal kingdom." + }, + "finishReason":"stop" + } + ], + "created": 1717487036, + "usage":{ + "promptTokens":116, + "completionTokens":30, + "totalTokens":146 + } } ``` +#### Streaming response example -```json -{ - "error": { - "message": "The response was filtered due to the prompt triggering Microsoft's content management policy. Please modify your prompt and retry.", - "type": null, - "param": "prompt", - "code": "content_filter", - "status": 400 - } -} +```JSON +data: {"id": "cmpl-8e8b2f6556f94714b0cd5cfe3eeb45fc", "choices": [{"index": 0, "delta": {"role": "assistant"}, "created": 1717487336, "finish_reason": null}]} +data: {"id": "cmpl-8e8b2f6556f94714b0cd5cfe3eeb45fc", "choices": [{"index": 0, "delta": {"content": ""}, "created": 1717487336, "finish_reason": null}]} +data: {"id": "cmpl-8e8b2f6556f94714b0cd5cfe3eeb45fc", "choices": [{"index": 0, "delta": {"content": " The"}, "created": 1717487336, "finish_reason": null}]} +data: {"id": "cmpl-8e8b2f6556f94714b0cd5cfe3eeb45fc", "choices": [{"index": 0, "delta": {"content": " first e"}, "created": 1717487336, "finish_reason": null}]} +data: {"id": "cmpl-8e8b2f6556f94714b0cd5cfe3eeb45fc", "choices": [{"index": 0, "delta": {"content": "mpe"}, "created": 1717487336, "finish_reason": null}]} +... 115 responses omitted for sanity ... +data: {"id": "cmpl-8e8b2f6556f94714b0cd5cfe3eeb45fc", "choices": [{"index": 0, "delta": {"content": "me"}, "created": 1717487336, "finish_reason": null}]} +data: {"id": "cmpl-8e8b2f6556f94714b0cd5cfe3eeb45fc", "choices": [{"index": 0, "delta": {"content": "."}, "created": 1717487336,"finish_reason": "stop"}], "usage": {"prompt_tokens": 107, "completion_tokens": 121, "total_tokens": 228}} +data: [DONE] ``` -> [!TIP] -> To learn more about how you can configure and control Azure AI content safety settings, check the [Azure AI content safety documentation](https://aka.ms/azureaicontentsafety). -+## Cost and quotas -## More inference examples +### Cost and quota considerations for Jamba family models deployed as a serverless API -For more examples of how to use Jamba, see the following examples and tutorials: +The Jamba family models are deployed as a serverless API and is offered by AI21 through Azure Marketplace and integrated with Azure AI studio for use. You can find Azure Marketplace pricing when deploying or fine-tuning models. -| Description | Language | Sample | -|-|-|--| -| Azure AI Inference package for JavaScript | JavaScript | [Link](https://aka.ms/azsdk/azure-ai-inference/javascript/samples) | -| Azure AI Inference package for Python | Python | [Link](https://aka.ms/azsdk/azure-ai-inference/python/samples) | +Each time a workspace subscribes to a given model offering from Azure Marketplace, a new resource is created to track the costs associated with its consumption. The same resource is used to track costs associated with inference and fine-tuning; however, multiple meters are available to track each scenario independently. -## Cost and quota considerations for Jamba family of models deployed as serverless API endpoints +For more information on how to track costs, see [Monitor costs for models offered through the Azure Marketplace](./costs-plan-manage.md#monitor-costs-for-models-offered-through-the-azure-marketplace). Quota is managed per deployment. Each deployment has a rate limit of 200,000 tokens per minute and 1,000 API requests per minute. However, we currently limit one deployment per model per project. Contact Microsoft Azure Support if the current rate limits aren't sufficient for your scenarios. -Jamba models deployed as a serverless API are offered by AI21 through the Azure Marketplace and integrated with Azure AI Studio for use. You can find the Azure Marketplace pricing when deploying the model. +## Content filtering -Each time a project subscribes to a given offer from the Azure Marketplace, a new resource is created to track the costs associated with its consumption. The same resource is used to track costs associated with inference; however, multiple meters are available to track each scenario independently. --For more information on how to track costs, see [Monitor costs for models offered through the Azure Marketplace](costs-plan-manage.md#monitor-costs-for-models-offered-through-the-azure-marketplace). +Models deployed as a serverless API are protected by Azure AI content safety. With Azure AI content safety enabled, both the prompt and completion pass through an ensemble of classification models aimed at detecting and preventing the output of harmful content. The content filtering system detects and takes action on specific categories of potentially harmful content in both input prompts and output completions. Learn more about [Azure AI Content Safety](/azure/ai-services/content-safety/overview). ## Related content --* [Azure AI Model Inference API](../reference/reference-model-inference-api.md) -* [Deploy models as serverless APIs](deploy-models-serverless.md) -* [Consume serverless API endpoints from a different Azure AI Studio project or hub](deploy-models-serverless-connect.md) -* [Region availability for models in serverless API endpoints](deploy-models-serverless-availability.md) -* [Plan and manage costs (marketplace)](costs-plan-manage.md#monitor-costs-for-models-offered-through-the-azure-marketplace) +- [What is Azure AI Studio?](../what-is-ai-studio.md) +- [Azure AI FAQ article](../faq.yml) +- [Region availability for models in serverless API endpoints](deploy-models-serverless-availability.md) |
ai-studio | Region Support | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-studio/reference/region-support.md | Azure AI Studio brings together various Azure AI capabilities that previously we ## Azure Public regions -Azure AI Studio is currently available in preview in the following Azure regions. You can create [Azure AI Studio hubs](../how-to/create-azure-ai-resource.md) and Azure AI Studio projects in these regions. +Azure AI Studio is currently available in the following Azure regions. You can create [Azure AI Studio hubs](../how-to/create-azure-ai-resource.md) and Azure AI Studio projects in these regions. - Australia East - Brazil South Azure AI Studio is currently available in preview in the following Azure regions ### Azure Government regions -Azure AI Studio preview is currently not available in Azure Government regions or air-gap regions. +Azure AI Studio is currently not available in Azure Government regions or air-gap regions. ## Azure OpenAI > [!NOTE] > Some models might not be available within the AI Studio model catalog. |
api-management | Api Management Gateways Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/api-management/api-management-gateways-overview.md | The following tables compare features available in the following API Management | [App Service](import-app-service-as-api.md) | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | | [Function App](import-function-app-as-api.md) | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | | [Container App](import-container-app-with-oas.md) | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |-| [Service Fabric](../service-fabric/service-fabric-api-management-overview.md) | Developer, Premium | ❌ |❌ | ❌ | ❌ | +| [Service Fabric](/azure/service-fabric/service-fabric-api-management-overview) | Developer, Premium | ❌ |❌ | ❌ | ❌ | | [Pass-through GraphQL](graphql-apis-overview.md) | ✔️ | ✔️ |✔️ | ✔️ | ✔️ | | [Synthetic GraphQL](graphql-apis-overview.md)| ✔️ | ✔️ | ✔️<sup>1</sup> | ✔️<sup>1</sup> | ❌ | | [Pass-through WebSocket](websocket-api.md) | ✔️ | ✔️ | ❌ | ✔️ | ❌ | |
app-service | Ase Multi Tenant Comparison | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/environment/ase-multi-tenant-comparison.md | An App Service Environment is an Azure App Service feature that provides a fully |Feature |App Service Environment v3 |App Service public multitenant | |||| |Hosting environment|[Fully isolated and dedicated compute](overview.md)|[Shared environment](../../app-service/overview.md). Workers running your apps are dedicated, but the supporting infrastructure is shared with other customers. |-|Hardware|[Virtual Machine Scale Sets](../../virtual-machine-scale-sets/overview.md)|[Virtual Machine Scale Sets](../../virtual-machine-scale-sets/overview.md)| +|Hardware|[Virtual Machine Scale Sets](/azure/virtual-machine-scale-sets/overview)|[Virtual Machine Scale Sets](/azure/virtual-machine-scale-sets/overview)| |[Available SKUs](https://azure.microsoft.com/pricing/details/app-service/windows/) |Isolated v2 |Free, Basic, Standard, Premium v2, Premium v3 | |Dedicated host group|[Available](overview.md#dedicated-environment) |No | |Remote file storage|Fully dedicated to the App Service Environment |Remote file storage for the application is dedicated, but the storage is hosted on a shared file server | An App Service Environment is an Azure App Service feature that provides a fully ### Scaling -Both App Service Environment v3 and the public multitenant offering run on [Virtual Machine Scale Sets](../../virtual-machine-scale-sets/overview.md), which means that both offerings benefit from the capabilities that scale sets provide. However, App Service Environment v3 is a dedicated environment, which means that even though it can scale out to more instances than the public multitenant offering, scaling out to multiple instances can be slower than the public multitenant offering. +Both App Service Environment v3 and the public multitenant offering run on [Virtual Machine Scale Sets](/azure/virtual-machine-scale-sets/overview), which means that both offerings benefit from the capabilities that scale sets provide. However, App Service Environment v3 is a dedicated environment, which means that even though it can scale out to more instances than the public multitenant offering, scaling out to multiple instances can be slower than the public multitenant offering. |Feature |App Service Environment v3 |App Service public multitenant | |||| |
app-service | Version Comparison | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/environment/version-comparison.md | App Service Environment has three versions. App Service Environment v3 is the la |Feature |[App Service Environment v1](app-service-app-service-environment-intro.md) |[App Service Environment v2](intro.md) |[App Service Environment v3](overview.md) | |||||-|Hardware |[Cloud Services (classic)](../../cloud-services/cloud-services-choose-me.md) |[Cloud Services (classic)](../../cloud-services/cloud-services-choose-me.md) |[Virtual Machine Scale Sets](../../virtual-machine-scale-sets/overview.md) | +|Hardware |[Cloud Services (classic)](../../cloud-services/cloud-services-choose-me.md) |[Cloud Services (classic)](../../cloud-services/cloud-services-choose-me.md) |[Virtual Machine Scale Sets](/azure/virtual-machine-scale-sets/overview) | |[Available SKUs](https://azure.microsoft.com/pricing/details/app-service/windows/) |P1, P2, P3, P4 |I1, I2, I3 |I1v2, I2v2, I3v2, I4v2, I5v2, I6v2 | |CPU|Physical cores|Physical cores|Virtual CPu (vCPU)| |Maximum instance count |55 hosts (default front-ends + workers) |100 instances per App Service plan. Maximum of 200 instances across all plans. |100 instances per App Service plan. Maximum of 200 instances across all plans. | App Service Environment has three versions. App Service Environment v3 is the la ### Scaling -App Service Environment v3 runs on the latest [Virtual Machine Scale Sets](../../virtual-machine-scale-sets/overview.md) infrastructure while App Service Environment v1 and v2 run on [Cloud Services (classic)](../../cloud-services/cloud-services-choose-me.md). Because of this, App Service Environment v3 has the best performing and fastest scaling times across all versions. +App Service Environment v3 runs on the latest [Virtual Machine Scale Sets](/azure/virtual-machine-scale-sets/overview) infrastructure while App Service Environment v1 and v2 run on [Cloud Services (classic)](../../cloud-services/cloud-services-choose-me.md). Because of this, App Service Environment v3 has the best performing and fastest scaling times across all versions. |Feature |[App Service Environment v1](app-service-app-service-environment-intro.md) |[App Service Environment v2](intro.md) |[App Service Environment v3](overview.md) | ||||| |
app-service | Overview Hosting Plans | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/overview-hosting-plans.md | Each tier also provides a specific subset of App Service features. These feature ## Premium V3 pricing tier -The **PremiumV3** pricing tier guarantees machines with faster processors (minimum 195 [ACU](../virtual-machines/acu.md) per virtual CPU), SSD storage, memory-optimized options and quadruple memory-to-core ratio compared to **Standard** tier. **PremiumV3** also supports higher scale via increased instance count while still providing all the advanced capabilities found in **Standard** tier. All features available in the existing **PremiumV2** tier are included in **PremiumV3**. +The **PremiumV3** pricing tier guarantees machines with faster processors (minimum 195 [ACU](/azure/virtual-machines/acu) per virtual CPU), SSD storage, memory-optimized options and quadruple memory-to-core ratio compared to **Standard** tier. **PremiumV3** also supports higher scale via increased instance count while still providing all the advanced capabilities found in **Standard** tier. All features available in the existing **PremiumV2** tier are included in **PremiumV3**. Multiple VM sizes are available for this tier including 4-to-1 and 8-to-1 memory-to-core ratios: |
app-service | Overview Patch Os Runtime | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/overview-patch-os-runtime.md | -App Service is a Platform-as-a-Service, which means that the OS and application stack are managed for you by Azure; you only manage your application and its data. More control over the OS and application stack is available for you in [Azure Virtual Machines](../virtual-machines/index.yml). With that in mind, it is nevertheless helpful for you as an App Service user to know more information, such as: +App Service is a Platform-as-a-Service, which means that the OS and application stack are managed for you by Azure; you only manage your application and its data. More control over the OS and application stack is available for you in [Azure Virtual Machines](/azure/virtual-machines/). With that in mind, it is nevertheless helpful for you as an App Service user to know more information, such as: - How and when are OS updates applied? - How is App Service patched against significant vulnerabilities (such as zero-day)? |
app-service | Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/overview.md | Azure App Service is a fully managed platform as a service (PaaS) offering for d * **API and mobile features** - App Service provides turn-key CORS support for RESTful API scenarios, and simplifies mobile app scenarios by enabling authentication, offline data sync, push notifications, and more. * **Serverless code** - Run a code snippet or script on-demand without having to explicitly provision or manage infrastructure, and pay only for the compute time your code actually uses (see [Azure Functions](../azure-functions/index.yml)). -Besides App Service, Azure offers other services that can be used for hosting websites and web applications. For most scenarios, App Service is the best choice. For microservice architecture, consider [Azure Spring Apps](../spring-apps/index.yml) or [Service Fabric](../service-fabric/index.yml). If you need more control over the VMs on which your code runs, consider [Azure Virtual Machines](../virtual-machines/index.yml). For more information about how to choose between these Azure services, see [Azure App Service, Virtual Machines, Service Fabric, and Cloud Services comparison](/azure/architecture/guide/technology-choices/compute-decision-tree). +Besides App Service, Azure offers other services that can be used for hosting websites and web applications. For most scenarios, App Service is the best choice. For microservice architecture, consider [Azure Spring Apps](../spring-apps/index.yml) or [Service Fabric](/azure/service-fabric/). If you need more control over the VMs on which your code runs, consider [Azure Virtual Machines](/azure/virtual-machines/). For more information about how to choose between these Azure services, see [Azure App Service, Virtual Machines, Service Fabric, and Cloud Services comparison](/azure/architecture/guide/technology-choices/compute-decision-tree). ## App Service on Linux |
app-service | Quickstart Wordpress | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/quickstart-wordpress.md | -[WordPress](https://www.wordpress.org) is an open source Content Management System (CMS) used by over 40% of the web to create websites, blogs, and other applications. WordPress can be run on a few different Azure +[WordPress](https://www.wordpress.org) is an open source Content Management System (CMS) used by over 40% of the web to create websites, blogs, and other applications. WordPress can be run on a few different Azure In this quickstart, you'll learn how to create and deploy your first [WordPress](https://www.wordpress.org/) site to [Azure App Service on Linux](overview.md#app-service-on-linux) with [Azure Database for MySQL - Flexible Server](/azure/mysql/flexible-server/) using the [WordPress Azure Marketplace item by App Service](https://azuremarketplace.microsoft.com/marketplace/apps/WordPress.WordPress?tab=Overview). This quickstart uses the **Standard** tier for your app and a **Burstable, B2s** tier for your database, and incurs a cost for your Azure Subscription. For pricing, visit [App Service pricing](https://azure.microsoft.com/pricing/details/app-service/linux/), [Azure Database for MySQL pricing](https://azure.microsoft.com/pricing/details/mysql/flexible-server/), [Content Delivery Network pricing](https://azure.microsoft.com/pricing/details/storage/blobs/), and [Azure Blob Storage pricing](https://azure.microsoft.com/pricing/details/storage/blobs/). |
application-gateway | Application Gateway Websocket | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/application-gateway-websocket.md | To establish a WebSocket connection, a specific HTTP-based handshake is exchange ![Diagram compares a client interacting with a web server, connecting twice to get two replies, with a WebSocket interaction, where a client connects to a server once to get multiple replies.](./media/application-gateway-websocket/websocket.png) > [!NOTE]-> As described, the HTTP protocol is used only to perform a handshake when establishing a WebSocket connection. Once the handshake is completed, a WebSocket connection gets opened for transmitting the data, and the Web Application Firewall (WAF) cannot parse any contents. Therefore, WAF doesn't perform any inspections on such data. +> After a connection is upgraded to WebSocket, as an intermediary/terminating proxy, Application Gateway will simply send the data received from the frontend to the backend and vice-versa, without any inspection or manipulation capability. +> Therefore, the Web Application Firewall (WAF) cannot parse any content and doesn't perform any inspections on such data. Similarly, any manipulations like Header Rewrites, URL Rewrites, or Overriding Hostname in the Backend Settings will not apply after establishing a WebSocket connection. + ### Listener configuration element |
application-gateway | Classic To Resource Manager | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/classic-to-resource-manager.md | Resource Manager enables deploying complex applications through templates, confi You can read more about Azure Resource Manager [features and benefits](../azure-resource-manager/management/overview.md). Application Gateway resources will **not** be migrated automatically as part of VNet migration from classic to Resource Manager.-As part of VNet migration process as documented at [IaaS resources migration page](../virtual-machines/migration-classic-resource-manager-ps.md), if you have an Application Gateway resource present on the VNet that you're trying to migrate to Resource Manager deployment model, the automatic migration wouldn't be successful. +As part of VNet migration process as documented at [IaaS resources migration page](/azure/virtual-machines/migration-classic-resource-manager-ps), if you have an Application Gateway resource present on the VNet that you're trying to migrate to Resource Manager deployment model, the automatic migration wouldn't be successful. In order to migrate your Application Gateway resource to Resource Manager deployment model, you'll have to remove the Application Resource from the VNet before beginning migration and then recreate the Application Gateway resource once migration is complete. Azure Resource Manager is the latest control plane of Azure responsible for crea ### Where can I find more information regarding classic to Azure Resource Manager migration? -Please refer to [Frequently asked questions about classic to Azure Resource Manager migration](../virtual-machines/migration-classic-resource-manager-faq.yml) +Please refer to [Frequently asked questions about classic to Azure Resource Manager migration](/azure/virtual-machines/migration-classic-resource-manager-faq) ### How do I report an issue? Post your issues and questions about migration to our [Microsoft Q&A page](/answers/topics/azure-virtual-network.html). We recommend posting all your questions on this forum. If you have a support contract, you're welcome to log a support ticket as well. ## Next steps-To get started see: [platform-supported migration of IaaS resources from classic to Resource Manager](../virtual-machines/migration-classic-resource-manager-ps.md) +To get started see: [platform-supported migration of IaaS resources from classic to Resource Manager](/azure/virtual-machines/migration-classic-resource-manager-ps) For any concerns around migration, you can contact Azure Support. Learn more about [Azure support here](https://azure.microsoft.com/support/options/). |
application-gateway | Http Response Codes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/http-response-codes.md | Azure Application Gateway shouldn't exhibit 500 response codes. Open a support r HTTP 502 errors can have several root causes, for example: - NSG, UDR, or custom DNS is blocking access to backend pool members.-- Backend VMs or instances of [virtual machine scale sets](../virtual-machine-scale-sets/overview.md) aren't responding to the default health probe.+- Backend VMs or instances of [virtual machine scale sets](/azure/virtual-machine-scale-sets/overview) aren't responding to the default health probe. - Invalid or improper configuration of custom health probes. - Azure Application Gateway's [backend pool isn't configured or empty](application-gateway-troubleshooting-502.md#empty-backendaddresspool). - None of the VMs or instances in [virtual machine scale set are healthy](application-gateway-troubleshooting-502.md#unhealthy-instances-in-backendaddresspool). |
application-gateway | Ipv6 Application Gateway Powershell | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/ipv6-application-gateway-powershell.md | You learn how to: * Create an application gateway with [IPv6 frontend](#create-application-gateway-frontend-public-ip-addresses) * Create a virtual machine scale set with the default [backend pool](#create-the-backend-pool-and-settings) -Azure PowerShell is used to create an IPv6 Azure Application Gateway and perform testing to ensure it works correctly. Application gateway can manage and secure web traffic to servers that you maintain. A [virtual machine scale set](../virtual-machine-scale-sets/overview.md) is for backend servers to manage web traffic. The scale set contains two virtual machine instances that are added to the default backend pool of the application gateway. For more information about the components of an application gateway, see [Application gateway components](application-gateway-components.md). +Azure PowerShell is used to create an IPv6 Azure Application Gateway and perform testing to ensure it works correctly. Application gateway can manage and secure web traffic to servers that you maintain. A [virtual machine scale set](/azure/virtual-machine-scale-sets/overview) is for backend servers to manage web traffic. The scale set contains two virtual machine instances that are added to the default backend pool of the application gateway. For more information about the components of an application gateway, see [Application gateway components](application-gateway-components.md). You can also complete this quickstart using the [Azure portal](ipv6-application-gateway-portal.md). |
application-gateway | Quick Create Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/quick-create-cli.md | A backend can have NICs, virtual machine scale sets, public IP addresses, intern #### Create two virtual machines Install the NGINX web server on the virtual machines to verify the application gateway was successfully created. You can use a cloud-init configuration file to install NGINX and run a "Hello World" Node.js app on a Linux virtual machine. For more information about cloud-init, see-[Cloud-init support for virtual machines in Azure](../virtual-machines/linux/using-cloud-init.md). +[Cloud-init support for virtual machines in Azure](/azure/virtual-machines/linux/using-cloud-init). In your Azure Cloud Shell, copy and paste the following configuration into a file named *cloud-init.txt*. Enter *editor cloud-init.txt* to create the file. |
application-gateway | Redirect Http To Https Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/redirect-http-to-https-cli.md | -You can use the Azure CLI to create an [application gateway](overview.md) with a certificate for TLS/SSL termination. A routing rule is used to redirect HTTP traffic to the HTTPS port in your application gateway. In this example, you also create a [Virtual Machine Scale Set](../virtual-machine-scale-sets/overview.md) for the backend pool of the application gateway that contains two virtual machine instances. +You can use the Azure CLI to create an [application gateway](overview.md) with a certificate for TLS/SSL termination. A routing rule is used to redirect HTTP traffic to the HTTPS port in your application gateway. In this example, you also create a [Virtual Machine Scale Set](/azure/virtual-machine-scale-sets/overview) for the backend pool of the application gateway that contains two virtual machine instances. In this article, you learn how to: |
application-gateway | Redirect Http To Https Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/redirect-http-to-https-portal.md | -You can use the Azure portal to create an [application gateway](overview.md) with a certificate for TLS termination. A routing rule is used to redirect HTTP traffic to the HTTPS port in your application gateway. In this example, you also create a [virtual machine scale set](../virtual-machine-scale-sets/overview.md) for the backend pool of the application gateway that contains two virtual machine instances. +You can use the Azure portal to create an [application gateway](overview.md) with a certificate for TLS termination. A routing rule is used to redirect HTTP traffic to the HTTPS port in your application gateway. In this example, you also create a [virtual machine scale set](/azure/virtual-machine-scale-sets/overview) for the backend pool of the application gateway that contains two virtual machine instances. In this article, you learn how to: |
application-gateway | Redirect Http To Https Powershell | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/redirect-http-to-https-powershell.md | -You can use the Azure PowerShell to create an [application gateway](overview.md) with a certificate for TLS/SSL termination. A routing rule is used to redirect HTTP traffic to the HTTPS port in your application gateway. In this example, you also create a [virtual machine scale set](../virtual-machine-scale-sets/overview.md) for the backend pool of the application gateway that contains two virtual machine instances. +You can use the Azure PowerShell to create an [application gateway](overview.md) with a certificate for TLS/SSL termination. A routing rule is used to redirect HTTP traffic to the HTTPS port in your application gateway. In this example, you also create a [virtual machine scale set](/azure/virtual-machine-scale-sets/overview) for the backend pool of the application gateway that contains two virtual machine instances. In this article, you learn how to: |
application-gateway | Tutorial Manage Web Traffic Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/tutorial-manage-web-traffic-cli.md | -Application gateway is used to manage and secure web traffic to servers that you maintain. You can use the Azure CLI to create an [application gateway](overview.md) that uses a [Virtual Machine Scale Set](../virtual-machine-scale-sets/overview.md) for backend servers. In this example, the scale set contains two virtual machine instances. The scale set is added to the default backend pool of the application gateway. +Application gateway is used to manage and secure web traffic to servers that you maintain. You can use the Azure CLI to create an [application gateway](overview.md) that uses a [Virtual Machine Scale Set](/azure/virtual-machine-scale-sets/overview) for backend servers. In this example, the scale set contains two virtual machine instances. The scale set is added to the default backend pool of the application gateway. In this article, you learn how to: |
application-gateway | Tutorial Manage Web Traffic Powershell | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/tutorial-manage-web-traffic-powershell.md | -Application gateway is used to manage and secure web traffic to servers that you maintain. You can use Azure PowerShell to create an [application gateway](overview.md) that uses a [virtual machine scale set](../virtual-machine-scale-sets/overview.md) for backend servers to manage web traffic. In this example, the scale set contains two virtual machine instances that are added to the default backend pool of the application gateway. +Application gateway is used to manage and secure web traffic to servers that you maintain. You can use Azure PowerShell to create an [application gateway](overview.md) that uses a [virtual machine scale set](/azure/virtual-machine-scale-sets/overview) for backend servers to manage web traffic. In this example, the scale set contains two virtual machine instances that are added to the default backend pool of the application gateway. In this article, you learn how to: |
application-gateway | Tutorial Ssl Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/tutorial-ssl-cli.md | -You can use the Azure CLI to create an [application gateway](overview.md) with a certificate for [TLS termination](ssl-overview.md). For backend servers, you can use a [Virtual Machine Scale Set](../virtual-machine-scale-sets/overview.md). In this example, the scale set contains two virtual machine instances that are added to the default backend pool of the application gateway. +You can use the Azure CLI to create an [application gateway](overview.md) with a certificate for [TLS termination](ssl-overview.md). For backend servers, you can use a [Virtual Machine Scale Set](/azure/virtual-machine-scale-sets/overview). In this example, the scale set contains two virtual machine instances that are added to the default backend pool of the application gateway. In this article, you learn how to: |
application-gateway | Tutorial Ssl Powershell | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/tutorial-ssl-powershell.md | -You can use Azure PowerShell to create an [application gateway](overview.md) with a certificate for [TLS/SSL termination](ssl-overview.md) that uses a [virtual machine scale set](../virtual-machine-scale-sets/overview.md) for backend servers. In this example, the scale set contains two virtual machine instances that are added to the default backend pool of the application gateway. +You can use Azure PowerShell to create an [application gateway](overview.md) with a certificate for [TLS/SSL termination](ssl-overview.md) that uses a [virtual machine scale set](/azure/virtual-machine-scale-sets/overview) for backend servers. In this example, the scale set contains two virtual machine instances that are added to the default backend pool of the application gateway. In this article, you learn how to: |
application-gateway | Tutorial Url Redirect Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/tutorial-url-redirect-cli.md | -You can use the Azure CLI to configure [URL path-based routing rules](tutorial-url-route-cli.md) when you create an [application gateway](./overview.md). In this tutorial, you create backend pools using [virtual machine scale sets](../virtual-machine-scale-sets/overview.md). You then create URL routing rules that make sure web traffic is redirected to the appropriate backend pool. +You can use the Azure CLI to configure [URL path-based routing rules](tutorial-url-route-cli.md) when you create an [application gateway](./overview.md). In this tutorial, you create backend pools using [virtual machine scale sets](/azure/virtual-machine-scale-sets/overview). You then create URL routing rules that make sure web traffic is redirected to the appropriate backend pool. In this tutorial, you learn how to: |
application-gateway | Tutorial Url Redirect Powershell | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/tutorial-url-redirect-powershell.md | -You can use Azure PowerShell to configure [URL-based routing rules](./url-route-overview.md) when you create an [application gateway](./overview.md). In this article, you create backend pools using [virtual machine scale sets](../virtual-machine-scale-sets/overview.md). You then create URL routing rules that make sure web traffic is redirected to the appropriate backend pool. +You can use Azure PowerShell to configure [URL-based routing rules](./url-route-overview.md) when you create an [application gateway](./overview.md). In this article, you create backend pools using [virtual machine scale sets](/azure/virtual-machine-scale-sets/overview). You then create URL routing rules that make sure web traffic is redirected to the appropriate backend pool. In this article, you learn how to: |
application-gateway | Tutorial Url Route Powershell | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/tutorial-url-route-powershell.md | -You can use Azure PowerShell to configure web traffic routing to specific scalable server pools based on the URL that is used to access your application. In this article, you create an [Azure Application Gateway](./overview.md) with three backend pools using [Virtual Machine Scale Sets](../virtual-machine-scale-sets/overview.md). Each of the backend pools serves a specific purpose such as, common data, images, and video. Routing traffic to separate pools ensures that your customers get the information that they need when they need it. +You can use Azure PowerShell to configure web traffic routing to specific scalable server pools based on the URL that is used to access your application. In this article, you create an [Azure Application Gateway](./overview.md) with three backend pools using [Virtual Machine Scale Sets](/azure/virtual-machine-scale-sets/overview). Each of the backend pools serves a specific purpose such as, common data, images, and video. Routing traffic to separate pools ensures that your customers get the information that they need when they need it. To enable traffic routing, you create [routing rules](./url-route-overview.md) assigned to listeners that listen on specific ports to ensure web traffic arrives at the appropriate servers in the pools. |
automanage | Automanage Arc | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automanage/automanage-arc.md | Last updated 05/12/2022 > On 31 August 2024, both Automation Update Management and the Log Analytics agent it uses will be retired. Migrate to Azure Update Manager before that. Refer to guidance on migrating to Azure Update Manager [here](https://learn.microsoft.com/azure/update-manager/guidance-migration-automation-update-management-azure-update-manager?WT.mc_id=Portal-Microsoft_Azure_Automation). [Migrate Now](https://ms.portal.azure.com/). > [!CAUTION]-> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). +> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). These Azure services are automatically onboarded for you when you use Automanage Machine Best Practices on an Azure Arc-enabled server VM. They are essential to our best practices white paper, which you can find in our [Cloud Adoption Framework](/azure/cloud-adoption-framework/manage/azure-server-management). |
automanage | Automanage Linux | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automanage/automanage-linux.md | -> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). +> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). These Azure services are automatically onboarded for you when you use Automanage Machine Best Practices Profiles on a Linux VM. They are essential to our best practices white paper, which you can find in our [Cloud Adoption Framework](/azure/cloud-adoption-framework/manage/azure-server-management). Automanage supports the following Linux distributions and versions: | [Update Management](../automation/update-management/overview.md) | You can use Update Management in Azure Automation to manage operating system updates for your machines. You can quickly assess the status of available updates on all agent machines and manage the process of installing required updates for servers. Learn [more](../automation/update-management/overview.md). | Production, Dev/Test | | [Change Tracking & Inventory](../automation/change-tracking/overview.md) | Change Tracking and Inventory combines change tracking and inventory functions to allow you to track virtual machine and server infrastructure changes. The service supports change tracking across services, daemons software, registry, and files in your environment to help you diagnose unwanted changes and raise alerts. Inventory support allows you to query in-guest resources for visibility into installed applications and other configuration items. Learn [more](../automation/change-tracking/overview.md). | Production, Dev/Test | | [Machine configuration](../governance/machine-configuration/overview.md) | Machine configuration is used to monitor the configuration and report on the compliance of the machine. The Automanage service will install the Azure Linux baseline using the guest configuration extension. For Linux machines, the machine configuration service will install the baseline in audit-only mode. You will be able to see where your VM is out of compliance with the baseline, but noncompliance won't be automatically remediated. Learn [more](../governance/machine-configuration/overview.md). | Production, Dev/Test |-| [Boot Diagnostics](../virtual-machines/boot-diagnostics.md) | Boot diagnostics is a debugging feature for Azure virtual machines (VM) that allows diagnosis of VM boot failures. Boot diagnostics enables a user to observe the state of their VM as it is booting up by collecting serial log information and screenshots. This will only be enabled for machines that are using managed disks. | Production, Dev/Test | +| [Boot Diagnostics](/azure/virtual-machines/boot-diagnostics) | Boot diagnostics is a debugging feature for Azure virtual machines (VM) that allows diagnosis of VM boot failures. Boot diagnostics enables a user to observe the state of their VM as it is booting up by collecting serial log information and screenshots. This will only be enabled for machines that are using managed disks. | Production, Dev/Test | | [Azure Automation Account](../automation/automation-create-standalone-account.md) | Azure Automation supports management throughout the lifecycle of your infrastructure and applications. Learn [more](../automation/automation-intro.md). | Production, Dev/Test | | [Log Analytics Workspace](../azure-monitor/logs/log-analytics-workspace-overview.md) | Azure Monitor stores log data in a Log Analytics workspace, which is an Azure resource and a container where data is collected, aggregated, and serves as an administrative boundary. Learn [more](../azure-monitor/logs/workspace-design.md). | Production, Dev/Test | |
automanage | Automanage Windows Server | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automanage/automanage-windows-server.md | Automanage supports the following Windows versions: | [Update Management](../automation/update-management/overview.md) | You can use Update Management in Azure Automation to manage operating system updates for your machines. You can quickly assess the status of available updates on all agent machines and manage the process of installing required updates for servers. | Production, Dev/Test | | [Change Tracking & Inventory](../automation/change-tracking/overview.md) | Change Tracking and Inventory combines change tracking and inventory functions to allow you to track virtual machine and server infrastructure changes. The service supports change tracking across services, daemons software, registry, and files in your environment to help you diagnose unwanted changes and raise alerts. Inventory support allows you to query in-guest resources for visibility into installed applications and other configuration items. | Production, Dev/Test | | [Machine configuration](../governance/machine-configuration/overview.md) | Machine configuration policy is used to monitor the configuration and report on the compliance of the machine. The Automanage service will install the [Windows security baselines](/windows/security/threat-protection/windows-security-baselines) using the guest configuration extension. For Windows machines, the machine configuration service will install the baseline in audit-only mode. You will be able to see where your VM is out of compliance with the baseline, but noncompliance won't be automatically remediated. Learn [more](../governance/machine-configuration/overview.md). To modify the audit mode for Windows machines, use a custom profile to choose your audit mode setting. [Learn more](virtual-machines-custom-profile.md) | Production, Dev/Test |-| [Boot Diagnostics](../virtual-machines/boot-diagnostics.md) | Boot diagnostics is a debugging feature for Azure virtual machines (VM) that allows diagnosis of VM boot failures. Boot diagnostics enables a user to observe the state of their VM as it is booting up by collecting serial log information and screenshots. This will only be enabled for machines that are using managed disks. | Production, Dev/Test | +| [Boot Diagnostics](/azure/virtual-machines/boot-diagnostics) | Boot diagnostics is a debugging feature for Azure virtual machines (VM) that allows diagnosis of VM boot failures. Boot diagnostics enables a user to observe the state of their VM as it is booting up by collecting serial log information and screenshots. This will only be enabled for machines that are using managed disks. | Production, Dev/Test | | [Windows Admin Center](/windows-server/manage/windows-admin-center/azure/manage-vm) | Use Windows Admin Center (preview) in the Azure portal to manage the Windows Server operating system inside an Azure VM. This is only supported for machines using Windows Server 2016 or higher. Automanage configures Windows Admin Center over a Private IP address. If you wish to connect with Windows Admin Center over a Public IP address, please open an inbound port rule for port 6516. Automanage onboards Windows Admin Center for the Dev/Test profile by default. Use the preferences to enable or disable Windows Admin Center for the Production and Dev/Test environments. | Production, Dev/Test | | [Azure Automation Account](../automation/automation-create-standalone-account.md) | Azure Automation supports management throughout the lifecycle of your infrastructure and applications. | Production, Dev/Test | | [Log Analytics Workspace](../azure-monitor/logs/log-analytics-overview.md) | Azure Monitor stores log data in a Log Analytics workspace, which is an Azure resource and a container where data is collected, aggregated, and serves as an administrative boundary. | Production, Dev/Test | |
automanage | Common Errors | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automanage/common-errors.md | If you don't see any failed deployments in the resource group or subscription co | Workspace region not matching region mapping requirements | Automanage was unable to onboard your machine because the Log Analytics workspace that the machine is currently linked to isn't mapped to a supported Automation region. Ensure that your existing Log Analytics workspace and Automation account are located in a [supported region mapping](../automation/how-to/region-mappings.md). | | The template deployment failed because of policy violation | Automanage was unable to onboard your machine because it violates an existing policy. If the policy violation is related to tags, you can [deploy a custom configuration profile](./virtual-machines-custom-profile.md#create-a-custom-profile-using-azure-resource-manager-templates) with tags for the following ARM resources: default resource group, automation account, recovery services vault, and log analytics workspace | | "Access denied because of the deny assignment with name 'System deny assignment created by managed application'" | A [denyAssignment](../role-based-access-control/deny-assignments.md) was created on your resource, which prevented Automanage from accessing your resource. This denyAssignment may have been created by either a [Blueprint](../governance/blueprints/concepts/resource-locking.md) or a [Managed Application](../azure-resource-manager/managed-applications/overview.md). |-| "OS Information: Name='(null)', ver='(null)', agent status='Not Ready'." | Ensure that you're running a [minimum supported agent version](/troubleshoot/azure/virtual-machines/support-extensions-agent-version), the agent is running ([Linux](/troubleshoot/azure/virtual-machines/linux-azure-guest-agent) and [Windows](/troubleshoot/azure/virtual-machines/windows-azure-guest-agent)), and that the agent is up to date ([Linux](../virtual-machines/extensions/update-linux-agent.md) and [Windows](../virtual-machines/extensions/agent-windows.md)). | -| "Unable to determine the OS for the VM. Check that the VM Agent is running, the current status is Ready." | Ensure that you're running a [minimum supported agent version](/troubleshoot/azure/virtual-machines/support-extensions-agent-version), the agent is running ([Linux](/troubleshoot/azure/virtual-machines/linux-azure-guest-agent) and [Windows](/troubleshoot/azure/virtual-machines/windows-azure-guest-agent)), and that the agent is up to date ([Linux](../virtual-machines/extensions/update-linux-agent.md) and [Windows](../virtual-machines/extensions/agent-windows.md)). | +| "OS Information: Name='(null)', ver='(null)', agent status='Not Ready'." | Ensure that you're running a [minimum supported agent version](/troubleshoot/azure/virtual-machines/support-extensions-agent-version), the agent is running ([Linux](/troubleshoot/azure/virtual-machines/linux-azure-guest-agent) and [Windows](/troubleshoot/azure/virtual-machines/windows-azure-guest-agent)), and that the agent is up to date ([Linux](/azure/virtual-machines/extensions/update-linux-agent) and [Windows](/azure/virtual-machines/extensions/agent-windows)). | +| "Unable to determine the OS for the VM. Check that the VM Agent is running, the current status is Ready." | Ensure that you're running a [minimum supported agent version](/troubleshoot/azure/virtual-machines/support-extensions-agent-version), the agent is running ([Linux](/troubleshoot/azure/virtual-machines/linux-azure-guest-agent) and [Windows](/troubleshoot/azure/virtual-machines/windows-azure-guest-agent)), and that the agent is up to date ([Linux](/azure/virtual-machines/extensions/update-linux-agent) and [Windows](/azure/virtual-machines/extensions/agent-windows)). | | "VM has reported a failure when processing extension 'IaaSAntimalware'" | Ensure you don't have another antimalware/antivirus offering already installed on your VM. If that fails, contact support. | | ASC workspace: Automanage doesn't currently support the Log Analytics service in _location_. | Check that your VM is located in a [supported region](./overview-about.md#supported-regions). | | "The assignment has failed; there is no additional information available" | Open a case with Microsoft Azure support. | |
automanage | Overview About | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automanage/overview-about.md | There are several prerequisites to consider before trying to enable Azure Automa - Machines must be in a [supported region](#supported-regions) - User must have correct [permissions](#required-rbac-permissions) - Automanage does not support Sandbox subscriptions at this time-- Automanage does not support [Trusted Launch VMs](../virtual-machines/trusted-launch.md)+- Automanage does not support [Trusted Launch VMs](/azure/virtual-machines/trusted-launch) ### Supported regions |
automanage | Quick Go Sdk | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automanage/quick-go-sdk.md | Azure Automanage allows users to seamlessly apply Azure best practices to their ## Prerequisites - An active [Azure Subscription](https://azure.microsoft.com/pricing/purchase-options/pay-as-you-go/)-- An existing [Virtual Machine](../virtual-machines/windows/quick-create-portal.md)+- An existing [Virtual Machine](/azure/virtual-machines/windows/quick-create-portal) > [!NOTE] > Free trial accounts do not have access to the virtual machines used in this tutorial. Please upgrade to a Pay-As-You-Go subscription. |
automanage | Quick Java Sdk | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automanage/quick-java-sdk.md | Azure Automanage allows users to seamlessly apply Azure best practices to their - [Java Development Kit (JDK)](https://www.oracle.com/java/technologies/downloads/#java8) version 8+ - An active [Azure Subscription](https://azure.microsoft.com/pricing/purchase-options/pay-as-you-go/)-- An existing [Virtual Machine](../virtual-machines/windows/quick-create-portal.md)+- An existing [Virtual Machine](/azure/virtual-machines/windows/quick-create-portal) > [!NOTE] > Free trial accounts do not have access to the virtual machines used in this tutorial. Please upgrade to a Pay-As-You-go subscription. |
automanage | Quick Javascript Sdk | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automanage/quick-javascript-sdk.md | Azure Automanage allows users to seamlessly apply Azure best practices to their ## Prerequisites - An active [Azure Subscription](https://azure.microsoft.com/pricing/purchase-options/pay-as-you-go/)-- An existing [Virtual Machine](../virtual-machines/windows/quick-create-portal.md)+- An existing [Virtual Machine](/azure/virtual-machines/windows/quick-create-portal) > [!NOTE] > Free trial accounts do not have access to the virtual machines used in this tutorial. Please upgrade to a Pay-As-You-Go subscription. |
automanage | Quick Python Sdk | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automanage/quick-python-sdk.md | Azure Automanage allows users to seamlessly apply Azure best practices to their ## Prerequisites - An active [Azure Subscription](https://azure.microsoft.com/pricing/purchase-options/pay-as-you-go/)-- An existing [Virtual Machine](../virtual-machines/windows/quick-create-portal.md)+- An existing [Virtual Machine](/azure/virtual-machines/windows/quick-create-portal) > [!NOTE] > Free trial accounts do not have access to the virtual machines used in this tutorial. Please upgrade to a Pay-As-You-Go subscription. |
automation | Automation Create Alert Triggered Runbook | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/automation-create-alert-triggered-runbook.md | You can use [Azure Monitor](../azure-monitor/overview.md) to monitor base-level * An Azure Automation account with at least one user-assigned managed identity. For more information, see [Using a user-assigned managed identity for an Azure Automation account](./add-user-assigned-identity.md). * Az modules: `Az.Accounts` and `Az.Compute` imported into the Automation account. For more information, see [Import Az modules](./shared-resources/modules.md#import-az-modules).-* An [Azure virtual machine](../virtual-machines/windows/quick-create-powershell.md). +* An [Azure virtual machine](/azure/virtual-machines/windows/quick-create-powershell). * The [Azure Az PowerShell module](/powershell/azure/new-azureps-module-az) installed on your machine. To install or upgrade, see [How to install the Azure Az PowerShell module](/powershell/azure/install-azure-powershell). * A general familiarity with [Automation runbooks](./manage-runbooks.md). |
automation | Automation Dsc Compile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/automation-dsc-compile.md | You can compile Desired State Configuration (DSC) configurations in Azure Automa - Work with node and non-node data at scale - Significant performance improvement -You can also use Azure Resource Manager templates with Azure Desired State Configuration (DSC) extension to push configurations to your Azure VMs. The Azure DSC extension uses the Azure VM Agent framework to deliver, enact, and report on DSC configurations running on Azure VMs. For compilation details using Azure Resource Manager templates, see [Desired State Configuration extension with Azure Resource Manager templates](../virtual-machines/extensions/dsc-template.md#details). +You can also use Azure Resource Manager templates with Azure Desired State Configuration (DSC) extension to push configurations to your Azure VMs. The Azure DSC extension uses the Azure VM Agent framework to deliver, enact, and report on DSC configurations running on Azure VMs. For compilation details using Azure Resource Manager templates, see [Desired State Configuration extension with Azure Resource Manager templates](/azure/virtual-machines/extensions/dsc-template#details). ## Compile a DSC configuration in Azure State Configuration |
automation | Automation Dsc Extension History | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/automation-dsc-extension-history.md | -The Azure Desired State Configuration (DSC) VM [extension](../virtual-machines/extensions/dsc-overview.md) is updated as-needed to support enhancements and new capabilities delivered by Azure, Windows Server, and the Windows Management Framework (WMF) that includes Windows PowerShell. +The Azure Desired State Configuration (DSC) VM [extension](/azure/virtual-machines/extensions/dsc-overview) is updated as-needed to support enhancements and new capabilities delivered by Azure, Windows Server, and the Windows Management Framework (WMF) that includes Windows PowerShell. This article provides information about each version of the Azure DSC VM extension, what environments it supports, and comments and remarks on new features or changes. This article provides information about each version of the Azure DSC VM extensi [Windows Management Framework 5.1](https://devblogs.microsoft.com/powershell/wmf-5-1-releasing-january-2017/) (installing WMF requires a reboot). For Nano Server, DSC role is installed on the VM. - **New features:**- - Bug fixes & improvements that simplify using Azure Automation State Configuration in the portal and with a Resource Manager template. For more information, see [Default Configuration Script](../virtual-machines/extensions/dsc-overview.md) in the DSC extension documentation. + - Bug fixes & improvements that simplify using Azure Automation State Configuration in the portal and with a Resource Manager template. For more information, see [Default Configuration Script](/azure/virtual-machines/extensions/dsc-overview) in the DSC extension documentation. ### Version 2.26 This article provides information about each version of the Azure DSC VM extensi ## Next steps - For more information about PowerShell DSC, see [PowerShell documentation center](/powershell/dsc/overview).-- Examine the [Resource Manager template for the DSC extension](../virtual-machines/extensions/dsc-template.md).+- Examine the [Resource Manager template for the DSC extension](/azure/virtual-machines/extensions/dsc-template). - For other functionality and resources that you can manage with PowerShell DSC, browse the [PowerShell gallery](https://www.powershellgallery.com/packages?q=DscResource&x=0&y=0).-- For details about passing sensitive parameters into configurations, see [Manage credentials securely with the DSC extension handler](../virtual-machines/extensions/dsc-credentials.md).+- For details about passing sensitive parameters into configurations, see [Manage credentials securely with the DSC extension handler](/azure/virtual-machines/extensions/dsc-credentials). |
automation | Automation Dsc Getting Started | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/automation-dsc-getting-started.md | article, you can use the [Azure Automation Managed Node template](https://github To complete the examples in this article, the following are required: - An Azure Automation account. To learn more about an Automation account and its requirements, see [Automation Account authentication overview](./automation-security-overview.md).-- An Azure Resource Manager VM (not Classic) running a [supported operating system](automation-dsc-overview.md#operating-system-requirements). For instructions on creating a VM, see [Create your first Windows virtual machine in the Azure portal](../virtual-machines/windows/quick-create-portal.md)+- An Azure Resource Manager VM (not Classic) running a [supported operating system](automation-dsc-overview.md#operating-system-requirements). For instructions on creating a VM, see [Create your first Windows virtual machine in the Azure portal](/azure/virtual-machines/windows/quick-create-portal) ## Create a DSC configuration |
automation | Automation Dsc Onboarding | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/automation-dsc-onboarding.md | You can use the [Register-AzAutomationDscNode](/powershell/module/az.automation/ ### Register VMs across Azure subscriptions -The best way to register VMs from other Azure subscriptions is to use the DSC extension in an Azure Resource Manager deployment template. Examples are provided in [Desired State Configuration extension with Azure Resource Manager templates](../virtual-machines/extensions/dsc-template.md). +The best way to register VMs from other Azure subscriptions is to use the DSC extension in an Azure Resource Manager deployment template. Examples are provided in [Desired State Configuration extension with Azure Resource Manager templates](/azure/virtual-machines/extensions/dsc-template). ## Use DSC metaconfiguration to register hybrid machines |
automation | Automation Dsc Remediate | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/automation-dsc-remediate.md | when manually correcting configuration drift. ## Correct drift of Windows virtual machines using PowerShell -You can correct drift of Windows virtual machines using the `Run` command feature. See [Run PowerShell scripts in your Windows VM with Run command](../virtual-machines/windows/run-command.md). +You can correct drift of Windows virtual machines using the `Run` command feature. See [Run PowerShell scripts in your Windows VM with Run command](/azure/virtual-machines/windows/run-command). To force an Azure Automation State Configuration node to download the latest configuration and apply it, use the [Update-DscConfiguration](/powershell/module/psdesiredstateconfiguration/update-dscconfiguration) cmdlet. |
automation | Automation Linux Hrw Install | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/automation-linux-hrw-install.md | -> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). +> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). > [!IMPORTANT] > Azure Automation Agent-based User Hybrid Runbook Worker (Windows and Linux) will retire on **31 August 2024** and wouldn't be supported after that date. You must complete migrating existing Agent-based User Hybrid Runbook Workers to Extension-based Workers before 31 August 2024. Moreover, starting **1 November 2023**, creating new Agent-based Hybrid Workers wouldn't be possible. [Learn more](migrate-existing-agent-based-hybrid-worker-to-extension-based-workers.md). To install and configure a Linux Hybrid Runbook Worker, perform the following st 2. Deploy the Log Analytics agent to the target machine. - - For Azure VMs, install the Log Analytics agent for Linux using the [virtual machine extension for Linux](../virtual-machines/extensions/oms-linux.md). The extension installs the Log Analytics agent on Azure virtual machines, and enrolls virtual machines into an existing Log Analytics workspace. You can use an Azure Resource Manager template, the Azure CLI, or Azure Policy to assign the [Deploy Log Analytics agent for *Linux* or *Windows* VMs](../governance/policy/samples/built-in-policies.md#monitoring) built-in policy definition. Once the agent is installed, the machine can be added to a Hybrid Runbook Worker group in your Automation account. + - For Azure VMs, install the Log Analytics agent for Linux using the [virtual machine extension for Linux](/azure/virtual-machines/extensions/oms-linux). The extension installs the Log Analytics agent on Azure virtual machines, and enrolls virtual machines into an existing Log Analytics workspace. You can use an Azure Resource Manager template, the Azure CLI, or Azure Policy to assign the [Deploy Log Analytics agent for *Linux* or *Windows* VMs](../governance/policy/samples/built-in-policies.md#monitoring) built-in policy definition. Once the agent is installed, the machine can be added to a Hybrid Runbook Worker group in your Automation account. - For non-Azure machines, you can install the Log Analytics agent using [Azure Arc-enabled servers](../azure-arc/servers/overview.md). Azure Arc-enabled servers support deploying the Log Analytics agent using the following methods: To install and configure a Linux Hybrid Runbook Worker, perform the following st 5. Verify the deployment after the script is completed. From the **Hybrid Runbook Worker Groups** page in your Automation account, under the **User hybrid runbook workers group** tab, it shows the new or existing group and the number of members. If it's an existing group, the number of members is incremented. You can select the group from the list on the page, from the left-hand menu choose **Hybrid Workers**. On the **Hybrid Workers** page, you can see each member of the group listed. > [!NOTE]- > If you are using the Log Analytics virtual machine extension for Linux for an Azure VM, we recommend setting `autoUpgradeMinorVersion` to `false` as auto-upgrading versions can cause issues with the Hybrid Runbook Worker. To learn how to upgrade the extension manually, see [Azure CLI deployment](../virtual-machines/extensions/oms-linux.md#azure-cli-deployment). + > If you are using the Log Analytics virtual machine extension for Linux for an Azure VM, we recommend setting `autoUpgradeMinorVersion` to `false` as auto-upgrading versions can cause issues with the Hybrid Runbook Worker. To learn how to upgrade the extension manually, see [Azure CLI deployment](/azure/virtual-machines/extensions/oms-linux#azure-cli-deployment). ## Turn off signature validation |
automation | Automation Runbook Execution | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/automation-runbook-execution.md | The following table lists some runbook execution tasks with the recommended exec If you need to create temporary files as part of your runbook logic, you can use the Temp folder (that is, `$env:TEMP`) in the Azure sandbox for runbooks running in Azure. The only limitation is you can't use more than 1 GB of disk space, which is the quota for each sandbox. When working with PowerShell workflows, this scenario can cause a problem because PowerShell workflows use checkpoints and the script could be retried in a different sandbox. -With the hybrid sandbox, you can use `C:\temp` based on the availability of storage on a Hybrid Runbook Worker. However, per Azure VM recommendations, you shouldn't use the [temporary disk](../virtual-machines/managed-disks-overview.md#temporary-disk) on Windows or Linux for data that needs to be persisted. +With the hybrid sandbox, you can use `C:\temp` based on the availability of storage on a Hybrid Runbook Worker. However, per Azure VM recommendations, you shouldn't use the [temporary disk](/azure/virtual-machines/managed-disks-overview#temporary-disk) on Windows or Linux for data that needs to be persisted. ## Resources |
automation | Automation Tutorial Installed Software | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/automation-tutorial-installed-software.md | To complete this tutorial, you need: * An Azure subscription. If you don't have one yet, you can [activate your MSDN subscriber benefits](https://azure.microsoft.com/pricing/member-offers/msdn-benefits-details/) or sign up for a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). * An [Automation account](./index.yml) to hold the watcher and action runbooks and the Watcher task.-* A [virtual machine](../virtual-machines/windows/quick-create-portal.md) to enable for the feature. +* A [virtual machine](/azure/virtual-machines/windows/quick-create-portal) to enable for the feature. ## Log in to Azure |
automation | Automation Windows Hrw Install | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/automation-windows-hrw-install.md | To install and configure a Windows Hybrid Runbook Worker, perform the following 1. Deploy the Log Analytics agent to the target machine. - - For Azure VMs, install the Log Analytics agent for Windows using the [virtual machine extension for Windows](../virtual-machines/extensions/oms-windows.md). The extension installs the Log Analytics agent on Azure virtual machines, and enrolls virtual machines into an existing Log Analytics workspace. You can use an Azure Resource Manager template, PowerShell, or Azure Policy to assign the [Deploy Log Analytics agent for *Linux* or *Windows* VMs](../governance/policy/samples/built-in-policies.md#monitoring) built-in policy definition. Once the agent is installed, the machine can be added to a Hybrid Runbook Worker group in your Automation account. + - For Azure VMs, install the Log Analytics agent for Windows using the [virtual machine extension for Windows](/azure/virtual-machines/extensions/oms-windows). The extension installs the Log Analytics agent on Azure virtual machines, and enrolls virtual machines into an existing Log Analytics workspace. You can use an Azure Resource Manager template, PowerShell, or Azure Policy to assign the [Deploy Log Analytics agent for *Linux* or *Windows* VMs](../governance/policy/samples/built-in-policies.md#monitoring) built-in policy definition. Once the agent is installed, the machine can be added to a Hybrid Runbook Worker group in your Automation account. - For non-Azure machines, you can install the Log Analytics agent using [Azure Arc-enabled servers](../azure-arc/servers/overview.md). Azure Arc-enabled servers support deploying the Log Analytics agent using the following methods: The *Azure Automation* folder has a sub-folder with the version number as the na Azure Automation [Agent-based User Hybrid Runbook Worker](automation-hybrid-runbook-worker.md) (V1) requires the [Log Analytics agent](../azure-monitor/agents/log-analytics-agent.md) (also known as MMA agent) during the installation of the Hybrid Worker. We recommend you to update the Log Analytics agent to the latest version to reduce security vulnerabilities and benefit from bug fixes. -Log Analytics agent versions prior to [10.20.18053 (bundle) and 1.0.18053.0 (extension)](../virtual-machines/extensions/oms-windows.md#agent-and-vm-extension-version) use an older method of certificate handling, and hence it is **not recommended**. Hybrid Workers on the outdated agents will not be able to connect to Azure, and Azure Automation jobs executed by these Hybrid Workers will stop. +Log Analytics agent versions prior to [10.20.18053 (bundle) and 1.0.18053.0 (extension)](/azure/virtual-machines/extensions/oms-windows#agent-and-vm-extension-version) use an older method of certificate handling, and hence it is **not recommended**. Hybrid Workers on the outdated agents will not be able to connect to Azure, and Azure Automation jobs executed by these Hybrid Workers will stop. You must update the Log Analytics agent to the latest version by following the below steps: 1. Check the current version of the Log Analytics agent for your Windows Hybrid Worker: Go to the installation path - *C:\ProgramFiles\Microsoft Monitoring Agent\Agent* and right-click *HealthService.exe* to check **Properties**. The field **Product version** provides the version number of the Log Analytics agent.-2. If your Log Analytics agent version is prior to [10.20.18053 (bundle) and 1.0.18053.0 (extension)](../virtual-machines/extensions/oms-windows.md#agent-and-vm-extension-version), upgrade to the latest version of the Windows Log Analytics agent, following these [guidelines](../azure-monitor/agents/agent-manage.md). +2. If your Log Analytics agent version is prior to [10.20.18053 (bundle) and 1.0.18053.0 (extension)](/azure/virtual-machines/extensions/oms-windows#agent-and-vm-extension-version), upgrade to the latest version of the Windows Log Analytics agent, following these [guidelines](../azure-monitor/agents/agent-manage.md). > [!NOTE] > Any Azure Automation jobs running on the Hybrid Worker during the upgrade process might stop. Ensure that there arenΓÇÖt any jobs running or scheduled during the Log Analytics agent upgrade. |
automation | Enable From Automation Account | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/change-tracking/enable-from-automation-account.md | This article describes how you can use your Automation account to enable [Change * Azure subscription. If you don't have one yet, you can [activate your MSDN subscriber benefits](https://azure.microsoft.com/pricing/member-offers/msdn-benefits-details/) or sign up for a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). * [Automation account](../automation-security-overview.md) to manage machines.-* A [virtual machine](../../virtual-machines/windows/quick-create-portal.md). +* A [virtual machine](/azure/virtual-machines/windows/quick-create-portal). ## Sign in to Azure |
automation | Enable From Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/change-tracking/enable-from-portal.md | The number of resource groups that you can use for managing your VMs is limited * Azure subscription. If you don't have one yet, you can [activate your MSDN subscriber benefits](https://azure.microsoft.com/pricing/member-offers/msdn-benefits-details/) or sign up for a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). * [Automation account](../automation-security-overview.md) to manage machines.-* A [virtual machine](../../virtual-machines/windows/quick-create-portal.md). +* A [virtual machine](/azure/virtual-machines/windows/quick-create-portal). ## Sign in to Azure |
automation | Enable From Runbook | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/change-tracking/enable-from-runbook.md | This method uses two runbooks: * Azure subscription. If you don't have one yet, you can [activate your MSDN subscriber benefits](https://azure.microsoft.com/pricing/member-offers/msdn-benefits-details/) or sign up for a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). * [Automation account](../automation-security-overview.md) to manage machines. * [Log Analytics workspace](../../azure-monitor/logs/log-analytics-workspace-overview.md)-* A [virtual machine](../../virtual-machines/windows/quick-create-portal.md). +* A [virtual machine](/azure/virtual-machines/windows/quick-create-portal). * Two Automation assets, which are used by the **Enable-AutomationSolution** runbook. This runbook, if it doesn't already exist in your Automation account, is automatically imported by the **Enable-MultipleSolution** runbook during its first run. * *LASolutionSubscriptionId*: Subscription ID of where the Log Analytics workspace is located. * *LASolutionWorkspaceId*: Workspace ID of the Log Analytics workspace linked to your Automation account. |
automation | Enable From Vm | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/change-tracking/enable-from-vm.md | This article describes how you can use an Azure VM to enable [Change Tracking an * Azure subscription. If you don't have one yet, you can [activate your MSDN subscriber benefits](https://azure.microsoft.com/pricing/member-offers/msdn-benefits-details/) or sign up for a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). * [Automation account](../automation-security-overview.md) to manage machines.-* A [virtual machine](../../virtual-machines/windows/quick-create-portal.md). +* A [virtual machine](/azure/virtual-machines/windows/quick-create-portal). ## Sign in to Azure |
automation | Enable Vms Monitoring Agent | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/change-tracking/enable-vms-monitoring-agent.md | This article describes how you can enable [Change Tracking and Inventory](overvi ## Prerequisites - An Azure subscription. If you don't have one yet, you can [activate your MSDN subscriber benefits](https://azure.microsoft.com/pricing/member-offers/msdn-benefits-details/) or sign up for a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).-- A [virtual machine](../../virtual-machines/windows/quick-create-portal.md) configured in the specified region.+- A [virtual machine](/azure/virtual-machines/windows/quick-create-portal) configured in the specified region. ## Enable Change Tracking and Inventory |
automation | Manage Inventory Vms | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/change-tracking/manage-inventory-vms.md | Azure Automation Change Tracking and Inventory provides a browser-based user int If you don't have an Azure subscription, [create a free account](https://azure.microsoft.com/free/). -This article assumes that you have a VM to enable with Change Tracking and Inventory. If you don't have an Azure VM, you can [create a VM](../../virtual-machines/windows/quick-create-portal.md). +This article assumes that you have a VM to enable with Change Tracking and Inventory. If you don't have an Azure VM, you can [create a VM](/azure/virtual-machines/windows/quick-create-portal). ## Sign in to the Azure portal |
automation | Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/change-tracking/overview.md | -> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). +> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). > [!Important] > - Change Tracking and Inventory using Log Analytics agent will retire on **31 August 2024** and we recommend that you use Azure Monitoring Agent as the new supporting agent. Follow the guidelines for [migration from Change Tracking and inventory using Log Analytics to Change Tracking and inventory using Azure Monitoring Agent version](guidance-migration-log-analytics-monitoring-agent.md). A key capability of Change Tracking and Inventory is alerting on changes to the For Change Tracking & Inventory, machines use the [Log Analytics agent](../../azure-monitor/agents/log-analytics-agent.md) to collect data about changes to installed software, Windows services, Windows registry and files, and Linux daemons on monitored servers. Soon, Azure will no longer accept connections from older versions of the Windows Log Analytics (LA) agent, also known as the Windows Microsoft Monitoring Agent (MMA), that uses an older method for certificate handling. We recommend to upgrade your agent to the latest version as soon as possible. -[Agents that are on version - 10.20.18053 (bundle) and 1.0.18053.0 (extension)](../../virtual-machines/extensions/oms-windows.md#agent-and-vm-extension-version) or newer aren't affected in response to this change. If you’re on an agent prior to that, your agent will be unable to connect, and the Change Tracking & Inventory pipeline & downstream activities can stop. You can check the current LA agent version in HeartBeat table within your LA Workspace. +[Agents that are on version - 10.20.18053 (bundle) and 1.0.18053.0 (extension)](/azure/virtual-machines/extensions/oms-windows#agent-and-vm-extension-version) or newer aren't affected in response to this change. If you’re on an agent prior to that, your agent will be unable to connect, and the Change Tracking & Inventory pipeline & downstream activities can stop. You can check the current LA agent version in HeartBeat table within your LA Workspace. Ensure to upgrade to the latest version of the Windows Log Analytics agent (MMA) following these [guidelines](../../azure-monitor/agents/agent-manage.md). |
automation | Extension Based Hybrid Runbook Worker Install | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/extension-based-hybrid-runbook-worker-install.md | You can delete an empty Hybrid Runbook Worker group from the portal. ## Automatic upgrade of extension -Hybrid Worker extension supports [Automatic upgrade](../virtual-machines/automatic-extension-upgrade.md) of minor versions by default. We recommend that you enable Automatic upgrades to take advantage of any security or feature updates without manual overhead. However, to prevent the extension from automatically upgrading (for example, if there is a strict change windows and can only be updated at specific time), you can opt out of this feature by setting the `enableAutomaticUpgrade`property in ARM, Bicep template, PowerShell cmdlets to *false*. Set the same property to *true* whenever you want to re-enable the Automatic upgrade. +Hybrid Worker extension supports [Automatic upgrade](/azure/virtual-machines/automatic-extension-upgrade) of minor versions by default. We recommend that you enable Automatic upgrades to take advantage of any security or feature updates without manual overhead. However, to prevent the extension from automatically upgrading (for example, if there is a strict change windows and can only be updated at specific time), you can opt out of this feature by setting the `enableAutomaticUpgrade`property in ARM, Bicep template, PowerShell cmdlets to *false*. Set the same property to *true* whenever you want to re-enable the Automatic upgrade. ```powershell $extensionType = "HybridWorkerForLinux/HybridWorkerForWindows" Using [VM insights](../azure-monitor/vm/vminsights-overview.md), you can monitor - To learn how to troubleshoot your Hybrid Runbook Workers, see [Troubleshoot Hybrid Runbook Worker issues](troubleshoot/extension-based-hybrid-runbook-worker.md). -- To learn about Azure VM extensions, see [Azure VM extensions and features for Windows](../virtual-machines/extensions/features-windows.md) and [Azure VM extensions and features for Linux](../virtual-machines/extensions/features-linux.md).+- To learn about Azure VM extensions, see [Azure VM extensions and features for Windows](/azure/virtual-machines/extensions/features-windows) and [Azure VM extensions and features for Linux](/azure/virtual-machines/extensions/features-linux). - To learn about VM extensions for Arc-enabled servers, see [VM extension management with Azure Arc-enabled servers](../azure-arc/servers/manage-vm-extensions.md). |
automation | Automation Tutorial Runbook Textual | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/learn/automation-tutorial-runbook-textual.md | If you don't have an Azure subscription, create a [free account](https://azure.m * An Azure Automation account with at least one user-assigned managed identity. For more information, see [Enable managed identity](../quickstarts/enable-managed-identity.md). * Az modules: `Az.Accounts` and `Az.Compute` imported into the Automation account. For more information, see [Import Az modules](../shared-resources/modules.md#import-az-modules).-* Two or more [Azure virtual machines](../../virtual-machines/windows/quick-create-powershell.md). Since you stop and start these machines, they shouldn't be production VMs. +* Two or more [Azure virtual machines](/azure/virtual-machines/windows/quick-create-powershell). Since you stop and start these machines, they shouldn't be production VMs. * The [Azure Az PowerShell module](/powershell/azure/new-azureps-module-az) installed on your machine. To install or upgrade, see [How to install the Azure Az PowerShell module](/powershell/azure/install-azure-powershell). ## Assign permissions to managed identities |
automation | Powershell Runbook Managed Identity | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/learn/powershell-runbook-managed-identity.md | If you don't have an Azure subscription, create a [free account](https://azure.m * An Azure Automation account with at least one user-assigned managed identity. For more information, see [Using a user-assigned managed identity for an Azure Automation account](../add-user-assigned-identity.md). * Az modules: `Az.Accounts`, `Az.Automation`, `Az.ManagedServiceIdentity`, and `Az.Compute` imported into the Automation account. For more information, see [Import Az modules](../shared-resources/modules.md#import-az-modules). * The [Azure Az PowerShell module](/powershell/azure/new-azureps-module-az) installed on your machine. To install or upgrade, see [How to install the Azure Az PowerShell module](/powershell/azure/install-azure-powershell). `Az.ManagedServiceIdentity` is a preview module and not installed as part of the Az module. To install it, run `Install-Module -Name Az.ManagedServiceIdentity`.-* An [Azure virtual machine](../../virtual-machines/windows/quick-create-powershell.md). Since you stop and start this machine, it shouldn't be a production VM. +* An [Azure virtual machine](/azure/virtual-machines/windows/quick-create-powershell). Since you stop and start this machine, it shouldn't be a production VM. * A general familiarity with [Automation runbooks](../manage-runbooks.md). ## Assign permissions to managed identities |
automation | Migrate Existing Agent Based Hybrid Worker To Extension Based Workers | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/migrate-existing-agent-based-hybrid-worker-to-extension-based-workers.md | New-AzConnectedMachineExtension -ResourceGroupName <VMResourceGroupName> -Locati - To learn more about Hybrid Runbook Worker, see [Automation Hybrid Runbook Worker overview](automation-hybrid-runbook-worker.md). - To deploy Extension-based Hybrid Worker, see [Deploy an extension-based Windows or Linux User Hybrid Runbook Worker in Azure Automation](extension-based-hybrid-runbook-worker-install.md).-- To learn about Azure VM extensions, see [Azure VM extensions and features for Windows](../virtual-machines/extensions/features-windows.md) and [Azure VM extensions and features for Linux](../virtual-machines/extensions/features-linux.md).+- To learn about Azure VM extensions, see [Azure VM extensions and features for Windows](/azure/virtual-machines/extensions/features-windows) and [Azure VM extensions and features for Linux](/azure/virtual-machines/extensions/features-linux). |
automation | Migrate Run As Accounts Managed Identity | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/migrate-run-as-accounts-managed-identity.md | Before you migrate from a Run As account or Classic Run As account to a managed For example, if the Automation account is required only to start or stop an Azure VM, then the permissions assigned to the Run As account need to be only for starting or stopping the VM. Similarly, assign read-only permissions if a runbook is reading from Azure Blob Storage. For more information, see [Azure Automation security guidelines](../automation/automation-security-guidelines.md#authentication-certificate-and-identities). -1. If you're using Classic Run As accounts, ensure that you have [migrated](../virtual-machines/classic-vm-deprecation.md) resources deployed through classic deployment model to Azure Resource Manager. +1. If you're using Classic Run As accounts, ensure that you have [migrated](/azure/virtual-machines/classic-vm-deprecation) resources deployed through classic deployment model to Azure Resource Manager. 1. Use [this script](https://github.com/azureautomation/runbooks/blob/master/Utility/AzRunAs/Check-AutomationRunAsAccountRoleAssignments.ps1) to find out which Automation accounts are using a Run As account. If your Azure Automation accounts contain a Run As account, it has the built-in contributor role assigned to it by default. You can use the script to check the Azure Automation Run As accounts and determine if their role assignment is the default one or if it has been changed to a different role definition. 1. Use [this script](https://github.com/azureautomation/runbooks/blob/master/Utility/AzRunAs/IdentifyRunAsRunbooks.ps1) to find out if all runbooks in your Automation account are using the Run As account. |
automation | Desired State Configuration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/troubleshoot/desired-state-configuration.md | The [xDscDiagnostics](https://github.com/PowerShell/xDscDiagnostics) module can You can install the `xDscDiagnostics` module on your local machine by following the instructions in [Install the stable version module](https://github.com/PowerShell/xDscDiagnostics#install-the-stable-version-module). -To install the `xDscDiagnostics` module on your Azure machine, use [Invoke-AzVMRunCommand](/powershell/module/az.compute/invoke-azvmruncommand). You can also use the **Run command** option in the Azure portal by following the steps in [Run PowerShell scripts in your Windows VM with Run Command](../../virtual-machines/windows/run-command.md). +To install the `xDscDiagnostics` module on your Azure machine, use [Invoke-AzVMRunCommand](/powershell/module/az.compute/invoke-azvmruncommand). You can also use the **Run command** option in the Azure portal by following the steps in [Run PowerShell scripts in your Windows VM with Run Command](/azure/virtual-machines/windows/run-command). For information on using **xDscDiagnostics**, see [Using xDscDiagnostics to analyze DSC logs](/powershell/dsc/troubleshooting/troubleshooting#using-xdscdiagnostics-to-analyze-dsc-logs). See also [xDscDiagnostics Cmdlets](https://github.com/PowerShell/xDscDiagnostics#cmdlets). |
automation | Update Agent Issues Linux | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/troubleshoot/update-agent-issues-linux.md | For Azure machines, select the **troubleshoot** link under the **Update Agent Re > [!NOTE] > The checks require the VM to be running. If the VM isn't running, **Start the VM** appears. -On the Troubleshoot Update Agent page, select **Run Checks** to start the troubleshooter. The troubleshooter uses [Run command](../../virtual-machines/linux/run-command.md) to run a script on the machine to verify the dependencies. When the troubleshooter is finished, it returns the result of the checks. +On the Troubleshoot Update Agent page, select **Run Checks** to start the troubleshooter. The troubleshooter uses [Run command](/azure/virtual-machines/linux/run-command) to run a script on the machine to verify the dependencies. When the troubleshooter is finished, it returns the result of the checks. :::image type="content" source="../media/update-agent-issues-linux/troubleshoot-page.png" alt-text="Screenshot of Troubleshoot page."::: HTTP_PROXY ### IMDS connectivity check -To fix this issue, allow access to IP **169.254.169.254**. For more information, see [Access Azure Instance Metadata Service](../../virtual-machines/windows/instance-metadata-service.md#azure-instance-metadata-service-windows) +To fix this issue, allow access to IP **169.254.169.254**. For more information, see [Access Azure Instance Metadata Service](/azure/virtual-machines/windows/instance-metadata-service#azure-instance-metadata-service-windows) After the network changes, you can either rerun the Troubleshooter or run the below commands to validate: Curl on provided OMS endpoint ### Software repositories -Fix this issue by allowing the prerequisite Repo URL. For RHEL, see [here](../../virtual-machines/workloads/redhat/redhat-rhui.md#troubleshoot-connection-problems-to-azure-rhui). +Fix this issue by allowing the prerequisite Repo URL. For RHEL, see [here](/azure/virtual-machines/workloads/redhat/redhat-rhui#troubleshoot-connection-problems-to-azure-rhui). Post making Network changes you can either rerun the Troubleshooter or |
automation | Update Agent Issues | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/troubleshoot/update-agent-issues.md | For Azure machines, you can launch the Troubleshoot Update Agent page by selecti > [!NOTE] > To check the health of the Hybrid Runbook Worker, the VM must be running. If the VM isn't running, a **Start the VM** button appears. -On the Troubleshoot Update Agent page, select **Run checks** to start the troubleshooter. The troubleshooter uses [Run Command](../../virtual-machines/windows/run-command.md) to run a script on the machine, to verify dependencies. When the troubleshooter is finished, it returns the result of the checks. +On the Troubleshoot Update Agent page, select **Run checks** to start the troubleshooter. The troubleshooter uses [Run Command](/azure/virtual-machines/windows/run-command) to run a script on the machine, to verify dependencies. When the troubleshooter is finished, it returns the result of the checks. :::image type="content" source="../media/update-agent-issues/troubleshoot-page.png" alt-text="Screenshot of the Troubleshoot Update Agent page."::: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings ### IMDS endpoint connectivity -To fix the issue, allow access to IP **169.254.169.254** </br> For more information see, [access Azure instance metadata service](../../virtual-machines/windows/instance-metadata-service.md#access-azure-instance-metadata-service) +To fix the issue, allow access to IP **169.254.169.254** </br> For more information see, [access Azure instance metadata service](/azure/virtual-machines/windows/instance-metadata-service#access-azure-instance-metadata-service) After the network changes, you can either rerun the Troubleshooter or run the below commands to validate: |
automation | Update Management | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/troubleshoot/update-management.md | -> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). +> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). This article discusses issues that you might run into when using the Update Management feature to assess and manage updates on your machines. There's an agent troubleshooter for the Hybrid Runbook Worker agent to help determine the underlying problem. To learn more about the troubleshooter, see [Troubleshoot Windows update agent issues](update-agent-issues.md) and [Troubleshoot Linux update agent issues](update-agent-issues-linux.md). For other feature deployment issues, see [Troubleshoot feature deployment issues](onboarding.md). |
automation | Tutorial Configure Servers Desired State | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/tutorial-configure-servers-desired-state.md | For this tutorial, we use a simple [DSC configuration](/powershell/dsc/configura - An Azure Automation account. To learn more about an Automation account and its requirements, see [Automation Account authentication overview](./automation-security-overview.md). - An Azure Resource Manager VM (not classic) running Windows Server 2008 R2 or later. For instructions on creating a VM, see- [Create your first Windows virtual machine in the Azure portal](../virtual-machines/windows/quick-create-portal.md). + [Create your first Windows virtual machine in the Azure portal](/azure/virtual-machines/windows/quick-create-portal). - Azure PowerShell module version 3.6 or later. Run `Get-Module -ListAvailable Az` to find the version. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/azurerm/install-azurerm-ps). - Familiarity with Desired State Configuration (DSC). For information about DSC, see [Windows PowerShell Desired State Configuration Overview](/powershell/dsc/overview). |
automation | Deploy Updates | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/update-management/deploy-updates.md | -> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). +> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). This article describes how to schedule an update deployment and review the process after the deployment is complete. You can configure an update deployment from a selected Azure virtual machine, from the selected Azure Arc-enabled server, or from the Automation account across all configured machines and servers. |
automation | Enable From Automation Account | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/update-management/enable-from-automation-account.md | This article describes how you can use your Automation account to enable the [Up * Azure subscription. If you don't have one yet, you can [activate your MSDN subscriber benefits](https://azure.microsoft.com/pricing/member-offers/msdn-benefits-details/) or sign up for a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). * [Automation account](../automation-security-overview.md) to manage machines.-* An [Azure virtual machine](../../virtual-machines/windows/quick-create-portal.md), or VM or server registered with Azure Arc-enabled servers. Non-Azure VMs or servers need to have the [Log Analytics agent](../../azure-monitor/agents/log-analytics-agent.md) for Windows or Linux installed and reporting to the workspace linked to the Automation account where Update Management is enabled. We recommend installing the Log Analytics agent for Windows or Linux by first connecting your machine to [Azure Arc-enabled servers](../../azure-arc/servers/overview.md), and then use Azure Policy to assign the [Deploy Log Analytics agent to *Linux* or *Windows* Azure Arc machines](../../governance/policy/samples/built-in-policies.md#monitoring) built-in policy. Alternatively, if you plan to monitor the machines with Azure Monitor for VMs, instead use the [Enable Azure Monitor for VMs](../../governance/policy/samples/built-in-initiatives.md#monitoring) initiative. +* An [Azure virtual machine](/azure/virtual-machines/windows/quick-create-portal), or VM or server registered with Azure Arc-enabled servers. Non-Azure VMs or servers need to have the [Log Analytics agent](../../azure-monitor/agents/log-analytics-agent.md) for Windows or Linux installed and reporting to the workspace linked to the Automation account where Update Management is enabled. We recommend installing the Log Analytics agent for Windows or Linux by first connecting your machine to [Azure Arc-enabled servers](../../azure-arc/servers/overview.md), and then use Azure Policy to assign the [Deploy Log Analytics agent to *Linux* or *Windows* Azure Arc machines](../../governance/policy/samples/built-in-policies.md#monitoring) built-in policy. Alternatively, if you plan to monitor the machines with Azure Monitor for VMs, instead use the [Enable Azure Monitor for VMs](../../governance/policy/samples/built-in-initiatives.md#monitoring) initiative. ## Sign in to Azure |
automation | Enable From Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/update-management/enable-from-portal.md | The number of resource groups that you can use for managing your VMs is limited * Azure subscription. If you don't have one yet, you can [activate your MSDN subscriber benefits](https://azure.microsoft.com/pricing/member-offers/msdn-benefits-details/) or sign up for a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). * [Automation account](../automation-security-overview.md) to manage machines.-* A [virtual machine](../../virtual-machines/windows/quick-create-portal.md). +* A [virtual machine](/azure/virtual-machines/windows/quick-create-portal). ## Sign in to Azure |
automation | Enable From Runbook | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/update-management/enable-from-runbook.md | This method uses two runbooks: * Azure subscription. If you don't have one yet, you can [activate your MSDN subscriber benefits](https://azure.microsoft.com/pricing/member-offers/msdn-benefits-details/) or sign up for a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). * [Automation account](../automation-security-overview.md) to manage machines. * [Log Analytics workspace](../../azure-monitor/logs/log-analytics-workspace-overview.md)-* A [virtual machine](../../virtual-machines/windows/quick-create-portal.md). +* A [virtual machine](/azure/virtual-machines/windows/quick-create-portal). * Two Automation assets, which are used by the **Enable-AutomationSolution** runbook. This runbook, if it doesn't already exist in your Automation account, is automatically imported by the **Enable-MultipleSolution** runbook during its first run. * *LASolutionSubscriptionId*: Subscription ID of where the Log Analytics workspace is located. * *LASolutionWorkspaceId*: Workspace ID of the Log Analytics workspace linked to your Automation account. |
automation | Enable From Vm | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/update-management/enable-from-vm.md | This article describes how you can enable the [Update Management](overview.md) f * Azure subscription. If you don't have one yet, you can [activate your MSDN subscriber benefits](https://azure.microsoft.com/pricing/member-offers/msdn-benefits-details/) or sign up for a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). * [Automation account](../automation-security-overview.md) to manage machines.-* A [virtual machine](../../virtual-machines/windows/quick-create-portal.md). +* A [virtual machine](/azure/virtual-machines/windows/quick-create-portal). ## Sign in to Azure |
automation | Manage Updates For Vm | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/update-management/manage-updates-for-vm.md | -> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). +> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). Software updates in Azure Automation Update Management provides a set of tools and resources that can help manage the complex task of tracking and applying software updates to machines in Azure and hybrid cloud. An effective software update management process is necessary to maintain operational efficiency, overcome security issues, and reduce the risks of increased cyber security threats. However, because of the changing nature of technology and the continual appearance of new security threats, effective software update management requires consistent and continual attention. |
automation | Operating System Requirements | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/update-management/operating-system-requirements.md | -> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). +> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). This article details the Windows and Linux operating systems supported and system requirements for machines or servers managed by Update Management. All operating systems are assumed to be x64. x86 is not supported for any operat > [!NOTE]-> Update Management does not support automating update management across all instances in an Azure virtual machine scale set. [Automatic OS image upgrades](../../virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-upgrade.md) is the recommended method for managing OS image upgrades on your scale set. +> Update Management does not support automating update management across all instances in an Azure virtual machine scale set. [Automatic OS image upgrades](/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-upgrade) is the recommended method for managing OS image upgrades on your scale set. ## Unsupported operating systems |
automation | Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/update-management/overview.md | -> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). +> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). > [!Important] > - Azure Automation Update Management will retire on **31 August 2024**. Follow the guidelines for [migration to Azure Update Manager](../../update-manager/guidance-migration-automation-update-management-azure-update-manager.md). As a service provider, you may have onboarded multiple customer tenants to [Azur Microsoft offers other capabilities to help you manage updates for your Azure VMs or Azure virtual machine scale sets that you should consider as part of your overall update management strategy. -- If you are interested in automatically assessing and updating your Azure virtual machines to maintain security compliance with *Critical* and *Security* updates released each month, review [Automatic VM guest patching](../../virtual-machines/automatic-vm-guest-patching.md). This is an alternative update management solution for your Azure VMs to auto-update them during off-peak hours, including VMs within an availability set, compared to managing update deployments to those VMs from Update Management in Azure Automation. +- If you are interested in automatically assessing and updating your Azure virtual machines to maintain security compliance with *Critical* and *Security* updates released each month, review [Automatic VM guest patching](/azure/virtual-machines/automatic-vm-guest-patching). This is an alternative update management solution for your Azure VMs to auto-update them during off-peak hours, including VMs within an availability set, compared to managing update deployments to those VMs from Update Management in Azure Automation. -- If you manage Azure virtual machine scale sets, review how to perform [automatic OS image upgrades](../../virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-upgrade.md) to safely and automatically upgrade the OS disk for all instances in the scale set. +- If you manage Azure virtual machine scale sets, review how to perform [automatic OS image upgrades](/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-upgrade) to safely and automatically upgrade the OS disk for all instances in the scale set. Before deploying Update Management and enabling your machines for management, make sure that you understand the information in the following sections. Update Management relies on the locally configured update repository to update s ## Update Windows Log Analytics agent to latest version -Update Management requires [Log Analytics agent](../../azure-monitor/agents/log-analytics-agent.md)  for its functioning. We recommend you to update Windows Log Analytics agent (also known as Windows Microsoft Monitoring Agent (MMA)) to the latest version to reduce security vulnerabilities and benefit from bug fixes. Log Analytics agent versions prior to [10.20.18053 (bundle) and 1.0.18053.0 (extension)](../../virtual-machines/extensions/oms-windows.md#agent-and-vm-extension-version) use an older method of certificate handling and hence it is not recommended. Older Windows Log Analytics agents would not be able to connect to Azure and Update Management would stop working on them. +Update Management requires [Log Analytics agent](../../azure-monitor/agents/log-analytics-agent.md)  for its functioning. We recommend you to update Windows Log Analytics agent (also known as Windows Microsoft Monitoring Agent (MMA)) to the latest version to reduce security vulnerabilities and benefit from bug fixes. Log Analytics agent versions prior to [10.20.18053 (bundle) and 1.0.18053.0 (extension)](/azure/virtual-machines/extensions/oms-windows#agent-and-vm-extension-version) use an older method of certificate handling and hence it is not recommended. Older Windows Log Analytics agents would not be able to connect to Azure and Update Management would stop working on them. You must update Log Analytics agent to the latest version, by following below steps:  1. Check the current version of Log Analytics agent for your machine:  Go to the installation path - *C:\ProgramFiles\Microsoft Monitoring Agent\Agent* and right-click on *HealthService.exe* to check **Properties**. In the **Details** tab, the field **Product version** provides version number of the Log Analytics agent. -1. If your Log Analytics agent version is prior to [10.20.18053 (bundle) and 1.0.18053.0 (extension)](../../virtual-machines/extensions/oms-windows.md#agent-and-vm-extension-version), upgrade to the latest version of the Windows Log Analytics agent, following these [guidelines](../../azure-monitor/agents/agent-manage.md).  +1. If your Log Analytics agent version is prior to [10.20.18053 (bundle) and 1.0.18053.0 (extension)](/azure/virtual-machines/extensions/oms-windows#agent-and-vm-extension-version), upgrade to the latest version of the Windows Log Analytics agent, following these [guidelines](../../azure-monitor/agents/agent-manage.md).  >[!NOTE] > During the upgrade process, update management schedules might fail. Ensure to do this when there is no planned schedule. |
automation | Plan Deployment | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/update-management/plan-deployment.md | Update Management supports specific versions of the Windows Server and Linux ope The [Log Analytics agent](../../azure-monitor/agents/log-analytics-agent.md) for Windows and Linux is required to support Update Management. The agent is used for both data collection, and the Automation system Hybrid Runbook Worker role to support Update Management runbooks used to manage the assessment and update deployments on the machine. -On Azure VMs, if the Log Analytics agent isn't already installed, when you enable Update Management for the VM it is automatically installed using the Log Analytics VM extension for [Windows](../../virtual-machines/extensions/oms-windows.md) or [Linux](../../virtual-machines/extensions/oms-linux.md). The agent is configured to report to the Log Analytics workspace linked to the Automation account Update Management is enabled in. +On Azure VMs, if the Log Analytics agent isn't already installed, when you enable Update Management for the VM it is automatically installed using the Log Analytics VM extension for [Windows](/azure/virtual-machines/extensions/oms-windows) or [Linux](/azure/virtual-machines/extensions/oms-linux). The agent is configured to report to the Log Analytics workspace linked to the Automation account Update Management is enabled in. Non-Azure VMs or servers need to have the Log Analytics agent for Windows or Linux installed and reporting to the linked workspace. We recommend installing the Log Analytics agent for Windows or Linux by first connecting your machine to [Azure Arc-enabled servers](../../azure-arc/servers/overview.md), and then use Azure Policy to assign the [Deploy Log Analytics agent to Linux or Windows Azure Arc machines](../../governance/policy/samples/built-in-policies.md#monitoring) built-in policy definition. Alternatively, if you plan to monitor the machines with [VM insights](../../azure-monitor/vm/vminsights-overview.md), instead use the [Enable Azure Monitor for VMs](../../governance/policy/samples/built-in-initiatives.md#monitoring) initiative. Review [Azure Automation Network Configuration](../automation-network-configurat For Windows machines, you must also allow traffic to any endpoints required by Windows Update agent. You can find an updated list of required endpoints in [Issues related to HTTP/Proxy](/windows/deployment/update/windows-update-troubleshooting#issues-related-to-httpproxy). If you have a local [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/plan/plan-your-wsus-deployment) deployment, you must also allow traffic to the server specified in your [WSUS key](/windows/deployment/update/waas-wu-settings#configuring-automatic-updates-by-editing-the-registry). -For Red Hat Linux machines, see [IPs for the RHUI content delivery servers](../../virtual-machines/workloads/redhat/redhat-rhui.md#the-ips-for-the-rhui-content-delivery-servers) for required endpoints. For other Linux distributions, see your provider documentation. +For Red Hat Linux machines, see [IPs for the RHUI content delivery servers](/azure/virtual-machines/workloads/redhat/redhat-rhui#the-ips-for-the-rhui-content-delivery-servers) for required endpoints. For other Linux distributions, see your provider documentation. If your IT security policies do not allow machines on the network to connect to the internet, you can set up a [Log Analytics gateway](../../azure-monitor/agents/gateway.md) and then configure the machine to connect through the gateway to Azure Automation and Azure Monitor. |
automation | View Update Assessments | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/update-management/view-update-assessments.md | -> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). +> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). In Update Management, you can view information about your machines, missing updates, update deployments, and scheduled update deployments. You can view the assessment information scoped to the selected Azure virtual machine, from the selected Azure Arc-enabled server, or from the Automation account across all configured machines and servers. |
automation | Whats New Archive | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/whats-new-archive.md | -> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). +> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). The primary [What's new in Azure Automation?](whats-new.md) article contains updates for the last six months, while this article contains all the older information. |
avere-vfxt | Avere Vfxt Cluster Gui | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/avere-vfxt/avere-vfxt-cluster-gui.md | There are two basic steps: > [!NOTE] > This article assumes that you have set a public IP address on the cluster controller or on another VM inside your cluster's virtual network. This article describes how to use that VM as a host to access the cluster. If you are using a VPN or ExpressRoute for virtual network access, skip to [Connect to the Avere Control Panel](#connect-to-the-avere-control-panel-in-a-browser). -Before connecting, make sure that the SSH public/private key pair that you used when creating the cluster controller is installed on your local machine. Read the SSH keys documentation for [Windows](../virtual-machines/linux/ssh-from-windows.md) or for [Linux](../virtual-machines/linux/mac-create-ssh-keys.md) if you need help. If you used a password instead of a public key, you will be prompted to enter it when you connect. +Before connecting, make sure that the SSH public/private key pair that you used when creating the cluster controller is installed on your local machine. Read the SSH keys documentation for [Windows](/azure/virtual-machines/linux/ssh-from-windows) or for [Linux](/azure/virtual-machines/linux/mac-create-ssh-keys) if you need help. If you used a password instead of a public key, you will be prompted to enter it when you connect. ## Create an SSH tunnel |
avere-vfxt | Avere Vfxt Deploy Plan | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/avere-vfxt/avere-vfxt-deploy-plan.md | Each vFXT node will be identical. That is, if you create a three-node cluster yo Disk cache per node is configurable and can rage from 1000 GB to 8000 GB. 4 TB per node is the recommended cache size for Standard_E32s_v3 nodes. -For additional information about these VMs, read the Microsoft Azure documentation: [Memory optimized virtual machine sizes](../virtual-machines/sizes-memory.md) +For additional information about these VMs, read the Microsoft Azure documentation: [Memory optimized virtual machine sizes](/azure/virtual-machines/sizes-memory) ## Account quota |
avere-vfxt | Avere Vfxt Deploy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/avere-vfxt/avere-vfxt-deploy.md | Fill in the following information: * **Controller username** - Set the root username for the cluster controller VM. -* **Authentication type** - Choose either password or SSH public key authentication for connecting to the controller. The SSH public key method is recommended; read [How to create and use SSH keys](../virtual-machines/linux/ssh-from-windows.md) if you need help. +* **Authentication type** - Choose either password or SSH public key authentication for connecting to the controller. The SSH public key method is recommended; read [How to create and use SSH keys](/azure/virtual-machines/linux/ssh-from-windows) if you need help. * **Password** or **SSH public key** - Depending on the authentication type you selected, you must provide an RSA public key or a password in the next fields. This credential is used with the username provided earlier. |
azure-app-configuration | Howto Integrate Azure Managed Service Identity | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/howto-integrate-azure-managed-service-identity.md | This article shows how you can take advantage of the managed identity to access :::zone-end > [!IMPORTANT]-> Managed identity can't be used to authenticate locally running applications. Your application must be deployed to an Azure service that supports Managed Identity. This article uses Azure App Service as an example. However, the same concept applies to any other Azure service that supports managed identity. For example, [Azure Kubernetes Service](/azure/aks/use-azure-ad-pod-identity), [Azure Virtual Machine](../active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm.md), and [Azure Container Instances](../container-instances/container-instances-managed-identity.md). If your workload is hosted in one of those services, you can also leverage the service's managed identity support. +> Managed identity can't be used to authenticate locally running applications. Your application must be deployed to an Azure service that supports Managed Identity. This article uses Azure App Service as an example. However, the same concept applies to any other Azure service that supports managed identity. For example, [Azure Kubernetes Service](/azure/aks/use-azure-ad-pod-identity), [Azure Virtual Machine](../active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm.md), and [Azure Container Instances](/azure/container-instances/container-instances-managed-identity). If your workload is hosted in one of those services, you can also leverage the service's managed identity support. You can use any code editor to do the steps in this tutorial. [Visual Studio Code](https://code.visualstudio.com/) is an excellent option available on the Windows, macOS, and Linux platforms. |
azure-app-configuration | Quickstart Javascript Provider | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/quickstart-javascript-provider.md | async function run() { const config = settings.constructConfigurationObject({ separator: "." }); // Use dot-notation to access configuration console.log("config.message:", config.message); // config.message: undefined- console.log("config.app.greeting:", config.greeting); // config.app.greeting: Hello World - console.log("config.app.json:", config.json); // config.app.json: { myKey: 'myValue' } + console.log("config.app.greeting:", config.app.greeting); // config.app.greeting: Hello World + console.log("config.app.json:", config.app.json); // config.app.json: { myKey: 'myValue' } } run().catch(console.error); |
azure-app-configuration | Rest Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/rest-api.md | The documentation on the [control plane](../azure-resource-manager/management/co - [Common Headers](./rest-api-headers.md) - [Throttling](./rest-api-throttling.md) - [Versioning](./rest-api-versioning.md)--## Development --- [Fiddler](./rest-api-fiddler.md)-- [Postman](./rest-api-postman.md) |
azure-arc | Agent Release Notes Archive | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-arc/servers/agent-release-notes-archive.md | -> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). +> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). The primary [What's new in Azure Connected Machine agent?](agent-release-notes.md) article contains updates for the last six months, while this article contains all the older information. |
azure-arc | Manage Agent | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-arc/servers/manage-agent.md | -> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). +> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). After initial deployment of the Azure Connected Machine agent, you may need to reconfigure the agent, upgrade it, or remove it from the computer. These routine maintenance tasks can be done manually or through automation (which reduces both operational error and expenses). This article describes the operational aspects of the agent. See the [azcmagent CLI documentation](azcmagent.md) for command line reference information. |
azure-arc | Manage Automatic Vm Extension Upgrade | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-arc/servers/manage-automatic-vm-extension-upgrade.md | The extension upgrade process replaces the existing Azure VM extension version s The availability-first model for platform orchestrated updates ensures that availability configurations in Azure are respected across multiple availability levels. -For a group of Arc-enabled servers undergoing an update, the Azure platform will orchestrate updates following the model described in the [Automation Extension Upgrade](../../virtual-machines/automatic-extension-upgrade.md#availability-first-updates). However, there are some notable differences between Arc-enabled servers and Azure VMs: +For a group of Arc-enabled servers undergoing an update, the Azure platform will orchestrate updates following the model described in the [Automation Extension Upgrade](/azure/virtual-machines/automatic-extension-upgrade#availability-first-updates). However, there are some notable differences between Arc-enabled servers and Azure VMs: **Across regions:** |
azure-arc | Manage Vm Extensions Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-arc/servers/manage-vm-extensions-cli.md | -> Azure Arc-enabled servers does not support deploying and managing VM extensions to Azure virtual machines. For Azure VMs, see the following [VM extension overview](../../virtual-machines/extensions/overview.md) article. +> Azure Arc-enabled servers does not support deploying and managing VM extensions to Azure virtual machines. For Azure VMs, see the following [VM extension overview](/azure/virtual-machines/extensions/overview) article. [!INCLUDE [Azure CLI Prepare your environment](~/reusable-content/azure-cli/azure-cli-prepare-your-environment.md)] |
azure-arc | Manage Vm Extensions Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-arc/servers/manage-vm-extensions-portal.md | This article shows you how to deploy, update, and uninstall Azure VM extensions > The Key Vault VM extension does not support deployment from the Azure portal, only using the Azure CLI, the Azure PowerShell, or using an Azure Resource Manager template. > [!NOTE]-> Azure Arc-enabled servers does not support deploying and managing VM extensions to Azure virtual machines. For Azure VMs, see the following [VM extension overview](../../virtual-machines/extensions/overview.md) article. +> Azure Arc-enabled servers does not support deploying and managing VM extensions to Azure virtual machines. For Azure VMs, see the following [VM extension overview](/azure/virtual-machines/extensions/overview) article. ## Enable extensions |
azure-arc | Manage Vm Extensions Powershell | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-arc/servers/manage-vm-extensions-powershell.md | -> Azure Arc-enabled servers does not support deploying and managing VM extensions to Azure virtual machines. For Azure VMs, see the following [VM extension overview](../../virtual-machines/extensions/overview.md) article. +> Azure Arc-enabled servers does not support deploying and managing VM extensions to Azure virtual machines. For Azure VMs, see the following [VM extension overview](/azure/virtual-machines/extensions/overview) article. ## Prerequisites |
azure-arc | Manage Vm Extensions Template | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-arc/servers/manage-vm-extensions-template.md | VM extensions can be added to an Azure Resource Manager template and executed wi >While multiple extensions can be batched together and processed, they are installed serially. Once the first extension installation is complete, installation of the next extension is attempted. > [!NOTE]-> Azure Arc-enabled servers does not support deploying and managing VM extensions to Azure virtual machines. For Azure VMs, see the following [VM extension overview](../../virtual-machines/extensions/overview.md) article. +> Azure Arc-enabled servers does not support deploying and managing VM extensions to Azure virtual machines. For Azure VMs, see the following [VM extension overview](/azure/virtual-machines/extensions/overview) article. ## Deploy the Log Analytics VM extension New-AzResourceGroupDeployment -ResourceGroupName "ContosoEngineering" -TemplateF ## Deploy the Custom Script extension -To use the Custom Script extension, the following sample is provided to run on Windows and Linux. If you are unfamiliar with the Custom Script extension, see [Custom Script extension for Windows](../../virtual-machines/extensions/custom-script-windows.md) or [Custom Script extension for Linux](../../virtual-machines/extensions/custom-script-linux.md). There are a couple of differing characteristics that you should understand when using this extension with hybrid machines: +To use the Custom Script extension, the following sample is provided to run on Windows and Linux. If you are unfamiliar with the Custom Script extension, see [Custom Script extension for Windows](/azure/virtual-machines/extensions/custom-script-windows) or [Custom Script extension for Linux](/azure/virtual-machines/extensions/custom-script-linux). There are a couple of differing characteristics that you should understand when using this extension with hybrid machines: * The list of supported operating systems with the Azure VM Custom Script extension is not applicable to Azure Arc-enabled servers. The list of supported OSs for Azure Arc-enabled servers can be found [here](prerequisites.md#supported-operating-systems). |
azure-arc | Manage Vm Extensions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-arc/servers/manage-vm-extensions.md | -> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). +> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). Virtual machine (VM) extensions are small applications that provide post-deployment configuration and automation tasks on Azure VMs. For example, if a virtual machine requires software installation, anti-virus protection, or to run a script in it, a VM extension can be used. Azure Arc-enabled servers enables you to deploy, remove, and update Azure VM ext - Azure [Resource Manager templates](manage-vm-extensions-template.md) > [!NOTE]-> Azure Arc-enabled servers does not support deploying and managing VM extensions to Azure virtual machines. For Azure VMs, see the following [VM extension overview](../../virtual-machines/extensions/overview.md) article. +> Azure Arc-enabled servers does not support deploying and managing VM extensions to Azure virtual machines. For Azure VMs, see the following [VM extension overview](/azure/virtual-machines/extensions/overview) article. > [!NOTE] > Currently you can only update extensions from the Azure portal or the Azure CLI. Performing this operation from Azure PowerShell, or using an Azure Resource Manager template is not supported at this time. Arc-enabled servers support moving machines with one or more VM extensions insta |Extension |Publisher |Type |Additional information | |-|-|--|--| |Microsoft Defender for Cloud integrated vulnerability scanner |Qualys |WindowsAgent.AzureSecurityCenter |[Microsoft Defender for CloudΓÇÖs integrated vulnerability assessment solution for Azure and hybrid machines](../../security-center/deploy-vulnerability-assessment-vm.md)|-|Microsoft Antimalware extension |Microsoft.Azure.Security |IaaSAntimalware |[Microsoft Antimalware extension for Windows](../../virtual-machines/extensions/iaas-antimalware-windows.md) | -|Custom Script extension |Microsoft.Compute | CustomScriptExtension |[Windows Custom Script Extension](../../virtual-machines/extensions/custom-script-windows.md)| -|Log Analytics agent |Microsoft.EnterpriseCloud.Monitoring |MicrosoftMonitoringAgent |[Log Analytics VM extension for Windows](../../virtual-machines/extensions/oms-windows.md)| -|Azure Monitor for VMs (insights) |Microsoft.Azure.Monitoring.DependencyAgent |DependencyAgentWindows | [Dependency agent virtual machine extension for Windows](../../virtual-machines/extensions/agent-dependency-windows.md)| -|Azure Key Vault Certificate Sync | Microsoft.Azure.Key.Vault |KeyVaultForWindows | [Key Vault virtual machine extension for Windows](../../virtual-machines/extensions/key-vault-windows.md) | +|Microsoft Antimalware extension |Microsoft.Azure.Security |IaaSAntimalware |[Microsoft Antimalware extension for Windows](/azure/virtual-machines/extensions/iaas-antimalware-windows) | +|Custom Script extension |Microsoft.Compute | CustomScriptExtension |[Windows Custom Script Extension](/azure/virtual-machines/extensions/custom-script-windows)| +|Log Analytics agent |Microsoft.EnterpriseCloud.Monitoring |MicrosoftMonitoringAgent |[Log Analytics VM extension for Windows](/azure/virtual-machines/extensions/oms-windows)| +|Azure Monitor for VMs (insights) |Microsoft.Azure.Monitoring.DependencyAgent |DependencyAgentWindows | [Dependency agent virtual machine extension for Windows](/azure/virtual-machines/extensions/agent-dependency-windows)| +|Azure Key Vault Certificate Sync | Microsoft.Azure.Key.Vault |KeyVaultForWindows | [Key Vault virtual machine extension for Windows](/azure/virtual-machines/extensions/key-vault-windows) | |Azure Monitor Agent |Microsoft.Azure.Monitor |AzureMonitorWindowsAgent |[Install the Azure Monitor agent](../../azure-monitor/agents/azure-monitor-agent-manage.md) | |Azure Automation Hybrid Runbook Worker extension |Microsoft.Compute |HybridWorkerForWindows |[Deploy an extension-based User Hybrid Runbook Worker](../../automation/extension-based-hybrid-runbook-worker-install.md) to execute runbooks locally | |Azure Extension for SQL Server |Microsoft.AzureData |WindowsAgent.SqlServer |[Install Azure extension for SQL Server](/sql/sql-server/azure-arc/connect#initiate-the-connection-from-azure) to initiate SQL Server connection to Azure | |Windows Admin Center (preview) |Microsoft.AdminCenter |AdminCenter |[Manage Azure Arc-enabled Servers using Windows Admin Center in Azure](/windows-server/manage/windows-admin-center/azure/manage-arc-hybrid-machines) | |Windows OS Update Extension |WindowsOsUpdateExtension |Microsoft.SoftwareUpdateManagement |[Overview of Azure Update Manager](/azure/update-manager/overview?tabs=azure-vms) |-|Windows Patch Extension |Microsoft.CPlat.Core |WindowsPatchExtension |[Automatic Guest Patching for Azure Virtual Machines and Scale Sets](../../virtual-machines/automatic-vm-guest-patching.md) | +|Windows Patch Extension |Microsoft.CPlat.Core |WindowsPatchExtension |[Automatic Guest Patching for Azure Virtual Machines and Scale Sets](/azure/virtual-machines/automatic-vm-guest-patching) | ### Linux extensions |Extension |Publisher |Type |Additional information | |-|-|--|--| |Microsoft Defender for Cloud integrated vulnerability scanner |Qualys |LinuxAgent.AzureSecurityCenter |[Microsoft Defender for CloudΓÇÖs integrated vulnerability assessment solution for Azure and hybrid machines](../../security-center/deploy-vulnerability-assessment-vm.md)|-|Custom Script extension |Microsoft.Azure.Extensions |CustomScript |[Linux Custom Script Extension Version 2](../../virtual-machines/extensions/custom-script-linux.md) | -|Log Analytics agent |Microsoft.EnterpriseCloud.Monitoring |OmsAgentForLinux |[Log Analytics VM extension for Linux](../../virtual-machines/extensions/oms-linux.md) | -|Azure Monitor for VMs (insights) |Microsoft.Azure.Monitoring.DependencyAgent |DependencyAgentLinux |[Dependency agent virtual machine extension for Linux](../../virtual-machines/extensions/agent-dependency-linux.md) | -|Azure Key Vault Certificate Sync | Microsoft.Azure.Key.Vault |KeyVaultForLinux | [Key Vault virtual machine extension for Linux](../../virtual-machines/extensions/key-vault-linux.md) | +|Custom Script extension |Microsoft.Azure.Extensions |CustomScript |[Linux Custom Script Extension Version 2](/azure/virtual-machines/extensions/custom-script-linux) | +|Log Analytics agent |Microsoft.EnterpriseCloud.Monitoring |OmsAgentForLinux |[Log Analytics VM extension for Linux](/azure/virtual-machines/extensions/oms-linux) | +|Azure Monitor for VMs (insights) |Microsoft.Azure.Monitoring.DependencyAgent |DependencyAgentLinux |[Dependency agent virtual machine extension for Linux](/azure/virtual-machines/extensions/agent-dependency-linux) | +|Azure Key Vault Certificate Sync | Microsoft.Azure.Key.Vault |KeyVaultForLinux | [Key Vault virtual machine extension for Linux](/azure/virtual-machines/extensions/key-vault-linux) | |Azure Monitor Agent |Microsoft.Azure.Monitor |AzureMonitorLinuxAgent |[Install the Azure Monitor agent](../../azure-monitor/agents/azure-monitor-agent-manage.md) | |Azure Automation Hybrid Runbook Worker extension |Microsoft.Compute |HybridWorkerForLinux |[Deploy an extension-based User Hybrid Runbook Worker](../../automation/extension-based-hybrid-runbook-worker-install.md) to execute runbooks locally| |Linux OS Update Extension |Microsoft.SoftwareUpdateManagement |LinuxOsUpdateExtension |[Overview of Azure Update Manager](/azure/update-manager/overview?tabs=azure-vms)|-|Linux Patch Extension |Microsoft.CPlat.Core |LinuxPatchExtension |[Automatic Guest Patching for Azure Virtual Machines and Scale Sets](../../virtual-machines/automatic-vm-guest-patching.md)| +|Linux Patch Extension |Microsoft.CPlat.Core |LinuxPatchExtension |[Automatic Guest Patching for Azure Virtual Machines and Scale Sets](/azure/virtual-machines/automatic-vm-guest-patching)| ## Prerequisites |
azure-arc | Managed Identity Authentication | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-arc/servers/managed-identity-authentication.md | While onboarding your server to Azure Arc-enabled servers, several actions are p - Azure Resource Manager creates a service principal in Microsoft Entra ID for the identity of the server. The service principal is created in the Microsoft Entra tenant that's trusted by the subscription. -- Azure Resource Manager configures the identity on the server by updating the Azure Instance Metadata Service (IMDS) identity endpoint for [Windows](../../virtual-machines/windows/instance-metadata-service.md) or [Linux](../../virtual-machines/linux/instance-metadata-service.md) with the service principal client ID and certificate. The endpoint is a REST endpoint accessible only from within the server using a well-known, non-routable IP address. This service provides a subset of metadata information about the Azure Arc-enabled server to help manage and configure it.+- Azure Resource Manager configures the identity on the server by updating the Azure Instance Metadata Service (IMDS) identity endpoint for [Windows](/azure/virtual-machines/windows/instance-metadata-service) or [Linux](/azure/virtual-machines/linux/instance-metadata-service) with the service principal client ID and certificate. The endpoint is a REST endpoint accessible only from within the server using a well-known, non-routable IP address. This service provides a subset of metadata information about the Azure Arc-enabled server to help manage and configure it. The environment of a managed-identity-enabled server will be configured with the following variables on a Windows Azure Arc-enabled server: |
azure-arc | Plan Evaluate On Azure Virtual Machine | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-arc/servers/plan-evaluate-on-azure-virtual-machine.md | -> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). +> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). Azure Arc-enabled servers is designed to help you connect servers running on-premises or in other clouds to Azure. Normally, you wouldn't connect an Azure virtual machine to Azure Arc because all the same capabilities are natively available for these VMs. Azure VMs already have a representation in Azure Resource Manager, VM extensions, managed identities, and Azure Policy. If you attempt to install Azure Arc-enabled servers on an Azure VM, you'll receive an error message stating that it is unsupported. |
azure-arc | Prerequisites | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-arc/servers/prerequisites.md | -> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). +> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). This article describes the basic requirements for installing the Connected Machine agent to onboard a physical server or virtual machine to Azure Arc-enabled servers. Some [onboarding methods](deployment-options.md) may have more requirements. The listed version is supported until the **End of Arc Support Date**. If critic | Operating system | Last supported agent version | End of Arc Support Date | Notes | | -- | -- | -- | -- | | Windows Server 2008 R2 SP1 | 1.39 [Download](https://aka.ms/AzureConnectedMachineAgent-1.39) | 03/31/2025 | Windows Server 2008 and 2008 R2 reached End of Support in January 2020. See [End of support for Windows Server 2008 and Windows Server 2008 R2](/troubleshoot/windows-server/windows-server-eos-faq/end-of-support-windows-server-2008-2008r2). | -| CentOS 7 and 8 | 1.42 | 05/31/2025 | See the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). | +| CentOS 7 and 8 | 1.42 | 05/31/2025 | See the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). | | Debian 10 | 1.44 | 07/15/2025 | | | Ubuntu 16.04 | 1.44 | 07/15/2025 | | | Azure Linux (CBL-Mariner) 1.0 | 1.44 | 07/15/2025 | | |
azure-arc | Scenario Migrate To Azure | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-arc/servers/scenario-migrate-to-azure.md | Follow the guidance to [uninstall the agent](manage-agent.md#uninstall-the-agent ## Step 4: Install the Azure Guest Agent -The VM that is migrated to Azure from on-premises doesn't have the Linux or Windows Azure Guest Agent installed. In these scenarios, you have to manually install the VM agent. For more information about how to install the VM Agent, see [Azure Virtual Machine Windows Agent Overview](../../virtual-machines/extensions/agent-windows.md) or [Azure Virtual Machine Linux Agent Overview](../../virtual-machines/extensions/agent-linux.md). +The VM that is migrated to Azure from on-premises doesn't have the Linux or Windows Azure Guest Agent installed. In these scenarios, you have to manually install the VM agent. For more information about how to install the VM Agent, see [Azure Virtual Machine Windows Agent Overview](/azure/virtual-machines/extensions/agent-windows) or [Azure Virtual Machine Linux Agent Overview](/azure/virtual-machines/extensions/agent-linux). ## Step 5: Migrate server or machine to Azure Before proceeding with the migration with Azure Migration, review the [Prepare o ## Step 6: Deploy Azure VM extensions -After migration and completion of all post-migration configuration steps, you can now deploy the Azure VM extensions based on the VM extensions originally installed on your Azure Arc-enabled server. Review [Azure virtual machine extensions and features](../../virtual-machines/extensions/overview.md) to help plan your extension deployment. +After migration and completion of all post-migration configuration steps, you can now deploy the Azure VM extensions based on the VM extensions originally installed on your Azure Arc-enabled server. Review [Azure virtual machine extensions and features](/azure/virtual-machines/extensions/overview) to help plan your extension deployment. To resume using audit settings inside a machine with guest configuration policy definitions, see [Enable guest configuration](../../governance/machine-configuration/overview.md). |
azure-arc | Troubleshoot Vm Extensions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-arc/servers/troubleshoot-vm-extensions.md | The following troubleshooting steps apply to all VM extensions. - Error code 52 in the status message indicates a missing dependency. Check the output and logs for more information about which dependency is missing. -- If an installation fails, review the **Troubleshoot and support** section in the overview for the extension. In most cases, there is an error code included in the status message. For the Log Analytics agent for Linux, status messages are explained [here](../../virtual-machines/extensions/oms-linux.md#troubleshoot-and-support), along with general troubleshooting information for this VM extension.+- If an installation fails, review the **Troubleshoot and support** section in the overview for the extension. In most cases, there is an error code included in the status message. For the Log Analytics agent for Linux, status messages are explained [here](/azure/virtual-machines/extensions/oms-linux#troubleshoot-and-support), along with general troubleshooting information for this VM extension. ## Next steps |
azure-arc | Remove Scvmm From Azure Arc | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-arc/system-center-virtual-machine-manager/remove-scvmm-from-azure-arc.md | -> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). +> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). In this article, you learn how to cleanly remove your SCVMM managed environment from Azure Arc-enabled SCVMM. For SCVMM environments that you no longer want to manage with Azure Arc-enabled SCVMM, follow the steps in the article to: |
azure-arc | Remove Vcenter From Arc Vmware | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-arc/vmware-vsphere/remove-vcenter-from-arc-vmware.md | -> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). +> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). In this article, you learn how to cleanly remove your VMware vCenter environment from Azure Arc-enabled VMware vSphere. For VMware vSphere environments that you no longer want to manage with Azure Arc-enabled VMware vSphere, follow the steps in the article to: |
azure-arc | Troubleshoot Guest Management Issues | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-arc/vmware-vsphere/troubleshoot-guest-management-issues.md | -> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). +> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). This article provides information on how to troubleshoot and resolve the issues that can occur when you enable guest management on Arc-enabled VMware vSphere virtual machines. |
azure-boost | Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-boost/overview.md | Azure Boost is currently available on several VM size families: ## Next Steps - Learn more about [Azure Virtual Network](../virtual-network/virtual-networks-overview.md).-- Look into [Azure Dedicated Hosts](../virtual-machines/dedicated-hosts.md).+- Look into [Azure Dedicated Hosts](/azure/virtual-machines/dedicated-hosts). - Learn more about [Azure Storage](../storage/common/storage-introduction.md). |
azure-cache-for-redis | Cache Best Practices Enterprise Tiers | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-cache-for-redis/cache-best-practices-enterprise-tiers.md | Many customers want to use persistence to take periodic backups of the data on t ## E1 (preview) SKU Limitations -The E1 (preview) SKU is intended for dev/test scenarios, primarily. E1 runs on smaller [burstable VMs](../virtual-machines/b-series-cpu-credit-model/b-series-cpu-credit-model.md). Burstable VMs offer variable performance based on how much CPU is consumed. Unlike other Enterprise SKU offerings, you can't _scale out_ the E1 SKU, although it's still possible to _scale up_ to a larger SKU. The E1 SKU also doesn't support [active geo-replication](cache-how-to-active-geo-replication.md). +The E1 (preview) SKU is intended for dev/test scenarios, primarily. E1 runs on smaller [burstable VMs](/azure/virtual-machines/b-series-cpu-credit-model/b-series-cpu-credit-model). Burstable VMs offer variable performance based on how much CPU is consumed. Unlike other Enterprise SKU offerings, you can't _scale out_ the E1 SKU, although it's still possible to _scale up_ to a larger SKU. The E1 SKU also doesn't support [active geo-replication](cache-how-to-active-geo-replication.md). ## Related content |
azure-cache-for-redis | Cache How To Zone Redundancy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-cache-for-redis/cache-how-to-zone-redundancy.md | Last updated 08/05/2024 In this article, you'll learn how to configure a zone-redundant Azure Cache instance using the Azure portal. -Azure Cache for Redis Standard (Preview), Premium (Premium), and Enterprise tiers provide built-in redundancy by hosting each cache on two dedicated virtual machines (VMs). Even though these VMs are located in separate [Azure fault and update domains](../virtual-machines/availability.md) and highly available, they're susceptible to data center-level failures. Azure Cache for Redis also supports zone redundancy in its Standard (preview), Premium (preview) and Enterprise tiers. A zone-redundant cache runs on VMs spread across multiple [Availability Zones](../reliability/availability-zones-overview.md). It provides higher resilience and availability. +Azure Cache for Redis Standard (Preview), Premium (Premium), and Enterprise tiers provide built-in redundancy by hosting each cache on two dedicated virtual machines (VMs). Even though these VMs are located in separate [Azure fault and update domains](/azure/virtual-machines/availability) and highly available, they're susceptible to data center-level failures. Azure Cache for Redis also supports zone redundancy in its Standard (preview), Premium (preview) and Enterprise tiers. A zone-redundant cache runs on VMs spread across multiple [Availability Zones](../reliability/availability-zones-overview.md). It provides higher resilience and availability. ## Prerequisites |
azure-cache-for-redis | Cache Whats New | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-cache-for-redis/cache-whats-new.md | You are able to manually trigger an upgrade to the latest version of Redis softw ### Enterprise tier E1 (preview) SKU -The E1 SKU is intended primarily for dev/test scenarios. It runs on smaller [burstable virtual machines](../virtual-machines/b-series-cpu-credit-model/b-series-cpu-credit-model.md). As a result, E1 offers variable performance depending on how much CPU is consumed. Unlike other Enterprise offerings, it isn't possible to scale E1 out. However, it is still possible to scale up to a larger SKU. The E1 SKU also does not support [active geo-replication](cache-how-to-active-geo-replication.md). +The E1 SKU is intended primarily for dev/test scenarios. It runs on smaller [burstable virtual machines](/azure/virtual-machines/b-series-cpu-credit-model/b-series-cpu-credit-model). As a result, E1 offers variable performance depending on how much CPU is consumed. Unlike other Enterprise offerings, it isn't possible to scale E1 out. However, it is still possible to scale up to a larger SKU. The E1 SKU also does not support [active geo-replication](cache-how-to-active-geo-replication.md). For more information, see |
azure-compute-fleet | Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-compute-fleet/overview.md | +- Deploy up to 10,000 VMs with a single API, using [Spot VM](/azure/virtual-machines/spot-vms) and [Standard VM](/azure/virtual-machines/overview) types together. - Get superior price-performance ratios by utilizing a blend of diverse pricing models, like Reserved Instances, Savings Plan, Spot instances, and pay-as-you-go (PYG) options. - Expedite access to Azure capacity by rapidly provisioning instances from a customized SKU list tailored to your preferences. - Implement personalized Compute Fleet allocation strategies, catering to both Standard and Spot VMs, optimizing for cost, capacity, or a combination of both. Using Compute Fleet, you can: - Alleviate concerns about scripting complexity associated with determining optimal virtual machine (VM) pricing, available capacity, managing Spot evictions, and SKU availability. - Attempt to maintain your Spot target capacity if your Spot VMs are evicted for price or capacity. -There's no extra charge for using Compute Fleet. You're only charged for the VMs your Compute Fleet launches per hour. For more information on virtual machine billing, see [states and billing status of Azure Virtual Machines](../virtual-machines/states-billing.md). +There's no extra charge for using Compute Fleet. You're only charged for the VMs your Compute Fleet launches per hour. For more information on virtual machine billing, see [states and billing status of Azure Virtual Machines](/azure/virtual-machines/states-billing). ## Capacity preference Azure Compute Fleet has applicable Standard and Spot VMs quotas. #### Compute Fleet considerations -- Compute Fleet launches a combination of VM types that have their own considerations. For more information, see [Spot VMs](../virtual-machines/spot-vms.md) and [Virtual Machines](../virtual-machines/overview.md) for details. +- Compute Fleet launches a combination of VM types that have their own considerations. For more information, see [Spot VMs](/azure/virtual-machines/spot-vms) and [Virtual Machines](/azure/virtual-machines/overview) for details. - Compute Fleet is only available through [ARM template](quickstart-create-rest-api.md) and in [Azure portal](quickstart-create-portal.md). - Compute Fleet can't span across Azure regions. You have to create a separate Compute Fleet for each region. - Compute Fleet is available in the following regions: East US, East US2, West US, and West US2. |
azure-compute-fleet | Quickstart Create Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-compute-fleet/quickstart-create-portal.md | You can deploy a Compute Fleet with a Windows Server image or Linux image such a 1. **For Standard fleet deployment:** Under **VM capacity**, specify your target capacity for Standard VM instance count between 1 and 10,000. 1. Under **Administrator account** configure the admin username and set up an associated password or SSH public key.- - A **Password** must be at least 12 characters long and meet three out of the four following complexity requirements: one lower case character, one upper case character, one number, and one special character. For more information, see [username and password requirements](../virtual-machines/windows/faq.yml#what-are-the-password-requirements-when-creating-a-vm-). - - If you select a Linux OS disk image, you can instead choose **SSH public key**. You can use an existing key or create a new one. In this example, Azure generates a new key pair for us. For more information on generating key pairs, see [create and use SSH keys](../virtual-machines/linux/mac-create-ssh-keys.md). + - A **Password** must be at least 12 characters long and meet three out of the four following complexity requirements: one lower case character, one upper case character, one number, and one special character. For more information, see [username and password requirements](/azure/virtual-machines/windows/faq#what-are-the-password-requirements-when-creating-a-vm-). + - If you select a Linux OS disk image, you can instead choose **SSH public key**. You can use an existing key or create a new one. In this example, Azure generates a new key pair for us. For more information on generating key pairs, see [create and use SSH keys](/azure/virtual-machines/linux/mac-create-ssh-keys). 1. Select **Next: Networking** to move the networking configuration options. For this quickstart, leave the default networking configurations. |
azure-functions | Durable Functions Azure Storage Provider | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/durable/durable-functions-azure-storage-provider.md | In all other situations, there is typically no observable performance improvemen The following table shows the expected *maximum* throughput numbers for the scenarios described in the [Performance Targets](durable-functions-perf-and-scale.md#performance-targets) section of the [Performance and Scale](durable-functions-perf-and-scale.md) article. -"Instance" refers to a single instance of an orchestrator function running on a single small ([A1](../../virtual-machines/sizes-previous-gen.md)) VM in Azure App Service. In all cases, it is assumed that [extended sessions](#orchestrator-function-replay) are enabled. Actual results may vary depending on the CPU or I/O work performed by the function code. +"Instance" refers to a single instance of an orchestrator function running on a single small ([A1](/azure/virtual-machines/sizes-previous-gen)) VM in Azure App Service. In all cases, it is assumed that [extended sessions](#orchestrator-function-replay) are enabled. Actual results may vary depending on the CPU or I/O work performed by the function code. | Scenario | Maximum throughput | |-|-| |
azure-functions | Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-functions/start-stop-vms/overview.md | Last updated 09/23/2022 # Start/Stop VMs v2 overview -The Start/Stop VMs v2 feature starts or stops Azure Virtual Machines instances across multiple subscriptions. It starts or stops virtual machines on user-defined schedules, provides insights through [Azure Application Insights](../../azure-monitor/app/app-insights-overview.md), and send optional notifications by using [action groups](../../azure-monitor/alerts/action-groups.md). For most scenarios, Start/Stop VMs can manage virtual machines deployed and managed both by Azure Resource Manager and by Azure Service Manager (classic), which is [deprecated](../../virtual-machines/classic-vm-deprecation.md). +The Start/Stop VMs v2 feature starts or stops Azure Virtual Machines instances across multiple subscriptions. It starts or stops virtual machines on user-defined schedules, provides insights through [Azure Application Insights](../../azure-monitor/app/app-insights-overview.md), and send optional notifications by using [action groups](../../azure-monitor/alerts/action-groups.md). For most scenarios, Start/Stop VMs can manage virtual machines deployed and managed both by Azure Resource Manager and by Azure Service Manager (classic), which is [deprecated](/azure/virtual-machines/classic-vm-deprecation). This new version of Start/Stop VMs v2 provides a decentralized low-cost automation option for customers who want to optimize their VM costs. It offers all of the same functionality as the original version that was available with Azure Automation, but it's designed to take advantage of newer technology in Azure. The Start/Stop VMs v2 relies on multiple Azure services and it will be charged based on the service that are deployed and consumed. |
azure-functions | Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-glossary-cloud-terminology.md | The compute resources that [Azure App Service](app-service/overview.md) provides ## availability set A collection of virtual machines that are managed together to provide application redundancy and reliability. The use of an availability set ensures that during either a planned or unplanned maintenance event at least one virtual machine is available. -See [Manage the availability of Windows virtual machines](./virtual-machines/availability.md?toc=/azure/virtual-machines/windows/toc.json) and [Manage the availability of Linux virtual machines](./virtual-machines/availability.md?toc=/azure/virtual-machines/linux/toc.json) +See [Manage the availability of Windows virtual machines](/azure/virtual-machines/availability?toc=/azure/virtual-machines/windows/toc.json) and [Manage the availability of Linux virtual machines](/azure/virtual-machines/availability?toc=/azure/virtual-machines/linux/toc.json) ## <a name="classic-model"></a>Azure classic deployment model One of two [deployment models](./azure-resource-manager/management/deployment-models.md) used to deploy resources in Azure (the new model is Azure Resource Manager). Some Azure services support only the Resource Manager deployment model, some support only the classic deployment model, and some support both. The documentation for each Azure service specifies which model(s) they support. One of two [deployment models](./azure-resource-manager/management/deployment-mo ## fault domain The collection of virtual machines in an availability set that can possibly fail at the same time. An example is a group of machines in a rack that share a common power source and network switch. In Azure, the virtual machines in an availability set are automatically separated across multiple fault domains. -See [Manage the availability of Windows virtual machines](./virtual-machines/availability.md?toc=/azure/virtual-machines/windows/toc.json) or [Manage the availability of Linux virtual machines](./virtual-machines/availability.md?toc=/azure/virtual-machines/linux/toc.json) +See [Manage the availability of Windows virtual machines](/azure/virtual-machines/availability?toc=/azure/virtual-machines/windows/toc.json) or [Manage the availability of Linux virtual machines](/azure/virtual-machines/availability?toc=/azure/virtual-machines/linux/toc.json) ## geo A defined boundary for data residency that typically contains two or more regions. The boundaries may be within or beyond national/regional borders and are influenced by tax regulation. Every geo has at least one region. Examples of geos are Asia Pacific and Japan. Also called *geography*. See [Active Geo-Replication for Azure SQL Database](/azure/azure-sql/database/au ## image A file that contains the operating system and application configuration that can be used to create any number of virtual machines. In Azure there are two types of images: VM image and OS image. A VM image includes an operating system and all disks attached to a virtual machine when the image is created. An OS image contains only a generalized operating system with no data disk configurations. -See [Navigate and select Windows virtual machine images in Azure with PowerShell or the CLI](virtual-machines/windows/cli-ps-findimage.md?toc=/azure/virtual-machines/windows/toc.json) +See [Navigate and select Windows virtual machine images in Azure with PowerShell or the CLI](/azure/virtual-machines/windows/cli-ps-findimage?toc=/azure/virtual-machines/windows/toc.json) ## limits The number of resources that can be created or the performance benchmark that can be achieved. Limits are typically associated with subscriptions, services, and offerings. A tenant is a group of users or an organization that share access with specific ## update domain The collection of virtual machines in an availability set that are updated at the same time. Virtual machines in the same update domain are restarted together during planned maintenance. Azure never restarts more than one update domain at a time. Also referred to as an upgrade domain. -See [Manage the availability of Windows virtual machines](./virtual-machines/availability.md?toc=/azure/virtual-machines/windows/toc.json) and [Manage the availability of Linux virtual machines](./virtual-machines/availability.md?toc=/azure/virtual-machines/linux/toc.json) +See [Manage the availability of Windows virtual machines](/azure/virtual-machines/availability?toc=/azure/virtual-machines/windows/toc.json) and [Manage the availability of Linux virtual machines](/azure/virtual-machines/availability?toc=/azure/virtual-machines/linux/toc.json) ## <a name="vm"></a>virtual machine-The software implementation of a physical computer that runs an operating system. Multiple virtual machines can run simultaneously on the same hardware. In Azure, virtual machines are available in a variety of sizes. For more information, see [Virtual Machines documentation](./virtual-machines/index.yml) +The software implementation of a physical computer that runs an operating system. Multiple virtual machines can run simultaneously on the same hardware. In Azure, virtual machines are available in a variety of sizes. For more information, see [Virtual Machines documentation](/azure/virtual-machines/) ## <a name="vm-extension"></a>virtual machine extension A resource that implements behaviors or features that either help other programs work or provide the ability for you to interact with a running computer. For example, you could use the VM Access extension to reset or modify remote access values on an Azure virtual machine. <!-- This definition seems obscure to me; maybe a list of examples would work better than a conceptual definition? -->-See [About virtual machine extensions and features (Windows)](./virtual-machines/extensions/features-windows.md?toc=/azure/virtual-machines/windows/toc.json) or [About virtual machine extensions and features (Linux)](./virtual-machines/extensions/features-linux.md?toc=/azure/virtual-machines/linux/toc.json) +See [About virtual machine extensions and features (Windows)](/azure/virtual-machines/extensions/features-windows?toc=/azure/virtual-machines/windows/toc.json) or [About virtual machine extensions and features (Linux)](/azure/virtual-machines/extensions/features-linux?toc=/azure/virtual-machines/linux/toc.json) ## <a name="vnet"></a>virtual network A network that provides connectivity between your Azure resources that is isolated from all other Azure tenants. An [Azure VPN Gateway](vpn-gateway/vpn-gateway-about-vpngateways.md) lets you establish connections between virtual networks and between a virtual network and an on-premises network. You can fully control the IP address blocks, DNS settings, security policies, and route tables within a virtual network. |
azure-government | Azure Secure Isolation Guidance | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-government/azure-secure-isolation-guidance.md | In addition to robust logical compute isolation available by design to all Azure > Physical tenant isolation increases deployment cost and may not be required in most scenarios given the strong logical isolation assurances provided by Azure. #### Azure Dedicated Host-[Azure Dedicated Host](../virtual-machines/dedicated-hosts.md) provides physical servers that can host one or more Azure VMs and are dedicated to one Azure subscription. You can provision dedicated hosts within a region, availability zone, and fault domain. You can then place [Windows](../virtual-machines/windows/overview.md), [Linux](../virtual-machines/linux/overview.md), and [SQL Server on Azure](/azure/azure-sql/virtual-machines/) VMs directly into provisioned hosts using whatever configuration best meets your needs. Dedicated Host provides hardware isolation at the physical server level, enabling you to place your Azure VMs on an isolated and dedicated physical server that runs only your organization's workloads to meet corporate compliance requirements. +[Azure Dedicated Host](/azure/virtual-machines/dedicated-hosts) provides physical servers that can host one or more Azure VMs and are dedicated to one Azure subscription. You can provision dedicated hosts within a region, availability zone, and fault domain. You can then place [Windows](/azure/virtual-machines/windows/overview), [Linux](/azure/virtual-machines/linux/overview), and [SQL Server on Azure](/azure/azure-sql/virtual-machines/) VMs directly into provisioned hosts using whatever configuration best meets your needs. Dedicated Host provides hardware isolation at the physical server level, enabling you to place your Azure VMs on an isolated and dedicated physical server that runs only your organization's workloads to meet corporate compliance requirements. > [!NOTE]-> You can deploy a dedicated host using the **[Azure portal, Azure PowerShell, and Azure CLI](../virtual-machines/dedicated-hosts-how-to.md)**. +> You can deploy a dedicated host using the **[Azure portal, Azure PowerShell, and Azure CLI](/azure/virtual-machines/dedicated-hosts-how-to)**. You can deploy both Windows and Linux virtual machines into dedicated hosts by selecting the server and CPU type, number of cores, and extra features. Dedicated Host enables control over platform maintenance events by allowing you to opt in to a maintenance window to reduce potential impact to your provisioned services. Most maintenance events have little to no impact on your VMs; however, if you're in a highly regulated industry or with a sensitive workload, you may want to have control over any potential maintenance impact. -Microsoft provides detailed customer guidance on **[Windows](../virtual-machines/windows/quick-create-portal.md)** and **[Linux](../virtual-machines/linux/quick-create-portal.md)** Azure Virtual Machine provisioning using the Azure portal, Azure PowerShell, and Azure CLI. Table 5 summarizes the available security guidance for your virtual machines provisioned in Azure. +Microsoft provides detailed customer guidance on **[Windows](/azure/virtual-machines/windows/quick-create-portal)** and **[Linux](/azure/virtual-machines/linux/quick-create-portal)** Azure Virtual Machine provisioning using the Azure portal, Azure PowerShell, and Azure CLI. Table 5 summarizes the available security guidance for your virtual machines provisioned in Azure. **Table 5.** Security guidance for Azure virtual machines |VM|Security guidance| |||-|**Windows**|[Secure policies](../virtual-machines/security-policy.md) <br/>[Azure Disk Encryption](../virtual-machines/windows/disk-encryption-overview.md) <br/> [Built-in security controls](../virtual-machines/windows/security-baseline.md) <br/> [Security recommendations](../virtual-machines/security-recommendations.md)| -|**Linux**|[Secure policies](../virtual-machines/security-policy.md) <br/> [Azure Disk Encryption](../virtual-machines/linux/disk-encryption-overview.md) <br/> [Built-in security controls](../virtual-machines/linux/security-baseline.md) <br/> [Security recommendations](../virtual-machines/security-recommendations.md)| +|**Windows**|[Secure policies](/azure/virtual-machines/security-policy) <br/>[Azure Disk Encryption](/azure/virtual-machines/windows/disk-encryption-overview) <br/> [Built-in security controls](/azure/virtual-machines/windows/security-baseline) <br/> [Security recommendations](/azure/virtual-machines/security-recommendations)| +|**Linux**|[Secure policies](/azure/virtual-machines/security-policy) <br/> [Azure Disk Encryption](/azure/virtual-machines/linux/disk-encryption-overview) <br/> [Built-in security controls](/azure/virtual-machines/linux/security-baseline) <br/> [Security recommendations](/azure/virtual-machines/security-recommendations)| #### Isolated Virtual Machines-Azure Compute offers virtual machine sizes that are [isolated to a specific hardware type](../virtual-machines/isolation.md) and dedicated to a single customer. These VM instances allow your workloads to be deployed on dedicated physical servers. Using Isolated VMs essentially guarantees that your VM will be the only one running on that specific server node. You can also choose to further subdivide the resources on these Isolated VMs by using [Azure support for nested Virtual Machines](/virtualization/hyper-v-on-windows/user-guide/nested-virtualization). +Azure Compute offers virtual machine sizes that are [isolated to a specific hardware type](/azure/virtual-machines/isolation) and dedicated to a single customer. These VM instances allow your workloads to be deployed on dedicated physical servers. Using Isolated VMs essentially guarantees that your VM will be the only one running on that specific server node. You can also choose to further subdivide the resources on these Isolated VMs by using [Azure support for nested Virtual Machines](/virtualization/hyper-v-on-windows/user-guide/nested-virtualization). ## Networking isolation The logical isolation of tenant infrastructure in a public multi-tenant cloud is [fundamental to maintaining security](https://azure.microsoft.com/solutions/network-security/). The overarching principle for a virtualized solution is to allow only connections and communications that are necessary for that virtualized solution to operate, blocking all other ports and connections by default. Azure [Virtual Network](../virtual-network/virtual-networks-overview.md) (VNet) helps ensure that your private network traffic is logically isolated from traffic belonging to other customers. Virtual Machines (VMs) in one VNet can't communicate directly with VMs in a different VNet even if both VNets are created by the same customer. [Networking isolation](../security/fundamentals/isolation-choices.md#networking-isolation) ensures that communication between your VMs remains private within a VNet. You can connect your VNets via [VNet peering](../virtual-network/virtual-network-peering-overview.md) or [VPN gateways](../vpn-gateway/vpn-gateway-about-vpngateways.md), depending on your connectivity options, including bandwidth, latency, and encryption requirements. Across Azure services, traffic to and from the service is [protected by TLS 1.2] TLS provides strong authentication, message privacy, and integrity. [Perfect Forward Secrecy (PFS)](https://en.wikipedia.org/wiki/Forward_secrecy) protects connections between your client systems and Microsoft cloud services by generating a unique session key for every session you initiate. PFS protects past sessions against potential future key compromises. This combination makes it more difficult to intercept and access data in transit. -**In-transit encryption for VMs** ΓÇô Remote sessions to Windows and Linux VMs deployed in Azure can be conducted over protocols that ensure data encryption in transit. For example, the [Remote Desktop Protocol (RDP)](/windows/win32/termserv/remote-desktop-protocol) initiated from your client computer to Windows and Linux VMs enables TLS protection for data in transit. You can also use [Secure Shell](../virtual-machines/linux/ssh-from-windows.md) (SSH) to connect to Linux VMs running in Azure. SSH is an encrypted connection protocol available by default for remote management of Linux VMs hosted in Azure. +**In-transit encryption for VMs** ΓÇô Remote sessions to Windows and Linux VMs deployed in Azure can be conducted over protocols that ensure data encryption in transit. For example, the [Remote Desktop Protocol (RDP)](/windows/win32/termserv/remote-desktop-protocol) initiated from your client computer to Windows and Linux VMs enables TLS protection for data in transit. You can also use [Secure Shell](/azure/virtual-machines/linux/ssh-from-windows) (SSH) to connect to Linux VMs running in Azure. SSH is an encrypted connection protocol available by default for remote management of Linux VMs hosted in Azure. > [!IMPORTANT] > You should review best practices for network security, including guidance for **[disabling RDP/SSH access to Virtual Machines](../security/fundamentals/network-best-practices.md#disable-rdpssh-access-to-virtual-machines)** from the Internet to mitigate brute force attacks to gain access to Azure Virtual Machines. Accessing VMs for remote management can then be accomplished via **[point-to-site VPN](../vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal.md)**, **[site-to-site VPN](../vpn-gateway/tutorial-site-to-site-portal.md)**, or **[Azure ExpressRoute](../expressroute/expressroute-howto-linkvnet-portal-resource-manager.md)**. These keys protect any data that is written to Azure Storage and provide cryptog Storage accounts are encrypted regardless of their performance tier (standard or premium) or deployment model (Azure Resource Manager or classic). All Azure Storage [redundancy options](../storage/common/storage-redundancy.md) support encryption and all copies of a storage account are encrypted. All Azure Storage resources are encrypted, including blobs, disks, files, queues, and tables. All object metadata is also encrypted. -Because data encryption is performed by the Storage service, server-side encryption with CMK enables you to use any operating system types and images for your VMs. For your Windows and Linux IaaS VMs, Azure also provides Azure Disk encryption that enables you to encrypt managed disks with CMK within the Guest VM or EncryptionAtHost that encrypts disk data right at the host, as described in the next sections. Azure Storage service encryption also offers [double encryption of disk data at rest](../virtual-machines/disks-enable-double-encryption-at-rest-portal.md). +Because data encryption is performed by the Storage service, server-side encryption with CMK enables you to use any operating system types and images for your VMs. For your Windows and Linux IaaS VMs, Azure also provides Azure Disk encryption that enables you to encrypt managed disks with CMK within the Guest VM or EncryptionAtHost that encrypts disk data right at the host, as described in the next sections. Azure Storage service encryption also offers [double encryption of disk data at rest](/azure/virtual-machines/disks-enable-double-encryption-at-rest-portal). #### Azure Disk encryption-Azure Storage service encryption encrypts the page blobs that store Azure Virtual Machine disks. Moreover, you may optionally use [Azure Disk encryption](../virtual-machines/disk-encryption-overview.md) to encrypt Azure [Windows](../virtual-machines/windows/disk-encryption-overview.md) and [Linux](../virtual-machines/linux/disk-encryption-overview.md) IaaS Virtual Machine disks to increase storage isolation and assure cryptographic certainty of your data stored in Azure. This encryption includes [managed disks](../virtual-machines/managed-disks-overview.md), as described later in this section. Azure disk encryption uses the industry standard [BitLocker](/windows/security/information-protection/bitlocker/bitlocker-overview) feature of Windows and the [DM-Crypt](https://en.wikipedia.org/wiki/Dm-crypt) feature of Linux to provide OS-based volume encryption that is integrated with Azure Key Vault. +Azure Storage service encryption encrypts the page blobs that store Azure Virtual Machine disks. Moreover, you may optionally use [Azure Disk encryption](/azure/virtual-machines/disk-encryption-overview) to encrypt Azure [Windows](/azure/virtual-machines/windows/disk-encryption-overview) and [Linux](/azure/virtual-machines/linux/disk-encryption-overview) IaaS Virtual Machine disks to increase storage isolation and assure cryptographic certainty of your data stored in Azure. This encryption includes [managed disks](/azure/virtual-machines/managed-disks-overview), as described later in this section. Azure disk encryption uses the industry standard [BitLocker](/windows/security/information-protection/bitlocker/bitlocker-overview) feature of Windows and the [DM-Crypt](https://en.wikipedia.org/wiki/Dm-crypt) feature of Linux to provide OS-based volume encryption that is integrated with Azure Key Vault. Drive encryption through BitLocker and DM-Crypt is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. BitLocker and DM-Crypt provide the most protection when used with a Trusted Platform Module (TPM) version 1.2 or higher. The TPM is a microcontroller designed to secure hardware through integrated cryptographic keys ΓÇô it's commonly preinstalled on newer computers. BitLocker and DM-Crypt can use this technology to protect the keys used to encrypt disk volumes and provide integrity to computer boot process. For managed disks, Azure Disk encryption allows you to encrypt the OS and Data d Azure Disk encryption does not support Managed HSM or an on-premises key management service. Only key vaults managed by the Azure Key Vault service can be used to safeguard customer-managed encryption keys for Azure Disk encryption. See [Encryption at host](#encryption-at-host) for other options involving Managed HSM. > [!NOTE]-> Detailed instructions are available for creating and configuring a key vault for Azure Disk encryption with both **[Windows](../virtual-machines/windows/disk-encryption-key-vault.yml)** and **[Linux](../virtual-machines/linux/disk-encryption-key-vault.md)** VMs. +> Detailed instructions are available for creating and configuring a key vault for Azure Disk encryption with both **[Windows](/azure/virtual-machines/windows/disk-encryption-key-vault)** and **[Linux](/azure/virtual-machines/linux/disk-encryption-key-vault)** VMs. Azure Disk encryption relies on two encryption keys for implementation, as described previously: Azure Disk encryption relies on two encryption keys for implementation, as descr The DEK, encrypted with the KEK, is stored separately and only an entity with access to the KEK can decrypt the DEK. Access to the KEK is guarded by Azure Key Vault where you can choose to store your keys in [FIPS 140 validated hardware security modules](/azure/key-vault/keys/hsm-protected-keys-byok). -For [Windows VMs](../virtual-machines/windows/disk-encryption-faq.yml), Azure Disk encryption selects the encryption method in BitLocker based on the version of Windows, for example, XTS-AES 256 bit for Windows Server 2012 or greater. These crypto modules are FIPS 140 validated as part of the Microsoft [Windows FIPS validation program](/windows/security/threat-protection/fips-140-validation#modules-used-by-windows-server). For [Linux VMs](../virtual-machines/linux/disk-encryption-faq.yml), Azure Disk encryption uses the decrypt default of aes-xts-plain64 with a 256-bit volume master key that is FIPS 140 validated as part of DM-Crypt validation obtained by suppliers of Linux IaaS VM images in Microsoft Azure Marketplace. +For [Windows VMs](/azure/virtual-machines/windows/disk-encryption-faq), Azure Disk encryption selects the encryption method in BitLocker based on the version of Windows, for example, XTS-AES 256 bit for Windows Server 2012 or greater. These crypto modules are FIPS 140 validated as part of the Microsoft [Windows FIPS validation program](/windows/security/threat-protection/fips-140-validation#modules-used-by-windows-server). For [Linux VMs](/azure/virtual-machines/linux/disk-encryption-faq), Azure Disk encryption uses the decrypt default of aes-xts-plain64 with a 256-bit volume master key that is FIPS 140 validated as part of DM-Crypt validation obtained by suppliers of Linux IaaS VM images in Microsoft Azure Marketplace. ##### *Server-side encryption for managed disks*-[Azure managed disks](../virtual-machines/managed-disks-overview.md) are block-level storage volumes that are managed by Azure and used with Azure Windows and Linux virtual machines. They simplify disk management for Azure IaaS VMs by handling storage account management transparently for you. Azure managed disks automatically encrypt your data by default using [256-bit AES encryption](../virtual-machines/disk-encryption.md) that is FIPS 140 validated. For encryption key management, you have the following choices: +[Azure managed disks](/azure/virtual-machines/managed-disks-overview) are block-level storage volumes that are managed by Azure and used with Azure Windows and Linux virtual machines. They simplify disk management for Azure IaaS VMs by handling storage account management transparently for you. Azure managed disks automatically encrypt your data by default using [256-bit AES encryption](/azure/virtual-machines/disk-encryption) that is FIPS 140 validated. For encryption key management, you have the following choices: -- [Platform-managed keys](../virtual-machines/disk-encryption.md#platform-managed-keys) is the default choice that provides transparent data encryption at rest for managed disks whereby keys are managed by Microsoft.-- [Customer-managed keys](../virtual-machines/disk-encryption.md#customer-managed-keys) enables you to have control over your own keys that can be imported into or generated inside Azure Key Vault or Managed HSM. This approach relies on two sets of keys as described previously: DEK and KEK. DEK encrypts the data using an AES-256 based encryption and is in turn encrypted by an RSA KEK that is stored in Azure Key Vault or Managed HSM.+- [Platform-managed keys](/azure/virtual-machines/disk-encryption#platform-managed-keys) is the default choice that provides transparent data encryption at rest for managed disks whereby keys are managed by Microsoft. +- [Customer-managed keys](/azure/virtual-machines/disk-encryption#customer-managed-keys) enables you to have control over your own keys that can be imported into or generated inside Azure Key Vault or Managed HSM. This approach relies on two sets of keys as described previously: DEK and KEK. DEK encrypts the data using an AES-256 based encryption and is in turn encrypted by an RSA KEK that is stored in Azure Key Vault or Managed HSM. -Customer-managed keys (CMK) enable you to have [full control](../virtual-machines/disk-encryption.md#full-control-of-your-keys) over your encryption keys. You can grant access to managed disks in your Azure Key Vault so that your keys can be used for encrypting and decrypting the DEK. You can also disable your keys or revoke access to managed disks at any time. Finally, you have full audit control over key usage with Azure Key Vault monitoring to ensure that only managed disks or other authorized resources are accessing your encryption keys. +Customer-managed keys (CMK) enable you to have [full control](/azure/virtual-machines/disk-encryption#full-control-of-your-keys) over your encryption keys. You can grant access to managed disks in your Azure Key Vault so that your keys can be used for encrypting and decrypting the DEK. You can also disable your keys or revoke access to managed disks at any time. Finally, you have full audit control over key usage with Azure Key Vault monitoring to ensure that only managed disks or other authorized resources are accessing your encryption keys. ##### *Encryption at host*-Encryption at host works with server-side encryption to ensure data stored on the VM host is encrypted at rest and flows encrypted to the Storage service. The server hosting your VM encrypts your data with no performance impact or requirement for code running in your guest VM, and that encrypted data flows into Azure Storage using the keys configured for server-side encryption. For more information, see [Encryption at host - End-to-end encryption for your VM data](../virtual-machines/disk-encryption.md#encryption-at-hostend-to-end-encryption-for-your-vm-data). Encryption at host with CMK can use keys stored in Managed HSM or Key Vault, just like server-side encryption for managed disks. +Encryption at host works with server-side encryption to ensure data stored on the VM host is encrypted at rest and flows encrypted to the Storage service. The server hosting your VM encrypts your data with no performance impact or requirement for code running in your guest VM, and that encrypted data flows into Azure Storage using the keys configured for server-side encryption. For more information, see [Encryption at host - End-to-end encryption for your VM data](/azure/virtual-machines/disk-encryption#encryption-at-hostend-to-end-encryption-for-your-vm-data). Encryption at host with CMK can use keys stored in Managed HSM or Key Vault, just like server-side encryption for managed disks. You're [always in control of your customer data](https://www.microsoft.com/trust-center/privacy/data-management) in Azure. You can access, extract, and delete your customer data stored in Azure at will. When you terminate your Azure subscription, Microsoft takes the necessary steps to ensure that you continue to own your customer data. A common concern upon data deletion or subscription termination is whether another customer or Azure administrator can access your deleted data. The following sections explain how data deletion, retention, and destruction work in Azure. Of particular interest are efforts to learn the **cryptographic keys of a peer V - The standard Azure cryptographic libraries have been designed to resist such attacks by not having cache access patterns depend on the cryptographic keys being used. - Azure uses an advanced VM host placement algorithm that is highly sophisticated and nearly impossible to predict, which helps reduce the chances of adversary-controlled VM being placed on the same host as the target VM. - All Azure servers have at least eight physical cores and some have many more. Increasing the number of cores that share the load placed by various VMs adds noise to an already weak signal.-- You can provision VMs on hardware dedicated to a single customer by using [Azure Dedicated Host](../virtual-machines/dedicated-hosts.md) or [Isolated VMs](../virtual-machines/isolation.md), as described in *[Physical isolation](#physical-isolation)* section. However, physical tenant isolation increases deployment cost and may not be required in most scenarios given the strong logical isolation assurances provided by Azure.+- You can provision VMs on hardware dedicated to a single customer by using [Azure Dedicated Host](/azure/virtual-machines/dedicated-hosts) or [Isolated VMs](/azure/virtual-machines/isolation), as described in *[Physical isolation](#physical-isolation)* section. However, physical tenant isolation increases deployment cost and may not be required in most scenarios given the strong logical isolation assurances provided by Azure. Overall, PaaS ΓÇô or any workload that autocreates VMs ΓÇô contributes to churn in VM placement that leads to randomized VM allocation. Random placement of your VMs makes it much harder for attackers to get on the same host. In addition, host access is hardened with greatly reduced attack surface that makes these types of exploits difficult to sustain. |
azure-government | Azure Services In Fedramp Auditscope | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-government/compliance/azure-services-in-fedramp-auditscope.md | This article provides a detailed list of Azure, Dynamics 365, Microsoft 365, and | [Azure Sphere](/azure-sphere/) | ✅ | ✅ | | [Azure Spring Apps](../../spring-apps/index.yml) | ✅ | ✅ | | [Azure Stack Edge](../../databox-online/index.yml) (formerly Data Box Edge) ******* | ✅ | ✅ |-| [Azure Stack HCI](/azure-stack/hci/) | ✅ | ✅ | +| [Azure Stack HCI](/azure-stack/hci/) ******* | ✅ | ✅ | | [Azure Static WebApps](../../static-web-apps/index.yml) | ✅ | ✅ | | [Azure Video Indexer](/azure/azure-video-indexer/) | ✅ | ✅ | | [Azure Virtual Desktop](../../virtual-desktop/index.yml) (formerly Windows Virtual Desktop) | ✅ | ✅ | This article provides a detailed list of Azure, Dynamics 365, Microsoft 365, and | [Azure AI | [Azure AI | [Azure AI -| [Container Instances](../../container-instances/index.yml) | ✅ | ✅ | +| [Container Instances](/azure/container-instances/) | ✅ | ✅ | | [Container Registry](../../container-registry/index.yml) | ✅ | ✅ | | [Content Delivery Network (CDN)](../../cdn/index.yml) | ✅ | ✅ | | [Cost Management and Billing](../../cost-management-billing/index.yml) | ✅ | ✅ | | [Customer Lockbox](../../security/fundamentals/customer-lockbox-overview.md) | ✅ | ✅ |-| [Data Box](../../databox/index.yml) ***** | ✅ | ✅ | +| [Data Box](../../databox/index.yml) ******* | ✅ | ✅ | | [Data Explorer](/azure/data-explorer/) | ✅ | ✅ | | [Data Factory](../../data-factory/index.yml) | ✅ | ✅ | | [Data Share](../../data-share/index.yml) | ✅ | ✅ | This article provides a detailed list of Azure, Dynamics 365, Microsoft 365, and | [Notification Hubs](../../notification-hubs/index.yml) | ✅ | ✅ | | [Open Datasets](../../open-datasets/index.yml) | ✅ | ✅ | | [Peering Service](../../peering-service/index.yml) | ✅ | ✅ |-| [Planned Maintenance for VMs](../../virtual-machines/maintenance-and-updates.md) | ✅ | ✅ | +| [Planned Maintenance for VMs](/azure/virtual-machines/maintenance-and-updates) | ✅ | ✅ | | [Power Apps](/powerapps/) | ✅ | ✅ |-| [Power Pages](https://powerapps.microsoft.com/portals/) | ✅ | ✅ | +| [Power Pages](https://powerapps.microsoft.com/portals/) (formerly PowerApps Portal)| ✅ | ✅ | | **Service** | **FedRAMP High** | **DoD IL2** | | [Power Automate](/power-automate/) (formerly Microsoft Flow) | ✅ | ✅ | | [Power BI](/power-bi/fundamentals/) | ✅ | ✅ | This article provides a detailed list of Azure, Dynamics 365, Microsoft 365, and | [Route Server](../../route-server/index.yml) | ✅ | ✅ | | [Scheduler](../../scheduler/index.yml) (replaced by [Logic Apps](../../logic-apps/index.yml)) | ✅ | ✅ | | [Service Bus](../../service-bus-messaging/index.yml) | ✅ | ✅ |-| [Service Fabric](../../service-fabric/index.yml) | ✅ | ✅ | +| [Service Fabric](/azure/service-fabric/) | ✅ | ✅ | | [Service Health](../../service-health/index.yml) | ✅ | ✅ | | [SignalR Service](../../azure-signalr/index.yml) | ✅ | ✅ | | **Service** | **FedRAMP High** | **DoD IL2** | This article provides a detailed list of Azure, Dynamics 365, Microsoft 365, and | [SQL Server Stretch Database](../../sql-server-stretch-database/index.yml) | ✅ | ✅ | | [Storage: Archive](../../storage/blobs/access-tiers-overview.md) | ✅ | ✅ | | [Storage: Blobs](../../storage/blobs/index.yml) (incl. [Azure Data Lake Storage Gen2](../../storage/blobs/data-lake-storage-introduction.md)) | ✅ | ✅ |-| [Storage: Disks (incl. managed disks)](../../virtual-machines/managed-disks-overview.md) | ✅ | ✅ | +| [Storage: Disks (incl. managed disks)](/azure/virtual-machines/managed-disks-overview) | ✅ | ✅ | | [Storage: Files](../../storage/files/index.yml) | ✅ | ✅ | | [Storage: Queues](../../storage/queues/index.yml) | ✅ | ✅ | | [Storage: Tables](../../storage/tables/index.yml) | ✅ | ✅ | This article provides a detailed list of Azure, Dynamics 365, Microsoft 365, and | [Synapse Analytics](../../synapse-analytics/index.yml) | ✅ | ✅ | | **Service** | **FedRAMP High** | **DoD IL2** | | [Traffic Manager](../../traffic-manager/index.yml) | ✅ | ✅ |-| [Virtual Machine Scale Sets](../../virtual-machine-scale-sets/index.yml) | ✅ | ✅ | -| [Virtual Machines](../../virtual-machines/index.yml) | ✅ | ✅ | +| [Virtual Machine Scale Sets](/azure/virtual-machine-scale-sets/) | ✅ | ✅ | +| [Virtual Machines](/azure/virtual-machines/) | ✅ | ✅ | | [Virtual Network](../../virtual-network/index.yml) | ✅ | ✅ | | [Virtual Network NAT](../../virtual-network/nat-gateway/index.yml) | ✅ | ✅ | | [Virtual WAN](../../virtual-wan/index.yml) | ✅ | ✅ |-| [VM Image Builder](../../virtual-machines/image-builder-overview.md) | ✅ | ✅ | +| [VM Image Builder](/azure/virtual-machines/image-builder-overview) | ✅ | ✅ | | [VPN Gateway](../../vpn-gateway/index.yml) | ✅ | ✅ | | [Web Application Firewall](../../web-application-firewall/index.yml) | ✅ | ✅ | | [Windows 10 IoT Core Services](/windows-hardware/manufacture/iot/iotcoreservicesoverview) | ✅ | ✅ | This article provides a detailed list of Azure, Dynamics 365, Microsoft 365, and ****** FedRAMP High authorization for Azure Databricks is applicable to limited regions in Azure. To configure Azure Databricks for FedRAMP High use, contact your Microsoft or Databricks representative. -******* FedRAMP High authorization for edge devices (such as Azure Data Box and Azure Stack Edge) applies only to Azure services that support on-premises, customer-managed devices. For example, FedRAMP High authorization for Azure Data Box covers datacenter infrastructure services and Data Box pod and disk service, which are the online software components supporting your Data Box hardware appliance. You are wholly responsible for the authorization package that covers the physical devices. For assistance with accelerating your onboarding and authorization of devices, contact your Microsoft account representative. +******* FedRAMP High authorization for edge devices (such as Azure Data Box, Azure Stack Edge and Azure Stack HCI) applies only to Azure services that support on-premises, customer-managed devices. For example, FedRAMP High authorization for Azure Data Box covers datacenter infrastructure services and Data Box pod and disk service, which are the online software components supporting your Data Box hardware appliance. You are wholly responsible for the authorization package that covers the physical devices. For assistance with accelerating your onboarding and authorization of devices, contact your Microsoft account representative. ## Azure Government services by audit scope *Last updated: August 2024* This article provides a detailed list of Azure, Dynamics 365, Microsoft 365, and | [Azure Sign-up portal](https://signup.azure.com/) | ✅ | ✅ | ✅ | ✅ | | | [Azure Stack](/azure-stack/operator/azure-stack-usage-reporting) | ✅ | ✅ | ✅ | ✅ | ✅ | | [Azure Stack Edge](../../databox-online/index.yml) (formerly Data Box Edge) ***** | ✅ | ✅ | ✅ | ✅ | ✅ |-| [Azure Stack HCI](/azure-stack/hci/) | ✅ | ✅ | ✅ | ✅ | | +| [Azure Stack HCI](/azure-stack/hci/) ***** | ✅ | ✅ | ✅ | ✅ | | | [Azure Video Indexer](/azure/azure-video-indexer/) | ✅ | ✅ | ✅ | | | | [Azure Virtual Desktop](../../virtual-desktop/index.yml) (formerly Windows Virtual Desktop) | ✅ | ✅ | ✅ | ✅ | ✅ | | [Azure VMware Solution](../../azure-vmware/index.yml) | ✅ | ✅ | ✅ | | | This article provides a detailed list of Azure, Dynamics 365, Microsoft 365, and | [Azure AI Speech](../../ai-services/speech-service/index.yml) | ✅ | ✅ | ✅ | ✅ | | | [Azure AI | [Azure AI -| [Container Instances](../../container-instances/index.yml)| ✅ | ✅ | ✅ | ✅ | ✅ | +| [Container Instances](/azure/container-instances/)| ✅ | ✅ | ✅ | ✅ | ✅ | | [Container Registry](../../container-registry/index.yml) | ✅ | ✅ | ✅ | ✅ | ✅ | | [Content Delivery Network (CDN)](../../cdn/index.yml) | ✅ | ✅ | ✅ | ✅ | ✅ | | **Service** | **FedRAMP High** | **DoD IL2** | **DoD IL4** | **DoD IL5** | **DoD IL6** | This article provides a detailed list of Azure, Dynamics 365, Microsoft 365, and | [Network Watcher](../../network-watcher/index.yml) (incl. [Traffic Analytics](../../network-watcher/traffic-analytics.md)) | ✅ | ✅ | ✅ | ✅ | ✅ | | [Notification Hubs](../../notification-hubs/index.yml) | ✅ | ✅ | ✅ | ✅ | | | [Peering Service](../../peering-service/index.yml) | ✅ | ✅ | ✅ | ✅ | |-| [Planned Maintenance for VMs](../../virtual-machines/maintenance-and-updates.md) | ✅ | ✅ | ✅ | ✅ | | +| [Planned Maintenance for VMs](/azure/virtual-machines/maintenance-and-updates) | ✅ | ✅ | ✅ | ✅ | | | **Service** | **FedRAMP High** | **DoD IL2** | **DoD IL4** | **DoD IL5** | **DoD IL6** | | [Power Apps](/powerapps/) | ✅ | ✅ | ✅ | ✅ | |-| [Power Pages](https://powerapps.microsoft.com/portals/) | ✅ | ✅ | ✅ | ✅ | | +| [Power Pages](https://powerapps.microsoft.com/portals/) (formerly PowerApps Portal)| ✅ | ✅ | ✅ | ✅ | | | [Power Automate](/power-automate/) (formerly Microsoft Flow) | ✅ | ✅ | ✅ | ✅ | | | [Power BI](/power-bi/fundamentals/) | ✅ | ✅ | ✅ | ✅ | ✅ | | [Power BI Embedded](/power-bi/developer/embedded/) | ✅ | ✅ | ✅ | ✅ | | This article provides a detailed list of Azure, Dynamics 365, Microsoft 365, and | [Route Server](../../route-server/index.yml) | ✅ | ✅ | ✅ | ✅ | | | [Scheduler](../../scheduler/index.yml) (replaced by [Logic Apps](../../logic-apps/index.yml)) | ✅ | ✅ | ✅ | ✅ | | | [Service Bus](../../service-bus-messaging/index.yml) | ✅ | ✅ | ✅ | ✅ | ✅ |-| [Service Fabric](../../service-fabric/index.yml) | ✅ | ✅ | ✅ | ✅ | ✅ | +| [Service Fabric](/azure/service-fabric/) | ✅ | ✅ | ✅ | ✅ | ✅ | | **Service** | **FedRAMP High** | **DoD IL2** | **DoD IL4** | **DoD IL5** | **DoD IL6** | | [Service Health](../../service-health/index.yml) | ✅ | ✅ | ✅ | ✅ | | | [SignalR Service](../../azure-signalr/index.yml) | ✅ | ✅ | ✅ | ✅ | ✅ | This article provides a detailed list of Azure, Dynamics 365, Microsoft 365, and | [SQL Server Stretch Database](../../sql-server-stretch-database/index.yml) | ✅ | ✅ | ✅ | ✅ | | | [Storage: Archive](../../storage/blobs/access-tiers-overview.md) | ✅ | ✅ | ✅ | ✅ | | | [Storage: Blobs](../../storage/blobs/index.yml) (incl. [Azure Data Lake Storage Gen2](../../storage/blobs/data-lake-storage-introduction.md)) | ✅ | ✅ | ✅ | ✅ | ✅ |-| [Storage: Disks (incl. managed disks)](../../virtual-machines/managed-disks-overview.md) | ✅ | ✅ | ✅ | ✅ | ✅ | +| [Storage: Disks (incl. managed disks)](/azure/virtual-machines/managed-disks-overview) | ✅ | ✅ | ✅ | ✅ | ✅ | | [Storage: Files](../../storage/files/index.yml) | ✅ | ✅ | ✅ | ✅ | | | [Storage: Queues](../../storage/queues/index.yml) | ✅ | ✅ | ✅ | ✅ | ✅ | | [Storage: Tables](../../storage/tables/index.yml) | ✅ | ✅ | ✅ | ✅ | ✅ | This article provides a detailed list of Azure, Dynamics 365, Microsoft 365, and | **Service** | **FedRAMP High** | **DoD IL2** | **DoD IL4** | **DoD IL5** | **DoD IL6** | | [Synapse Link for Dataverse](/powerapps/maker/data-platform/export-to-data-lake) | ✅ | ✅ | ✅ | ✅ | | | [Traffic Manager](../../traffic-manager/index.yml) | ✅ | ✅ | ✅ | ✅ | ✅ |-| [Virtual Machine Scale Sets](../../virtual-machine-scale-sets/index.yml) | ✅ | ✅ | ✅ | ✅ | ✅ | -| [Virtual Machines](../../virtual-machines/index.yml) | ✅ | ✅ | ✅ | ✅ | ✅ | +| [Virtual Machine Scale Sets](/azure/virtual-machine-scale-sets/) | ✅ | ✅ | ✅ | ✅ | ✅ | +| [Virtual Machines](/azure/virtual-machines/) | ✅ | ✅ | ✅ | ✅ | ✅ | | [Virtual Network](../../virtual-network/index.yml) | ✅ | ✅ | ✅ | ✅ | ✅ | | [Virtual Network NAT](../../virtual-network/nat-gateway/index.yml) | ✅ | ✅ | ✅ | ✅ | | | [Virtual WAN](../../virtual-wan/index.yml) | ✅ | ✅ | ✅ | ✅ | ✅ |-| [VM Image Builder](../../virtual-machines/image-builder-overview.md) | ✅ | ✅ | ✅ | | | +| [VM Image Builder](/azure/virtual-machines/image-builder-overview) | ✅ | ✅ | ✅ | | | | [VPN Gateway](../../vpn-gateway/index.yml) | ✅ | ✅ | ✅ | ✅ | ✅ | | [Web Application Firewall](../../web-application-firewall/index.yml) | ✅ | ✅ | ✅ | ✅ | | -***** Authorizations for edge devices (such as Azure Data Box and Azure Stack Edge) apply only to Azure services that support on-premises, customer-managed devices. You are wholly responsible for the authorization package that covers the physical devices. For assistance with accelerating your onboarding and authorization of devices, contact your Microsoft account representative. +***** Authorizations for edge devices (such as Azure Data Box, Azure Stack Edge and Azure Stack HCI) apply only to Azure services that support on-premises, customer-managed devices. You are wholly responsible for the authorization package that covers the physical devices. For assistance with accelerating your onboarding and authorization of devices, contact your Microsoft account representative. ****** Azure Information Protection (AIP) is part of the Microsoft Purview Information Protection solution - it extends the labeling and classification functionality provided by Microsoft 365. Before AIP can be used for DoD workloads at a given impact level (IL), the corresponding Microsoft 365 services must be authorized at the same IL. |
azure-government | Documentation Government Extension | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-government/documentation-government-extension.md | Last updated 08/31/2021 # Azure Government virtual machine extensions -Azure [virtual machine (VM) extensions](../virtual-machines/extensions/features-windows.md) are small applications that provide post-deployment configuration and automation tasks on Azure VMs. +Azure [virtual machine (VM) extensions](/azure/virtual-machines/extensions/features-windows) are small applications that provide post-deployment configuration and automation tasks on Azure VMs. [!INCLUDE [updated-for-az](~/reusable-content/ce-skilling/azure/includes/updated-for-az.md)] Out-File vm-extensions.md ## Next steps -* [Deploy a Windows virtual machine extension](../virtual-machines/extensions/features-windows.md#run-vm-extensions) -* [Deploy a Linux virtual machine extension](../virtual-machines/extensions/features-linux.md#run-vm-extensions) +* [Deploy a Windows virtual machine extension](/azure/virtual-machines/extensions/features-windows#run-vm-extensions) +* [Deploy a Linux virtual machine extension](/azure/virtual-machines/extensions/features-linux#run-vm-extensions) |
azure-government | Documentation Government Image Gallery | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-government/documentation-government-image-gallery.md | Some of the prebuilt images include pay-as-you-go licensing for specific softwar ## Next steps -- [Create a Windows virtual machine with the Azure portal](../virtual-machines/windows/quick-create-portal.md)-- [Create a Windows virtual machine with PowerShell](../virtual-machines/windows/quick-create-powershell.md)-- [Create a Windows virtual machine with the Azure CLI](../virtual-machines/windows/quick-create-cli.md)-- [Create a Linux virtual machine with the Azure portal](../virtual-machines/linux/quick-create-portal.md)+- [Create a Windows virtual machine with the Azure portal](/azure/virtual-machines/windows/quick-create-portal) +- [Create a Windows virtual machine with PowerShell](/azure/virtual-machines/windows/quick-create-powershell) +- [Create a Windows virtual machine with the Azure CLI](/azure/virtual-machines/windows/quick-create-cli) +- [Create a Linux virtual machine with the Azure portal](/azure/virtual-machines/linux/quick-create-portal) |
azure-government | Documentation Government Impact Level 5 | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-government/documentation-government-impact-level-5.md | You need to address two key areas for Azure services in IL5 scope: compute isola ### Compute isolation -IL5 separation requirements are stated in Section 5.2.2.3 (Page 51) of the [Cloud Computing SRG](https://public.cyber.mil/dccs/dccs-documents/). The SRG focuses on compute separation during "processing" of IL5 data. This separation ensures that a virtual machine that could potentially compromise the physical host can't affect a DoD workload. To remove the risk of runtime attacks and ensure long running workloads aren't compromised from other workloads on the same host, **all IL5 virtual machines and virtual machine scale sets** should be isolated by DoD mission owners via [Azure Dedicated Host](https://azure.microsoft.com/services/virtual-machines/dedicated-host/) or [isolated virtual machines](../virtual-machines/isolation.md). Doing so provides a dedicated physical server to host your Azure Virtual Machines (VMs) for Windows and Linux. +IL5 separation requirements are stated in Section 5.2.2.3 (Page 51) of the [Cloud Computing SRG](https://public.cyber.mil/dccs/dccs-documents/). The SRG focuses on compute separation during "processing" of IL5 data. This separation ensures that a virtual machine that could potentially compromise the physical host can't affect a DoD workload. To remove the risk of runtime attacks and ensure long running workloads aren't compromised from other workloads on the same host, **all IL5 virtual machines and virtual machine scale sets** should be isolated by DoD mission owners via [Azure Dedicated Host](https://azure.microsoft.com/services/virtual-machines/dedicated-host/) or [isolated virtual machines](/azure/virtual-machines/isolation). Doing so provides a dedicated physical server to host your Azure Virtual Machines (VMs) for Windows and Linux. For services where the compute processes are obfuscated from access by the owner and stateless in their processing of data, you should accomplish isolation by focusing on the data being processed and how it's stored and retained. This approach ensures the data is stored in protected mediums. It also ensures the data isn't present on these services for extended periods unless it's encrypted as needed. For Compute services availability in Azure Government, see [Products available b - Enable user subscription mode, which will require a Key Vault instance for proper encryption and key storage. For more information, see the documentation on [batch account configurations](../batch/batch-account-create-portal.md). -### [Virtual machines](../virtual-machines/index.yml) and [virtual machine scale sets](../virtual-machine-scale-sets/index.yml) +### [Virtual machines](/azure/virtual-machines/) and [virtual machine scale sets](/azure/virtual-machine-scale-sets/) You can use Azure virtual machines with multiple deployment mediums. You can do so for single virtual machines and for virtual machines deployed via the Azure virtual machine scale sets feature. All virtual machines should use Disk Encryption for virtual machines or Disk Enc > [!IMPORTANT] > When you deploy VMs in Azure Government regions US Gov Arizona, US Gov Texas, and US Gov Virginia, you must use Azure Dedicated Host, as described in the next section. -#### [Azure Dedicated Host](../virtual-machines/dedicated-hosts.md) +#### [Azure Dedicated Host](/azure/virtual-machines/dedicated-hosts) Azure Dedicated Host provides physical servers that can host one or more virtual machines and that are dedicated to one Azure subscription. Dedicated hosts are the same physical servers used in our datacenters, provided as a resource. You can provision dedicated hosts within a region, availability zone, and fault domain. You can then place VMs directly into your provisioned hosts, in whatever configuration meets your needs. These VMs provide the necessary level of isolation required to support IL5 workl Current Dedicated Host SKUs (VM series and Host Type) that offer the required compute isolation include SKUs in the VM families listed on the [Dedicated Host pricing page](https://azure.microsoft.com/pricing/details/virtual-machines/dedicated-host/). -#### [Isolated virtual machines](../virtual-machines/isolation.md) +#### [Isolated virtual machines](/azure/virtual-machines/isolation) Virtual machine scale sets aren't currently supported on Azure Dedicated Host. But specific VM types, when deployed, consume the entire physical host for the VM. Isolated VM types can be deployed via virtual machine scale sets to provide proper compute isolation with all the benefits of virtual machine scale sets in place. When you configure your scale set, select the appropriate SKU. To encrypt the data at rest, see the next section for supportable encryption options. > [!IMPORTANT]-> As new hardware generations become available, some VM types might require reconfiguration (scale up or migration to a new VM SKU) to ensure they remain on properly dedicated hardware. For more information, see **[Virtual machine isolation in Azure](../virtual-machines/isolation.md).** +> As new hardware generations become available, some VM types might require reconfiguration (scale up or migration to a new VM SKU) to ensure they remain on properly dedicated hardware. For more information, see **[Virtual machine isolation in Azure](/azure/virtual-machines/isolation).** #### Disk encryption for virtual machines You can encrypt the storage that supports these virtual machines in one of two ways to support necessary encryption standards. - Use Azure Disk Encryption to encrypt the drives by using dm-crypt (Linux) or BitLocker (Windows):- - [Enable Azure Disk Encryption for Linux](../virtual-machines/linux/disk-encryption-overview.md) - - [Enable Azure Disk Encryption for Windows](../virtual-machines/windows/disk-encryption-overview.md) + - [Enable Azure Disk Encryption for Linux](/azure/virtual-machines/linux/disk-encryption-overview) + - [Enable Azure Disk Encryption for Windows](/azure/virtual-machines/windows/disk-encryption-overview) - Use Azure Storage service encryption for storage accounts with your own key to encrypt the storage account that holds the disks: - [Storage service encryption with customer-managed keys](../storage/common/customer-managed-keys-configure-key-vault.md) You can encrypt the storage that supports these virtual machines in one of two w You can encrypt disks that support virtual machine scale sets by using Azure Disk Encryption: -- [Encrypt disks in virtual machine scale sets](../virtual-machine-scale-sets/disk-encryption-key-vault.md)+- [Encrypt disks in virtual machine scale sets](/azure/virtual-machine-scale-sets/disk-encryption-key-vault) ## Containers For Containers services availability in Azure Government, see [Products availabl - Configure encryption at rest of content in AKS by [using customer-managed keys in Azure Key Vault](/azure/aks/azure-disk-customer-managed-keys). -### [Container Instances](../container-instances/index.yml) +### [Container Instances](/azure/container-instances/) -- Azure Container Instances automatically encrypts data related to your containers when it's persisted in the cloud. Data in Container Instances is encrypted and decrypted with 256-bit AES encryption and enabled for all Container Instances deployments. You can rely on Microsoft-managed keys for the encryption of your container data, or you can manage the encryption by using your own keys. For more information, see [Encrypt deployment data](../container-instances/container-instances-encrypt-data.md). +- Azure Container Instances automatically encrypts data related to your containers when it's persisted in the cloud. Data in Container Instances is encrypted and decrypted with 256-bit AES encryption and enabled for all Container Instances deployments. You can rely on Microsoft-managed keys for the encryption of your container data, or you can manage the encryption by using your own keys. For more information, see [Encrypt deployment data](/azure/container-instances/container-instances-encrypt-data). ### [Container Registry](../container-registry/index.yml) |
azure-government | Documentation Government Overview Dod | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-government/documentation-government-overview-dod.md | The following services are in scope for DoD IL5 PA in US DoD regions (US DoD Cen - [Service Bus](https://azure.microsoft.com/services/service-bus/) - [SQL Server Stretch Database](https://azure.microsoft.com/services/sql-server-stretch-database/) - [Storage: Blobs](https://azure.microsoft.com/services/storage/blobs/) (incl. [Azure Data Lake Storage Gen2](../storage/blobs/data-lake-storage-introduction.md))-- [Storage: Disks](https://azure.microsoft.com/services/storage/disks/) (incl. [managed disks](../virtual-machines/managed-disks-overview.md))+- [Storage: Disks](https://azure.microsoft.com/services/storage/disks/) (incl. [managed disks](/azure/virtual-machines/managed-disks-overview)) - [Storage: Files](https://azure.microsoft.com/services/storage/files/) - [Storage: Queues](https://azure.microsoft.com/services/storage/queues/) - [Storage: Tables](https://azure.microsoft.com/services/storage/tables/) |
azure-government | Documentation Government Overview Wwps | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-government/documentation-government-overview-wwps.md | Microsoft enables you to protect your data throughout its entire lifecycle: at r [Azure confidential computing](../confidential-computing/index.yml) is a set of data security capabilities that offers encryption of data while in use. This approach means that data can be processed in the cloud with the assurance that it's always under your control, even when data is in use while in memory during computations. Azure confidential computing supports different virtual machines for IaaS workloads: -- **Trusted launch VMs:** [Trusted launch](../virtual-machines/trusted-launch.md) is available across [generation 2 VMs](../virtual-machines/generation-2.md), bringing hardened security features ΓÇô secure boot, virtual trusted platform module, and boot integrity monitoring ΓÇô that protect against boot kits, rootkits, and kernel-level malware.+- **Trusted launch VMs:** [Trusted launch](/azure/virtual-machines/trusted-launch) is available across [generation 2 VMs](/azure/virtual-machines/generation-2), bringing hardened security features ΓÇô secure boot, virtual trusted platform module, and boot integrity monitoring ΓÇô that protect against boot kits, rootkits, and kernel-level malware. - **Confidential VMs with AMD SEV-SNP technology:** You can choose Azure VMs based on AMD EPYC 7003 series CPUs to lift and shift applications without requiring any code changes. These AMD EPYC CPUs use AMD [Secure Encrypted Virtualization ΓÇô Secure Nested Paging](https://www.amd.com/en/developer/sev.html) (SEV-SNP) technology to encrypt your entire virtual machine at runtime. The encryption keys used for VM encryption are generated and safeguarded by a dedicated secure processor on the EPYC CPU and can't be extracted by any external means. These Azure VMs are currently in Preview and available to select customers. For more information, see [Azure and AMD announce landmark in confidential computing evolution](https://azure.microsoft.com/blog/azure-and-amd-enable-lift-and-shift-confidential-computing/). |
azure-government | Documentation Government Quickstarts Vm | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-government/documentation-government-quickstarts-vm.md | Last updated 08/10/2018 Microsoft Azure Government delivers a dedicated cloud with world-class security and compliance, enabling US government agencies and their partners to transform their workloads to the cloud. For example, your workload may include using virtual machines. Before provisioning a VM, you need to create and configure a virtual network for your environment. A virtual network enables resources to securely communicate with each other (within Azure and with servers accessing Azure). -This tutorial shows how to connect to Azure Government, create a virtual network and a virtual machine on this network in Azure Government cloud. The Azure Government marketplace provides a VM library, in this tutorial we use "Data Science Virtual Machine - Windows 2016 CSP". To learn more about Azure Virtual Machines and see end-to-end scenarios, see [Virtual Machines Documentation](../virtual-machines/index.yml). +This tutorial shows how to connect to Azure Government, create a virtual network and a virtual machine on this network in Azure Government cloud. The Azure Government marketplace provides a VM library, in this tutorial we use "Data Science Virtual Machine - Windows 2016 CSP". To learn more about Azure Virtual Machines and see end-to-end scenarios, see [Virtual Machines Documentation](/azure/virtual-machines/). In this tutorial, you learn how to: |
azure-government | Documentation Government Stig Linux Vm | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-government/documentation-government-stig-linux-vm.md | Sign in at the [Azure portal](https://portal.azure.com/) or [Azure Government po a. Enter the *VM name*. - b. Select the *Availability options*. To learn about availability sets, see [Availability sets overview](../virtual-machines/availability-set-overview.md). + b. Select the *Availability options*. To learn about availability sets, see [Availability sets overview](/azure/virtual-machines/availability-set-overview). c. Select the *Linux OS version*. Sign in at the [Azure portal](https://portal.azure.com/) or [Azure Government po h. Confirm *Password* (*Public key* only needs to be input once). > [!NOTE]- > For instructions on creating an SSH RSA public-private key pair for SSH client connections, see **[Create and manage SSH keys for authentication to a Linux VM in Azure](../virtual-machines/linux/create-ssh-keys-detailed.md).** + > For instructions on creating an SSH RSA public-private key pair for SSH client connections, see **[Create and manage SSH keys for authentication to a Linux VM in Azure](/azure/virtual-machines/linux/create-ssh-keys-detailed).** :::image type="content" source="./media/stig-linux-instance-details.png" alt-text="Instance details section where you provide a name for the virtual machine and select its region, image, and size" border="false"::: Site Recovery can manage replication for: - Azure VMs replicating between Azure regions. - On-premises VMs, Azure Stack VMs, and physical servers. -To learn more about backup and restore options for virtual machines in Azure, continue to [Overview of backup options for VMs](../virtual-machines/backup-recovery.md). +To learn more about backup and restore options for virtual machines in Azure, continue to [Overview of backup options for VMs](/azure/virtual-machines/backup-recovery). ## Clean up resources For more information, see [Deploy Azure Virtual Machine (Linux) and apply STIG]( This quickstart showed you how to deploy a STIG-compliant Linux virtual machine (Preview) on Azure or Azure Government. For more information about creating virtual machines in: -- Azure, see [Quickstart: Create a Linux virtual machine in the Azure portal](../virtual-machines/linux/quick-create-portal.md).+- Azure, see [Quickstart: Create a Linux virtual machine in the Azure portal](/azure/virtual-machines/linux/quick-create-portal). - Azure Government, see [Tutorial: Create virtual machines](./documentation-government-quickstarts-vm.md). To learn more about Azure services, continue to the Azure documentation. |
azure-government | Documentation Government Stig Windows Vm | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-government/documentation-government-stig-windows-vm.md | Sign in at the [Azure portal](https://portal.azure.com/) or [Azure Government po a. Enter the *VM name*. - b. Select the *Availability options*. To learn about availability sets, see [Availability sets overview](../virtual-machines/availability-set-overview.md). + b. Select the *Availability options*. To learn about availability sets, see [Availability sets overview](/azure/virtual-machines/availability-set-overview). c. Select the *Windows OS version*. Site Recovery can manage replication for: - Azure VMs replicating between Azure regions. - On-premises VMs, Azure Stack VMs, and physical servers. -To learn more about backup and restore options for virtual machines in Azure, continue to [Overview of backup options for VMs](../virtual-machines/backup-recovery.md). +To learn more about backup and restore options for virtual machines in Azure, continue to [Overview of backup options for VMs](/azure/virtual-machines/backup-recovery). ## Clean up resources For more information, see [Deploy Azure Virtual Machine (Windows) and apply STIG This quickstart showed you how to deploy a STIG-compliant Windows virtual machine (Preview) on Azure or Azure Government. For more information about creating virtual machines in: -- Azure, see [Quickstart: Create a Windows virtual machine in the Azure portal](../virtual-machines/windows/quick-create-portal.md).+- Azure, see [Quickstart: Create a Windows virtual machine in the Azure portal](/azure/virtual-machines/windows/quick-create-portal). - Azure Government, see [Tutorial: Create virtual machines](./documentation-government-quickstarts-vm.md). To learn more about Azure services, continue to the Azure documentation. |
azure-health-insights | Use Containers | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-health-insights/use-containers.md | You must meet the following prerequisites before using Azure AI Health Insights The host that runs the Docker container on your premises, should be an x64-based computer. It can also be a Docker hosting service in Azure, such as: * [Azure Kubernetes Service](/azure/aks/).-* [Azure Container Instances](../../articles/container-instances/index.yml). +* [Azure Container Instances](/azure/container-instances/). * A [Kubernetes](https://kubernetes.io/) cluster deployed to [Azure Stack](/azure-stack/operator). For more information, see [Deploy Kubernetes to Azure Stack](/azure-stack/user/azure-stack-solution-template-kubernetes-deploy). The following table describes the minimum and recommended specifications for the different Health Insights containers. |
azure-large-instances | Work With Azure Large Instances In Azure Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-large-instances/work-with-azure-large-instances-in-azure-portal.md | On the right, you see the name of the Azure Large Instances, operating system (O You also see the power state and hardware version (revision of the Azure Large Instances stamp). The power state indicates whether the hardware unit is powered on or off. The operating system details, however, don't indicate whether it's up and running. -Also on the right is the [Azure proximity placement group's name](../virtual-machines/co-location.md). +Also on the right is the [Azure proximity placement group's name](/azure/virtual-machines/co-location). The placement group's name is created automatically for each deployed Azure Large Instances tenant. Reference the proximity placement group when you deploy the Azure VMs that host the application layer. Use the proximity placement group associated with the Azure Large Instances to ensure the Azure VMs are deployed close to the Azure Large Instances. |
azure-linux | Faq | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-linux/faq.md | # Frequently asked questions about the Azure Linux Container Host for AKS +> [!CAUTION] +> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). + This article answers common questions about the Azure Linux Container Host. ## General FAQs No, the Azure Linux Container Host doesn't support AppArmor. Instead, it support ### How does Azure Linux read time for time synchronization on Azure? -For time synchronization, Azure Linux reads the time from the Azure VM host using [chronyd](../../articles/virtual-machines/linux/time-sync.md#chrony) and the /dev/ptp device. +For time synchronization, Azure Linux reads the time from the Azure VM host using [chronyd](/azure/virtual-machines/linux/time-sync#chrony) and the /dev/ptp device. ### How can I get help with Azure Linux? |
azure-linux | Intro Azure Linux | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-linux/intro-azure-linux.md | The Azure Linux Container Host supports the following GPU SKUs: - Get started by [Creating an Azure Linux Container Host for AKS cluster using Azure CLI](./quickstart-azure-cli.md). <!-- LINKS - internal -->-[nvidia-v100]: ../virtual-machines/ncv3-series.md -[nvidia-t4]: ../virtual-machines/nct4-v3-series.md +[nvidia-v100]: /azure/virtual-machines/ncv3-series +[nvidia-t4]: /azure/virtual-machines/nct4-v3-series [cis-benchmarks]: /azure/aks/cis-azure-linux <!-- LINKS - external --> |
azure-linux | Quickstart Azure Resource Manager Template | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-linux/quickstart-azure-resource-manager-template.md | To access AKS nodes, you connect using an SSH key pair (public and private), whi ssh-keygen -t rsa -b 4096 ``` -For more information about creating SSH keys, see [Create and manage SSH keys for authentication in Azure](../../articles/virtual-machines/linux/create-ssh-keys-detailed.md). +For more information about creating SSH keys, see [Create and manage SSH keys for authentication in Azure](/azure/virtual-machines/linux/create-ssh-keys-detailed). ## Review the template |
azure-linux | Quickstart Terraform | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-linux/quickstart-terraform.md | To access AKS nodes, you connect using an SSH key pair (public and private), whi ssh-keygen -t rsa -b 4096 ``` -For more information about creating SSH keys, see [Create and manage SSH keys for authentication in Azure](../../articles/virtual-machines/linux/create-ssh-keys-detailed.md). +For more information about creating SSH keys, see [Create and manage SSH keys for authentication in Azure](/azure/virtual-machines/linux/create-ssh-keys-detailed). ## Implement the Terraform code |
azure-maps | Understanding Azure Maps Transactions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-maps/understanding-azure-maps-transactions.md | The following table summarizes the Azure Maps services that generate transaction | [Data registry] | Yes | One request = 1 transaction| <ul><li>Location Insights Data (Gen2 pricing)</li></ul>| | [Geolocation]| Yes| One request = 1 transaction| <ul><li>Location Insights Geolocation (Gen2 pricing)</li><li>Standard S1 Geolocation Transactions (Gen1 S1 pricing)</li><li>Standard Geolocation Transactions (Gen1 S0 pricing)</li></ul>| | [Render] | Yes, except Get Copyright API, Get Attribution API and Terra maps (`MapTile.GetTerraTile` and `layer=terra`) which are nonbillable.|<ul><li>15 tiles = 1 transaction</li><li>One request for Get Copyright = 1 transaction</li><li>One request for Get Map Attribution = 1 transaction</li><li>One request for Get Static Map = 1 transaction</li><li>One request for Get Map Tileset = 1 transaction</li></ul> <br> For Creator related usage, see the [Creator table]. |<ul><li>Maps Base Map Tiles (Gen2 pricing)</li><li>Maps Imagery Tiles (Gen2 pricing)</li><li>Maps Static Map Images (Gen2 pricing)</li><li>Maps Weather Tiles (Gen2 pricing)</li><li>Standard Hybrid Aerial Imagery Transactions (Gen1 S0 pricing)</li><li>Standard Aerial Imagery Transactions (Gen1 S0 pricing)</li><li>Standard S1 Aerial Imagery Transactions (Gen1 S1 pricing)</li><li>Standard S1 Hybrid Aerial Imagery Transactions (Gen1 S1 pricing)</li><li>Standard S1 Rendering Transactions (Gen1 S1 pricing)</li><li>Standard S1 Tile Transactions (Gen1 S1 pricing)</li><li>Standard S1 Weather Tile Transactions (Gen1 S1 pricing)</li><li>Standard Tile Transactions (Gen1 S0 pricing)</li><li>Standard Weather Tile Transactions (Gen1 S0 pricing)</li><li>Maps Copyright (Gen2 pricing, Gen1 S0 pricing and Gen1 S1 pricing)</li></ul>|-| [Route] | Yes | One request = 1 transaction<br><ul><li>If using the Route Matrix, each cell in the Route Matrix request generates a billable Route transaction.</li><li>If using Batch Directions, each route query (route origin/destination coordinate pair and waypoints) in the Batch request call generates a billable Route transaction. Note, the billable Route transaction usage results generated by the batch request has **-Batch** appended to the API name of your Azure portal metrics report.</li></ul> | <ul><li>Location Insights Routing (Gen2 pricing)</li><li>Standard S1 Routing Transactions (Gen1 S1 pricing)</li><li>Standard Services API Transactions (Gen1 S0 pricing)</li></ul> | +| [Route] | Yes | One request = 1 transaction<br><ul><li>If using the Route Matrix, every four cells in the Route Matrix request generates a billable Route transaction, rounded up to the nearest whole number. If you provided 5 origins and 10 destinations, that would be counted as `Ceiling(0.25*5*10) = 13` Routing transactions.</li><li>If using Batch Directions, each route query (route origin/destination coordinate pair and waypoints) in the Batch request call generates a billable Route transaction. Note, the billable Route transaction usage results generated by the batch request has **-Batch** appended to the API name of your Azure portal metrics report.</li></ul> | <ul><li>Location Insights Routing (Gen2 pricing)</li><li>Standard S1 Routing Transactions (Gen1 S1 pricing)</li><li>Standard Services API Transactions (Gen1 S0 pricing)</li></ul> | | [Search v1]<br>[Search v2] | Yes | One request = 1 transaction.<br><ul><li>If using Batch Search, each location in the Batch request generates a billable Search transaction. Note, the billable Search transaction usage results generated by the batch request has **-Batch** appended to the API name of your Azure portal metrics report.</li></ul> | <ul><li>Location Insights Search</li><li>Standard S1 Search Transactions (Gen1 S1 pricing)</li><li>Standard Services API Transactions (Gen1 S0 pricing)</li></ul> | | [Spatial] | Yes, except for `Spatial.GetBoundingBox`, `Spatial.PostBoundingBox` and `Spatial.PostPointInPolygonBatch`, which are nonbillable.| One request = 1 transaction.<br><ul><li>If using Geofence, five requests = 1 transaction</li></ul> | <ul><li>Location Insights Spatial Calculations (Gen2 pricing)</li><li>Standard S1 Spatial Transactions (Gen1 S1 pricing)</li></ul> | | [Timezone] | Yes | One request = 1 transaction | <ul><li>Location Insights Timezone (Gen2 pricing)</li><li>Standard S1 Time Zones Transactions (Gen1 S1 pricing)</li><li>Standard Time Zones Transactions (Gen1 S0 pricing)</li></ul> | |
azure-monitor | Agent Linux Troubleshoot | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/agent-linux-troubleshoot.md | -> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). +> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). ## Log Analytics Troubleshooting Tool |
azure-monitor | Agent Linux | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/agent-linux.md | -> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). +> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). This article provides details on installing the Log Analytics agent on Linux computers hosted in other clouds or on-premises. [!INCLUDE [Log Analytics agent deprecation](../../../includes/log-analytics-agent-deprecation.md)] OpenSSL 1.1.0 is only supported on x86_x64 platforms (64-bit). OpenSSL earlier t Starting with versions released after August 2018, we're making the following changes to our support model: * Only the server versions are supported, not the client versions.-* Focus support on any of the [Azure Linux Endorsed distros](../../virtual-machines/linux/endorsed-distros.md). There might be some delay between a new distro/version being Azure Linux Endorsed and it being supported for the Log Analytics Linux agent. +* Focus support on any of the [Azure Linux Endorsed distros](/azure/virtual-machines/linux/endorsed-distros). There might be some delay between a new distro/version being Azure Linux Endorsed and it being supported for the Log Analytics Linux agent. * All minor releases are supported for each major version listed. * Versions that have passed their manufacturer's end-of-support date aren't supported. * Only support VM images. Containers aren't supported, even those derived from official distro publishers' images. If authentication is required in either case, specify the username and password. The Log Analytics agent for Linux is provided in a self-extracting and installable shell script bundle. This bundle contains Debian and RPM packages for each of the agent components and can be installed directly or extracted to retrieve the individual packages. One bundle is provided for x64 and one for x86 architectures. > [!NOTE]-> For Azure VMs, we recommend that you install the agent on them by using the [Azure Log Analytics VM extension](../../virtual-machines/extensions/oms-linux.md) for Linux. +> For Azure VMs, we recommend that you install the agent on them by using the [Azure Log Analytics VM extension](/azure/virtual-machines/extensions/oms-linux) for Linux. 1. [Download](https://github.com/microsoft/OMS-Agent-for-Linux#azure-install-guide) and transfer the appropriate bundle (x64 or x86) to your Linux VM or physical computer by using scp/sftp. |
azure-monitor | Agent Manage | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/agent-manage.md | Upgrade to the latest release of the Log Analytics agent for Windows and Linux m | Environment | Installation method | Upgrade method | |--|-|-|-| Azure VM | Log Analytics agent VM extension for Windows/Linux | The agent is automatically upgraded [after the VM model changes](../../virtual-machines/extensions/features-linux.md#how-agents-and-extensions-are-updated), unless you configured your Azure Resource Manager template to opt out by setting the property `autoUpgradeMinorVersion` to **false**. Once deployed, however, the extension won't upgrade minor versions unless redeployed, even with this property set to **true**. Only the Linux agent supports automatic update post deployment with `enableAutomaticUpgrade` property (see [Enable Auto-update for the Linux agent](#enable-auto-update-for-the-linux-agent)). Major version upgrade is always manual (see [VirtualMachineExtensionInner.AutoUpgradeMinorVersion Property](/dotnet/api/microsoft.azure.management.compute.fluent.models.virtualmachineextensioninner.autoupgrademinorversion)). | +| Azure VM | Log Analytics agent VM extension for Windows/Linux | The agent is automatically upgraded [after the VM model changes](/azure/virtual-machines/extensions/features-linux#how-agents-and-extensions-are-updated), unless you configured your Azure Resource Manager template to opt out by setting the property `autoUpgradeMinorVersion` to **false**. Once deployed, however, the extension won't upgrade minor versions unless redeployed, even with this property set to **true**. Only the Linux agent supports automatic update post deployment with `enableAutomaticUpgrade` property (see [Enable Auto-update for the Linux agent](#enable-auto-update-for-the-linux-agent)). Major version upgrade is always manual (see [VirtualMachineExtensionInner.AutoUpgradeMinorVersion Property](/dotnet/api/microsoft.azure.management.compute.fluent.models.virtualmachineextensioninner.autoupgrademinorversion)). | | Custom Azure VM images | Manual installation of Log Analytics agent for Windows/Linux | Updating VMs to the newest version of the agent must be performed from the command line running the Windows installer package or Linux self-extracting and installable shell script bundle.| | Non-Azure VMs | Manual installation of Log Analytics agent for Windows/Linux | Updating VMs to the newest version of the agent must be performed from the command line running the Windows installer package or Linux self-extracting and installable shell script bundle. | Run the following command to upgrade the agent: ### Enable auto-update for the Linux agent -We recommend that you enable [Automatic Extension Upgrade](../../virtual-machines/automatic-extension-upgrade.md) by using these commands to update the agent automatically. +We recommend that you enable [Automatic Extension Upgrade](/azure/virtual-machines/automatic-extension-upgrade) by using these commands to update the agent automatically. # [PowerShell](#tab/PowerShellLinux) |
azure-monitor | Azure Monitor Agent Extension Versions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/azure-monitor-agent-extension-versions.md | -> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). +> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). This article describes the version details for the Azure Monitor Agent virtual machine extension. This extension deploys the agent on virtual machines, scale sets, and Arc-enabled servers (on-premises servers with Azure Arc agent installed). -We strongly recommended to always update to the latest version, or opt in to the [Automatic Extension Update](../../virtual-machines/automatic-extension-upgrade.md) feature. +We strongly recommended to always update to the latest version, or opt in to the [Automatic Extension Update](/azure/virtual-machines/automatic-extension-upgrade) feature. [//]: # "DON'T change the format (column schema, etc.) of the table without consulting glinuxagent alias. The [Azure Monitor Linux Agent Troubleshooting Tool](https://github.com/Azure/azure-linux-extensions/blob/master/AzureMonitorAgent/ama_tst/AMA-Troubleshooting-Tool.md) parses the table at runtime to determine the latest version of AMA; altering the format could degrade some of the functions of the tool." ## Version details | Release Date | Release notes | Windows | Linux | |:|:|:|:|-| August 2024 | **Windows**<ul><li>Added columns to the SecurityEvent table: Keywords, Opcode, Correlation, ProcessId, ThreadId, EventRecordId.</li><li>AMA: Support AMA Client Installer for selected partners.</li></ul>**Linux Features**<ul><li>Enable Dynamic Linking of OpenSSL 1.1 in all regions</li><li>Add Computer field to Custom Logs</li><li>Add EventHub upload support for Custom Logs </li><li>Reliability improvement for upload task scheduling</li><li>Added support for SUSE15 SP5, and AWS 3 distributions</li></ul>**Linux Fixes**<ul><li>Fix Direct upload to storage for perf counters when no other destination is configured. You don't see perf counters If storage was the only configured destination for perf counters, they wouldn't see perf counters in their blob or table.</li><li>Fluent-Bit updated to version 3.0.7. This fixes the issue with Fluent-Bit creating junk files in the root directory on process shutdown.</li><li>Fix proxy for system-wide proxy using http(s)_proxy env var </li><li>Support for syslog hostnames that are up to 255characters</li><li>Stop sending rows longer than 1MB. This exceeds ingestion limits and destabilizes the agent. Now the row is gracefully dropped and a diagnostic message is written.</li><li>Set max disk space used for rsyslog spooling to 1GB. There was no limit before which could lead to high memory usage.</li><li>Use random available TCP port when there is a port conflict with AMA port 28230 and 28330 . This resolved issues where port 28230 and 28330 were already in uses by the customer which prevented data upload to Azure.</li></ul>| 1.29 | 1.32.5 | +| August 2024 | **Windows**<ul><li>Added columns to the SecurityEvent table: Keywords, Opcode, Correlation, ProcessId, ThreadId, EventRecordId.</li><li>AMA: Support AMA Client Installer for selected partners.</li></ul>**Linux Features**<ul><li>Enable Dynamic Linking of OpenSSL 1.1 in all regions</li><li>Add Computer field to Custom Logs</li><li>Add EventHub upload support for Custom Logs </li><li>Reliability improvement for upload task scheduling</li><li>Added support for SUSE15 SP5, and AWS 3 distributions</li></ul>**Linux Fixes**<ul><li>Fix Direct upload to storage for perf counters when no other destination is configured. You don't see perf counters If storage was the only configured destination for perf counters, they wouldn't see perf counters in their blob or table.</li><li>Fluent-Bit updated to version 3.0.7. This fixes the issue with Fluent-Bit creating junk files in the root directory on process shutdown.</li><li>Fix proxy for system-wide proxy using http(s)_proxy env var </li><li>Support for syslog hostnames that are up to 255characters</li><li>Stop sending rows longer than 1MB. This exceeds ingestion limits and destabilizes the agent. Now the row is gracefully dropped and a diagnostic message is written.</li><li>Set max disk space used for rsyslog spooling to 1GB. There was no limit before which could lead to high memory usage.</li><li>Use random available TCP port when there is a port conflict with AMA port 28230 and 28330 . This resolved issues where port 28230 and 28330 were already in uses by the customer which prevented data upload to Azure.</li></ul>| 1.29 | 1.32.6 | | June 2024 |**Windows**<ul><li>Fix encoding issues with Resource ID field.</li><li>AMA: Support new ingestion endpoint for GovSG environment.</li><li>Upgrade AzureSecurityPack version to 4.33.0.1.</li><li>Upgrade Metrics Extension version to 2.2024.517.533.</li><li>Upgrade Health Extension version to 2024.528.1.</li></ul>**Linux**<ul><li>Coming Soon</li></ul>| 1.28.2 | | | May 2024 |**Windows**<ul><li>Upgraded Fluent-bit version to 3.0.5. This Fix resolves as security issue in fluent-bit (NVD - CVE-2024-4323 (nist.gov)</li><li>Disabled Fluent-bit logging that caused disk exhaustion issues for some customers. Example error is Fluentbit log with "[C:\projects\fluent-bit-2e87g\src\flb_scheduler.c:72 errno=0] No error" fills up the entire disk of the server.</li><li>Fixed AMA extension getting stuck in deletion state on some VMs that are using Arc. This fix improves reliability.</li><li>Fixed AMA not using system proxy, this issue is a bug introduced in 1.26.0. The issue was caused by a new feature that uses the Arc agentΓÇÖs proxy settings. When the system proxy as set as None the proxy was broken in 1.26.</li><li>Fixed Windows Firewall Logs log file rollover issues</li></ul>| 1.27.0 | | | April 2024 |**Windows**<ul><li>In preparation for the May 17 public preview of Firewall Logs, the agent completed the addition of a profile filter for Domain, Public, and Private Logs. </li><li>AMA running on an Arc enabled server will default to using the Arc proxy settings if available.</li><li>The AMA VM extension proxy settings override the Arc defaults.</li><li>Bug fix in MSI installer: Symptom - If there are spaces in the fluent-bit config path, AMA wasn't recognizing the path properly. AMA now adds quotes to configuration path in fluent-bit.</li><li>Bug fix for Container Insights: Symptom - custom resource ID weren't being honored.</li><li>Security issue fix: skip the deletion of files and directory whose path contains a redirection (via Junction point, Hard links, Mount point, OB Symlinks etc.).</li><li>Updating MetricExtension package to 2.2024.328.1744.</li></ul>**Linux**<ul><li>AMA 1.30 now available in Arc.</li><li>New distribution support Debian 12, RHEL CIS L2.</li><li>Fix for mdsd version 1.30.3 in persistence mode, which converted positive integers to float/double values ("3.0", "4.0") to type ulong which broke Azure stream analytics.</li></ul>| 1.26.0 | 1.31.1 | |
azure-monitor | Azure Monitor Agent Manage | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/azure-monitor-agent-manage.md | N/A ## Update > [!NOTE]-> The recommendation is to enable [Automatic Extension Upgrade](../../virtual-machines/automatic-extension-upgrade.md) to update installed extensions to the released (latest) version across all regions. Upgrades are issued in batches, so you may see some of your virtual machines, scale-sets or Arc-enabled servers get upgraded before others. If you need to upgrade an extension immediately, you may use the manual instructions below. +> The recommendation is to enable [Automatic Extension Upgrade](/azure/virtual-machines/automatic-extension-upgrade) to update installed extensions to the released (latest) version across all regions. Upgrades are issued in batches, so you may see some of your virtual machines, scale-sets or Arc-enabled servers get upgraded before others. If you need to upgrade an extension immediately, you may use the manual instructions below. #### [Portal](#tab/azure-portal) To perform a one-time update of the agent, you must first uninstall the existing agent version. Then install the new version as described. -We recommend that you enable automatic update of the agent by enabling the [Automatic Extension Upgrade](../../virtual-machines/automatic-extension-upgrade.md) feature. Go to your virtual machine or scale set, select the **Extensions** tab and select **AzureMonitorWindowsAgent** or **AzureMonitorLinuxAgent**. In the dialog that opens, select **Enable automatic upgrade**. +We recommend that you enable automatic update of the agent by enabling the [Automatic Extension Upgrade](/azure/virtual-machines/automatic-extension-upgrade) feature. Go to your virtual machine or scale set, select the **Extensions** tab and select **AzureMonitorWindowsAgent** or **AzureMonitorLinuxAgent**. In the dialog that opens, select **Enable automatic upgrade**. #### [PowerShell](#tab/azure-powershell) We recommend that you enable automatic update of the agent by enabling the [Auto To perform a one-time update of the agent, you must first uninstall the existing agent version, then install the new version as described. -We recommend that you enable automatic update of the agent by enabling the [Automatic Extension Upgrade](../../virtual-machines/automatic-extension-upgrade.md) feature by using the following PowerShell commands. +We recommend that you enable automatic update of the agent by enabling the [Automatic Extension Upgrade](/azure/virtual-machines/automatic-extension-upgrade) feature by using the following PowerShell commands. * Windows ```powershell We recommend that you enable automatic update of the agent by enabling the [Auto To perform a one-time update of the agent, you must first uninstall the existing agent version, then install the new version as described. -We recommend that you enable automatic update of the agent by enabling the [Automatic Extension Upgrade](../../virtual-machines/automatic-extension-upgrade.md) feature by using the following CLI commands. +We recommend that you enable automatic update of the agent by enabling the [Automatic Extension Upgrade](/azure/virtual-machines/automatic-extension-upgrade) feature by using the following CLI commands. * Windows ```azurecli |
azure-monitor | Azure Monitor Agent Requirements | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/azure-monitor-agent-requirements.md | This article provides requirements and prerequisites for the Azure Monitor agent ## Virtual machine extension details -Azure Monitor Agent is implemented as an [Azure VM extension](../../virtual-machines/extensions/overview.md) with the details in the following table. You can install it by using any of the methods to install virtual machine extensions. For version information, see [Azure Monitor agent extension versions](./azure-monitor-agent-extension-versions.md). +Azure Monitor Agent is implemented as an [Azure VM extension](/azure/virtual-machines/extensions/overview) with the details in the following table. You can install it by using any of the methods to install virtual machine extensions. For version information, see [Azure Monitor agent extension versions](./azure-monitor-agent-extension-versions.md). | Property | Windows | Linux | |:|:|:| |
azure-monitor | Azure Monitor Agent Send Data To Event Hubs And Storage | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/azure-monitor-agent-send-data-to-event-hubs-and-storage.md | A managed identity (either system or user) associated with the resources below. - [Storage account](../../storage/common/storage-account-create.md) - [Event Hubs namespace and event hub](../../event-hubs/event-hubs-create.md)-- [Virtual machine](../../virtual-machines/overview.md)+- [Virtual machine](/azure/virtual-machines/overview) ## Create a data collection rule |
azure-monitor | Azure Monitor Agent Supported Operating Systems | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/azure-monitor-agent-supported-operating-systems.md | This article lists the operating systems supported by [Azure Monitor Agent](./az ## Linux operating systems > [!CAUTION]-> CentOS is a Linux distribution that is nearing End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). +> CentOS is a Linux distribution that is nearing End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). | Operating system | Azure Monitor agent <sup>1</sup> | Legacy Agent <sup>1</sup> | |:|::|::| |
azure-monitor | Azure Monitor Agent Troubleshoot Linux Vm Rsyslog | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/azure-monitor-agent-troubleshoot-linux-vm-rsyslog.md | -> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). +> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). Overview of Azure Monitor Agent for Linux Syslog collection and supported RFC standards: |
azure-monitor | Azure Monitor Agent Troubleshoot Windows Vm | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/azure-monitor-agent-troubleshoot-windows-vm.md | Follow the steps below to troubleshoot the latest version of the Azure Monitor a 2. On your virtual machine, verify the existence of the file `C:\WindowsAzure\Resources\AMADataStore.<virtual-machine-name>\mcs\mcsconfig.latest.xml`. If this file doesn't exist: - The virtual machine may not be associated with a DCR. See step 3 - The virtual machine may not have Managed Identity enabled. [See here](../../active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm.md#enable-system-assigned-managed-identity-during-creation-of-a-vm) on how to enable. - - IMDS service isn't running/accessible from the virtual machine. [Check if you can access IMDS from the machine](../../virtual-machines/windows/instance-metadata-service.md?tabs=windows). + - IMDS service isn't running/accessible from the virtual machine. [Check if you can access IMDS from the machine](/azure/virtual-machines/windows/instance-metadata-service?tabs=windows). - AMA can't access IMDS. Check if you see IMDS errors in `C:\WindowsAzure\Resources\AMADataStore.<virtual-machine-name>\Tables\MAEventTable.tsf` file. 3. Open Azure portal > select your data collection rule > Open **Configuration** : **Resources** from the pane on the left > You should see the virtual machine listed here 4. If not listed, click 'Add' and select your virtual machine from the resource picker. Repeat across all DCRs. |
azure-monitor | Data Sources Syslog | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/data-sources-syslog.md | -> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). +> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). Syslog is an event logging protocol that's common to Linux. Applications send messages that might be stored on the local machine or delivered to a Syslog collector. When the Log Analytics agent for Linux is installed, it configures the local Syslog daemon to forward messages to the agent. The agent then sends the messages to Azure Monitor where a corresponding record is created. |
azure-monitor | Diagnostics Extension Logs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/diagnostics-extension-logs.md | The following data types aren't supported: ## Enable Azure Diagnostics extension -For information on how to install and configure the diagnostics extension, see [Install and configure Azure Diagnostics extension for Windows (WAD)](../agents/diagnostics-extension-windows-install.md) or [Use Azure Diagnostics extension for Linux to monitor metrics and logs](../../virtual-machines/extensions/diagnostics-linux.md). You can specify the storage account and configure collection of the data that you want to forward to Azure Monitor Logs. +For information on how to install and configure the diagnostics extension, see [Install and configure Azure Diagnostics extension for Windows (WAD)](../agents/diagnostics-extension-windows-install.md) or [Use Azure Diagnostics extension for Linux to monitor metrics and logs](/azure/virtual-machines/extensions/diagnostics-linux). You can specify the storage account and configure collection of the data that you want to forward to Azure Monitor Logs. ## Collect logs from Azure Storage |
azure-monitor | Diagnostics Extension Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/diagnostics-extension-overview.md | The following tables list the data that can be collected by the Windows and Linu ## Data destinations -The Azure Diagnostics extension for both Windows and Linux always collects data into an Azure Storage account. For a list of specific tables and blobs where this data is collected, see [Install and configure Azure Diagnostics extension for Windows](diagnostics-extension-windows-install.md) and [Use Azure Diagnostics extension for Linux to monitor metrics and logs](../../virtual-machines/extensions/diagnostics-linux.md). +The Azure Diagnostics extension for both Windows and Linux always collects data into an Azure Storage account. For a list of specific tables and blobs where this data is collected, see [Install and configure Azure Diagnostics extension for Windows](diagnostics-extension-windows-install.md) and [Use Azure Diagnostics extension for Linux to monitor metrics and logs](/azure/virtual-machines/extensions/diagnostics-linux). Configure one or more *data sinks* to send data to other destinations. The following sections list the sinks available for the Windows and Linux diagnostics extension. LAD writes data to tables in Azure Storage. It supports the sinks in the followi ## Installation and configuration -The diagnostics extension is implemented as a [virtual machine extension](../../virtual-machines/extensions/overview.md) in Azure, so it supports the same installation options using Azure Resource Manager templates, PowerShell, and the Azure CLI. For information on installing and maintaining virtual machine extensions, see [Virtual machine extensions and features for Windows](../../virtual-machines/extensions/features-windows.md) and [Virtual machine extensions and features for Linux](../../virtual-machines/extensions/features-linux.md). +The diagnostics extension is implemented as a [virtual machine extension](/azure/virtual-machines/extensions/overview) in Azure, so it supports the same installation options using Azure Resource Manager templates, PowerShell, and the Azure CLI. For information on installing and maintaining virtual machine extensions, see [Virtual machine extensions and features for Windows](/azure/virtual-machines/extensions/features-windows) and [Virtual machine extensions and features for Linux](/azure/virtual-machines/extensions/features-linux). You can also install and configure both the Windows and Linux diagnostics extension in the Azure portal under **Diagnostic settings** in the **Monitoring** section of the virtual machine's menu. See the following articles for information on installing and configuring the diagnostics extension for Windows and Linux: * [Install and configure Azure Diagnostics extension for Windows](diagnostics-extension-windows-install.md)-* [Use Linux diagnostics extension to monitor metrics and logs](../../virtual-machines/extensions/diagnostics-linux.md) +* [Use Linux diagnostics extension to monitor metrics and logs](/azure/virtual-machines/extensions/diagnostics-linux) ## Supported operating systems See the following articles for more information. ### Azure Service Fabric -[Monitor and diagnose services in a local machine development setup](../../service-fabric/service-fabric-diagnostics-how-to-monitor-and-diagnose-services-locally.md) +[Monitor and diagnose services in a local machine development setup](/azure/service-fabric/service-fabric-diagnostics-how-to-monitor-and-diagnose-services-locally) ## Next steps |
azure-monitor | Diagnostics Extension Windows Install | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/diagnostics-extension-windows-install.md | -The diagnostics extension is implemented as a [virtual machine extension](../../virtual-machines/extensions/overview.md) in Azure. It supports the same installation options by using Azure Resource Manager templates, PowerShell, and the Azure CLI. For information on how to install and maintain virtual machine extensions, see [Virtual machine extensions and features for Windows](../../virtual-machines/extensions/features-windows.md). +The diagnostics extension is implemented as a [virtual machine extension](/azure/virtual-machines/extensions/overview) in Azure. It supports the same installation options by using Azure Resource Manager templates, PowerShell, and the Azure CLI. For information on how to install and maintain virtual machine extensions, see [Virtual machine extensions and features for Windows](/azure/virtual-machines/extensions/features-windows). ## Overview You can install and configure the diagnostics extension on an individual virtual ## Resource Manager template -For information on how to deploy the diagnostics extension with Azure Resource Manager templates, see [Use monitoring and diagnostics with a Windows VM and Azure Resource Manager templates](../../virtual-machines/extensions/diagnostics-template.md). +For information on how to deploy the diagnostics extension with Azure Resource Manager templates, see [Use monitoring and diagnostics with a Windows VM and Azure Resource Manager templates](/azure/virtual-machines/extensions/diagnostics-template). ## Azure CLI deployment The following minimal example of a configuration file enables collection of diag } ``` -See also [Use PowerShell to enable Azure Diagnostics in a virtual machine running Windows](../../virtual-machines/extensions/diagnostics-windows.md). +See also [Use PowerShell to enable Azure Diagnostics in a virtual machine running Windows](/azure/virtual-machines/extensions/diagnostics-windows). ## Data storage |
azure-monitor | Gateway | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/gateway.md | To learn how to design and deploy a Windows Server 2016 network load balancing c To learn how to design and deploy an Azure Load Balancer, see [What is Azure Load Balancer?](../../load-balancer/load-balancer-overview.md). To deploy a basic load balancer, follow the steps outlined in this [quickstart](../../load-balancer/quickstart-load-balancer-standard-public-portal.md) excluding the steps outlined in the section **Create back-end servers**. > [!NOTE]-> Configuring the Azure Load Balancer using the **Basic SKU**, requires that Azure virtual machines belong to an Availability Set. To learn more about availability sets, see [Manage the availability of Windows virtual machines in Azure](../../virtual-machines/availability.md). To add existing virtual machines to an availability set, refer to [Set Azure Resource Manager VM Availability Set](/troubleshoot/azure/virtual-machines/allocation-failure#resize-a-vm-or-add-vms-to-an-existing-availability-set). +> Configuring the Azure Load Balancer using the **Basic SKU**, requires that Azure virtual machines belong to an Availability Set. To learn more about availability sets, see [Manage the availability of Windows virtual machines in Azure](/azure/virtual-machines/availability). To add existing virtual machines to an availability set, refer to [Set Azure Resource Manager VM Availability Set](/troubleshoot/azure/virtual-machines/allocation-failure#resize-a-vm-or-add-vms-to-an-existing-availability-set). > After the load balancer is created, a backend pool needs to be created, which distributes traffic to one or more gateway servers. Follow the steps described in the quickstart article section [Create resources for the load balancer](../../load-balancer/quickstart-load-balancer-standard-public-portal.md). |
azure-monitor | Log Analytics Agent | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/log-analytics-agent.md | This section explains how to install the Log Analytics agent on different types ### Azure virtual machine - Use [VM insights](../vm/vminsights-enable-overview.md) to install the agent for a [single machine using the Azure portal](../vm/vminsights-enable-portal.md) or for [multiple machines at scale](../vm/vminsights-enable-policy.md). This installs the Log Analytics agent and [Dependency agent](../vm/vminsights-dependency-agent-maintenance.md). -- Log Analytics VM extension for [Windows](../../virtual-machines/extensions/oms-windows.md) or [Linux](../../virtual-machines/extensions/oms-linux.md) can be installed with the Azure portal, Azure CLI, Azure PowerShell, or an Azure Resource Manager template.+- Log Analytics VM extension for [Windows](/azure/virtual-machines/extensions/oms-windows) or [Linux](/azure/virtual-machines/extensions/oms-linux) can be installed with the Azure portal, Azure CLI, Azure PowerShell, or an Azure Resource Manager template. - [Microsoft Defender for Cloud can provision the Log Analytics agent](../../security-center/security-center-enable-data-collection.md) on all supported Azure VMs and any new ones that are created if you enable it to monitor for security vulnerabilities and threats. - Install for individual Azure virtual machines [manually from the Azure portal](../vm/monitor-virtual-machine.md?toc=%2fazure%2fazure-monitor%2ftoc.json). - Connect the machine to a workspace from the **Virtual machines (deprecated)** option in the **Log Analytics workspaces** menu in the Azure portal. |
azure-monitor | Resource Manager Agent | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/resource-manager-agent.md | The samples in this section install the legacy Log Analytics agent on Windows an ### Windows -The following sample installs the Log Analytics agent on an Azure virtual machine. This is done by enabling the [Log Analytics virtual machine extension for Windows](../../virtual-machines/extensions/oms-windows.md). +The following sample installs the Log Analytics agent on an Azure virtual machine. This is done by enabling the [Log Analytics virtual machine extension for Windows](/azure/virtual-machines/extensions/oms-windows). #### Template file resource logAnalyticsAgent 'Microsoft.Compute/virtualMachines/extensions@2021-11 ### Linux -The following sample installs the Log Analytics agent on a Linux Azure virtual machine. This is done by enabling the [Log Analytics virtual machine extension for Linux](../../virtual-machines/extensions/oms-linux.md). +The following sample installs the Log Analytics agent on a Linux Azure virtual machine. This is done by enabling the [Log Analytics virtual machine extension for Linux](/azure/virtual-machines/extensions/oms-linux). #### Template file resource managedIdentity 'Microsoft.Compute/virtualMachines/extensions@2021-11-0 ### Linux -The following sample enables and configures the diagnostic extension on a Linux Azure virtual machine. For details on the configuration, see [Windows diagnostics extension schema](../../virtual-machines/extensions/diagnostics-linux.md). +The following sample enables and configures the diagnostic extension on a Linux Azure virtual machine. For details on the configuration, see [Windows diagnostics extension schema](/azure/virtual-machines/extensions/diagnostics-linux). #### Template file |
azure-monitor | Troubleshooter Ama Linux | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/troubleshooter-ama-linux.md | -> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). +> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). The Azure Monitor Agent (AMA) Troubleshooter is designed to help identify issues with the agent and perform general health assessments. It can perform various checks to ensure that the agent is properly installed and connected, and can also gather AMA-related logs from the machine being diagnosed. |
azure-monitor | Vmext Troubleshoot | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/vmext-troubleshoot.md | If the Microsoft Monitoring Agent VM extension isn't installing or reporting, pe 1. Check if the Azure VM agent is installed and working correctly by using the steps in [KB 2965986](https://support.microsoft.com/kb/2965986#mt1): * You can also review the VM agent log file `C:\WindowsAzure\logs\WaAppAgent.log`. * If the log doesn't exist, the VM agent isn't installed.- * [Install the Azure VM Agent](../../virtual-machines/extensions/agent-windows.md#install-the-azure-windows-vm-agent). + * [Install the Azure VM Agent](/azure/virtual-machines/extensions/agent-windows#install-the-azure-windows-vm-agent). 1. Review the Microsoft Monitoring Agent VM extension log files in `C:\Packages\Plugins\Microsoft.EnterpriseCloud.Monitoring.MicrosoftMonitoringAgent`. 1. Ensure the virtual machine can run PowerShell scripts. 1. Ensure permissions on C:\Windows\temp haven't been changed. 1. View the status of the Microsoft Monitoring Agent by entering `(New-Object -ComObject 'AgentConfigManager.MgmtSvcCfg').GetCloudWorkspaces() | Format-List` in an elevated PowerShell window on the virtual machine. 1. Review the Microsoft Monitoring Agent setup log files in `C:\WindowsAzure\Logs\Plugins\Microsoft.EnterpriseCloud.Monitoring.MicrosoftMonitoringAgent\1.0.18053.0\`. This path changes based on the version number of the agent. -For more information, see [Troubleshooting Windows extensions](../../virtual-machines/extensions/oms-windows.md). +For more information, see [Troubleshooting Windows extensions](/azure/virtual-machines/extensions/oms-windows). ## Troubleshoot the Linux VM extension [!INCLUDE [log-analytics-agent-note](~/reusable-content/ce-skilling/azure/includes/log-analytics-agent-note.md)] If the Log Analytics agent for Linux VM extension isn't installing or reporting, 1. If the extension status is **Unknown**, check if the Azure VM agent is installed and working correctly by reviewing the VM agent log file `/var/log/waagent.log`. * If the log doesn't exist, the VM agent isn't installed.- * [Install the Azure VM Agent on Linux VMs](../../virtual-machines/extensions/agent-linux.md#installation). + * [Install the Azure VM Agent on Linux VMs](/azure/virtual-machines/extensions/agent-linux#installation). 1. For other unhealthy statuses, review the Log Analytics agent for Linux VM extension logs files in `/var/log/azure/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux/*/extension.log` and `/var/log/azure/Microsoft.EnterpriseCloud.Monitoring.OmsAgentForLinux/*/CommandExecution.log`. 1. If the extension status is healthy but data isn't being uploaded, review the Log Analytics agent for Linux log files in `/var/opt/microsoft/omsagent/log/omsagent.log`. |
azure-monitor | Alert Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/alerts/alert-options.md | AMBA has patterns that group alerts from different resource types to address spe See [Azure Monitor Baseline Alerts](https://aka.ms/amba) for details. ## Manual alert rules-You can manually create alert rules for any of your Azure resources using the appropriate metric values or log queries as a signal. You must create and maintain each alert rule for each resource individually, so you will probably want to use one of the other options when they're applicable and only manually create alert rules for special cases. Multiple services in Azure have documentation articles that describe recommended telemetry to collect and alert rules that are recommended for that service. These articles are typically found in the **Monitor** section of the service's documentation. For example, [Monitor Azure virtual machines](../../virtual-machines/monitor-vm.md) and [Monitor Azure Kubernetes Service (AKS)](/azure/aks/monitor-aks). +You can manually create alert rules for any of your Azure resources using the appropriate metric values or log queries as a signal. You must create and maintain each alert rule for each resource individually, so you will probably want to use one of the other options when they're applicable and only manually create alert rules for special cases. Multiple services in Azure have documentation articles that describe recommended telemetry to collect and alert rules that are recommended for that service. These articles are typically found in the **Monitor** section of the service's documentation. For example, [Monitor Azure virtual machines](/azure/virtual-machines/monitor-vm) and [Monitor Azure Kubernetes Service (AKS)](/azure/aks/monitor-aks). See [Choosing the right type of alert rule](./alerts-types.md) for more information about the different types of alert rules and articles such as [Create or edit a metric alert rule](./alerts-create-metric-alert-rule.yml) and [Create or edit a log alert rule](./alerts-create-log-alert-rule.md) for detailed guidance on manually creating alert rules. |
azure-monitor | Azure Cli Metrics Alert Sample | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/alerts/azure-cli-metrics-alert-sample.md | These samples create metric alert monitors in Azure Monitor by using Azure CLI c This alert monitors an existing virtual machine named `VM07` in the resource group named `ContosoVMRG`. -You can create a resource group by using the [az group create](/cli/azure/group#az-group-create) command. For information about creating virtual machines, see [Create a Windows virtual machine with the Azure CLI](../../virtual-machines/windows/quick-create-cli.md), [Create a Linux virtual machine with the Azure CLI](../../virtual-machines/linux/quick-create-cli.md), and the [az vm create](/cli/azure/vm#az-vm-create) command. +You can create a resource group by using the [az group create](/cli/azure/group#az-group-create) command. For information about creating virtual machines, see [Create a Windows virtual machine with the Azure CLI](/azure/virtual-machines/windows/quick-create-cli), [Create a Linux virtual machine with the Azure CLI](/azure/virtual-machines/linux/quick-create-cli), and the [az vm create](/cli/azure/vm#az-vm-create) command. ```azurecli # resource group name: ContosoVMRG |
azure-monitor | Azure Vm Vmss Apps | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/azure-vm-vmss-apps.md | -Enabling monitoring for your ASP.NET and ASP.NET Core IIS-hosted applications running on [Azure Virtual Machines](https://azure.microsoft.com/services/virtual-machines/) or [Azure Virtual Machine Scale Sets](../../virtual-machine-scale-sets/index.yml) is now easier than ever. Get all the benefits of using Application Insights without modifying your code. +Enabling monitoring for your ASP.NET and ASP.NET Core IIS-hosted applications running on [Azure Virtual Machines](https://azure.microsoft.com/services/virtual-machines/) or [Azure Virtual Machine Scale Sets](/azure/virtual-machine-scale-sets/) is now easier than ever. Get all the benefits of using Application Insights without modifying your code. This article walks you through enabling Application Insights monitoring by using the Application Insights Agent. It also provides preliminary guidance for automating the process for large-scale deployments. Updated Application Insights .NET/.NET Core SDK to 2.18.1 - red field. Added the ASP.NET Core autoinstrumentation feature. ## Next steps-* Learn how to [deploy an application to an Azure virtual machine scale set](../../virtual-machine-scale-sets/virtual-machine-scale-sets-deploy-app.md). +* Learn how to [deploy an application to an Azure virtual machine scale set](/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-deploy-app). * [Availability overview](availability-overview.md) |
azure-monitor | Autoscale Common Metrics | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/autoscale/autoscale-common-metrics.md | If you're using Virtual Machine Scale Sets and you don't see a particular metric If a particular metric isn't being sampled or transferred at the frequency you want, you can update the diagnostics configuration. -If either preceding case is true, see [Use PowerShell to enable Azure Diagnostics in a virtual machine running Windows](../../virtual-machines/extensions/diagnostics-windows.md) to configure and update your Azure VM Diagnostics extension to enable the metric. The article also includes a sample diagnostics configuration file. +If either preceding case is true, see [Use PowerShell to enable Azure Diagnostics in a virtual machine running Windows](/azure/virtual-machines/extensions/diagnostics-windows) to configure and update your Azure VM Diagnostics extension to enable the metric. The article also includes a sample diagnostics configuration file. ### Host metrics for Resource Manager-based Windows and Linux VMs |
azure-monitor | Autoscale Flapping | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/autoscale/autoscale-flapping.md | Below is an example of an activity log record for flapping: To learn more about autoscale, see the following resources: * [Overview of common autoscale patterns](./autoscale-common-scale-patterns.md)-* [Automatically scale a virtual machine scale](../../virtual-machine-scale-sets/tutorial-autoscale-powershell.md) +* [Automatically scale a virtual machine scale](/azure/virtual-machine-scale-sets/tutorial-autoscale-powershell) * [Use autoscale actions to send email and webhook alert notifications](./autoscale-webhook-email.md) |
azure-monitor | Autoscale Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/autoscale/autoscale-overview.md | This article describes the autoscale feature in Azure Monitor and its benefits. Autoscale supports many resource types. For more information about supported resources, see [Autoscale supported resources](#supported-services-for-autoscale). > [!NOTE]-> [Availability sets](/archive/blogs/kaevans/autoscaling-azurevirtual-machines) are an older scaling feature for virtual machines with limited support. We recommend migrating to [Azure Virtual Machine Scale Sets](../../virtual-machine-scale-sets/overview.md) for faster and more reliable autoscale support. +> [Availability sets](/archive/blogs/kaevans/autoscaling-azurevirtual-machines) are an older scaling feature for virtual machines with limited support. We recommend migrating to [Azure Virtual Machine Scale Sets](/azure/virtual-machine-scale-sets/overview) for faster and more reliable autoscale support. ## What is autoscale The full list of configurable fields and descriptions is available in the [Autos For code examples, see: -* [Tutorial: Automatically scale a virtual machine scale set with the Azure CLI](../../virtual-machine-scale-sets/tutorial-autoscale-cli.md) -* [Tutorial: Automatically scale a virtual machine scale set with an Azure template](../../virtual-machine-scale-sets/tutorial-autoscale-powershell.md) +* [Tutorial: Automatically scale a virtual machine scale set with the Azure CLI](/azure/virtual-machine-scale-sets/tutorial-autoscale-cli) +* [Tutorial: Automatically scale a virtual machine scale set with an Azure template](/azure/virtual-machine-scale-sets/tutorial-autoscale-powershell) ## Supported services for autoscale Autoscale supports the following services. | Service | Schema and documentation | ||--|-| Azure Virtual Machines Scale Sets | [Overview of autoscale with Azure Virtual Machine Scale Sets](../../virtual-machine-scale-sets/virtual-machine-scale-sets-autoscale-overview.md) | +| Azure Virtual Machines Scale Sets | [Overview of autoscale with Azure Virtual Machine Scale Sets](/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-autoscale-overview) | | Web Apps feature of Azure App Service | [Scaling Web Apps](autoscale-get-started.md) | | Azure API Management service | [Automatically scale an Azure API Management instance](../../api-management/api-management-howto-autoscale.md) | | Azure Data Explorer clusters | [Manage Azure Data Explorer clusters scaling to accommodate changing demand](/azure/data-explorer/manage-cluster-horizontal-scaling) | To learn more about autoscale, see the following resources: * [Azure Monitor autoscale common metrics](autoscale-common-metrics.md) * [Use autoscale actions to send email and webhook alert notifications](autoscale-webhook-email.md)-* [Tutorial: Automatically scale a virtual machine scale set with the Azure CLI](../../virtual-machine-scale-sets/tutorial-autoscale-cli.md) -* [Tutorial: Automatically scale a virtual machine scale set with Azure PowerShell](../../virtual-machine-scale-sets/tutorial-autoscale-powershell.md) +* [Tutorial: Automatically scale a virtual machine scale set with the Azure CLI](/azure/virtual-machine-scale-sets/tutorial-autoscale-cli) +* [Tutorial: Automatically scale a virtual machine scale set with Azure PowerShell](/azure/virtual-machine-scale-sets/tutorial-autoscale-powershell) * [Autoscale CLI reference](/cli/azure/monitor/autoscale) * [ARM template resource definition](/azure/templates/microsoft.insights/autoscalesettings) * [PowerShell Az.Monitor reference](/powershell/module/az.monitor/#monitor) |
azure-monitor | Container Insights Gpu Monitoring | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/containers/container-insights-gpu-monitoring.md | Container insights includes preconfigured charts for the metrics listed earlier ## Next steps - See [Use GPUs for compute-intensive workloads on Azure Kubernetes Service](/azure/aks/gpu-cluster) to learn how to deploy an AKS cluster that includes GPU-enabled nodes.-- Learn more about [GPU optimized VM SKUs in Azure](../../virtual-machines/sizes-gpu.md).+- Learn more about [GPU optimized VM SKUs in Azure](/azure/virtual-machines/sizes-gpu). - Review [GPU support in Kubernetes](https://kubernetes.io/docs/tasks/manage-gpus/scheduling-gpus/) to learn more about Kubernetes experimental support for managing GPUs across one or more nodes in a cluster. |
azure-monitor | Data Platform Metrics | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/essentials/data-platform-metrics.md | The following table shows sample data from a multidimensional metric, network th ### Platform and custom metrics Platform and custom metrics are stored for **93 days** with the following exceptions: -- **Classic guest OS metrics**: These performance counters are collected by the [Windows diagnostic extension](../agents/diagnostics-extension-overview.md) or the [Linux diagnostic extension](../../virtual-machines/extensions/diagnostics-linux.md) and routed to an Azure Storage account. Retention for these metrics is guaranteed to be at least 14 days, although no expiration date is written to the storage account.+- **Classic guest OS metrics**: These performance counters are collected by the [Windows diagnostic extension](../agents/diagnostics-extension-overview.md) or the [Linux diagnostic extension](/azure/virtual-machines/extensions/diagnostics-linux) and routed to an Azure Storage account. Retention for these metrics is guaranteed to be at least 14 days, although no expiration date is written to the storage account. For performance reasons, the portal limits how much data it displays based on volume. So, the actual number of days that the portal retrieves can be longer than 14 days if the volume of data being written isn't large. |
azure-monitor | Resource Logs Schema | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/essentials/resource-logs-schema.md | The schema for resource logs varies depending on the resource and log category. | Azure Batch |[Azure Batch logging](../../batch/batch-diagnostics.md) | | Azure AI Search | [Cognitive Search monitoring data reference (schemas)](../../search/monitor-azure-cognitive-search-data-reference.md#schemas) | | Azure AI services | [Logging for Azure AI services](../../ai-services/diagnostic-logging.md) |-| Azure Container Instances | [Logging for Azure Container Instances](../../container-instances/container-instances-log-analytics.md#log-schema) | +| Azure Container Instances | [Logging for Azure Container Instances](/azure/container-instances/container-instances-log-analytics#log-schema) | | Azure Container Registry | [Logging for Azure Container Registry](../../container-registry/monitor-service.md) | | Azure Content Delivery Network | [Diagnostic logs for Azure Content Delivery Network](../../cdn/cdn-azure-diagnostic-logs.md) | | Azure Cosmos DB | [Azure Cosmos DB logging](/azure/cosmos-db/monitor-cosmos-db) | |
azure-monitor | Insights Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/insights/insights-overview.md | The following table lists the available curated visualizations and information a |[Azure IoT Edge](../../iot-edge/how-to-explore-curated-visualizations.md) | GA | No | Visualize and explore metrics collected from the IoT Edge device right in the Azure portal by using Azure Monitor Workbooks-based public templates. The curated workbooks use built-in metrics from the IoT Edge runtime. These views don't need any metrics instrumentation from the workload modules. | |**Workloads**|||| | [Azure SQL Insights (preview)](/azure/azure-sql/database/sql-insights-overview) | Preview | [Yes](https://portal.azure.com/#blade/Microsoft_Azure_Monitoring/AzureMonitoringBrowseBlade/sqlWorkloadInsights) | A comprehensive interface for monitoring any product in the Azure SQL family. SQL Insights uses dynamic management views to expose the data you need to monitor health, diagnose problems, and tune performance. Note: If you're just setting up SQL monitoring, use SQL Insights instead of the SQL Analytics solution. |-| [Azure Monitor for SAP solutions](../../virtual-machines/workloads/sap/monitor-sap-on-azure.md) | Preview | No | An Azure-native monitoring product for anyone running their SAP landscapes on Azure. It works with both SAP on Azure Virtual Machines and SAP on Azure Large Instances. Collects telemetry data from Azure infrastructure and databases in one central location and visually correlates the data for faster troubleshooting. You can monitor different components of an SAP landscape, such as Azure virtual machines (VMs), high-availability clusters, SAP HANA database, and SAP NetWeaver, by adding the corresponding provider for that component. | +| [Azure Monitor for SAP solutions](/azure/virtual-machines/workloads/sap/monitor-sap-on-azure) | Preview | No | An Azure-native monitoring product for anyone running their SAP landscapes on Azure. It works with both SAP on Azure Virtual Machines and SAP on Azure Large Instances. Collects telemetry data from Azure infrastructure and databases in one central location and visually correlates the data for faster troubleshooting. You can monitor different components of an SAP landscape, such as Azure virtual machines (VMs), high-availability clusters, SAP HANA database, and SAP NetWeaver, by adding the corresponding provider for that component. | |**Other**|||| | [Azure Virtual Desktop Insights](../../virtual-desktop/azure-monitor.md) | GA | [Yes](https://portal.azure.com/#blade/Microsoft_Azure_WVD/WvdManagerMenuBlade/insights/menuId/insights) | Azure Virtual Desktop Insights is a dashboard built on Azure Monitor Workbooks that helps IT professionals understand their Azure Virtual Desktop environments. | | [Azure Stack HCI Insights](/azure-stack/hci/manage/azure-stack-hci-insights) | GA| [Yes](https://portal.azure.com/#blade/Microsoft_Azure_Monitoring/AzureMonitoringBrowseBlade/azureStackHCIInsights) | Based on Azure Monitor Workbooks. Provides health, performance, and usage insights about registered Azure Stack HCI version 21H2 clusters that are connected to Azure and enrolled in monitoring. It stores its data in a Log Analytics workspace, which allows it to deliver powerful aggregation and filtering and analyze data trends over time. | |
azure-monitor | Basic Logs Azure Tables | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/logs/basic-logs-azure-tables.md | All custom tables created with or migrated to the [Logs ingestion API](logs-inge Cosmos DB | [CDBDataPlaneRequests](/azure/azure-monitor/reference/tables/cdbdataplanerequests)<br>[CDBPartitionKeyStatistics](/azure/azure-monitor/reference/tables/cdbpartitionkeystatistics)<br>[CDBPartitionKeyRUConsumption](/azure/azure-monitor/reference/tables/cdbpartitionkeyruconsumption)<br>[CDBQueryRuntimeStatistics](/azure/azure-monitor/reference/tables/cdbqueryruntimestatistics)<br>[CDBMongoRequests](/azure/azure-monitor/reference/tables/cdbmongorequests)<br>[CDBCassandraRequests](/azure/azure-monitor/reference/tables/cdbcassandrarequests)<br>[CDBGremlinRequests](/azure/azure-monitor/reference/tables/cdbgremlinrequests)<br>[CDBControlPlaneRequests](/azure/azure-monitor/reference/tables/cdbcontrolplanerequests)<br>CDBTableApiRequests | | Cosmos DB for MongoDB (vCore) | [VCoreMongoRequests](/azure/azure-monitor/reference/tables/VCoreMongoRequests) | | Kubernetes clusters - Azure Arc | [ArcK8sAudit](/azure/azure-monitor/reference/tables/ArcK8sAudit)<br>[ArcK8sAuditAdmin](/azure/azure-monitor/reference/tables/ArcK8sAuditAdmin)<br>[ArcK8sControlPlane](/azure/azure-monitor/reference/tables/ArcK8sControlPlane) |-| Data Manager for Energy | [OEPDataplaneLogs](/azure/azure-monitor/reference/tables/OEPDataplaneLogs) | -| Dedicated SQL Pool | [SynapseSqlPoolSqlRequests](/azure/azure-monitor/reference/tables/synapsesqlpoolsqlrequests)<br>[SynapseSqlPoolRequestSteps](/azure/azure-monitor/reference/tables/synapsesqlpoolrequeststeps)<br>[SynapseSqlPoolExecRequests](/azure/azure-monitor/reference/tables/synapsesqlpoolexecrequests)<br>[SynapseSqlPoolDmsWorkers](/azure/azure-monitor/reference/tables/synapsesqlpooldmsworkers)<br>[SynapseSqlPoolWaits](/azure/azure-monitor/reference/tables/synapsesqlpoolwaits) | +| De-identification Services | [AHDSDeidAuditLogs](/azure/azure-monitor/reference/tables/AHDSDeidAuditLogs) | +| Data Manager for Energy | [OEPDataplaneLogs](/azure/azure-monitor/reference/tables/OEPDataplaneLogs) | Dedicated SQL Pool | [SynapseSqlPoolSqlRequests](/azure/azure-monitor/reference/tables/synapsesqlpoolsqlrequests)<br>[SynapseSqlPoolRequestSteps](/azure/azure-monitor/reference/tables/synapsesqlpoolrequeststeps)<br>[SynapseSqlPoolExecRequests](/azure/azure-monitor/reference/tables/synapsesqlpoolexecrequests)<br>[SynapseSqlPoolDmsWorkers](/azure/azure-monitor/reference/tables/synapsesqlpooldmsworkers)<br>[SynapseSqlPoolWaits](/azure/azure-monitor/reference/tables/synapsesqlpoolwaits) | | DNS Security Policies | [DNSQueryLogs](/azure/azure-monitor/reference/tables/DNSQueryLogs) | | Dev Centers | [DevCenterDiagnosticLogs](/azure/azure-monitor/reference/tables/DevCenterDiagnosticLogs)<br>[DevCenterResourceOperationLogs](/azure/azure-monitor/reference/tables/DevCenterResourceOperationLogs)<br>[DevCenterBillingEventLogs](/azure/azure-monitor/reference/tables/DevCenterBillingEventLogs) | | Data Transfer | [DataTransferOperations](/azure/azure-monitor/reference/tables/DataTransferOperations) | |
azure-monitor | Profiler Servicefabric | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/profiler/profiler-servicefabric.md | In this guide, you learn how to: - Profiler supports .NET Framework and .NET applications. - Verify you're using [.NET Framework 4.6.2](/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed) or later. - Confirm that the deployed OS is `Windows Server 2012 R2` or later. -- [An Azure Service Fabric managed cluster](../../service-fabric/quickstart-managed-cluster-portal.md).+- [An Azure Service Fabric managed cluster](/azure/service-fabric/quickstart-managed-cluster-portal). ## Create a deployment template In this guide, you learn how to: } ``` - For information about how to add the Diagnostics extension to your deployment template, see [Use monitoring and diagnostics with a Windows VM and Azure Resource Manager templates](../../virtual-machines/extensions/diagnostics-template.md). + For information about how to add the Diagnostics extension to your deployment template, see [Use monitoring and diagnostics with a Windows VM and Azure Resource Manager templates](/azure/virtual-machines/extensions/diagnostics-template). ## Deploy your Service Fabric cluster |
azure-monitor | Monitor Virtual Machine Agent | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/vm/monitor-virtual-machine-agent.md | -> This scenario describes how to implement complete monitoring of your Azure and hybrid virtual machine environment. To get started monitoring your first Azure virtual machine, see [Monitor Azure virtual machines](../../virtual-machines/monitor-vm.md). +> This scenario describes how to implement complete monitoring of your Azure and hybrid virtual machine environment. To get started monitoring your first Azure virtual machine, see [Monitor Azure virtual machines](/azure/virtual-machines/monitor-vm). Any monitoring tool like Azure Monitor, requires an agent installed on a machine to collect data from its guest operating system. Azure Monitor uses the [Azure Monitor agent](../agents/agents-overview.md), which supports virtual machines in Azure, other cloud environments, and on-premises. There are three different options for connect your hybrid virtual machines to Az :::image type="content" source="media/monitor-virtual-machines/network-diagram.png" alt-text="Diagram that shows the network." lightbox="media/monitor-virtual-machines/network-diagram.png"::: ## Agent deployment options-The Azure Monitor agent is implemented as a [virtual machine extension](../../virtual-machines/extensions/overview.md), so you can install it using a variety of standard methods including PowerShell, CLI, and Resource Manager templates. See [Manage Azure Monitor Agent](../agents/azure-monitor-agent-manage.md) for details on each. Other notable methods for installation are described below. +The Azure Monitor agent is implemented as a [virtual machine extension](/azure/virtual-machines/extensions/overview), so you can install it using a variety of standard methods including PowerShell, CLI, and Resource Manager templates. See [Manage Azure Monitor Agent](../agents/azure-monitor-agent-manage.md) for details on each. Other notable methods for installation are described below. | Method | Scenarios | Details | |:|:|:| |
azure-monitor | Monitor Virtual Machine Alerts | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/vm/monitor-virtual-machine-alerts.md | This article is part of the guide [Monitor virtual machines and their workloads This scenario describes how to implement complete monitoring of your Azure and hybrid virtual machine environment: -- To get started monitoring your first Azure virtual machine, see [Monitor Azure virtual machines](../../virtual-machines/monitor-vm.md). +- To get started monitoring your first Azure virtual machine, see [Monitor Azure virtual machines](/azure/virtual-machines/monitor-vm). - To quickly enable a recommended set of alerts, see [Enable recommended alert rules for an Azure virtual machine](tutorial-monitor-vm-alert-recommended.md). |
azure-monitor | Monitor Virtual Machine Analyze | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/vm/monitor-virtual-machine-analyze.md | -> This scenario describes how to implement complete monitoring of your Azure and hybrid virtual machine environment. To get started monitoring your first Azure virtual machine, see [Monitor Azure virtual machines](../../virtual-machines/monitor-vm.md) or [Tutorial: Collect guest logs and metrics from Azure virtual machine](tutorial-monitor-vm-guest.md). +> This scenario describes how to implement complete monitoring of your Azure and hybrid virtual machine environment. To get started monitoring your first Azure virtual machine, see [Monitor Azure virtual machines](/azure/virtual-machines/monitor-vm) or [Tutorial: Collect guest logs and metrics from Azure virtual machine](tutorial-monitor-vm-guest.md). After you've [configured data collection](monitor-virtual-machine-data-collection.md) for your virtual machines, data will be available for analysis. This article describes the different features of Azure Monitor that you can use to analyze the health and performance of your virtual machines. Several of these features provide a different experience depending on whether you're analyzing a single machine or multiple. Each experience is described here with any unique behavior of each feature depending on which experience is being used. |
azure-monitor | Monitor Virtual Machine Data Collection | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/vm/monitor-virtual-machine-data-collection.md | This article provides guidance on collecting the most common types of telemetry - For more information about using telemetry collected from your virtual machines to create alerts in Azure Monitor, see [Monitor virtual machines with Azure Monitor: Alerts](monitor-virtual-machine-alerts.md). > [!NOTE]-> This scenario describes how to implement complete monitoring of your Azure and hybrid virtual machine environment. To get started monitoring your first Azure virtual machine, see [Monitor Azure virtual machines](../../virtual-machines/monitor-vm.md). +> This scenario describes how to implement complete monitoring of your Azure and hybrid virtual machine environment. To get started monitoring your first Azure virtual machine, see [Monitor Azure virtual machines](/azure/virtual-machines/monitor-vm). ## Data collection rules Data collection from Azure Monitor Agent is defined by one or more [data collection rules (DCRs)](../essentials/data-collection-rule-overview.md) that are stored in your Azure subscription and associated with your virtual machines. |
azure-monitor | Monitor Virtual Machine | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/vm/monitor-virtual-machine.md | -> This guide describes how to implement complete monitoring of your enterprise Azure and hybrid virtual machine environment. To get started monitoring your first Azure virtual machine, see [Monitor Azure virtual machines](../../virtual-machines/monitor-vm.md). +> This guide describes how to implement complete monitoring of your enterprise Azure and hybrid virtual machine environment. To get started monitoring your first Azure virtual machine, see [Monitor Azure virtual machines](/azure/virtual-machines/monitor-vm). ## Types of machines |
azure-monitor | Tutorial Monitor Vm Alert Availability | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/vm/tutorial-monitor-vm-alert-availability.md | -One of the most common monitoring requirements for a virtual machine is to create an alert if it stops running. The best method for this is to create a metric alert rule in Azure Monitor using the [VM availability](../../virtual-machines/monitor-vm-reference.md#vm-availability-metric-preview) metric which is currently in public preview. +One of the most common monitoring requirements for a virtual machine is to create an alert if it stops running. The best method for this is to create a metric alert rule in Azure Monitor using the [VM availability](/azure/virtual-machines/monitor-vm-reference#vm-availability-metric-preview) metric which is currently in public preview. You can create an availability alert rule for a single VM using the VM Availability metric with [recommended alerts](tutorial-monitor-vm-alert-recommended.md). This tutorial shows how to create a single rule that will apply to all virtual machines in a subscription or resource group in a particular region. |
azure-monitor | Vminsights Dependency Agent Maintenance | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/vm/vminsights-dependency-agent-maintenance.md | Last updated 09/28/2023 # Dependency Agent > [!CAUTION]-> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). +> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). The Dependency Agent collects data about processes running on the virtual machine and external process dependencies. Dependency Agent updates include bug fixes or support of new features or functionality. This article describes Dependency Agent requirements and how to upgrade Dependency Agent manually or through automation. You can upgrade the Dependency agent for Windows and Linux manually or automatic |Environment |Installation method |Upgrade method | ||--||-|Azure VM | Dependency agent VM extension for [Windows](../../virtual-machines/extensions/agent-dependency-windows.md) and [Linux](../../virtual-machines/extensions/agent-dependency-linux.md) | Agent is automatically upgraded by default unless you configured your Azure Resource Manager template to opt out by setting the property *autoUpgradeMinorVersion* to **false**. The upgrade for minor version where auto upgrade is disabled, and a major version upgrade follow the same method - uninstall and reinstall the extension. | +|Azure VM | Dependency agent VM extension for [Windows](/azure/virtual-machines/extensions/agent-dependency-windows) and [Linux](/azure/virtual-machines/extensions/agent-dependency-linux) | Agent is automatically upgraded by default unless you configured your Azure Resource Manager template to opt out by setting the property *autoUpgradeMinorVersion* to **false**. The upgrade for minor version where auto upgrade is disabled, and a major version upgrade follow the same method - uninstall and reinstall the extension. | | Custom Azure VM images | Manual install of Dependency agent for Windows/Linux | Updating VMs to the newest version of the agent needs to be performed from the command line running the Windows installer package or Linux self-extracting and installable shell script bundle.| | Non-Azure VMs | Manual install of Dependency agent for Windows/Linux | Updating VMs to the newest version of the agent needs to be performed from the command line running the Windows installer package or Linux self-extracting and installable shell script bundle. | |
azure-monitor | Vminsights Enable Resource Manager | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/vm/vminsights-enable-resource-manager.md | This step installs a data collection rule, named `MSVMI-{WorkspaceName}`, in the After you create the data collection rule, deploy: - [Azure Monitor Agent for Linux or Windows](../agents/resource-manager-agent.md#azure-monitor-agent).-- [Dependency agent for Linux](../../virtual-machines/extensions/agent-dependency-linux.md) or [Dependency agent or Windows](../../virtual-machines/extensions/agent-dependency-windows.md) if you want to enable the Map feature. +- [Dependency agent for Linux](/azure/virtual-machines/extensions/agent-dependency-linux) or [Dependency agent or Windows](/azure/virtual-machines/extensions/agent-dependency-windows) if you want to enable the Map feature. > [!NOTE] > If your virtual machines scale sets have an upgrade policy set to manual, VM insights will not be enabled for instances by default after installing the template. You must manually upgrade the instances. |
azure-monitor | Vminsights Log Query | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/vm/vminsights-log-query.md | Last updated 09/28/2023 # How to query logs from VM insights > [!CAUTION]-> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). +> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). VM insights collects performance and connection metrics, computer and process inventory data, and health state information and forwards it to the Log Analytics workspace in Azure Monitor. This data is available for [query](../logs/log-query-overview.md) in Azure Monitor. You can apply this data to scenarios that include migration planning, capacity analysis, discovery, and on-demand performance troubleshooting. |
azure-monitor | Vminsights Performance | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/vm/vminsights-performance.md | Last updated 09/28/2023 # Chart performance with VM insights > [!CAUTION]-> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). +> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). VM insights includes a set of performance charts that target several key [performance indicators](vminsights-log-query.md#performance-records) to help you determine how well a virtual machine is performing. The charts show resource utilization over a period of time. You can use them to identify bottlenecks and anomalies. You can also switch to a perspective that lists each machine to view resource utilization based on the metric selected. |
azure-monitor | Whats New | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/whats-new.md | Virtual-Machines|[Monitor virtual machines with Azure Monitor: Analyze monitorin Virtual-Machines|[Monitor virtual machines with Azure Monitor: Collect data](vm/monitor-virtual-machine-data-collection.md)|Rewritten for Azure Monitor Agent.| Virtual-Machines|[Monitor virtual machines with Azure Monitor: Migrate management pack logic](vm/monitor-virtual-machine-management-packs.md)|Rewritten for Azure Monitor Agent.| Virtual-Machines|[Monitor virtual machines with Azure Monitor](vm/monitor-virtual-machine.md)|Rewritten for Azure Monitor Agent.|-Virtual-Machines|[Monitor Azure virtual machines](../../articles/virtual-machines/monitor-vm.md)|VM scenario updates for Azure Monitor Agent.| +Virtual-Machines|[Monitor Azure virtual machines](/azure/virtual-machines/monitor-vm)|VM scenario updates for Azure Monitor Agent.| ## [2022](#tab/2022) Logs|[Set a table's log data plan to Basic or Analytics](logs/logs-table-plans.m Virtual-Machines|[Tutorial: Create availability alert rule for Azure virtual machine (preview)](vm/tutorial-monitor-vm-alert-availability.md)|New article.| Virtual-Machines|[Tutorial: Enable recommended alert rules for Azure virtual machine](vm/tutorial-monitor-vm-alert-recommended.md)|New article.| Virtual-Machines|[Tutorial: Enable monitoring with VM insights for Azure virtual machine](vm/tutorial-monitor-vm-enable-insights.md)|New article.|-Virtual-Machines|[Monitor Azure virtual machines](../../articles/virtual-machines/monitor-vm.md)|Updated for Azure Monitor Agent and availability metric.| +Virtual-Machines|[Monitor Azure virtual machines](/azure/virtual-machines/monitor-vm)|Updated for Azure Monitor Agent and availability metric.| Virtual-Machines|[Enable VM insights by using Azure Policy](vm/vminsights-enable-policy.md)|Updated flow for enabling VM insights with Azure Monitor Agent by using Azure Policy.| Visualizations|[Creating an Azure Workbook](visualize/workbooks-create-workbook.md)|Added tutorial on resource-centric log queries in workbooks.| |
azure-netapp-files | Application Volume Group Considerations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/application-volume-group-considerations.md | This article describes the requirements and considerations you need to be aware ## Requirements and considerations * You need to use the [manual QoS capacity pool](manage-manual-qos-capacity-pool.md) functionality. -* You must create a proximity placement group (PPG) and anchor it to your SAP HANA compute resources. Application volume group for SAP HANA needs this setup to search for an Azure NetApp Files resource that is close to the SAP HANA servers. For more information, see [Best practices about Proximity Placement Groups](#best-practices-about-proximity-placement) and [Create a Proximity Placement Group using the Azure portal](../virtual-machines/windows/proximity-placement-groups-portal.md). +* You must create a proximity placement group (PPG) and anchor it to your SAP HANA compute resources. Application volume group for SAP HANA needs this setup to search for an Azure NetApp Files resource that is close to the SAP HANA servers. For more information, see [Best practices about Proximity Placement Groups](#best-practices-about-proximity-placement) and [Create a Proximity Placement Group using the Azure portal](/azure/virtual-machines/windows/proximity-placement-groups-portal). >[!NOTE] >Do not delete the PPG. Deleting a PPG removes the pinning and can cause subsequent volume groups to be created in sub-optimal locations which could lead to increased latency. |
azure-netapp-files | Azacsnap Disaster Recovery | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/azacsnap-disaster-recovery.md | The following pre-requisites must be met before you plan the disaster recovery f - You have storage replication working. The Microsoft operations team performs the storage replication setup at the time of DR provisioning automatically. You can monitor the storage replication using the command `azacsnap -c details --details replication` at the DR site. - You have set up and configured storage snapshots at the primary location. - You have an HANA instance installed at the DR site for the primary with the same SID as the primary instance has.-- You read and understand the DR Failover procedure described in [SAP HANA Large Instances high availability and disaster recovery on Azure](../virtual-machines/workloads/sap/hana-failover-procedure.md)+- You read and understand the DR Failover procedure described in [SAP HANA Large Instances high availability and disaster recovery on Azure](/azure/virtual-machines/workloads/sap/hana-failover-procedure) - You have set up and configured storage snapshots at the DR location. - A configuration file (for example, `DR.json`) has been created with the DR storage volumes and associated information on the DR server. |
azure-netapp-files | Azacsnap Get Started | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/azacsnap-get-started.md | This workflow provides the main steps to install, setup and configure AzAcSnap a The following technical articles describe how to set up AzAcSnap as part of a data protection strategy: -- [Manual Recovery Guide for SAP HANA on Azure VMs from Azure NetApp Files snapshot with AzAcSnap](https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/manual-recovery-guide-for-sap-hana-on-azure-vms-from-azure/ba-p/3290161)-- [Manual Recovery Guide for SAP HANA on Azure Large Instance from storage snapshot with AzAcSnap](https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/manual-recovery-guide-for-sap-hana-on-azure-large-instance-from/ba-p/3242347)-- [Manual Recovery Guide for SAP Oracle 19c on Azure VMs from Azure NetApp Files snapshot with AzAcSnap](https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/manual-recovery-guide-for-sap-oracle-19c-on-azure-vms-from-azure/ba-p/3242408)-- [Manual Recovery Guide for SAP Db2 on Azure VMs from Azure NetApp Files snapshot with AzAcSnap](https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/manual-recovery-guide-for-sap-db2-on-azure-vms-from-azure-netapp/ba-p/3865379)+- [Backup and Recovery Guide for SAP HANA on Azure VMs with Azure NetApp Files snapshots by AzAcSnap](https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/manual-recovery-guide-for-sap-hana-on-azure-vms-from-azure/ba-p/3290161) +- [Backup and Recovery Guide for SAP Oracle 19c on Azure VMs with Azure NetApp Files snapshots by AzAcSnap](https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/manual-recovery-guide-for-sap-oracle-19c-on-azure-vms-from-azure/ba-p/3242408) +- [Backup and Recovery Guide for SAP Db2 on Azure VMs with Azure NetApp Files snapshots by AzAcSnap](https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/manual-recovery-guide-for-sap-db2-on-azure-vms-from-azure-netapp/ba-p/3865379) +- [Backup and Recovery Guide for SAP ASE 16.0 on Azure VMs with Azure NetApp Files snapshots by AzAcSnap](https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/sap-ase-16-0-on-azure-netapp-files-for-sap-workloads-on-sles15/ba-p/3729496) +- [Backup and Recovery Guide for SAP HANA on Azure Large Instance from storage snapshots by AzAcSnap](https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/manual-recovery-guide-for-sap-hana-on-azure-large-instance-from/ba-p/3242347) - [SAP Oracle 19c System Refresh Guide on Azure VMs using Azure NetApp Files Snapshots with AzAcSnap](https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/sap-oracle-19c-system-refresh-guide-on-azure-vms-using-azure/ba-p/3708172) - [Protecting HANA databases configured with HSR on Azure NetApp Files with AzAcSnap](https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/protecting-hana-databases-configured-with-hsr-on-azure-netapp/ba-p/3654620) - [Automating SAP system copy operations with Libelle SystemCopy](https://docs.netapp.com/us-en/netapp-solutions-sap/lifecycle/libelle-sc-overview.html) |
azure-netapp-files | Azacsnap Installation | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/azacsnap-installation.md | Once these downloads are completed, then [Install Azure Application Consistent S Follow the guidelines to set up and run the snapshots and disaster-recovery commands. We recommend that you complete the following steps as root before you install and use the snapshot tools: 1. Patch the operating system- 1. For SUSE on Azure Large Instances, set up SUSE Subscription Management Tool (SMT). For more information, see [Install and configure SAP HANA (Large Instances) on Azure](../virtual-machines/workloads/sap/hana-installation.md#operating-system). + 1. For SUSE on Azure Large Instances, set up SUSE Subscription Management Tool (SMT). For more information, see [Install and configure SAP HANA (Large Instances) on Azure](/azure/virtual-machines/workloads/sap/hana-installation#operating-system). 1. Set up time synchronization. Provide a time server that's compatible with the Network Time Protocol (NTP), and configure the operating system accordingly. 1. Install the database. Follow the instructions for the supported database that you're using. 1. Select the storage back end that you're using for your deployment. For more information, see [Enable communication with storage](azacsnap-configure-storage.md#enable-communication-with-storage) later in this article. |
azure-netapp-files | Azacsnap Introduction | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/azacsnap-introduction.md | AzAcSnap is a single binary. It doesn't need additional agents or plug-ins to in - **Databases** - SAP HANA (see the [support matrix](#snapshot-support-matrix-from-sap) for details)- - Oracle Database release 12 or later (see [Oracle VM images and their deployment on Microsoft Azure](../virtual-machines/workloads/oracle/oracle-vm-solutions.md) for details) - - IBM Db2 for LUW on Linux-only version 10.5 or later (see [IBM Db2 Azure Virtual Machines DBMS deployment for SAP workload](../virtual-machines/workloads/sap/dbms_guide_ibm.md) for details) + - Oracle Database release 12 or later (see [Oracle VM images and their deployment on Microsoft Azure](/azure/virtual-machines/workloads/oracle/oracle-vm-solutions) for details) + - IBM Db2 for LUW on Linux-only version 10.5 or later (see [IBM Db2 Azure Virtual Machines DBMS deployment for SAP workload](/azure/virtual-machines/workloads/sap/dbms_guide_ibm) for details) - **Operating systems** - SUSE Linux Enterprise Server 12+ AzAcSnap is a single binary. It doesn't need additional agents or plug-ins to in ## Supported scenarios -The snapshot tools can be used in the following [Supported scenarios for HANA Large Instances](../virtual-machines/workloads/sap/hana-supported-scenario.md) and [SAP HANA with Azure NetApp Files](../virtual-machines/workloads/sap/hana-vm-operations-netapp.md). +The snapshot tools can be used in the following [Supported scenarios for HANA Large Instances](/azure/virtual-machines/workloads/sap/hana-supported-scenario) and [SAP HANA with Azure NetApp Files](/azure/virtual-machines/workloads/sap/hana-vm-operations-netapp). ## Snapshot Support Matrix from SAP |
azure-netapp-files | Azacsnap Preview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/azacsnap-preview.md | For more information about this feature, see [Configure the Azure Application Co ## Azure managed disks -Microsoft provides many storage options for deploying databases such as SAP HANA. For details about some of these options, see [Azure Storage types for SAP workload](../virtual-machines/workloads/sap/planning-guide-storage.md). There's also a [cost-conscious solution with Azure premium storage](../virtual-machines/workloads/sap/hana-vm-premium-ssd-v1.md#cost-conscious-solution-with-azure-premium-storage). +Microsoft provides many storage options for deploying databases such as SAP HANA. For details about some of these options, see [Azure Storage types for SAP workload](/azure/virtual-machines/workloads/sap/planning-guide-storage). There's also a [cost-conscious solution with Azure premium storage](/azure/virtual-machines/workloads/sap/hana-vm-premium-ssd-v1#cost-conscious-solution-with-azure-premium-storage). AzAcSnap can take application-consistent database snapshots when you deploy it on this type of architecture (that is, a virtual machine [VM] with managed disks). But the setup for this platform is slightly more complicated because in this scenario AzAcSnap takes an additional step to try and flush all I/O buffers and ensure they are written out to persistent storage. On Linux AzAcSnap will call the `sync` command to flush file buffers, on Windows it uses the kernel call to FlushFileBuffers, before it takes a snapshot of the managed disks in the mounted logical volumes. |
azure-netapp-files | Azure Netapp Files Performance Metrics Volumes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/azure-netapp-files-performance-metrics-volumes.md | To understand the performance characteristics of an Azure NetApp Files volume, y ### VM instance sizing -For best results, ensure that you are using a virtual machine (VM) instance that is appropriately sized to perform the tests. The following examples use a Standard_D32s_v3 instance. For more information about VM instance sizes, see [Sizes for Windows virtual machines in Azure](../virtual-machines/sizes.md?toc=%2fazure%2fvirtual-network%2ftoc.json) for Windows-based VMs, and [Sizes for Linux virtual machines in Azure](../virtual-machines/sizes.md?toc=%2fazure%2fvirtual-machines%2flinux%2ftoc.json) for Linux-based VMs. +For best results, ensure that you are using a virtual machine (VM) instance that is appropriately sized to perform the tests. The following examples use a Standard_D32s_v3 instance. For more information about VM instance sizes, see [Sizes for Windows virtual machines in Azure](/azure/virtual-machines/sizes?toc=%2fazure%2fvirtual-network%2ftoc.json) for Windows-based VMs, and [Sizes for Linux virtual machines in Azure](/azure/virtual-machines/sizes?toc=%2fazure%2fvirtual-machines%2flinux%2ftoc.json) for Linux-based VMs. ### Azure NetApp Files volume sizing |
azure-netapp-files | Azure Netapp Files Solution Architectures | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/azure-netapp-files-solution-architectures.md | This section provides references for solutions for Linux OSS applications and da ### Oracle * [Oracle Database with Azure NetApp Files - Azure Example Scenarios](/azure/architecture/example-scenario/file-storage/oracle-azure-netapp-files)-* [Oracle VM images and their deployment on Microsoft Azure: Shared storage configuration options](../virtual-machines/workloads/oracle/oracle-vm-solutions.md#shared-storage-configuration-options) +* [Oracle VM images and their deployment on Microsoft Azure: Shared storage configuration options](/azure/virtual-machines/workloads/oracle/oracle-vm-solutions#shared-storage-configuration-options) * [Oracle On Azure IaaS Recommended Practices For Success](https://github.com/Azure/Oracle-Workloads-for-Azure/blob/main/Oracle%20on%20Azure%20IaaS%20Recommended%20Practices%20for%20Success.pdf) * [Run Your Most Demanding Oracle Workloads in Azure without Sacrificing Performance or Scalability](https://techcommunity.microsoft.com/t5/azure-architecture-blog/run-your-most-demanding-oracle-workloads-in-azure-without/ba-p/3264545) * [Oracle database performance on Azure NetApp Files multiple volumes](performance-oracle-multiple-volumes.md) This section provides references to SAP on Azure solutions. ### Generic SAP and SAP Netweaver * [Run SAP NetWeaver in Windows on Azure - Azure Architecture Center](/azure/architecture/reference-architectures/sap/sap-netweaver)-* [High availability for SAP NetWeaver on Azure VMs on SUSE Linux Enterprise Server with Azure NetApp Files for SAP applications](../virtual-machines/workloads/sap/high-availability-guide-suse-netapp-files.md) -* [High availability for SAP NetWeaver on Azure VMs on Red Hat Enterprise Linux with Azure NetApp Files for SAP applications](../virtual-machines/workloads/sap/high-availability-guide-rhel-netapp-files.md) -* [High availability for SAP NetWeaver on Azure VMs on Windows with Azure NetApp Files (SMB) for SAP applications](../virtual-machines/workloads/sap/high-availability-guide-windows-netapp-files-smb.md) -* [Using Windows DFS-N to support flexible SAPMNT share creation for SMB-based file share](../virtual-machines/workloads/sap/high-availability-guide-windows-dfs.md) -* [High availability for SAP NetWeaver on Azure VMs on Red Hat Enterprise Linux for SAP applications multi-SID guide](../virtual-machines/workloads/sap/high-availability-guide-rhel-multi-sid.md) +* [High availability for SAP NetWeaver on Azure VMs on SUSE Linux Enterprise Server with Azure NetApp Files for SAP applications](/azure/virtual-machines/workloads/sap/high-availability-guide-suse-netapp-files) +* [High availability for SAP NetWeaver on Azure VMs on Red Hat Enterprise Linux with Azure NetApp Files for SAP applications](/azure/virtual-machines/workloads/sap/high-availability-guide-rhel-netapp-files) +* [High availability for SAP NetWeaver on Azure VMs on Windows with Azure NetApp Files (SMB) for SAP applications](/azure/virtual-machines/workloads/sap/high-availability-guide-windows-netapp-files-smb) +* [Using Windows DFS-N to support flexible SAPMNT share creation for SMB-based file share](/azure/virtual-machines/workloads/sap/high-availability-guide-windows-dfs) +* [High availability for SAP NetWeaver on Azure VMs on Red Hat Enterprise Linux for SAP applications multi-SID guide](/azure/virtual-machines/workloads/sap/high-availability-guide-rhel-multi-sid) ### SAP HANA * [SAP HANA for Linux VMs in scale-up systems - Azure Architecture Center](/azure/architecture/reference-architectures/sap/run-sap-hana-for-linux-virtual-machines) * [SAP S/4HANA in Linux on Azure - Azure Architecture Center](/azure/architecture/reference-architectures/sap/sap-s4hana) * [Run SAP BW/4HANA with Linux VMs - Azure Architecture Center](/azure/architecture/reference-architectures/sap/run-sap-bw4hana-with-linux-virtual-machines)-* [SAP HANA Azure virtual machine storage configurations](../virtual-machines/workloads/sap/hana-vm-operations-storage.md) +* [SAP HANA Azure virtual machine storage configurations](/azure/virtual-machines/workloads/sap/hana-vm-operations-storage) * [SAP on Azure NetApp Files Sizing Best Practices](https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/sap-on-azure-netapp-files-sizing-best-practices/ba-p/3895300) * [Optimize HANA deployments with Azure NetApp Files application volume group for SAP HANA](https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/optimize-hana-deployments-with-azure-netapp-files-application/ba-p/3683417) * [Configuring Azure NetApp Files Application Volume Group (AVG) for zonal SAP HANA deployment](https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/configuring-azure-netapp-files-anf-application-volume-group-avg/ba-p/3943801) * [Using Azure NetApp Files AVG for SAP HANA to deploy HANA with multiple partitions (MP)](https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/using-azure-netapp-files-avg-for-sap-hana-to-deploy-hana-with/ba-p/3742747)-* [NFS v4.1 volumes on Azure NetApp Files for SAP HANA](../virtual-machines/workloads/sap/hana-vm-operations-netapp.md) -* [High availability of SAP HANA Scale-up with Azure NetApp Files on Red Hat Enterprise Linux](../virtual-machines/workloads/sap/sap-hana-high-availability-netapp-files-red-hat.md) -* [SAP HANA scale-out with standby node on Azure VMs with Azure NetApp Files on SUSE Linux Enterprise Server](../virtual-machines/workloads/sap/sap-hana-scale-out-standby-netapp-files-suse.md) -* [SAP HANA scale-out with standby node on Azure VMs with Azure NetApp Files on Red Hat Enterprise Linux](../virtual-machines/workloads/sap/sap-hana-scale-out-standby-netapp-files-rhel.md) -* [SAP HANA scale-out with HSR and Pacemaker on RHEL - Azure Virtual Machines](../virtual-machines/workloads/sap/sap-hana-high-availability-scale-out-hsr-rhel.md) +* [NFS v4.1 volumes on Azure NetApp Files for SAP HANA](/azure/virtual-machines/workloads/sap/hana-vm-operations-netapp) +* [High availability of SAP HANA Scale-up with Azure NetApp Files on Red Hat Enterprise Linux](/azure/virtual-machines/workloads/sap/sap-hana-high-availability-netapp-files-red-hat) +* [SAP HANA scale-out with standby node on Azure VMs with Azure NetApp Files on SUSE Linux Enterprise Server](/azure/virtual-machines/workloads/sap/sap-hana-scale-out-standby-netapp-files-suse) +* [SAP HANA scale-out with standby node on Azure VMs with Azure NetApp Files on Red Hat Enterprise Linux](/azure/virtual-machines/workloads/sap/sap-hana-scale-out-standby-netapp-files-rhel) +* [SAP HANA scale-out with HSR and Pacemaker on RHEL - Azure Virtual Machines](/azure/virtual-machines/workloads/sap/sap-hana-high-availability-scale-out-hsr-rhel) * [Implementing Azure NetApp Files with Kerberos for SAP HANA](https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/implementing-azure-netapp-files-with-kerberos/ba-p/3142010) * [Azure Application Consistent Snapshot tool (AzAcSnap)](azacsnap-introduction.md) * [Protecting HANA databases configured with HSR on Azure NetApp Files with AzAcSnap](https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/protecting-hana-databases-configured-with-hsr-on-azure-netapp/ba-p/3654620) This section provides references to SAP on Azure solutions. ### SAP AnyDB * [SAP System on Oracle Database on Azure - Azure Architecture Center](/azure/architecture/example-scenario/apps/sap-production)-* [Oracle Azure Virtual Machines DBMS deployment for SAP workload - Azure Virtual Machines](../virtual-machines/workloads/sap/dbms_guide_oracle.md) +* [Oracle Azure Virtual Machines DBMS deployment for SAP workload - Azure Virtual Machines](/azure/virtual-machines/workloads/sap/dbms_guide_oracle) * [Deploy SAP AnyDB (Oracle 19c) with Azure NetApp Files](https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/deploy-sap-anydb-oracle-19c-with-azure-netapp-files/ba-p/2064043) * [Manual Recovery Guide for SAP Oracle 19c on Azure VMs from Azure NetApp Files snapshot with AzAcSnap](https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/manual-recovery-guide-for-sap-oracle-19c-on-azure-vms-from-azure/ba-p/3242408) * [SAP Oracle 19c System Refresh Guide on Azure VMs using Azure NetApp Files Snapshots with AzAcSnap](https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/sap-oracle-19c-system-refresh-guide-on-azure-vms-using-azure/ba-p/3708172)-* [IBM Db2 Azure Virtual Machines DBMS deployment for SAP workload using Azure NetApp Files](../virtual-machines/workloads/sap/dbms_guide_ibm.md#using-azure-netapp-files) +* [IBM Db2 Azure Virtual Machines DBMS deployment for SAP workload using Azure NetApp Files](/azure/virtual-machines/workloads/sap/dbms_guide_ibm#using-azure-netapp-files) * [DB2 Installation Guide on Azure NetApp Files](https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/db2-installation-guide-on-anf/ba-p/3709437) * [Manual Recovery Guide for SAP DB2 on Azure VMs from Azure NetApp Files snapshot with AzAcSnap](https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/manual-recovery-guide-for-sap-db2-on-azure-vms-from-azure-netapp/ba-p/3865379) * [SAP ASE 16.0 on Azure NetApp Files for SAP Workloads on SLES15](https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/sap-ase-16-0-on-azure-netapp-files-for-sap-workloads-on-sles15/ba-p/3729496) |
azure-netapp-files | Performance Azure Vmware Solution Datastore | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/performance-azure-vmware-solution-datastore.md | You can monitor your datastore metrics through vCenter Server or through the Azu ## Next steps -* [Striping Disks in Azure](../virtual-machines/premium-storage-performance.md#disk-striping) +* [Striping Disks in Azure](/azure/virtual-machines/premium-storage-performance#disk-striping) * [Creating striped volumes in Windows Server](/windows-server/administration/windows-commands/create-volume-stripe) * [Azure VMware Solution storage architecture](../azure-vmware/architecture-storage.md) * [Attach Azure NetApp Files datastores to Azure VMware Solution hosts](../azure-vmware/attach-azure-netapp-files-to-azure-vmware-solution-hosts.md) |
azure-netapp-files | Performance Linux Mount Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/performance-linux-mount-options.md | Examples in this section provide information about how to approach performance t The `rsize` and `wsize` flags set the maximum transfer size of an NFS operation. If `rsize` or `wsize` aren't specified on mount, the client and server negotiate the largest size supported by the two. Currently, both Azure NetApp Files and modern Linux distributions support read and write sizes as large as 1,048,576 Bytes (1 MiB). However, for best overall throughput and latency, Azure NetApp Files recommends setting both `rsize` and `wsize` no larger than 262,144 Bytes (256 K). You might observe that both increased latency and decreased throughput when using `rsize` and `wsize` larger than 256 KiB. -For example, [Deploy a SAP HANA scale-out system with standby node on Azure VMs by using Azure NetApp Files on SUSE Linux Enterprise Server](../virtual-machines/workloads/sap/sap-hana-scale-out-standby-netapp-files-suse.md#mount-the-azure-netapp-files-volumes) shows the 256-KiB `rsize` and `wsize` maximum as follows: +For example, [Deploy a SAP HANA scale-out system with standby node on Azure VMs by using Azure NetApp Files on SUSE Linux Enterprise Server](/azure/virtual-machines/workloads/sap/sap-hana-scale-out-standby-netapp-files-suse#mount-the-azure-netapp-files-volumes) shows the 256-KiB `rsize` and `wsize` maximum as follows: ``` sudo vi /etc/fstab |
azure-netapp-files | Performance Oracle Multiple Volumes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/performance-oracle-multiple-volumes.md | All systems eventually hit resource constraints, traditionally known as chokepoi ### Virtual machines -This section details the criteria to be considered in selecting [VMs](../virtual-machines/sizes.md) for best performance and the rationale behind selections made for testing. Azure NetApp Files is a Network Attached Storage (NAS) service, therefore appropriate network bandwidth sizing is critical for optimal performance. +This section details the criteria to be considered in selecting [VMs](/azure/virtual-machines/sizes) for best performance and the rationale behind selections made for testing. Azure NetApp Files is a Network Attached Storage (NAS) service, therefore appropriate network bandwidth sizing is critical for optimal performance. #### Chipsets Microsoft Oracle subject matter experts have estimated that more than 80% of Ora * [Run Your Most Demanding Oracle Workloads in Azure without Sacrificing Performance or Scalability](https://techcommunity.microsoft.com/t5/azure-architecture-blog/run-your-most-demanding-oracle-workloads-in-azure-without/ba-p/3264545) * [Solution architectures using Azure NetApp Files - Oracle](azure-netapp-files-solution-architectures.md#oracle)-* [Design and implement an Oracle database in Azure](../virtual-machines/workloads/oracle/oracle-design.md) +* [Design and implement an Oracle database in Azure](/azure/virtual-machines/workloads/oracle/oracle-design) * [Estimate Tool for Sizing Oracle Workloads to Azure IaaS VMs](https://techcommunity.microsoft.com/t5/data-architecture-blog/estimate-tool-for-sizing-oracle-workloads-to-azure-iaas-vms/ba-p/1427183) -* [Reference architectures for Oracle Database Enterprise Edition on Azure](../virtual-machines/workloads/oracle/oracle-reference-architecture.md) +* [Reference architectures for Oracle Database Enterprise Edition on Azure](/azure/virtual-machines/workloads/oracle/oracle-reference-architecture) * [Understand Azure NetApp Files application volumes groups for SAP HANA](application-volume-group-introduction.md) |
azure-netapp-files | Solutions Benefits Azure Netapp Files Oracle Database | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/solutions-benefits-azure-netapp-files-oracle-database.md | You can enhance the performance of Oracle dNFS with the Azure NetApp Files servi ## Next steps - [Solution architectures using Azure NetApp Files](azure-netapp-files-solution-architectures.md)-- [Overview of Oracle Applications and solutions on Azure](../virtual-machines/workloads/oracle/oracle-overview.md)+- [Overview of Oracle Applications and solutions on Azure](/azure/virtual-machines/workloads/oracle/oracle-overview) |
azure-netapp-files | Solutions Benefits Azure Netapp Files Sql Server | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/solutions-benefits-azure-netapp-files-sql-server.md | To deliver on the significant cost reduction assertion requires lots of performa The D16s_v4 can drive an Azure NetApp Files volume to 80,000 database IOPS. As proven by the SQL Storage Benchmark (SSB) benchmarking tool, the D16 instance achieved a workload 125% greater than that achievable to disk from the D64 instance. See the [SSB testing tool](#ssb-testing-tool) section for details about the tool. -Using a 1-TiB working set size and an 80% read, 20% update SQL Server workload, performance capabilities of most the instances in the D instance class were measured; most, not all, as the D2 and D64 instances themselves were excluded from testing. The former was left out as it doesn't support accelerated networking, and the latter because it's the comparison point. See the following graph to understand the limits of D4s_v4, D8s_v4, D16s_v4, and D32s_v4, respectively. Managed disk storage tests are not shown in the graph. Comparison values are drawn directly from the [Azure Virtual Machine limits table](../virtual-machines/dv3-dsv3-series.md) for the D class instance type. +Using a 1-TiB working set size and an 80% read, 20% update SQL Server workload, performance capabilities of most the instances in the D instance class were measured; most, not all, as the D2 and D64 instances themselves were excluded from testing. The former was left out as it doesn't support accelerated networking, and the latter because it's the comparison point. See the following graph to understand the limits of D4s_v4, D8s_v4, D16s_v4, and D32s_v4, respectively. Managed disk storage tests are not shown in the graph. Comparison values are drawn directly from the [Azure Virtual Machine limits table](/azure/virtual-machines/dv3-dsv3-series) for the D class instance type. With Azure NetApp Files, each of the instances in the D class can meet or exceed the disk performance capabilities of instances two times larger. *You can reduce software license costs significantly with Azure NetApp Files.* |
azure-netapp-files | Use Availability Zones | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-netapp-files/use-availability-zones.md | Azure availability zones are highly available, fault tolerant, and more scalable The use of high availability (HA) architectures with availability zones are now a default and best practice recommendation inΓÇ»[AzureΓÇÖs Well-Architected Framework](/azure/architecture/framework/resiliency/design-best-practices#use-zone-aware-services). Enterprise applications and resources are increasingly deployed into multiple availability zones to achieve this level of high availability (HA) or failure domain (zone) isolation. -Many applications are built for HA across multiple availability zones using application-based replication and failover technologies, like [SQL Server Always-On Availability Groups (AOAG)](/sql/database-engine/availability-groups/windows/always-on-availability-groups-sql-server), [SAP HANA with HANA System Replication (HSR)](../virtual-machines/workloads/sap/sap-hana-high-availability-netapp-files-suse.md), and [Oracle with Data Guard](../virtual-machines/workloads/oracle/oracle-reference-architecture.md#high-availability-for-oracle-databases). +Many applications are built for HA across multiple availability zones using application-based replication and failover technologies, like [SQL Server Always-On Availability Groups (AOAG)](/sql/database-engine/availability-groups/windows/always-on-availability-groups-sql-server), [SAP HANA with HANA System Replication (HSR)](/azure/virtual-machines/workloads/sap/sap-hana-high-availability-netapp-files-suse), and [Oracle with Data Guard](/azure/virtual-machines/workloads/oracle/oracle-reference-architecture#high-availability-for-oracle-databases). Before using an availability zone, understand the following concepts: |
azure-portal | Quick Create Bicep | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-portal/quick-create-bicep.md | The Bicep file defines one Azure resource, a [Microsoft.Portal dashboards resour The dashboard created by deploying this Bicep file requires an existing virtual machine. Before deploying the Bicep file, the script deploys an ARM template called [prereq.azuredeploy.json](https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.portal/azure-portal-dashboard/prereqs/prereq.azuredeploy.json) that creates a virtual machine. -The virtual machine name is hard-coded as **SimpleWinVM** in the ARM template, to match what's used in the `main.bicep` file that creates the dashboard. You'll need to create your own administration username and password for this VM. This is a new username and password (not the account you use to sign in to Azure). The password must be complex. For more information, see [username requirements](../virtual-machines/windows/faq.yml#what-are-the-username-requirements-when-creating-a-vm-) -and [password requirements](../virtual-machines/windows/faq.yml#what-are-the-password-requirements-when-creating-a-vm-). +The virtual machine name is hard-coded as **SimpleWinVM** in the ARM template, to match what's used in the `main.bicep` file that creates the dashboard. You'll need to create your own administration username and password for this VM. This is a new username and password (not the account you use to sign in to Azure). The password must be complex. For more information, see [username requirements](/azure/virtual-machines/windows/faq#what-are-the-username-requirements-when-creating-a-vm-) +and [password requirements](/azure/virtual-machines/windows/faq#what-are-the-password-requirements-when-creating-a-vm-). ## Deploy the Bicep file |
azure-portal | Quick Create Template | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-portal/quick-create-template.md | If your environment meets the prerequisites and you're familiar with using ARM t -Location "East US" ``` - 1. Enter a username and password for the VM. This is a new username and password (not the account you use to sign in to Azure). The password must be complex. For more information, see [username requirements](../virtual-machines/windows/faq.yml#what-are-the-username-requirements-when-creating-a-vm-) and [password requirements](../virtual-machines/windows/faq.yml#what-are-the-password-requirements-when-creating-a-vm-). + 1. Enter a username and password for the VM. This is a new username and password (not the account you use to sign in to Azure). The password must be complex. For more information, see [username requirements](/azure/virtual-machines/windows/faq#what-are-the-username-requirements-when-creating-a-vm-) and [password requirements](/azure/virtual-machines/windows/faq#what-are-the-password-requirements-when-creating-a-vm-). After the VM has been created, move on to the next section. |
azure-portal | Quickstart Portal Dashboard Azure Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-portal/quickstart-portal-dashboard-azure-cli.md | az vm create --resource-group myResourceGroup --name myVM1 --image win2016datace ``` > [!NOTE]-> This is a new username and password (not the account you use to sign in to Azure). The password must be complex. For more information, see [username requirements](../virtual-machines/windows/faq.yml#what-are-the-username-requirements-when-creating-a-vm-) -and [password requirements](../virtual-machines/windows/faq.yml#what-are-the-password-requirements-when-creating-a-vm-). +> This is a new username and password (not the account you use to sign in to Azure). The password must be complex. For more information, see [username requirements](/azure/virtual-machines/windows/faq#what-are-the-username-requirements-when-creating-a-vm-) +and [password requirements](/azure/virtual-machines/windows/faq#what-are-the-password-requirements-when-creating-a-vm-). The deployment starts and typically takes a few minutes to complete. |
azure-portal | Quickstart Portal Dashboard Powershell | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-portal/quickstart-portal-dashboard-powershell.md | New-AzResourceGroup -Name $resourceGroupName -Location $location The dashboard you create in the next part of this quickstart requires an existing VM. Create a VM by following these steps. -Store login credentials for the VM in a variable. The password must be complex. This is a new user name and password; it's not, for example, the account you use to sign in to Azure. For more information, see [username requirements](../virtual-machines/windows/faq.yml#what-are-the-username-requirements-when-creating-a-vm-) -and [password requirements](../virtual-machines/windows/faq.yml#what-are-the-password-requirements-when-creating-a-vm-). +Store login credentials for the VM in a variable. The password must be complex. This is a new user name and password; it's not, for example, the account you use to sign in to Azure. For more information, see [username requirements](/azure/virtual-machines/windows/faq#what-are-the-username-requirements-when-creating-a-vm-) +and [password requirements](/azure/virtual-machines/windows/faq#what-are-the-password-requirements-when-creating-a-vm-). ```azurepowershell-interactive $Cred = Get-Credential |
azure-relay | Authenticate Managed Identity | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-relay/authenticate-managed-identity.md | The following section uses a simple application that runs under a managed identi ## Sample app on VM accessing Relay entities 1. Download the [Hybrid Connections sample console application](https://github.com/Azure/azure-relay/tree/master/samples/hybrid-connections/dotnet/rolebasedaccesscontrol) to your computer from GitHub.-1. [Create an Azure VM](../virtual-machines/windows/quick-create-portal.md). For this sample, use a Windows 10 image. +1. [Create an Azure VM](/azure/virtual-machines/windows/quick-create-portal). For this sample, use a Windows 10 image. 1. Enable system-assigned identity or a user-assigned identity for the Azure VM. For instructions, see [Enable identity for a VM](../active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm.md). 1. Assign one of the Relay roles to the managed service identity at the desired scope (Relay entity, Relay namespace, resource group, subscription). For detailed steps, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.yml). 1. Build the console app locally on your local computer as per instructions from the [README document](https://github.com/Azure/azure-relay/tree/master/samples/hybrid-connections/dotnet/rolebasedaccesscontrol#rolebasedaccesscontrol-hybrid-connection-sample). -1. Copy the executable under \<your local path\>\RoleBasedAccessControl\bin\Debug folder to the VM. You can use RDP to connect to your Azure VM. For more information, see [How to connect and sign on to an Azure virtual machine running Windows](../virtual-machines/windows/connect-logon.md). +1. Copy the executable under \<your local path\>\RoleBasedAccessControl\bin\Debug folder to the VM. You can use RDP to connect to your Azure VM. For more information, see [How to connect and sign on to an Azure virtual machine running Windows](/azure/virtual-machines/windows/connect-logon). 1. Run RoleBasedAccessControl.exe on the Azure VM as per instructions from the [README document](https://github.com/Azure/azure-relay/tree/master/samples/hybrid-connections/dotnet/rolebasedaccesscontrol#rolebasedaccesscontrol-hybrid-connection-sample). > [!NOTE] |
azure-relay | Private Link Service | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-relay/private-link-service.md | There are four provisioning states: ## Validate that the private link connection works You should validate that resources within the virtual network of the private endpoint are connecting to your Azure Relay namespace over its private IP address. -For this test, create a virtual machine by following the steps in the [Create a Windows virtual machine in the Azure portal](../virtual-machines/windows/quick-create-portal.md) +For this test, create a virtual machine by following the steps in the [Create a Windows virtual machine in the Azure portal](/azure/virtual-machines/windows/quick-create-portal) In the **Networking** tab: |
azure-resource-manager | Bicep Import | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/bicep/bicep-import.md | Title: Imports in Bicep description: Describes how to import shared functionality and namespaces in Bicep. Previously updated : 08/07/2024 Last updated : 08/20/2024 # Imports in Bicep -This article describes the syntax you use to export and import shared functionality, as well as namespaces for Bicep extensions. +This article describes the syntax you use to export and import shared functionality, and namespaces for Bicep extensions. -## Exporting types, variables and functions +## Export variables, types, and functions -The `@export()` decorator indicates that a given statement can be imported by another file. This decorator is only valid on type, variable, and function statements. Variable statements marked with `@export()` must be compile-time constants. +The `@export()` decorator indicates that a given statement can be imported by another file. This decorator is only valid on [`type`](./user-defined-data-types.md), [`var`](./variables.md), and [`func`](./user-defined-functions.md) statements. Variable statements marked with `@export()` must be compile-time constants. The syntax for exporting functionality for use in other Bicep files is: The syntax for exporting functionality for use in other Bicep files is: <statement_to_export> ``` -## Import types, variables, and functions +## Import variables, types, and functions The syntax for importing functionality from another Bicep file is: import * as <alias_name> from '<bicep_file_name>' You can mix and match the preceding syntaxes. To access imported symbols using the wildcard syntax, you must use the `.` operator: `<alias_name>.<exported_symbol>`. -Only statements that have been [exported](#exporting-types-variables-and-functions) in the file being referenced are available to be imported. +Only statements that have been [exported](#export-variables-types-and-functions) in the file being referenced are available to be imported. Functionality that has been imported from another file can be used without restrictions. For example, imported variables can be used anywhere a variable declared in-file would normally be valid. |
azure-resource-manager | Data Types | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/bicep/data-types.md | Title: Data types in Bicep description: Describes the data types that are available in Bicep Previously updated : 07/16/2024 Last updated : 08/20/2024 # Data types in Bicep is ${blocked}''' ## Union types -In Bicep, a union type allows the creation of a combined type consisting of a set of sub-types. An assignment is valid if any of the individual sub-type assignments are permitted. The `|` character separates individual sub-types using an _or_ condition. For example, the syntax _'a' | 'b'_ means that a valid assignment could be either _'a'_ or _'b'_. Union types are translated into the [allowed-value](../templates/definitions.md#allowed-values) constraint in Bicep, so only literals are permitted as members. Unions can include any number of literal-typed expressions. +In Bicep, a union type allows the creation of a combined type consisting of a set of subtypes. An assignment is valid if any of the individual subtype assignments are permitted. The `|` character separates individual subtypes using an _or_ condition. For example, the syntax _'a' | 'b'_ means that a valid assignment could be either _'a'_ or _'b'_. Union types are translated into the [allowed-value](../templates/definitions.md#allowed-values) constraint in Bicep, so only literals are permitted as members. Unions can include any number of literal-typed expressions. ```bicep type color = 'Red' | 'Blue' | 'White' Type unions must be reducible to a single ARM type, such as 'string', 'int', or type foo = 'a' | 1 ``` -Any type expression can be used as a sub-type in a union type declaration (between `|` characters). For example, the following examples are all valid: +Any type expression can be used as a subtype in a union type declaration (between `|` characters). For example, the following examples are all valid: ```bicep type foo = 1 | 2 There are some limitations with union type. ``` * Only literals are permitted as members.-* All literals must be of the same primitive data type (e.g., all strings or all integers). +* All literals must be of the same primitive data type (for example, all strings or all integers). The union type syntax can be used in [user-defined data types](./user-defined-data-types.md). ## Secure strings and objects -Secure string uses the same format as string, and secure object uses the same format as object. With Bicep, you add the `@secure()` [decorator](./parameters.md#decorators) to a string or object. +Secure string uses the same format as string, and secure object uses the same format as object. With Bicep, you add the `@secure()` [decorator](./parameters.md#use-decorators) to a string or object. When you set a parameter to a secure string or secure object, the value of the parameter isn't saved to the deployment history and isn't logged. However, if you set that secure value to a property that isn't expecting a secure value, the value isn't protected. For example, if you set a secure string to a tag, that value is stored as plain text. Use secure strings for passwords and secrets. |
azure-resource-manager | Deploy Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/bicep/deploy-cli.md | az deployment group create \ --parameters exampleString=@stringContent.txt exampleArray=@arrayContent.json ``` -Getting a parameter value from a file is helpful when you need to provide configuration values. For example, you can provide [cloud-init values for a Linux virtual machine](../../virtual-machines/linux/using-cloud-init.md). +Getting a parameter value from a file is helpful when you need to provide configuration values. For example, you can provide [cloud-init values for a Linux virtual machine](/azure/virtual-machines/linux/using-cloud-init). The _arrayContent.json_ format is: |
azure-resource-manager | Deploy Powershell | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/bicep/deploy-powershell.md | New-AzResourceGroupDeployment -ResourceGroupName testgroup ` -exampleArray $arrayParam ``` -Getting a parameter value from a file is helpful when you need to provide configuration values. For example, you can provide [cloud-init values for a Linux virtual machine](../../virtual-machines/linux/using-cloud-init.md). +Getting a parameter value from a file is helpful when you need to provide configuration values. For example, you can provide [cloud-init values for a Linux virtual machine](/azure/virtual-machines/linux/using-cloud-init). If you need to pass in an array of objects, create hash tables in PowerShell and add them to an array. Pass that array as a parameter during deployment. |
azure-resource-manager | Deployment Script Bicep Configure Dev | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/bicep/deployment-script-bicep-configure-dev.md | ms.devlang: azurecli # Configure development environment for deployment scripts in Bicep files -Learn how to create a development environment for developing and testing deployment scripts with a deployment script image. You can either create an [Azure container instance](../../container-instances/container-instances-overview.md) or use [Docker](https://docs.docker.com/get-docker/). Both options are covered in this article. +Learn how to create a development environment for developing and testing deployment scripts with a deployment script image. You can either create an [Azure container instance](/azure/container-instances/container-instances-overview) or use [Docker](https://docs.docker.com/get-docker/). Both options are covered in this article. ## Prerequisites |
azure-resource-manager | Deployment Script Bicep | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/bicep/deployment-script-bicep.md | The benefits of deployment scripts include: - You can allow passing command-line arguments to the script. - You can specify script outputs and pass them back to the deployment. -The deployment script resource is available only in the regions where Azure Container Instances is available. For more information, see [Resource availability for Azure Container Instances in Azure regions](../../container-instances/container-instances-region-availability.md). +The deployment script resource is available only in the regions where Azure Container Instances is available. For more information, see [Resource availability for Azure Container Instances in Azure regions](/azure/container-instances/container-instances-region-availability). > [!WARNING] > The deployment script service requires two extra resources to run and troubleshoot scripts: a storage account and a container instance. Generally, the service cleans up these resources after the deployment script finishes. You incur charges for these resources until they're removed. The following table lists the error codes for the deployment script: | `DeploymentScriptExecutionFailed` | An unknown error occurred during execution of the deployment script. | | `DeploymentScriptContainerInstancesServiceUnavailable` | During creation of a container instance, the Azure Container Instances service threw a "service unavailable" error. | | `DeploymentScriptContainerGroupInNonterminalState` | During creation of a container instance, another deployment script was using the same container instance name in the same scope (same subscription, resource group name, and resource name). |-| `DeploymentScriptContainerGroupNameInvalid` | The specified container instance name doesn't meet the Azure Container Instances requirements. See [Troubleshoot common issues in Azure Container Instances](../../container-instances/container-instances-troubleshooting.md#issues-during-container-group-deployment).| +| `DeploymentScriptContainerGroupNameInvalid` | The specified container instance name doesn't meet the Azure Container Instances requirements. See [Troubleshoot common issues in Azure Container Instances](/azure/container-instances/container-instances-troubleshooting#issues-during-container-group-deployment).| ## Access a private virtual network |
azure-resource-manager | Deployment Script Develop | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/bicep/deployment-script-develop.md | resource deploymentScript2 'Microsoft.Resources/deploymentScripts@2023-08-01' = ### Pass secured strings to a deployment script -You can set environment variables (`EnvironmentVariable`) in your container instances to provide dynamic configuration of the application or script that the container runs. A deployment script handles nonsecured and secured environment variables in the same way as Azure Container Instances. For more information, see [Set environment variables in container instances](../../container-instances/container-instances-environment-variables.md#secure-values). +You can set environment variables (`EnvironmentVariable`) in your container instances to provide dynamic configuration of the application or script that the container runs. A deployment script handles nonsecured and secured environment variables in the same way as Azure Container Instances. For more information, see [Set environment variables in container instances](/azure/container-instances/container-instances-environment-variables#secure-values). The maximum allowed size for environment variables is 64 KB. |
azure-resource-manager | File | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/bicep/file.md | Title: Bicep file structure and syntax description: Describes the structure and properties of a Bicep file using declarative syntax. Previously updated : 07/11/2024 Last updated : 08/20/2024 # Understand the structure and syntax of Bicep files metadata <metadata-name> = ANY targetScope = '<scope>' +@<decorator>(<argument>) type <user-defined-data-type-name> = <type-expression> +@<decorator>(<argument>) func <user-defined-function-name> (<argument-name> <data-type>, <argument-name> <data-type>, ...) <function-data-type> => <expression> @<decorator>(<argument>) param <parameter-name> <parameter-data-type> = <default-value> +@<decorator>(<argument>) var <variable-name> = <variable-value> +@<decorator>(<argument>) resource <resource-symbolic-name> '<resource-type>@<api-version>' = { <resource-properties> } +@<decorator>(<argument>) module <module-symbolic-name> '<path-to-file>' = { name: '<linked-deployment-name>' params: { The allowed values are: In a module, you can specify a scope that is different than the scope for the rest of the Bicep file. For more information, see [Configure module scope](modules.md#set-module-scope) +## Decorators ++You can add one or more decorators for each of the following elements: ++* [param](#parameters) +* [var](#variables) +* [resource](#resources) +* [module](#modules) +* [output](#outputs) +* [func](#functions) +* [type](#types) ++| Decorator | Apply to element | Apply to data type | Argument | Description | +| | - | -- | - | +| allowed | [param](./parameters.md#allowed-values) | all | array | Use this decorator to make sure the user provides correct values. This decorator is only permitted on `param` statements. To declare that a property must be one of a set of predefined values in a [`type`](./user-defined-data-types.md) or [`output`](./outputs.md) statement, use [union type syntax](./data-types.md#union-types). Union type syntax can also be used in `param` statements.| +| batchSize |[resource](./resource-declaration.md#batchsize), [module](./modules.md#batchsize)| N/A | integer | Set up instances to deploy sequentially. | +| description | [param](./parameters.md#description), [var](./variables.md#description), [resource](./resource-declaration.md#description), [module](./modules.md#description), [output](./outputs.md#description), [type](./user-defined-data-types.md#description), [func](./user-defined-functions.md#description) | all | string | Provide descriptions for the elements. Markdown-formatted text can be used for the description text. | +| discriminator | [param](./parameters.md#discriminator), [type](./user-defined-data-types.md#discriminator), [output](./outputs.md#discriminator) | object | string | Use this decorator to ensure the correct subclass is identified and managed. For more information, see [Custom-tagged union data type](./data-types.md#custom-tagged-union-data-type).| +| export | [var](./variables.md#export), [type](./user-defined-data-types.md#export), [func](./user-defined-functions.md#export) | all | none| Indicates that the element can be imported by another Bicep file. | +| maxLength | [param](./parameters.md#length-constraints), [output](./outputs.md#length-constraints) | array, string | int | The maximum length for string and array elements. The value is inclusive. | +| maxValue | [param](./parameters.md#integer-constraints), [output](./outputs.md#integer-constraints) | int | int | The maximum value for the integer elements. This value is inclusive. | +| metadata | [param](./parameters.md#metadata), [output](./outputs.md#metadata) | all | object | Custom properties to apply to the elements. Can include a description property that is equivalent to the description decorator. | +| minLength | [param](./parameters.md#length-constraints), [output](./outputs.md#length-constraints) | array, string | int | The minimum length for string and array elements. The value is inclusive. | +| minValue | [param](./parameters.md#integer-constraints), [output](./outputs.md#integer-constraints) | int | int | The minimum value for the integer elements. This value is inclusive. | +| sealed | [param](./parameters.md#sealed), [type](./user-defined-data-types.md#sealed), [output](./outputs.md#sealed) | object | none | Elevate [BCP089](./diagnostics/bcp089.md) from a warning to an error when a property name of a use-define data type is likely a typo. For more information, see [Elevate error level](./user-defined-data-types.md#elevate-error-level). | +| secure | [param](./parameters.md#secure-parameters) | string, object | none | Marks the parameter as secure. The value for a secure parameter isn't saved to the deployment history and isn't logged. For more information, see [Secure strings and objects](data-types.md#secure-strings-and-objects). | ++## Parameters ++Use parameters for values that need to vary for different deployments. You can define a default value for the parameter that is used if no value is provided during deployment. ++For example, you can add a SKU parameter to specify different sizes for a resource. You might pass in different values depending on whether you're deploying to test or production. ++```bicep +param storageSKU string = 'Standard_LRS' +``` ++The parameter is available for use in your Bicep file. ++```bicep +sku: { + name: storageSKU +} +``` ++You can add one or more decorators for each parameter. For more information, see [Use decorators](./parameters.md#use-decorators). ++For more information, see [Parameters in Bicep](./parameters.md). ++## Variables ++You can make your Bicep file more readable by encapsulating complex expressions in a variable. For example, you might add a variable for a resource name that is constructed by concatenating several values together. ++```bicep +var uniqueStorageName = '${storagePrefix}${uniqueString(resourceGroup().id)}' +``` ++Apply this variable wherever you need the complex expression. ++```bicep +resource stg 'Microsoft.Storage/storageAccounts@2023-04-01' = { + name: uniqueStorageName +``` ++You can add one or more decorators for each variable. For more information, see [Use decorators](./variables.md#use-decorators). ++For more information, see [Variables in Bicep](./variables.md). + ## Types You can use the `type` statement to define user-defined data types. resource storageAccount 'Microsoft.Storage/storageAccounts@2023-04-01' = { } ``` +You can add one or more decorators for each user-defined data type. For more information, see [Use decorators](./user-defined-data-types.md#use-decorators). + For more information, see [User-defined data types](./user-defined-data-types.md). ## Functions output azureUrl string = buildUrl(true, 'microsoft.com', 'azure') For more information, see [User-defined functions](./user-defined-functions.md). -## Parameters --Use parameters for values that need to vary for different deployments. You can define a default value for the parameter that is used if no value is provided during deployment. --For example, you can add a SKU parameter to specify different sizes for a resource. You might pass in different values depending on whether you're deploying to test or production. --```bicep -param storageSKU string = 'Standard_LRS' -``` --The parameter is available for use in your Bicep file. --```bicep -sku: { - name: storageSKU -} -``` --For more information, see [Parameters in Bicep](./parameters.md). --## Parameter decorators --You can add one or more decorators for each parameter. These decorators describe the parameter and define constraints for the values that are passed in. The following example shows one decorator but many others are available. --```bicep -@allowed([ - 'Standard_LRS' - 'Standard_GRS' - 'Standard_ZRS' - 'Premium_LRS' -]) -param storageSKU string = 'Standard_LRS' -``` --For more information, including descriptions of all available decorators, see [Decorators](parameters.md#decorators). --## Variables --You can make your Bicep file more readable by encapsulating complex expressions in a variable. For example, you might add a variable for a resource name that is constructed by concatenating several values together. --```bicep -var uniqueStorageName = '${storagePrefix}${uniqueString(resourceGroup().id)}' -``` --Apply this variable wherever you need the complex expression. --```bicep -resource stg 'Microsoft.Storage/storageAccounts@2023-04-01' = { - name: uniqueStorageName -``` --For more information, see [Variables in Bicep](./variables.md). - ## Resources Use the `resource` keyword to define a resource to deploy. Your resource declaration includes a symbolic name for the resource. You use this symbolic name in other parts of the Bicep file to get a value from the resource. resource stg 'Microsoft.Storage/storageAccounts@2023-04-01' = { } ``` +You can add one or more decorators for each resource. For more information, see [Use decorators](./resource-declaration.md#use-decorators). + For more information, see [Resource declaration in Bicep](resource-declaration.md). Some resources have a parent/child relationship. You can define a child resource either inside the parent resource or outside of it. module webModule './webApp.bicep' = { The symbolic name enables you to reference the module from somewhere else in the file. For example, you can get an output value from a module by using the symbolic name and the name of the output value. -For more information, see [Use Bicep modules](./modules.md). --## Resource and module decorators --You can add a decorator to a resource or module definition. The supported decorators are `batchSize(int)` and `description`. You can only apply it to a resource or module definition that uses a `for` expression. --By default, resources are deployed in parallel. When you add the `batchSize(int)` decorator, you deploy instances serially. --```bicep -@batchSize(3) -resource storageAccountResources 'Microsoft.Storage/storageAccounts@2023-04-01' = [for storageName in storageAccounts: { - ... -}] -``` +You can add one or more decorators for each module. For more information, see [Use decorators](./modules.md#use-decorators). -For more information, see [Deploy in batches](loops.md#deploy-in-batches). +For more information, see [Use Bicep modules](./modules.md). ## Outputs Use outputs to return values from the deployment. Typically, you return a value output storageEndpoint object = stg.properties.primaryEndpoints ``` +You can add one or more decorators for each output. For more information, see [Use decorators](./outputs.md#use-decorators). + For more information, see [Outputs in Bicep](./outputs.md). ## Loops The preceding example is equivalent to the following JSON. ## Multiple-line declarations -You can now use multiple lines in function, array and object declarations. This feature requires [Bicep CLI version 0.7.X or higher](./install.md). +You can now use multiple lines in function, array, and object declarations. This feature requires [Bicep CLI version 0.7.X or higher](./install.md). In the following example, the `resourceGroup()` definition is broken into multiple lines. See [Arrays](./data-types.md#arrays) and [Objects](./data-types.md#objects) for ## Known limitations * No support for the concept of apiProfile, which is used to map a single apiProfile to a set apiVersion for each resource type.-* User-defined functions are not supported at the moment. However, an experimental feature is currently accessible. For more information, see [User-defined functions in Bicep](./user-defined-functions.md). +* User-defined functions aren't supported at the moment. However, an experimental feature is currently accessible. For more information, see [User-defined functions in Bicep](./user-defined-functions.md). * Some Bicep features require a corresponding change to the intermediate language (Azure Resource Manager JSON templates). We announce these features as available when all of the required updates have been deployed to global Azure. If you're using a different environment, such as Azure Stack, there may be a delay in the availability of the feature. The Bicep feature is only available when the intermediate language has also been updated in that environment. ## Next steps |
azure-resource-manager | Linter Rule Protect Commandtoexecute Secrets | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/bicep/linter-rule-protect-commandtoexecute-secrets.md | Use the following value in the [Bicep configuration file](bicep-config-linter.md For custom script resources, the `commandToExecute` value should be placed under the `protectedSettings` property object instead of the `settings` property object if it includes secret data such as a password. For example, secret data could be found in secure parameters, [`list*`](./bicep-functions-resource.md#list) functions such as listKeys, or in custom scripts arguments. -Don't use secret data in the `settings` object because it uses clear text. For more information, see [Microsoft.Compute virtualMachines/extensions](/azure/templates/microsoft.compute/virtualmachines/extensions), [Custom Script Extension for Windows](../../virtual-machines/extensions/custom-script-windows.md), and [Use the Azure Custom Script Extension Version 2 with Linux virtual machines](../../virtual-machines/extensions/custom-script-linux.md). +Don't use secret data in the `settings` object because it uses clear text. For more information, see [Microsoft.Compute virtualMachines/extensions](/azure/templates/microsoft.compute/virtualmachines/extensions), [Custom Script Extension for Windows](/azure/virtual-machines/extensions/custom-script-windows), and [Use the Azure Custom Script Extension Version 2 with Linux virtual machines](/azure/virtual-machines/extensions/custom-script-linux). The following example fails because `commandToExecute` is specified under `settings` and uses a secure parameter. |
azure-resource-manager | Linter Rule Secure Secrets In Parameters | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/bicep/linter-rule-secure-secrets-in-parameters.md | Last updated 03/20/2024 # Linter rule - secure secrets in parameters -This rule finds parameters whose names look like secrets but without the [secure decorator](./parameters.md#decorators), for example: a parameter name contains the following keywords: +This rule finds parameters whose names look like secrets but without the [secure decorator](./parameters.md#use-decorators), for example: a parameter name contains the following keywords: - password - pwd Use the following value in the [Bicep configuration file](bicep-config-linter.md ## Solution -Use the [secure decorator](./parameters.md#decorators) for the parameters that contain secrets. The secure decorator marks the parameter as secure. The value for a secure parameter isn't saved to the deployment history and isn't logged. +Use the [secure decorator](./parameters.md#use-decorators) for the parameters that contain secrets. The secure decorator marks the parameter as secure. The value for a secure parameter isn't saved to the deployment history and isn't logged. The following example fails this test because the parameter name may contain secrets. |
azure-resource-manager | Loops | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/bicep/loops.md | By default, Azure resources are deployed in parallel. When you use a loop to cre You might not want to update all instances of a resource type at the same time. For example, when updating a production environment, you may want to stagger the updates so only a certain number are updated at any one time. You can specify that a subset of the instances be batched together and deployed at the same time. The other instances wait for that batch to complete. -To serially deploy instances of a resource, add the [batchSize decorator](./file.md#resource-and-module-decorators). Set its value to the number of instances to deploy concurrently. A dependency is created on earlier instances in the loop, so it doesn't start one batch until the previous batch completes. +To serially deploy instances of a resource, add the [batchSize decorator](./file.md#decorators). Set its value to the number of instances to deploy concurrently. A dependency is created on earlier instances in the loop, so it doesn't start one batch until the previous batch completes. ```bicep param location string = resourceGroup().location |
azure-resource-manager | Modules | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/bicep/modules.md | Title: Bicep modules description: Describes how to define a module in a Bicep file, and how to use module scopes. Previously updated : 06/28/2024 Last updated : 08/20/2024 # Bicep modules Bicep modules are converted into a single Azure Resource Manager template with [ If you would rather learn about modules through step-by-step guidance, see [Create composable Bicep files by using modules](/training/modules/create-composable-bicep-files-using-modules/). -## Definition syntax +## Define modules The basic syntax for defining a module is: ```bicep+@<decorator>(<argument>) module <symbolic-name> '<path-to-file>' = { name: '<linked-deployment-name>' params: { module <symbolic-name> '<path-to-file>' = { ## Path to module -The file for the module can be either a local file or an external file. The external file can be in template spec or a Bicep module registry. +The file for the module can be either a local file or an external file. The external file can be in template spec or a Bicep module registry. ### Local file module stgModule '../storageAccount.bicep' = { > [!NOTE] > Non-AVM (Azure Verified Modules) modules are retired from the public module registry. -[Azure Verified Modules](https://azure.github.io/Azure-Verified-Modules/) are prebuilt, pretested, and preverified modules for deploying resources on Azure. Created and owned by Microsoft employees, these modules are designed to simplify and accelerate the deployment process for common Azure resources and configurations whilst also aligning to best practices; such as the Well-Architected Framework. +[Azure Verified Modules](https://azure.github.io/Azure-Verified-Modules/) are prebuilt, pretested, and preverified modules for deploying resources on Azure. Created and owned by Microsoft employees, these modules are designed to simplify and accelerate the deployment process for common Azure resources and configurations while also aligning to best practices; such as the Well-Architected Framework. Browse to the [Azure Verified Modules Bicep Index](https://azure.github.io/Azure-Verified-Modules/indexes/bicep/)to see the list of modules available, select the highlighted numbers in the following screenshot to be taken directly to that filtered view. module stgModule 'ts/ContosoSpecs:storageSpec:2.0' = { } ``` +## Use decorators ++Decorators are written in the format `@expression` and are placed above module declarations. The following table shows the available decorators for modules. ++| Decorator | Argument | Description | +| | -- | - | +| [batchSize](./bicep-import.md#export-variables-types-and-functions) | none | Set up instances to deploy sequentially. | +| [description](#description) | string |Provide descriptions for the module.| ++Decorators are in the [sys namespace](bicep-functions.md#namespaces-for-functions). If you need to differentiate a decorator from another item with the same name, preface the decorator with `sys`. For example, if your Bicep file includes a parameter named `description`, you must add the sys namespace when using the **description** decorator. ++### BatchSize ++You can only apply `@batchSize()` to a resource or module definition that uses a [`for` expression](./loops.md). ++By default, modules are deployed in parallel. When you add the `@batchSize(int)` decorator, you deploy instances serially. ++```bicep +@batchSize(3) +module storage 'br/public:avm/res/storage/storage-account:0.11.1' = [for storageName in storageAccounts: { + name: 'myStorage' + params: { + name: 'store${resourceGroup().name}' + } +}] +``` ++For more information, see [Deploy in batches](loops.md#deploy-in-batches). ++### Description ++To add explanation, add a description to module declarations. For example: ++```bicep +@description('Create storage accounts referencing an AVM.') +module storage 'br/public:avm/res/storage/storage-account:0.9.0' = { + name: 'myStorage' + params: { + name: 'store${resourceGroup().name}' + } +} +``` ++Markdown-formatted text can be used for the description text. + ## Parameters The parameters you provide in your module definition match the parameters in the Bicep file. |
azure-resource-manager | Outputs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/bicep/outputs.md | Title: Outputs in Bicep description: Describes how to define output values in Bicep Previously updated : 12/06/2023 Last updated : 08/20/2024 # Outputs in Bicep -This article describes how to define output values in a Bicep file. You use outputs when you need to return values from the deployed resources. You are limited to 64 outputs in a Bicep file. For more information, see [Template limits](../templates/best-practices.md#template-limits). +This article describes how to define output values in a Bicep file. You use outputs when you need to return values from the deployed resources. You're limited to 64 outputs in a Bicep file. For more information, see [Template limits](../templates/best-practices.md#template-limits). -## Define output values +## Define outputs The syntax for defining an output value is: output out 'a' | 'b' = foo For more information, see [User-defined data types](./user-defined-data-types.md). +## Use decorators ++Decorators are written in the format `@expression` and are placed above output declarations. The following table shows the available decorators for outputs. ++| Decorator | Apply to | Argument | Description | +| | - | -- | - | +| [description](#description) | all | string | Provide descriptions for the output. | +| [discriminator](#discriminator) | object | string | Use this decorator to ensure the correct subclass is identified and managed. For more information, see [Custom-tagged union data type](./data-types.md#custom-tagged-union-data-type).| +| [maxLength](#length-constraints) | array, string | int | The maximum length for string and array outputs. The value is inclusive. | +| [maxValue](#integer-constraints) | int | int | The maximum value for the integer output. This value is inclusive. | +| [metadata](#metadata) | all | object | Custom properties to apply to the output. Can include a description property that is equivalent to the description decorator. | +| [minLength](#length-constraints) | array, string | int | The minimum length for string and array outputs. The value is inclusive. | +| [minValue](#integer-constraints) | int | int | The minimum value for the integer output. This value is inclusive. | +| [sealed](#sealed) | object | none | Elevate [BCP089](./diagnostics/bcp089.md) from a warning to an error when a property name of a use-define data type is likely a typo. For more information, see [Elevate error level](./user-defined-data-types.md#elevate-error-level). | ++Decorators are in the [sys namespace](bicep-functions.md#namespaces-for-functions). If you need to differentiate a decorator from another item with the same name, preface the decorator with `sys`. For example, if your Bicep file includes a parameter named `description`, you must add the sys namespace when using the **description** decorator. ++```bicep +@sys.description('The name of the instance.') +param name string +@sys.description('The description of the instance to display.') +param description string +``` ++### Description ++To add explanation, add a description to output declarations. For example: ++```bicep +@description('Conditionally output the endpoint.') +output endpoint string = deployStorage ? myStorageAccount.properties.primaryEndpoints.blob : '' +``` ++Markdown-formatted text can be used for the description text. ++### Discriminator ++See [Custom-tagged union data type](./data-types.md#custom-tagged-union-data-type). ++### Integer constraints ++You can set minimum and maximum values for integer outputs. You can set one or both constraints. ++```bicep +var thisMonth = 3 ++@minValue(1) +@maxValue(12) +output month int = thisMonth +``` ++### Length constraints ++You can specify minimum and maximum lengths for string and array outputs. You can set one or both constraints. For strings, the length indicates the number of characters. For arrays, the length indicates the number of items in the array. ++The following example declares two outputs. One output is for a storage account name that must have 3-24 characters. The other output is an array that must have from 1-5 items. ++```bicep +var accountName = uniqueString(resourceGroup().id) +var appNames = [ + 'SyncSphere' + 'DataWhiz' + 'FlowMatrix' +] ++@minLength(3) +@maxLength(24) +output storageAccountName string = accountName ++@minLength(1) +@maxLength(5) +output applicationNames array = appNames +``` ++### Metadata ++If you have custom properties that you want to apply to an output, add a metadata decorator. Within the metadata, define an object with the custom names and values. The object you define for the metadata can contain properties of any name and type. ++You might use this decorator to track information about the output that doesn't make sense to add to the [description](#description). ++```bicep +var obj = {} +@description('Configuration values that are applied when the application starts.') +@metadata({ + source: 'database' + contact: 'Web team' +}) +output settings object = obj +``` ++When you provide a `@metadata()` decorator with a property that conflicts with another decorator, that decorator always takes precedence over anything in the `@metadata()` decorator. So, the conflicting property within the `@metadata()` value is redundant and will be replaced. For more information, see [No conflicting metadata](./linter-rule-no-conflicting-metadata.md). ++### Sealed ++See [Elevate error level](./user-defined-data-types.md#elevate-error-level). + ## Conditional output When the value to return depends on a condition in the deployment, use the `?` operator. |
azure-resource-manager | Parameters | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/bicep/parameters.md | Title: Parameters in Bicep files description: Describes how to define parameters in a Bicep file. Previously updated : 03/22/2024 Last updated : 08/20/2024 # Parameters in Bicep For parameter best practices, see [Parameters](./best-practices.md#parameters). If you would rather learn about parameters through step-by-step guidance, see [Build reusable Bicep templates by using parameters](/training/modules/build-reusable-bicep-templates-parameters). -## Declaration +## Define parameters Each parameter has a name and [data type](data-types.md). Optionally, you can provide a default value for the parameter. ```bicep+@<decorator>(<argument>) param <parameter-name> <parameter-data-type> = <default-value> ``` param storageAccountConfig { } ``` -For more information, see [User-defined data types](./user-defined-data-types.md#syntax). +For more information, see [User-defined data types](./user-defined-data-types.md#define-types). -## Default value +## Set default values You can specify a default value for a parameter. The default value is used when a value isn't provided during deployment. output hostingPlanOutput string = hostingPlanName However, you can't reference a [variable](./variables.md) as the default value. -## Decorators +## Use decorators -Parameters use decorators for constraints or metadata. The decorators are in the format `@expression` and are placed above the parameter's declaration. You can mark a parameter as secure, specify allowed values, set the minimum and maximum length for a string, set the minimum and maximum value for an integer, and provide a description of the parameter. --The following example shows two common uses for decorators. --```bicep -@secure() -param demoPassword string --@description('Must be at least Standard_A3 to support 2 NICs.') -param virtualMachineSize string = 'Standard_DS1_v2' -``` --The following table describes the available decorators and how to use them. +Parameters use decorators for constraints or metadata. The decorators are in the format `@expression` and are placed above the parameter's declaration. The following table shows the available decorators for parameters. | Decorator | Apply to | Argument | Description | | | - | -- | - | | [allowed](#allowed-values) | all | array | Use this decorator to make sure the user provides correct values. This decorator is only permitted on `param` statements. To declare that a property must be one of a set of predefined values in a [`type`](./user-defined-data-types.md) or [`output`](./outputs.md) statement, use [union type syntax](./data-types.md#union-types). Union type syntax can also be used in `param` statements.| | [description](#description) | all | string | Text that explains how to use the parameter. The description is displayed to users through the portal. |+| [discriminator](#discriminator) | object | string | Use this decorator to ensure the correct subclass is identified and managed. For more information, see [Custom-tagged union data type](./data-types.md#custom-tagged-union-data-type).| | [maxLength](#length-constraints) | array, string | int | The maximum length for string and array parameters. The value is inclusive. | | [maxValue](#integer-constraints) | int | int | The maximum value for the integer parameter. This value is inclusive. | | [metadata](#metadata) | all | object | Custom properties to apply to the parameter. Can include a description property that is equivalent to the description decorator. | | [minLength](#length-constraints) | array, string | int | The minimum length for string and array parameters. The value is inclusive. | | [minValue](#integer-constraints) | int | int | The minimum value for the integer parameter. This value is inclusive. |+| [sealed](#sealed) | object | none | Elevate [BCP089](./diagnostics/bcp089.md) from a warning to an error when a property name of a use-define data type is likely a typo. For more information, see [Elevate error level](./user-defined-data-types.md#elevate-error-level). | | [secure](#secure-parameters) | string, object | none | Marks the parameter as secure. The value for a secure parameter isn't saved to the deployment history and isn't logged. For more information, see [Secure strings and objects](data-types.md#secure-strings-and-objects). | Decorators are in the [sys namespace](bicep-functions.md#namespaces-for-functions). If you need to differentiate a decorator from another item with the same name, preface the decorator with `sys`. For example, if your Bicep file includes a parameter named `description`, you must add the sys namespace when using the **description** decorator. param name string param description string ``` -The available decorators are described in the following sections. --### Secure parameters --You can mark string or object parameters as secure. The value of a secure parameter isn't saved to the deployment history and isn't logged. --```bicep -@secure() -param demoPassword string --@secure() -param demoSecretObject object -``` - ### Allowed values You can define allowed values for a parameter. You provide the allowed values in an array. The deployment fails during validation if a value is passed in for the parameter that isn't one of the allowed values. param demoEnum string If you define allowed values for an array parameter, the actual value can be any subset of the allowed values. -### Length constraints --You can specify minimum and maximum lengths for string and array parameters. You can set one or both constraints. For strings, the length indicates the number of characters. For arrays, the length indicates the number of items in the array. --The following example declares two parameters. One parameter is for a storage account name that must have 3-24 characters. The other parameter is an array that must have from 1-5 items. --```bicep -@minLength(3) -@maxLength(24) -param storageAccountName string --@minLength(1) -@maxLength(5) -param appNames array -``` --### Integer constraints --You can set minimum and maximum values for integer parameters. You can set one or both constraints. --```bicep -@minValue(1) -@maxValue(12) -param month int -``` - ### Description To help users understand the value to provide, add a description to the parameter. When a user deploys the template through the portal, the description's text is automatically used as a tip for that parameter. Only add a description when the text provides more information than can be inferred from the parameter name. When you hover your cursor over **storageAccountName** in VS Code, you see the f Make sure the text follows proper Markdown formatting; otherwise, it may not display correctly when rendered. +### Discriminator ++See [Custom-tagged union data type](./data-types.md#custom-tagged-union-data-type). ++### Integer constraints ++You can set minimum and maximum values for integer parameters. You can set one or both constraints. ++```bicep +@minValue(1) +@maxValue(12) +param month int +``` ++### Length constraints ++You can specify minimum and maximum lengths for string and array parameters. You can set one or both constraints. For strings, the length indicates the number of characters. For arrays, the length indicates the number of items in the array. ++The following example declares two parameters. One parameter is for a storage account name that must have 3-24 characters. The other parameter is an array that must have from 1-5 items. ++```bicep +@minLength(3) +@maxLength(24) +param storageAccountName string ++@minLength(1) +@maxLength(5) +param appNames array +``` + ### Metadata If you have custom properties that you want to apply to a parameter, add a metadata decorator. Within the metadata, define an object with the custom names and values. The object you define for the metadata can contain properties of any name and type. param settings object When you provide a `@metadata()` decorator with a property that conflicts with another decorator, that decorator always takes precedence over anything in the `@metadata()` decorator. So, the conflicting property within the `@metadata()` value is redundant and will be replaced. For more information, see [No conflicting metadata](./linter-rule-no-conflicting-metadata.md). -## Use parameter +### Sealed ++See [Elevate error level](./user-defined-data-types.md#elevate-error-level). ++### Secure parameters ++You can mark string or object parameters as secure. The value of a secure parameter isn't saved to the deployment history and isn't logged. ++```bicep +@secure() +param demoPassword string ++@secure() +param demoSecretObject object +``` ++There are several linter rules related to this decorator: [Secure parameter default](./linter-rule-secure-parameter-default.md), [Secure parameters in nested deployments](./linter-rule-secure-params-in-nested-deploy.md), [Secure secrets in parameters](./linter-rule-secure-secrets-in-parameters.md). ++## Use parameters To reference the value for a parameter, use the parameter name. The following example uses a parameter value for a key vault name. resource keyvault 'Microsoft.KeyVault/vaults@2019-09-01' = { } ``` -## Objects as parameters +## Use objects as parameters It can be easier to organize related values by passing them in as an object. This approach also reduces the number of parameters in the template. |
azure-resource-manager | Patterns Name Generation | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/bicep/patterns-name-generation.md | Use Bicep's [string interpolation](bicep-functions-string.md#concat) to generate > [!NOTE] > Some Azure resources, such as Azure RBAC role definitions and role assignments, need to have globally unique identifiers (GUIDs) as their names. Use the [guid() function](bicep-functions-string.md#guid) to generate names for these resources. -If you're creating reusable Bicep code, you should consider defining names as [parameters](parameters.md). Use a [default parameter value](parameters.md#default-value) to define a default name that can be overridden. Default values help to make your Bicep files more reusable, ensuring that users of the file can define their own names if they need to follow a different naming convention. +If you're creating reusable Bicep code, you should consider defining names as [parameters](parameters.md). Use a [default parameter value](parameters.md#set-default-values) to define a default name that can be overridden. Default values help to make your Bicep files more reusable, ensuring that users of the file can define their own names if they need to follow a different naming convention. ## Example 1: Organizational naming convention |
azure-resource-manager | Resource Declaration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/bicep/resource-declaration.md | Title: Declare resources in Bicep description: Describes how to declare resources to deploy in Bicep. Previously updated : 03/20/2024 Last updated : 08/20/2024 # Resource declaration in Bicep -This article describes the syntax you use to add a resource to your Bicep file. You are limited to 800 resources in a Bicep file. For more information, see [Template limits](../templates/best-practices.md#template-limits). +This article describes the syntax you use to add a resource to your Bicep file. You're limited to 800 resources in a Bicep file. For more information, see [Template limits](../templates/best-practices.md#template-limits). -## Declaration +## Define resources Add a resource declaration by using the `resource` keyword. You set a symbolic name for the resource. The symbolic name isn't the same as the resource name. You use the symbolic name to reference the resource in other parts of your Bicep file. ```bicep+@<decorator>(<argument>) resource <symbolic-name> '<full-type-name>@<api-version>' = { <resource-properties> } resource <symbolic-name> '<full-type-name>@<api-version>' = { } ``` +## Use decorators ++Decorators are written in the format `@expression` and are placed above resource declarations. The following table shows the available decorators for resources. ++| Decorator | Argument | Description | +| | -- | - | +| [batchSize](./bicep-import.md#export-variables-types-and-functions) | none | Set up instances to deploy sequentially. | +| [description](#description) | string | Provide descriptions for the resource. | ++Decorators are in the [sys namespace](bicep-functions.md#namespaces-for-functions). If you need to differentiate a decorator from another item with the same name, preface the decorator with `sys`. For example, if your Bicep file includes a parameter named `description`, you must add the sys namespace when using the **description** decorator. ++### BatchSize ++You can only apply `@batchSize()` to a resource or module definition that uses a [`for` expression](./loops.md). ++By default, resources are deployed in parallel. When you add the `batchSize(int)` decorator, you deploy instances serially. ++```bicep +@batchSize(3) +resource storageAccountResources 'Microsoft.Storage/storageAccounts@2023-04-01' = [for storageName in storageAccounts: { + ... +}] +``` ++For more information, see [Deploy in batches](loops.md#deploy-in-batches). ++### Description ++To add explanation, add a description to resource declarations. For example: ++```bicep +@description('Create a number of storage accounts') +resource storageAccountResources 'Microsoft.Storage/storageAccounts@2023-04-01' = [for storageName in storageAccounts: { + ... +}] +``` ++Markdown-formatted text can be used for the description text. + ## Resource name Each resource has a name. When setting the resource name, pay attention to the [rules and restrictions for resource names](../management/resource-name-rules.md). resource stg 'Microsoft.Storage/storageAccounts@2023-04-01' = { } ``` -## Location +## Resource location Many resources require a location. You can determine if the resource needs a location either through intellisense or [template reference](/azure/templates/). The following example adds a location parameter that is used for the storage account. az provider show \ -## Tags +## Resource tags You can apply tags to a resource during deployment. Tags help you logically organize your deployed resources. For examples of the different ways you can specify the tags, see [ARM template tags](../management/tag-resources-bicep.md). -## Managed identities for Azure resources +## Managed identities for resources Some resources support [managed identities for Azure resources](../../active-directory/managed-identities-azure-resources/overview.md). Those resources have an identity object at the root level of the resource declaration. |
azure-resource-manager | User Defined Data Types | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/bicep/user-defined-data-types.md | Title: User-defined types in Bicep description: Describes how to define and use user-defined data types in Bicep. Previously updated : 08/16/2024 Last updated : 08/20/2024 # User-defined data types in Bicep Learn how to create user-defined data types in Bicep. For system-defined data ty [Bicep CLI version 0.12.X or higher](./install.md) is required to use this feature. -## Syntax +## Define types You can use the `type` statement to create user-defined data types. In addition, you can also use type expressions in some places to define custom types. ```bicep+@<decorator>(<argument>) type <user-defined-data-type-name> = <type-expression> ``` -The [`@allowed`](./parameters.md#decorators) decorator is only permitted on [`param` statements](./parameters.md). To declare a type with a set of predefined values in a `type`, use [union type syntax](./data-types.md#union-types). +The [`@allowed`](./parameters.md#use-decorators) decorator is only permitted on [`param` statements](./parameters.md). To declare a type with a set of predefined values in a `type`, use [union type syntax](./data-types.md#union-types). The valid type expressions include: The valid type expressions include: } ``` - Decorators can be used on properties. `*` can be used to make all values require a constraint. Additional properties can still be defined when using `*`. This example creates an object that requires a key of type `int` named _id_, and that all other entries in the object must be a string value at least 10 characters long. + Decorators can be used on properties. `*` can be used to make all values require a constraint. Additional properties can still be defined when using `*`. This example creates an object that requires a key of type `int` named *id*, and that all other entries in the object must be a string value at least 10 characters long. ```bicep type obj = { The valid type expressions include: type negatedBoolReference = !negatedBoolLiteral ``` -- Unions can include any number of literal-typed expressions. Union types are translated into the [allowed-value constraint](./parameters.md#decorators) in Bicep, so only literals are permitted as members.+- Unions can include any number of literal-typed expressions. Union types are translated into the [allowed-value constraint](./parameters.md#use-decorators) in Bicep, so only literals are permitted as members. ```bicep type oneOfSeveralObjects = {foo: 'bar'} | {fizz: 'buzz'} | {snap: 'crackle'} resource storageAccount 'Microsoft.Storage/storageAccounts@2023-04-01' = { } ``` +## Use decorators ++Decorators are written in the format `@expression` and are placed above the declarations of the user-defined data type. The following table shows the available decorators for user-defined data types. ++| Decorator | Argument | Description | +| | -- | - | +| [description](#description) | string | Provide descriptions for the user-defined data type. | +| [discriminator](#discriminator) | string | Use this decorator to ensure the correct subclass is identified and managed. | +| [export](#export) | none | Indicates that the user-defined data type is available for import by another Bicep file. | +| [sealed](#sealed) | none | Elevate [BCP089](./diagnostics/bcp089.md) from a warning to an error when a property name of a use-define data type is likely a typo. For more information, see [Elevate error level](#elevate-error-level).| ++Decorators are in the [sys namespace](bicep-functions.md#namespaces-for-functions). If you need to differentiate a decorator from another item with the same name, preface the decorator with `sys`. For example, if your Bicep file includes a variable named `description`, you must add the sys namespace when using the **description** decorator. ++### Discriminator ++See [Tagged union data type](#tagged-union-data-type). ++### Description ++Add a description to the user-defined data type. Decorators can be used on properties. For example: ++```bicep +@description('Define a new object type.') +type obj = { + @description('The object ID') + id: int ++ @description('Additional properties') + @minLength(10) + *: string +} +``` ++Markdown-formatted text can be used for the description text. ++### Export ++Use `@export()` to share the user-defined data type with other Bicep files. For more information, see [Export variables, types, and functions](./bicep-import.md#export-variables-types-and-functions). ++### Sealed ++See [Elevate error level](#elevate-error-level). + ## Elevate error level By default, declaring an object type in Bicep allows it to accept additional properties of any type. For example, the following Bicep is valid but raises a warning of [BCP089] - `The property "otionalProperty" is not allowed on objects of type "{ property: string, optionalProperty: null | string }". Did you mean "optionalProperty"?`: param aParameter anObject = { } ``` -The warning informs you that the _anObject_ type doesn't include a property named _otionalProperty_. While no errors occur during deployment, the Bicep compiler assumes _otionalProperty_ is a typo, that you intended to use _optionalProperty_ but misspelled it, and alert you to the inconsistency. +The warning informs you that the *anObject* type doesn't include a property named *otionalProperty*. While no errors occur during deployment, the Bicep compiler assumes *otionalProperty* is a typo, that you intended to use *optionalProperty* but misspelled it, and alert you to the inconsistency. To escalate these warnings to errors, apply the `@sealed()` decorator to the object type: output config object = serviceConfig For more information, see [Custom tagged union data type](./data-types.md#custom-tagged-union-data-type). -## Import types between Bicep files --Only user-defined data types that bear the `@export()` decorator can be imported to other templates. --The following example enables you to import the two user-defined data types from other templates: --```bicep -@export() -type myStringType = string --@export() -type myOtherStringType = myStringType -``` --For more information, see [Import user-defined data types](./bicep-import-providers.md#import-user-defined-data-types-preview). - ## Next steps - For a list of the Bicep data types, see [Data types](./data-types.md). |
azure-resource-manager | User Defined Functions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/bicep/user-defined-functions.md | Within your Bicep file, you can create your own functions. These functions are a ## Limitations -When defining a user function, there are some restrictions: +There are some restrictions when defining a user function: * The function can't access variables. * The function can only use parameters that are defined in the function. * The function can't use the [reference](bicep-functions-resource.md#reference) function or any of the [list](bicep-functions-resource.md#list) functions. * Parameters for the function can't have default values. -## Define the function +## Define functions Use the `func` statement to define user-defined functions. ```bicep+@<decorator>(<argument>) func <user-defined-function-name> (<argument-name> <data-type>, <argument-name> <data-type>, ...) <function-data-type> => <expression> ``` The output from the preceding example is: | - | - | -- | | elements | positiveInt | 3 | +## Use decorators ++Decorators are written in the format `@expression` and are placed above function declarations. The following table shows the available decorators for functions. ++| Decorator | Argument | Description | +| | -- | - | +| [description](#description) | string | Provide descriptions for the function. | +| [export](#export) | none | Indicates that the function is available for import by another Bicep file. | ++Decorators are in the [sys namespace](bicep-functions.md#namespaces-for-functions). If you need to differentiate a decorator from another item with the same name, preface the decorator with `sys`. For example, if your Bicep file includes a variable named `description`, you must add the sys namespace when using the **description** decorator. ++### Description ++To add explanation, add a description to function declaration. For example: ++```bicep +@description('The say hello function.') +func sayHelloString(name string) string => 'Hi ${name}!' +``` ++Markdown-formatted text can be used for the description text. ++### Export ++Use `@export()` to share the function with other Bicep files. For more information, see [Export variables, types, and functions](./bicep-import.md#export-variables-types-and-functions). + ## Next steps * To learn about the Bicep file structure and syntax, see [Understand the structure and syntax of Bicep files](./file.md). |
azure-resource-manager | Variables | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/bicep/variables.md | Title: Variables in Bicep description: Describes how to define variables in Bicep Previously updated : 03/20/2024 Last updated : 08/20/2024 # Variables in Bicep This article describes how to define and use variables in your Bicep file. You u Resource Manager resolves variables before starting the deployment operations. Wherever the variable is used in the Bicep file, Resource Manager replaces it with the resolved value. -You are limited to 256 variables in a Bicep file. For more information, see [Template limits](../templates/best-practices.md#template-limits). +You're limited to 256 variables in a Bicep file. For more information, see [Template limits](../templates/best-practices.md#template-limits). -## Define variable +## Define variables The syntax for defining a variable is: ```bicep+@<decorator>(<argument>) var <variable-name> = <variable-value> ``` The output returns an array with the following values: For more information about the types of loops you can use with variables, see [Iterative loops in Bicep](loops.md). -## Use variable +## Use decorators ++Decorators are written in the format `@expression` and are placed above variable declarations. The following table shows the available decorators for variables. ++| Decorator | Argument | Description | +| | -- | - | +| [description](#description) | string | Provide descriptions for the variable. | +| [export](#export) | none | Indicates that the variable is available for import by another Bicep file. | ++Decorators are in the [sys namespace](bicep-functions.md#namespaces-for-functions). If you need to differentiate a decorator from another item with the same name, preface the decorator with `sys`. For example, if your Bicep file includes a variable named `description`, you must add the sys namespace when using the **description** decorator. ++### Description ++To add explanation, add a description to variable declaration. For example: ++```bicep +@description('Create a unique storage account name.') +var storageAccountName = uniqueString(resourceGroup().id) +``` ++Markdown-formatted text can be used for the description text. ++### Export ++Use `@export()` to share the variable with other Bicep files. For more information, see [Export variables, types, and functions](./bicep-import.md#export-variables-types-and-functions). ++## Use variables The following example shows how to use the variable for a resource property. You reference the value for the variable by providing the variable's name: `storageName`. |
azure-resource-manager | Azure Services Resource Providers | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/management/azure-services-resource-providers.md | The resource providers for compute services are: | Microsoft.AVS | [Azure VMware Solution](../../azure-vmware/index.yml) | | Microsoft.Batch | [Batch](../../batch/index.yml) | | Microsoft.ClassicCompute | Classic deployment model virtual machine |-| Microsoft.Compute | [Virtual Machines](../../virtual-machines/index.yml)<br />[Virtual Machine Scale Sets](../../virtual-machine-scale-sets/index.yml) | +| Microsoft.Compute | [Virtual Machines](/azure/virtual-machines/)<br />[Virtual Machine Scale Sets](/azure/virtual-machine-scale-sets/) | | Microsoft.DesktopVirtualization | [Azure Virtual Desktop](../../virtual-desktop/index.yml) | | Microsoft.DevTestLab | [Azure Lab Services](../../lab-services/index.yml) |-| Microsoft.HanaOnAzure | [SAP HANA on Azure Large Instances](../../virtual-machines/workloads/sap/hana-overview-architecture.md) | +| Microsoft.HanaOnAzure | [SAP HANA on Azure Large Instances](/azure/virtual-machines/workloads/sap/hana-overview-architecture) | | Microsoft.LabServices | [Azure Lab Services](../../lab-services/index.yml) |-| Microsoft.Maintenance | [Azure Maintenance](../../virtual-machines/maintenance-configurations.md) | +| Microsoft.Maintenance | [Azure Maintenance](/azure/virtual-machines/maintenance-configurations) | | Microsoft.Microservices4Spring | [Azure Spring Apps](../../spring-apps/enterprise/overview.md) | | Microsoft.Quantum | [Azure Quantum](https://azure.microsoft.com/services/quantum/) | | Microsoft.SerialConsole - [registered by default](#registration) | [Azure Serial Console for Windows](/troubleshoot/azure/virtual-machines/serial-console-windows) |-| Microsoft.ServiceFabric | [Service Fabric](../../service-fabric/index.yml) | -| Microsoft.VirtualMachineImages | [Azure Image Builder](../../virtual-machines/image-builder-overview.md) | +| Microsoft.ServiceFabric | [Service Fabric](/azure/service-fabric/) | +| Microsoft.VirtualMachineImages | [Azure Image Builder](/azure/virtual-machines/image-builder-overview) | | Microsoft.VMware | [Azure VMware Solution](../../azure-vmware/index.yml) | | Microsoft.VMwareCloudSimple | [Azure VMware Solution by CloudSimple](../../vmware-cloudsimple/index.md) | The resource providers for container services are: | Resource provider namespace | Azure service | | | - | | Microsoft.App | [Azure Container Apps](../../container-apps/index.yml) |-| Microsoft.ContainerInstance | [Container Instances](../../container-instances/index.yml) | +| Microsoft.ContainerInstance | [Container Instances](/azure/container-instances/) | | Microsoft.ContainerRegistry | [Container Registry](../../container-registry/index.yml) | | Microsoft.ContainerService | [Azure Kubernetes Service (AKS)](/azure/aks/) |-| Microsoft.RedHatOpenShift | [Azure Red Hat OpenShift](../../virtual-machines/linux/openshift-get-started.md) | +| Microsoft.RedHatOpenShift | [Azure Red Hat OpenShift](/azure/virtual-machines/linux/openshift-get-started) | ## Core resource providers |
azure-resource-manager | Azure Subscription Service Limits | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/management/azure-subscription-service-limits.md | The maximum number of private endpoints per Azure SQL Database logical server is [!INCLUDE [azure-storage-limits-vm-disks](~/reusable-content/ce-skilling/azure/includes/azure-storage-limits-vm-disks.md)] -For more information, see [Virtual machine sizes](../../virtual-machines/sizes.md?toc=%2fazure%2fvirtual-machines%2flinux%2ftoc.json). +For more information, see [Virtual machine sizes](/azure/virtual-machines/sizes?toc=%2fazure%2fvirtual-machines%2flinux%2ftoc.json). [!INCLUDE [azure-storage-limits-vm-apps](../../../includes/azure-storage-limits-vm-apps.md)] -For more information, see [VM Applications](../../virtual-machines/vm-applications.md). +For more information, see [VM Applications](/azure/virtual-machines/vm-applications). #### Disk encryption sets There's a limitation of 1000 disk encryption sets per region, per subscription. For more information, see the encryption documentation for-[Linux](../../virtual-machines/disk-encryption.md#restrictions) or -[Windows](../../virtual-machines/disk-encryption.md#restrictions) virtual machines. If you +[Linux](/azure/virtual-machines/disk-encryption#restrictions) or +[Windows](/azure/virtual-machines/disk-encryption#restrictions) virtual machines. If you need to increase the quota, contact Azure support. ### Managed virtual machine disks The maximum number of allowed Managed Run Commands is currently limited to 25. ## See also * [Understand Azure limits and increases](https://azure.microsoft.com/blog/azure-limits-quotas-increase-requests/)-* [Virtual machine and cloud service sizes for Azure](../../virtual-machines/sizes.md?toc=%2fazure%2fvirtual-machines%2flinux%2ftoc.json) +* [Virtual machine and cloud service sizes for Azure](/azure/virtual-machines/sizes?toc=%2fazure%2fvirtual-machines%2flinux%2ftoc.json) * [Sizes for Azure Cloud Services](../../cloud-services/cloud-services-sizes-specs.md) * [Naming rules and restrictions for Azure resources](resource-name-rules.md) |
azure-resource-manager | Deployment Models | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/management/deployment-models.md | To learn about connecting virtual networks from different deployment models, see If you're ready to migrate your resources from classic deployment to Resource Manager deployment, see: -1. [Technical deep dive on platform-supported migration from classic to Azure Resource Manager](../../virtual-machines/migration-classic-resource-manager-deep-dive.md) -2. [Platform supported migration of IaaS resources from Classic to Azure Resource Manager](../../virtual-machines/migration-classic-resource-manager-overview.md) -3. [Migrate IaaS resources from classic to Azure Resource Manager by using Azure PowerShell](../../virtual-machines/migration-classic-resource-manager-ps.md) -4. [Migrate IaaS resources from classic to Azure Resource Manager by using Azure CLI](../../virtual-machines/migration-classic-resource-manager-cli.md) +1. [Technical deep dive on platform-supported migration from classic to Azure Resource Manager](/azure/virtual-machines/migration-classic-resource-manager-deep-dive) +2. [Platform supported migration of IaaS resources from Classic to Azure Resource Manager](/azure/virtual-machines/migration-classic-resource-manager-overview) +3. [Migrate IaaS resources from classic to Azure Resource Manager by using Azure PowerShell](/azure/virtual-machines/migration-classic-resource-manager-ps) +4. [Migrate IaaS resources from classic to Azure Resource Manager by using Azure CLI](/azure/virtual-machines/migration-classic-resource-manager-cli) ## Frequently asked questions |
azure-resource-manager | Virtual Machines Move Limitations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/management/move-limitations/virtual-machines-move-limitations.md | The following scenarios aren't yet supported: * Virtual machines created from Marketplace resources with plans attached can't be moved across subscriptions. For a potential workaround, see [Virtual machines with Marketplace plans](#virtual-machines-with-marketplace-plans). * Low-priority virtual machines and low-priority virtual machine scale sets can't be moved across resource groups or subscriptions. * Virtual machines in an availability set can't be moved individually.-* Virtual machines using scheduled patching can't be moved across resource groups or subscriptions. For a potential workaround, see [Managing VM updates with Maintenance Configurations](../../../virtual-machines/maintenance-configurations.md#guest) +* Virtual machines using scheduled patching can't be moved across resource groups or subscriptions. For a potential workaround, see [Managing VM updates with Maintenance Configurations](/azure/virtual-machines/maintenance-configurations#guest) ## Azure disk encryption -A virtual machine that is integrated with a key vault to implement [Azure Disk Encryption for Linux VMs](../../../virtual-machines/linux/disk-encryption-overview.md) or [Azure Disk Encryption for Windows VMs](../../../virtual-machines/windows/disk-encryption-overview.md) can be moved to another resource group when it is in deallocated state. +A virtual machine that is integrated with a key vault to implement [Azure Disk Encryption for Linux VMs](/azure/virtual-machines/linux/disk-encryption-overview) or [Azure Disk Encryption for Windows VMs](/azure/virtual-machines/windows/disk-encryption-overview) can be moved to another resource group when it is in deallocated state. However, to move such virtual machine to another subscription, you must disable encryption. Virtual machines created from Marketplace resources with plans attached can't be Or, you can create a new instance of a virtual machine with the plan through the portal. You can delete the virtual machine after accepting the terms in the new subscription. -1. In the destination subscription, recreate the virtual machine from the cloned OS disk using PowerShell, CLI, or an Azure Resource Manager template. Include the marketplace plan that's attached to the disk. The information about the plan should match the plan you purchased in the new subscription. For more information, see [Create the VM](../../../virtual-machines/marketplace-images.md#create-the-vm). +1. In the destination subscription, recreate the virtual machine from the cloned OS disk using PowerShell, CLI, or an Azure Resource Manager template. Include the marketplace plan that's attached to the disk. The information about the plan should match the plan you purchased in the new subscription. For more information, see [Create the VM](/azure/virtual-machines/marketplace-images#create-the-vm). -For more information, see [Move a Marketplace Azure Virtual Machine to another subscription](../../../virtual-machines/azure-cli-change-subscription-marketplace.md). +For more information, see [Move a Marketplace Azure Virtual Machine to another subscription](/azure/virtual-machines/azure-cli-change-subscription-marketplace). ## Virtual machines with Azure Backup |
azure-resource-manager | Best Practices | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/templates/best-practices.md | The following information can be helpful when you work with [resources](./syntax For more information about connecting to virtual machines, see: * [What is Azure Bastion?](../../bastion/bastion-overview.md)- * [How to connect and sign on to an Azure virtual machine running Windows](../../virtual-machines/windows/connect-rdp.yml) - * [Setting up WinRM access for Virtual Machines in Azure Resource Manager](../../virtual-machines/windows/connect-winrm.md) - * [Connect to a Linux VM](../../virtual-machines/linux-vm-connect.md) + * [How to connect and sign on to an Azure virtual machine running Windows](/azure/virtual-machines/windows/connect-rdp) + * [Setting up WinRM access for Virtual Machines in Azure Resource Manager](/azure/virtual-machines/windows/connect-winrm) + * [Connect to a Linux VM](/azure/virtual-machines/linux-vm-connect) * The `domainNameLabel` property for public IP addresses must be unique. The `domainNameLabel` value must be between 3 and 63 characters long, and follow the rules specified by this regular expression: `^[a-z][a-z0-9-]{1,61}[a-z0-9]$`. Because the `uniqueString` function generates a string that is 13 characters long, the `dnsPrefixString` parameter is limited to 50 characters. |
azure-resource-manager | Deploy Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/templates/deploy-cli.md | az deployment group create \ --parameters exampleString=@stringContent.txt exampleArray=@arrayContent.json ``` -Getting a parameter value from a file is helpful when you need to provide configuration values. For example, you can provide [cloud-init values for a Linux virtual machine](../../virtual-machines/linux/using-cloud-init.md). +Getting a parameter value from a file is helpful when you need to provide configuration values. For example, you can provide [cloud-init values for a Linux virtual machine](/azure/virtual-machines/linux/using-cloud-init). The _arrayContent.json_ format is: |
azure-resource-manager | Deploy Powershell | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/templates/deploy-powershell.md | New-AzResourceGroupDeployment -ResourceGroupName testgroup ` -exampleArray $arrayParam ``` -Getting a parameter value from a file is helpful when you need to provide configuration values. For example, you can provide [cloud-init values for a Linux virtual machine](../../virtual-machines/linux/using-cloud-init.md). +Getting a parameter value from a file is helpful when you need to provide configuration values. For example, you can provide [cloud-init values for a Linux virtual machine](/azure/virtual-machines/linux/using-cloud-init). If you need to pass in an array of objects, create hash tables in PowerShell and add them to an array. Pass that array as a parameter during deployment. |
azure-resource-manager | Deployment Script Template Configure Dev | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/templates/deployment-script-template-configure-dev.md | ms.devlang: azurecli # Configure development environment for deployment scripts in ARM templates -Learn how to create a development environment for developing and testing ARM template deployment scripts with a deployment script image. You can either create an [Azure container instance](../../container-instances/container-instances-overview.md) or use [Docker](https://docs.docker.com/get-docker/). Both options are covered in this article. +Learn how to create a development environment for developing and testing ARM template deployment scripts with a deployment script image. You can either create an [Azure container instance](/azure/container-instances/container-instances-overview) or use [Docker](https://docs.docker.com/get-docker/). Both options are covered in this article. ## Prerequisites |
azure-resource-manager | Deployment Script Template | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/templates/deployment-script-template.md | The benefits of deployment script: - Allow passing command-line arguments to the script. - Can specify script outputs and pass them back to the deployment. -The deployment script resource is only available in the regions where Azure Container Instance is available. See [Resource availability for Azure Container Instances in Azure regions](../../container-instances/container-instances-region-availability.md). Currently, deployment script only uses public networking. +The deployment script resource is only available in the regions where Azure Container Instance is available. See [Resource availability for Azure Container Instances in Azure regions](/azure/container-instances/container-instances-region-availability). Currently, deployment script only uses public networking. > [!IMPORTANT] > The deployment script service requires two supporting resources for script execution and troubleshooting: a storage account and a container instance. You can specify an existing storage account, otherwise the script service creates one for you. The two automatically-created supporting resources are usually deleted by the script service when the deployment script execution gets in a terminal state. You are billed for the supporting resources until they are deleted. For the price information, see [Container Instances pricing](https://azure.microsoft.com/pricing/details/container-instances/) and [Azure Storage pricing](https://azure.microsoft.com/pricing/details/storage/). To learn more, see [Clean-up deployment script resources](#clean-up-deployment-script-resources). For more information about using `AZ_SCRIPTS_OUTPUT_PATH`, see [Work with output ### Pass secured strings to deployment script -Setting environment variables (EnvironmentVariable) in your container instances allows you to provide dynamic configuration of the application or script run by the container. Deployment script handles nonsecured and secured environment variables in the same way as Azure Container Instance. For more information, see [Set environment variables in container instances](../../container-instances/container-instances-environment-variables.md#secure-values). For an example, see [Sample templates](#sample-templates). +Setting environment variables (EnvironmentVariable) in your container instances allows you to provide dynamic configuration of the application or script run by the container. Deployment script handles nonsecured and secured environment variables in the same way as Azure Container Instance. For more information, see [Set environment variables in container instances](/azure/container-instances/container-instances-environment-variables#secure-values). For an example, see [Sample templates](#sample-templates). The max allowed size for environment variables is 64 KB. ## Monitor and troubleshoot deployment scripts -The script service creates a [storage account](../../storage/common/storage-account-overview.md) (unless you specify an existing storage account) and a [container instance](../../container-instances/container-instances-overview.md) for script execution. If these resources are automatically created by the script service, both resources have the `azscripts` suffix in the resource names. +The script service creates a [storage account](../../storage/common/storage-account-overview.md) (unless you specify an existing storage account) and a [container instance](/azure/container-instances/container-instances-overview) for script execution. If these resources are automatically created by the script service, both resources have the `azscripts` suffix in the resource names. :::image type="content" source="./media/deployment-script-template/resource-manager-template-deployment-script-resources.png" alt-text="Screenshot of Resource Manager template deployment script resource names."::: After the script is tested successfully, you can use it as a deployment script i | DeploymentScriptExecutionFailed | Unknown error during the deployment script execution. | | DeploymentScriptContainerInstancesServiceUnavailable | When creating the Azure container instance (ACI), ACI threw a service unavailable error. | | DeploymentScriptContainerGroupInNonterminalState | When creating the Azure container instance (ACI), another deployment script is using the same ACI name in the same scope (same subscription, resource group name, and resource name). |-| DeploymentScriptContainerGroupNameInvalid | The Azure container instance name (ACI) specified doesn't meet the ACI requirements. See [Troubleshoot common issues in Azure Container Instances](../../container-instances/container-instances-troubleshooting.md#issues-during-container-group-deployment).| +| DeploymentScriptContainerGroupNameInvalid | The Azure container instance name (ACI) specified doesn't meet the ACI requirements. See [Troubleshoot common issues in Azure Container Instances](/azure/container-instances/container-instances-troubleshooting#issues-during-container-group-deployment).| ## Use Microsoft Graph within a deployment script |
azure-resource-manager | Resource Extensions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/templates/resource-extensions.md | Last updated 06/23/2023 # Post-deployment configurations by using extensions -Azure Resource Manager template (ARM template) extensions are small applications that provide post-deployment configuration and automation tasks on Azure resources. The most popular one is virtual machine extensions. See [Virtual machine extensions and features for Windows](../../virtual-machines/extensions/features-windows.md), and [Virtual machine extensions and features for Linux](../../virtual-machines/extensions/features-linux.md). +Azure Resource Manager template (ARM template) extensions are small applications that provide post-deployment configuration and automation tasks on Azure resources. The most popular one is virtual machine extensions. See [Virtual machine extensions and features for Windows](/azure/virtual-machines/extensions/features-windows), and [Virtual machine extensions and features for Linux](/azure/virtual-machines/extensions/features-linux). ## Extensions |
azure-resource-manager | Template Cloud Consistency | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/templates/template-cloud-consistency.md | In contrast, to specify a managed disk configuration in a template, remove the ` } ``` -The same changes also apply [data disks](../../virtual-machines/using-managed-disks-template-deployments.md). +The same changes also apply [data disks](/azure/virtual-machines/using-managed-disks-template-deployments). ### Verify that VM extensions are available in Azure Stack -Another consideration for cloud consistency is the use of [virtual machine extensions](../../virtual-machines/extensions/features-windows.md) to configure the resources inside a VM. Not all VM extensions are available in Azure Stack. A template can specify the resources dedicated to the VM extension, creating dependencies and conditions within the template. +Another consideration for cloud consistency is the use of [virtual machine extensions](/azure/virtual-machines/extensions/features-windows) to configure the resources inside a VM. Not all VM extensions are available in Azure Stack. A template can specify the resources dedicated to the VM extension, creating dependencies and conditions within the template. For example, if you want to configure a VM running Microsoft SQL Server, the VM extension can configure SQL Server as part the template deployment. Consider what happens if the deployment template also contains an application server configured to create a database on the VM running SQL Server. Besides also using a VM extension for the application servers, you can configure the dependency of the application server on the successful return of the SQL Server VM extension resource. This approach ensures the VM running SQL Server is configured and available when the application server is instructed to create the database. |
azure-resource-manager | Template Test Cases | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/templates/template-test-cases.md | Test name: **CommandToExecute Must Use ProtectedSettings For Secrets** For resources with type `CustomScript`, use the encrypted `protectedSettings` when `commandToExecute` includes secret data such as a password. For example, secret data can be used in secure parameters of type `secureString` or `secureObject`, [list*](template-functions-resource.md#list) functions such as `listKeys`, or custom scripts. Don't use secret data in the `settings` object because it uses clear text. For more information, see [Microsoft.Compute virtualMachines/extensions](/azure/templates/microsoft.compute/virtualmachines/extensions), [Windows](-/azure/virtual-machines/extensions/custom-script-windows), or [Linux](../../virtual-machines/extensions/custom-script-linux.md). +/azure/virtual-machines/extensions/custom-script-windows), or [Linux](/azure/virtual-machines/extensions/custom-script-linux). In Bicep, use [Linter rule - use protectedSettings for commandToExecute secrets](../bicep/linter-rule-protect-commandtoexecute-secrets.md). |
azure-resource-manager | Template Tutorial Deploy Vm Extensions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/templates/template-tutorial-deploy-vm-extensions.md | -Learn how to use [Azure virtual machine extensions](../../virtual-machines/extensions/features-windows.md) to perform post-deployment configuration and automation tasks on Azure VMs. Many different VM extensions are available for use with Azure VMs. In this tutorial, you deploy a Custom Script extension from an Azure Resource Manager template (ARM template) to run a PowerShell script on a Windows VM. The script installs Web Server on the VM. +Learn how to use [Azure virtual machine extensions](/azure/virtual-machines/extensions/features-windows) to perform post-deployment configuration and automation tasks on Azure VMs. Many different VM extensions are available for use with Azure VMs. In this tutorial, you deploy a Custom Script extension from an Azure Resource Manager template (ARM template) to run a PowerShell script on a Windows VM. The script installs Web Server on the VM. This tutorial covers the following tasks: |
azure-resource-manager | Template Tutorial Use Key Vault | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/templates/template-tutorial-use-key-vault.md | To complete this article, you need: To learn more, run `man openssl rand` to open the manual page. - Verify that the generated password meets the VM password requirements. Each Azure service has specific password requirements. For the VM password requirements, see [What are the password requirements when you create a VM?](../../virtual-machines/windows/faq.yml#what-are-the-password-requirements-when-creating-a-vm-). + Verify that the generated password meets the VM password requirements. Each Azure service has specific password requirements. For the VM password requirements, see [What are the password requirements when you create a VM?](/azure/virtual-machines/windows/faq#what-are-the-password-requirements-when-creating-a-vm-). ## Prepare a key vault |
azure-resource-manager | Common Deployment Errors | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/troubleshooting/common-deployment-errors.md | If your error code isn't listed, submit a GitHub issue. On the right side of the | AllocationFailed | The cluster or region doesn't have resources available or can't support the requested VM size. Retry the request at a later time, or request a different VM size. | [Provisioning and allocation issues for Linux](/troubleshoot/azure/virtual-machines/troubleshoot-deployment-new-vm-linux) <br><br> [Provisioning and allocation issues for Windows](/troubleshoot/azure/virtual-machines/troubleshoot-deployment-new-vm-windows) <br><br> [Troubleshoot allocation failures](/troubleshoot/azure/virtual-machines/allocation-failure)| | AnotherOperationInProgress | Wait for concurrent operation to complete. | | | AuthorizationFailed | Your account or service principal doesn't have sufficient access to complete the deployment. Check the role your account belongs to, and its access for the deployment scope.<br><br>You might receive this error when a required resource provider isn't registered. | [Azure role-based access control (Azure RBAC)](../../role-based-access-control/role-assignments-portal.yml)<br><br>[Resolve registration](error-register-resource-provider.md) |-| BadRequest | You sent deployment values that don't match what is expected by Resource Manager. Check the inner status message for help with troubleshooting. <br><br> Validate the template's syntax to resolve deployment errors when using a template that was exported from an existing Azure resource. | [Template reference](/azure/templates/) <br><br> [Resource location in ARM template](../templates/resource-location.md) <br><br> [Resource location in Bicep file](../bicep/resource-declaration.md#location) <br><br> [Resolve invalid template](error-invalid-template.md)| +| BadRequest | You sent deployment values that don't match what is expected by Resource Manager. Check the inner status message for help with troubleshooting. <br><br> Validate the template's syntax to resolve deployment errors when using a template that was exported from an existing Azure resource. | [Template reference](/azure/templates/) <br><br> [Resource location in ARM template](../templates/resource-location.md) <br><br> [Resource location in Bicep file](../bicep/resource-declaration.md#resource-location) <br><br> [Resolve invalid template](error-invalid-template.md)| | Conflict | You're requesting an operation that isn't allowed in the resource's current state. For example, disk resizing is allowed only when creating a VM or when the VM is deallocated. | | | DeploymentActiveAndUneditable | Wait for concurrent deployment to this resource group to complete. | | | DeploymentFailedCleanUp | When you deploy in complete mode, any resources that aren't in the template are deleted. You get this error when you don't have adequate permissions to delete all of the resources not in the template. To avoid the error, change the deployment mode to incremental. | [Azure Resource Manager deployment modes](../templates/deployment-modes.md) | If your error code isn't listed, submit a GitHub issue. On the right side of the | JobSizeExceeded | Simplify your template to reduce size. | [Resolve template size errors](error-job-size-exceeded.md) | | LinkedAuthorizationFailed | Check if your account belongs to the same tenant as the resource group that you're deploying to. | | | LinkedInvalidPropertyId | The resource ID for a resource isn't resolved. Check that you provided all required values for the resource ID. For example, subscription ID, resource group name, resource type, parent resource name (if needed), and resource name. | [Resolve errors for resource name and type](../troubleshooting/error-invalid-name-segments.md) |-| LocationRequired | Provide a location for the resource. | [Resource location in ARM template](../templates/resource-location.md) <br><br> [Resource location in Bicep file](../bicep/resource-declaration.md#location) | +| LocationRequired | Provide a location for the resource. | [Resource location in ARM template](../templates/resource-location.md) <br><br> [Resource location in Bicep file](../bicep/resource-declaration.md#resource-location) | | MismatchingResourceSegments | Make sure a nested resource has the correct number of segments in name and type. | [Resolve resource segments](error-invalid-template.md#incorrect-segment-lengths) | | MissingRegistrationForLocation | Check resource provider registration status and supported locations. | [Resolve registration](error-register-resource-provider.md) | | MissingSubscriptionRegistration | Register your subscription with the resource provider. | [Resolve registration](error-register-resource-provider.md) | If your error code isn't listed, submit a GitHub issue. On the right side of the | StorageAccountAlreadyTaken <br> StorageAccountAlreadyExists | Provide a unique name for the storage account. | [Resolve errors for storage account names](error-storage-account-name.md) | | StorageAccountInAnotherResourceGroup | Provide a unique name for the storage account. | [Resolve errors for storage account names](error-storage-account-name.md) | | StorageAccountNotFound | Check the subscription, resource group, and name of the storage account that you're trying to use. | |-| SubnetsNotInSameVnet | A virtual machine can only have one virtual network. When deploying several NICs, make sure they belong to the same virtual network. | [Windows VM multiple NICs](../../virtual-machines/windows/multiple-nics.md) <br><br> [Linux VM multiple NICs](../../virtual-machines/linux/multiple-nics.md) | +| SubnetsNotInSameVnet | A virtual machine can only have one virtual network. When deploying several NICs, make sure they belong to the same virtual network. | [Windows VM multiple NICs](/azure/virtual-machines/windows/multiple-nics) <br><br> [Linux VM multiple NICs](/azure/virtual-machines/linux/multiple-nics) | | SubnetIsFull | There aren't enough available addresses in the subnet to deploy resources. You can release addresses from the subnet, use a different subnet, or create a new subnet. | [Manage subnets](../../virtual-network/virtual-network-manage-subnet.md) and [Virtual network FAQ](../../virtual-network/virtual-networks-faq.md#are-there-any-restrictions-on-using-ip-addresses-within-these-subnets) <br><br> [Private IP addresses](../../virtual-network/ip-services/private-ip-addresses.md) | | SubscriptionNotFound | A specified subscription for deployment can't be accessed. It could be the subscription ID is wrong, the user deploying the template doesn't have adequate permissions to deploy to the subscription, or the subscription ID is in the wrong format. When using ARM template nested deployments to deploy across scopes, provide the subscription's GUID. | [ARM template deploy across scopes](../templates/deploy-to-resource-group.md) <br><br> [Bicep file deploy across scopes](../bicep/deploy-to-resource-group.md) | | SubscriptionNotRegistered | When a resource is deployed, the resource provider must be registered for your subscription. When you use an Azure Resource Manager template for deployment, the resource provider is automatically registered in the subscription. Sometimes, the automatic registration doesn't complete in time. To avoid this intermittent error, register the resource provider before deployment. | [Resolve registration](error-register-resource-provider.md) | |
azure-resource-manager | Error Sku Not Available | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/troubleshooting/error-sku-not-available.md | Please try another size or deploy to a different location or zones. You receive this error in the following scenarios: - When the resource SKU you've selected, such as VM size, isn't available for a location or zone.-- If you're deploying an Azure Spot VM or Spot scale set instance, and there isn't any capacity for Azure Spot in this location. For more information, see [Spot error messages](../../virtual-machines/error-codes-spot.md).+- If you're deploying an Azure Spot VM or Spot scale set instance, and there isn't any capacity for Azure Spot in this location. For more information, see [Spot error messages](/azure/virtual-machines/error-codes-spot). ## Solution |
azure-sql-edge | Backup Restore | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/backup-restore.md | description: Learn about backup and restore capabilities in Azure SQL Edge. Last updated 09/14/2023-+ |
azure-sql-edge | Configure Replication | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/configure-replication.md | description: Learn about configuring replication to Azure SQL Edge. Last updated 09/14/2023-+ # Configure replication to Azure SQL Edge |
azure-sql-edge | Configure | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/configure.md | description: Learn about configuring Azure SQL Edge. Last updated 09/14/2023-+ |
azure-sql-edge | Connect | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/connect.md | description: Learn how to connect to and query Azure SQL Edge. Last updated 09/14/2023-+ # Connect and query Azure SQL Edge |
azure-sql-edge | Create External Stream Transact Sql | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/create-external-stream-transact-sql.md | description: Learn about the CREATE EXTERNAL STREAM statement in Azure SQL Edge Last updated 09/14/2023-+ # CREATE EXTERNAL STREAM (Transact-SQL) |
azure-sql-edge | Create Stream Analytics Job | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/create-stream-analytics-job.md | description: Learn about creating Stream Analytics jobs in Azure SQL Edge. Last updated 09/14/2023-+ # Create a data streaming job in Azure SQL Edge |
azure-sql-edge | Data Retention Cleanup | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/data-retention-cleanup.md | description: Learn how to manage historical data with retention policy in Azure Last updated 09/14/2023-+ keywords: - SQL Edge |
azure-sql-edge | Data Retention Enable Disable | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/data-retention-enable-disable.md | description: Learn how to enable and disable data retention policies in Azure SQ Last updated 09/14/2023-+ keywords: - SQL Edge |
azure-sql-edge | Data Retention Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/data-retention-overview.md | description: Learn about the data retention policy in Azure SQL Edge Last updated 09/14/2023-+ keywords: - SQL Edge |
azure-sql-edge | Date Bucket Tsql | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/date-bucket-tsql.md | description: Learn about using DATE_BUCKET in Azure SQL Edge Last updated 09/14/2023-+ keywords: - DATE_BUCKET |
azure-sql-edge | Deploy Dacpac | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/deploy-dacpac.md | description: Learn about using DACPACs and BACPACs in Azure SQL Edge Last updated 09/14/2023-+ keywords: - SQL Edge |
azure-sql-edge | Deploy Kubernetes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/deploy-kubernetes.md | description: Learn about deploying an Azure SQL Edge container in Kubernetes Last updated 09/14/2023-+ keywords: - SQL Edge |
azure-sql-edge | Deploy Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/deploy-portal.md | |
azure-sql-edge | Disconnected Deployment | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/disconnected-deployment.md | description: Learn about deploying Azure SQL Edge with Docker Last updated 09/14/2023-+ keywords: |
azure-sql-edge | Drop External Stream Transact Sql | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/drop-external-stream-transact-sql.md | description: Learn about the DROP EXTERNAL STREAM statement in Azure SQL Edge Last updated 09/14/2023-+ # DROP EXTERNAL STREAM (Transact-SQL) |
azure-sql-edge | Features | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/features.md | description: Learn about details of features supported by Azure SQL Edge. Last updated 09/14/2023-+ keywords: - introduction to SQL Edge |
azure-sql-edge | High Availability Sql Edge Containers | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/high-availability-sql-edge-containers.md | description: Learn about high availability for Azure SQL Edge containers Last updated 09/14/2023-+ keywords: - SQL Edge |
azure-sql-edge | Imputing Missing Values | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/imputing-missing-values.md | description: Learn about filling time gaps and imputing missing values in Azure Last updated 09/14/2023-+ keywords: - SQL Edge |
azure-sql-edge | Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/overview.md | description: Learn about Azure SQL Edge Last updated 09/14/2023-+ keywords: - introduction to SQL Edge |
azure-sql-edge | Performance Best Practices | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/performance-best-practices.md | description: Learn about performance best practices and configuration guidelines Last updated 09/14/2023-+ keywords: - SQL Edge |
azure-sql-edge | Release Notes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/release-notes.md | |
azure-sql-edge | Resources Partners Security | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/resources-partners-security.md | |
azure-sql-edge | Security Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/security-overview.md | description: Learn about security in Azure SQL Edge Last updated 09/14/2023-+ keywords: - SQL Edge |
azure-sql-edge | Stream Data | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/stream-data.md | description: Learn about data streaming in Azure SQL Edge. Last updated 09/14/2023-+ # Data streaming in Azure SQL Edge |
azure-sql-edge | Streaming Catalog Views | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/streaming-catalog-views.md | description: Learn about the available streaming catalog views and dynamic manag Last updated 09/14/2023-+ keywords: - sys.external_streams |
azure-sql-edge | Sys External Job Streams | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/sys-external-job-streams.md | description: Learn about using sys.external_job_streams in Azure SQL Edge Last updated 09/14/2023-+ keywords: - sys.external_job_streams |
azure-sql-edge | Sys External Streaming Jobs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/sys-external-streaming-jobs.md | description: sys.external_streaming_jobs returns a row for each external streami Last updated 09/14/2023-+ keywords: - sys.external_streaming_jobs |
azure-sql-edge | Sys External Streams | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/sys-external-streams.md | description: sys.external_streams returns a row for each external stream object Last updated 09/14/2023-+ keywords: - sys.external_streams |
azure-sql-edge | Sys Sp Cleanup Data Retention | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/sys-sp-cleanup-data-retention.md | description: sys.sp_cleanup_data_retention performs cleanup of obsolete records Last updated 09/14/2023-+ keywords: - sys.sp_cleanup_data_retention (Transact-SQL) |
azure-sql-edge | Track Data Changes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/track-data-changes.md | description: Learn about change tracking and change data capture in Azure SQL Ed Last updated 09/14/2023-+ # Track data changes in Azure SQL Edge |
azure-sql-edge | Troubleshoot | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/troubleshoot.md | description: Learn about possible errors when deploying Azure SQL Edge Last updated 09/14/2023-+ keywords: - SQL Edge |
azure-sql-edge | Tutorial Deploy Azure Resources | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/tutorial-deploy-azure-resources.md | |
azure-sql-edge | Tutorial Renewable Energy Demo | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/tutorial-renewable-energy-demo.md | |
azure-sql-edge | Tutorial Run Ml Model On Sql Edge | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/tutorial-run-ml-model-on-sql-edge.md | |
azure-sql-edge | Tutorial Set Up Iot Edge Modules | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/tutorial-set-up-iot-edge-modules.md | |
azure-sql-edge | Tutorial Sync Data Factory | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/tutorial-sync-data-factory.md | description: Learn about syncing data between Azure SQL Edge and Azure Blob stor Last updated 09/14/2023-+ keywords: - SQL Edge |
azure-sql-edge | Tutorial Sync Data Sync | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/tutorial-sync-data-sync.md | description: Learn about syncing data from Azure SQL Edge by using Azure SQL Dat Last updated 09/14/2023-+ keywords: - SQL Edge |
azure-sql-edge | Usage And Diagnostics Data Configuration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/usage-and-diagnostics-data-configuration.md | description: Learn how to configure usage and diagnostics data in Azure SQL Edge Last updated 09/14/2023-+ # Azure SQL Edge usage and diagnostics data configuration |
azure-vmware | Bitnami Appliances Deployment | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-vmware/bitnami-appliances-deployment.md | In this article, learn how to install and configure the following virtual applia 1. Copy the vCenter Server URL, username, and password. You'll use them to access your virtual machine (VM). -1. Select **Overview**, select the VM, and then connect to it through RDP. If you need help with connecting, see [connect to a virtual machine](../virtual-machines/windows/connect-logon.md#connect-to-the-virtual-machine) for details. +1. Select **Overview**, select the VM, and then connect to it through RDP. If you need help with connecting, see [connect to a virtual machine](/azure/virtual-machines/windows/connect-logon#connect-to-the-virtual-machine) for details. 1. In the VM, open a browser and navigate to the vCenter URL. |
azure-vmware | Deploy Azure Vmware Solution | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-vmware/deploy-azure-vmware-solution.md | In the planning phase, you defined whether to use an *existing* or *new* Express Ensure connectivity between the Azure Virtual Network where the ExpressRoute terminates and the Azure VMware Solution private cloud. -1. Use a [virtual machine](../virtual-machines/windows/quick-create-portal.md#create-virtual-machine) within the Azure Virtual Network where the Azure VMware Solution ExpressRoute terminates. For more information, see [Connect to Azure Virtual Network with ExpressRoute](#connect-to-azure-virtual-network-with-expressroute). +1. Use a [virtual machine](/azure/virtual-machines/windows/quick-create-portal#create-virtual-machine) within the Azure Virtual Network where the Azure VMware Solution ExpressRoute terminates. For more information, see [Connect to Azure Virtual Network with ExpressRoute](#connect-to-azure-virtual-network-with-expressroute). 1. Sign in to the Azure [portal](https://portal.azure.com). |
azure-vmware | Remove Arc Enabled Azure Vmware Solution Vsphere Resources From Azure | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-vmware/remove-arc-enabled-azure-vmware-solution-vsphere-resources-from-azure.md | -> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). +> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). In this article, learn how to cleanly remove your VMware vCenter environment from Azure Arc-enabled VMware vSphere. For VMware vSphere environments that you no longer want to manage with Azure Arc-enabled VMware vSphere, use the information in this article to perform the following actions: |
azure-vmware | Set Up Backup Server For Azure Vmware Solution | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-vmware/set-up-backup-server-for-azure-vmware-solution.md | Ensure that you [configure networking for your VMware private cloud in Azure](tu Use the [MABS Capacity Planner](https://www.microsoft.com/en-us/download/details.aspx?id=54301) to determine the correct VM size. Based on your inputs, the capacity planner gives you the required memory size and CPU core count. Use this information to choose the appropriate Azure VM size. The capacity planner also provides total disk size required for the VM along with the required disk IOPS. We recommend using a standard SSD disk for the VM. By pooling more than one SSD, you can achieve the required IOPS. -Follow the instructions in the [Create your first Windows VM in the Azure portal](../virtual-machines/windows/quick-create-portal.md) tutorial. You created the VM in the virtual network that you created in the previous step. Start with a gallery image of Windows Server 2019 Datacenter to run the Azure Backup Server. +Follow the instructions in the [Create your first Windows VM in the Azure portal](/azure/virtual-machines/windows/quick-create-portal) tutorial. You created the VM in the virtual network that you created in the previous step. Start with a gallery image of Windows Server 2019 Datacenter to run the Azure Backup Server. > [!NOTE] > Azure Backup Server is designed to run on a dedicated, single-purpose server. You can't install Azure Backup Server on a computer that: Azure Backup Server requires disks for installation. | Azure Backup Server installation | Installation location: 3 GB<br />Database files drive: 900 MB<br />System drive: 1 GB for SQL Server installation<br /><br />You need space for Azure Backup Server to copy the file catalog to a temporary installation location when you archive. | | Disk for storage pool<br />(Uses basic volumes, can't be on a dynamic disk) | Two to three times the protected data size.<br />For detailed storage calculation, see [DPM Capacity Planner](https://www.microsoft.com/download/details.aspx?id=54301). | -To learn how to attach a new managed data disk to an existing Azure VM, see [Attach a managed data disk to a Windows VM by using the Azure portal](../virtual-machines/windows/attach-managed-disk-portal.yml). +To learn how to attach a new managed data disk to an existing Azure VM, see [Attach a managed data disk to a Windows VM by using the Azure portal](/azure/virtual-machines/windows/attach-managed-disk-portal). > [!NOTE] > A single Azure Backup Server has a soft limit of 120 TB for the storage pool. |
azure-vmware | Tutorial Access Private Cloud | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-vmware/tutorial-access-private-cloud.md | In this tutorial, you learn how to: 1. Navigate to the VM you created in the preceding step and connect to the virtual machine. - If you need help with connecting to the VM, see [connect to a virtual machine](../virtual-machines/windows/connect-logon.md#connect-to-the-virtual-machine) for details. + If you need help with connecting to the VM, see [connect to a virtual machine](/azure/virtual-machines/windows/connect-logon#connect-to-the-virtual-machine) for details. 1. In the Windows VM, open a browser and navigate to the vCenter Server and NSX Manager URLs in two tabs. |
backup | About Azure Vm Restore | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/about-azure-vm-restore.md | This article describes how the [Azure Backup service](./backup-overview.md) rest | [Restore to create a new virtual machine](./backup-azure-arm-restore-vms.md) | Restores the entire VM to OLR (if the source VM still exists) or ALR | <ul><li> If the source VM is lost or corrupt, then you can restore entire VM <li> You can create a copy of the VM <li> You can perform a restore drill for audit or compliance <li> If license for Marketplace Azure VM has expired, [create VM restore](./backup-azure-arm-restore-vms.md#create-a-vm) option can't be used.</ul> | | [Restore disks of the VM](./backup-azure-arm-restore-vms.md#restore-disks) | Restore disks attached to the VM | All disks: This option creates the template and restores the disk. You can edit this template with special configurations (for example, availability sets) to meet your requirements and then use both the template and restore the disk to recreate the VM. | | [Restore specific files within the VM](./backup-azure-restore-files-from-vm.md) | Choose restore point, browse, select files, and restore them to the same (or compatible) OS as the backed-up VM. | If you know which specific files to restore, then use this option instead of restoring the entire VM. |-| [Restore an encrypted VM](./backup-azure-vms-encryption.md) | From the portal, restore the disks and then use PowerShell to create the VM | <ul><li> [Encrypted VM with Microsoft Entra ID](../virtual-machines/windows/disk-encryption-windows-aad.md) <li> [Encrypted VM without Microsoft Entra ID](../virtual-machines/windows/disk-encryption-windows.md) <li> [Encrypted VM *with Microsoft Entra ID* migrated to *without Microsoft Entra ID*](../virtual-machines/windows/disk-encryption-faq.yml#can-i-migrate-vms-that-were-encrypted-with-a-microsoft-entra-app-to-encryption-without-a-microsoft-entra-app-)</ul> | +| [Restore an encrypted VM](./backup-azure-vms-encryption.md) | From the portal, restore the disks and then use PowerShell to create the VM | <ul><li> [Encrypted VM with Microsoft Entra ID](/azure/virtual-machines/windows/disk-encryption-windows-aad) <li> [Encrypted VM without Microsoft Entra ID](/azure/virtual-machines/windows/disk-encryption-windows) <li> [Encrypted VM *with Microsoft Entra ID* migrated to *without Microsoft Entra ID*](/azure/virtual-machines/windows/disk-encryption-faq#can-i-migrate-vms-that-were-encrypted-with-a-microsoft-entra-app-to-encryption-without-a-microsoft-entra-app-)</ul> | | [Cross Region Restore](./backup-azure-arm-restore-vms.md#cross-region-restore) | Create a new VM or restore disks to a secondary region (Azure paired region) | <ul><li> **Full outage**: With the cross region restore feature, there's no wait time to recover data in the secondary region. You can initiate restores in the secondary region even before Azure declares an outage. <li> **Partial outage**: Downtime can occur in specific storage clusters where Azure Backup stores your backed-up data or even in-network, connecting Azure Backup and storage clusters associated with your backed-up data. With Cross Region Restore, you can perform a restore in the secondary region using a replica of backed up data in the secondary region. <li> **No outage**: You can conduct business continuity and disaster recovery (BCDR) drills for audit or compliance purposes with the secondary region data. This allows you to perform a restore of backed up data in the secondary region even if there isn't a full or partial outage in the primary region for business continuity and disaster recovery drills.</ul> | ## Next steps |
backup | Azure Backup Glossary | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/azure-backup-glossary.md | Refer to [Azure Resource Manager documentation](../azure-resource-manager/manage ## Azure Disk Encryption (ADE) -Refer to [Azure Disk Encryption documentation](../virtual-machines/disk-encryption-overview.md). +Refer to [Azure Disk Encryption documentation](/azure/virtual-machines/disk-encryption-overview). ## Backend storage / Cloud storage / Backup storage A GFS (Grandfather-father-son) backup policy is one that enables you to define w ## IaaS VMs / Azure VMs -Refer to the [Azure VM documentation](../virtual-machines/index.yml). +Refer to the [Azure VM documentation](/azure/virtual-machines/). ## Incremental backup With Azure Backup Server, you can protect application workloads such as Hyper-V ## Managed disks -Refer to the [Managed disks documentation](../virtual-machines/managed-disks-overview.md). +Refer to the [Managed disks documentation](/azure/virtual-machines/managed-disks-overview). ## MARS Agent Soft delete is a feature that helps guard against accidental deletion of backup ## Snapshot -A snapshot is a full, read-only copy of a virtual hard drive (VHD) or an Azure File share. Learn more about [disk snapshots](../virtual-machines/windows/snapshot-copy-managed-disk.md) and [file snapshots](../storage/files/storage-snapshots-files.md). +A snapshot is a full, read-only copy of a virtual hard drive (VHD) or an Azure File share. Learn more about [disk snapshots](/azure/virtual-machines/windows/snapshot-copy-managed-disk) and [file snapshots](../storage/files/storage-snapshots-files.md). ## Storage account |
backup | Back Up Managed Disks Tutorial | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/back-up-managed-disks-tutorial.md | -This tutorial describes how to back up [Azure Managed Disk](../virtual-machines/managed-disks-overview.md) from the Azure portal. +This tutorial describes how to back up [Azure Managed Disk](/azure/virtual-machines/managed-disks-overview) from the Azure portal. [Azure Disk Backup](disk-backup-overview.md) is a native, cloud-based backup solution that protects your data in managed disks. It's a simple, secure, and cost-effective solution that enables you to configure protection for managed disks. It assures that you can recover your data in a disaster scenario. To create a backup policy for disk backup, follow these steps: :::image type="content" source="./media/back-up-managed-disks-tutorial/backup-schedule-frequency.png" alt-text="Screenshot shows how to select backup schedule frequency." lightbox="./media/back-up-managed-disks-tutorial/backup-schedule-frequency.png"::: - Azure Disk Backup offers multiple backups per day. If you require more frequent backups, choose the **Hourly** backup frequency with the ability to take backups with intervals of every *1*, *2*, *4*, *6*, *8*, or *12* hours. The backups are scheduled based on the **Time** interval selected. For example, if you select **Every 4 hours**, then the backups are taken at approximately in the interval of every 4 hours so the backups are distributed equally across the day. If a once a day backup is sufficient, then choose the **Daily** backup frequency. In the daily backup frequency, you can specify the time of the day when your backups are taken. It's important to note that the time of the day indicates the backup start time and not the time when the backup completes. The time required for completing the backup operation is dependent on various factors including size of the disk, and churn rate between consecutive backups. However, Azure Disk backup is an agentless backup that uses [incremental snapshots](../virtual-machines/disks-incremental-snapshots.md), which doesn't impact the production application performance. + Azure Disk Backup offers multiple backups per day. If you require more frequent backups, choose the **Hourly** backup frequency with the ability to take backups with intervals of every *1*, *2*, *4*, *6*, *8*, or *12* hours. The backups are scheduled based on the **Time** interval selected. For example, if you select **Every 4 hours**, then the backups are taken at approximately in the interval of every 4 hours so the backups are distributed equally across the day. If a once a day backup is sufficient, then choose the **Daily** backup frequency. In the daily backup frequency, you can specify the time of the day when your backups are taken. It's important to note that the time of the day indicates the backup start time and not the time when the backup completes. The time required for completing the backup operation is dependent on various factors including size of the disk, and churn rate between consecutive backups. However, Azure Disk backup is an agentless backup that uses [incremental snapshots](/azure/virtual-machines/disks-incremental-snapshots), which doesn't impact the production application performance. 1. In the **Backup policy** tab, select retention settings that meet the recovery point objective (RPO) requirement. To create a backup policy for disk backup, follow these steps: :::image type="content" source="./media/back-up-managed-disks-tutorial/retention-settings.png" alt-text="Screenshot shows the retention settings." lightbox="./media/back-up-managed-disks-tutorial/retention-settings.png"::: >[!NOTE]- >Azure Backup for Managed Disks uses incremental snapshots which are limited to 500 snapshots per disk. At a point in time you can have 500 snapshots for a disk. Thus, to prevent backup failure the retention duration is limited by the snapshot limit. To allow you to take on-demand backups aside from scheduled backups, backup policy limits the total backups to 450. Learn more about [incremental snapshots](../virtual-machines/disks-incremental-snapshots.md#restrictions) for managed disk. + >Azure Backup for Managed Disks uses incremental snapshots which are limited to 500 snapshots per disk. At a point in time you can have 500 snapshots for a disk. Thus, to prevent backup failure the retention duration is limited by the snapshot limit. To allow you to take on-demand backups aside from scheduled backups, backup policy limits the total backups to 450. Learn more about [incremental snapshots](/azure/virtual-machines/disks-incremental-snapshots#restrictions) for managed disk. You can either set a maximum retention limit of 1 year or 450 disk snapshots, whichever reaches first. For example, if you have opted for a backup frequency of 12 hours, then you can retain each recovery point for maximum 225 days as the snapshot limit will be breached beyond that. To configure disk backup, follow these steps: >[!Note] >- Ensure that both the backup vault and the disk to be backed up are in same location.- >- Azure Backup uses [_incremental snapshots_](../virtual-machines/disks-incremental-snapshots.md#restrictions) of managed disks, which store only the delta changes to the disk as the last snapshot on Standard HDD storage, regardless of the storage type of the parent disk. For additional reliability, incremental snapshots are stored on Zone Redundant Storage (ZRS) by default in the ZRS supported regions. Currently, Azure Disk Backup supports operational backup of managed disks that doesn't copy backups to the Backup vault storage. So, the backup storage redundancy setting of the Backup vault doesnΓÇÖt apply to the recovery points. + >- Azure Backup uses [_incremental snapshots_](/azure/virtual-machines/disks-incremental-snapshots#restrictions) of managed disks, which store only the delta changes to the disk as the last snapshot on Standard HDD storage, regardless of the storage type of the parent disk. For additional reliability, incremental snapshots are stored on Zone Redundant Storage (ZRS) by default in the ZRS supported regions. Currently, Azure Disk Backup supports operational backup of managed disks that doesn't copy backups to the Backup vault storage. So, the backup storage redundancy setting of the Backup vault doesnΓÇÖt apply to the recovery points. :::image type="content" source="./media/back-up-managed-disks-tutorial/select-backup-vault-inline.png" alt-text="Screenshot showing the process to select a Backup vault." lightbox="./media/back-up-managed-disks-tutorial/select-backup-vault-expanded.png"::: To configure disk backup, follow these steps: - You can use this resource group for storing snapshots across multiple disks that are being (or planned to be) backed up. - - You can't create an incremental snapshot for a particular disk outside of that disk's subscription. So, choose the resource group within the same subscription where the disk needs to be backed up. [Learn more](../virtual-machines/disks-incremental-snapshots.md#restrictions) about incremental snapshot for managed disks. + - You can't create an incremental snapshot for a particular disk outside of that disk's subscription. So, choose the resource group within the same subscription where the disk needs to be backed up. [Learn more](/azure/virtual-machines/disks-incremental-snapshots#restrictions) about incremental snapshot for managed disks. - Once you configure the backup of a disk, you canΓÇÖt change the Snapshot Resource Group thatΓÇÖs assigned to a backup instance. |
backup | Backup Architecture | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-architecture.md | Azure VMs use disks to store their operating system, apps, and data. Each Azure For more information about disk storage and the available disk types for VMs, see these articles: -- [Azure managed disks for Linux VMs](../virtual-machines/managed-disks-overview.md)-- [Available disk types for VMs](../virtual-machines/disks-types.md)+- [Azure managed disks for Linux VMs](/azure/virtual-machines/managed-disks-overview) +- [Available disk types for VMs](/azure/virtual-machines/disks-types) ### Back up and restore Azure VMs with premium storage You can back up Azure VMs by using premium storage with Azure Backup: - During the process of backing up VMs with premium storage, the Backup service creates a temporary staging location, named *AzureBackup-*, in the storage account. The size of the staging location equals the size of the recovery point snapshot. - Make sure that the premium storage account has adequate free space to accommodate the temporary staging location. For more information, see [Scalability targets for premium page blob storage accounts](../storage/blobs/scalability-targets-premium-page-blobs.md). Don't modify the staging location. - After the backup job finishes, the staging location is deleted.-- The price of storage used for the staging location is consistent with [premium storage pricing](../virtual-machines/disks-types.md#billing).+- The price of storage used for the staging location is consistent with [premium storage pricing](/azure/virtual-machines/disks-types#billing). When you restore Azure VMs by using premium storage, you can restore them to premium or standard storage. Typically, you would restore them to premium storage. But if you need only a subset of files from the VM, it might be cost effective to restore them to standard storage. |
backup | Backup Azure Arm Restore Vms | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-arm-restore-vms.md | Azure Backup provides several ways to restore a VM. | **Create a new VM** | Quickly creates and gets a basic VM up and running from a restore point.<br/><br/> You can specify a name for the VM and select the resource group and virtual network (VNet) in which it will be placed. The new VM must be created in the same region as the source VM.<br><br>If a VM restore fails because an Azure VM SKU wasn't available in the specified region of Azure, or because of any other issues, Azure Backup still restores the disks in the specified resource group. **Restore disk** | Restores a VM disk, which can then be used to create a new VM.<br/><br/> Azure Backup provides a template to help you customize and create a VM. <br/><br> The restore job generates a template that you can download and use to specify custom VM settings, and create a VM.<br/><br/> The disks are copied to the Resource Group you specify.<br/><br/> Alternatively, you can attach the disk to an existing VM, or create a new VM using PowerShell.<br/><br/> This option is useful if you want to customize the VM, add configuration settings that weren't there at the time of backup, or add settings that must be configured using the template or PowerShell.-**Replace existing** | You can restore a disk, and use it to replace a disk on the existing VM.<br/><br/> The current VM must exist. If it's been deleted, this option can't be used.<br/><br/> Azure Backup takes a snapshot of the existing VM before replacing the disk. The snapshot is copied to the vault and retained in accordance with the retention policy. <br/><br/> When you choose a Vault-Standard recovery point, a VHD file with the content of the chosen recovery point is also created in the staging location you specify. Existing disks connected to the VM are replaced with the selected restore point. <br/><br/> After the replace disk operation, the original disk is retained in the resource group. You can choose to manually delete the original disks if they aren't needed. <br/><br/>Replace existing is supported for unencrypted managed VMs, including VMs [created using custom images](https://azure.microsoft.com/resources/videos/create-a-custom-virtual-machine-image-in-azure-resource-manager-with-powershell/). It's unsupported for classic VMs, unmanaged VMs, and [generalized VMs](../virtual-machines/windows/upload-generalized-managed.md).<br/><br/> If the restore point has more or less disks than the current VM, then the number of disks in the restore point will only reflect the VM configuration.<br><br> Replace existing is also supported for VMs with linked resources, like [user-assigned managed-identity](../active-directory/managed-identities-azure-resources/overview.md) or [Key Vault](/azure/key-vault/general/overview). +**Replace existing** | You can restore a disk, and use it to replace a disk on the existing VM.<br/><br/> The current VM must exist. If it's been deleted, this option can't be used.<br/><br/> Azure Backup takes a snapshot of the existing VM before replacing the disk. The snapshot is copied to the vault and retained in accordance with the retention policy. <br/><br/> When you choose a Vault-Standard recovery point, a VHD file with the content of the chosen recovery point is also created in the staging location you specify. Existing disks connected to the VM are replaced with the selected restore point. <br/><br/> After the replace disk operation, the original disk is retained in the resource group. You can choose to manually delete the original disks if they aren't needed. <br/><br/>Replace existing is supported for unencrypted managed VMs, including VMs [created using custom images](https://azure.microsoft.com/resources/videos/create-a-custom-virtual-machine-image-in-azure-resource-manager-with-powershell/). It's unsupported for classic VMs, unmanaged VMs, and [generalized VMs](/azure/virtual-machines/windows/upload-generalized-managed).<br/><br/> If the restore point has more or less disks than the current VM, then the number of disks in the restore point will only reflect the VM configuration.<br><br> Replace existing is also supported for VMs with linked resources, like [user-assigned managed-identity](../active-directory/managed-identities-azure-resources/overview.md) or [Key Vault](/azure/key-vault/general/overview). **Cross Region (secondary region)** | Cross Region restore can be used to restore Azure VMs in the secondary region, which is an [Azure paired region](../availability-zones/cross-region-replication-azure.md).<br><br> You can restore all the Azure VMs for the selected recovery point if the backup is done in the secondary region.<br><br> During the backup, snapshots aren't replicated to the secondary region. Only the data stored in the vault is replicated. So secondary region restores are only [vault tier](about-azure-vm-restore.md#concepts) restores. The restore time for the secondary region will be almost the same as the vault tier restore time for the primary region. <br><br> This feature is available for the options below:<br><br> - [Create a VM](#create-a-vm) <br> - [Restore Disks](#restore-disks) <br><br> We don't currently support the [Replace existing disks](#replace-existing-disks) option.<br><br> Permissions<br> The restore operation on secondary region can be performed by Backup Admins and App admins. **Cross Subscription Restore** | Allows you to restore Azure Virtual Machines or disks to a different subscription within the same tenant as the source subscription (as per the Azure RBAC capabilities) from restore points. <br><br> Allowed only if the [Cross Subscription Restore property](backup-azure-arm-restore-vms.md#cross-subscription-restore-for-azure-vm) is enabled for your Recovery Services vault. <br><br> Works with [Cross Region Restore](backup-azure-arm-restore-vms.md#cross-region-restore) and [Cross Zonal Restore](backup-azure-arm-restore-vms.md#create-a-vm). <br><br> You can trigger Cross Subscription Restore for managed virtual machines only. <br><br> Cross Subscription Restore is supported for [Restore with Managed System Identities (MSI)](backup-azure-arm-restore-vms.md#restore-vms-with-managed-identities). <br><br> It's unsupported for [snapshots tier](backup-azure-vms-introduction.md#snapshot-creation) recovery points. <br><br> It's unsupported for [unmanaged VMs](#restoring-unmanaged-vms-and-disks-as-managed) and [ADE encrypted VMs](backup-azure-vms-encryption.md#encryption-support-using-ade). **Cross Zonal Restore** | Allows you to restore Azure Virtual Machines or disks pinned to any zone to different available zones (as per the Azure RBAC capabilities) from restore points. Note that when you select a zone to restore, it selects the [logical zone](../reliability/availability-zones-overview.md#zonal-and-zone-redundant-services) (and not the physical zone) as per the Azure subscription you will use to restore to. <br><br> You can trigger Cross Zonal Restore for managed virtual machines only. <br><br> Cross Zonal Restore is supported for [Restore with Managed System Identities (MSI)](#restore-vms-with-managed-identities). <br><br> Cross Zonal Restore supports restore of an Azure zone pinned/non-zone pinned VM from a vault with Zonal-redundant storage (ZRS) enabled. Learn [how to set Storage Redundancy](backup-create-rs-vault.md#set-storage-redundancy). <br><br> It's supported to restore an Azure zone pinned VM only from a [vault with Cross Region Restore (CRR)](backup-create-rs-vault.md#set-storage-redundancy) (if the secondary region supports zones) or Zone Redundant Storage (ZRS) enabled. <br><br> Cross Zonal Restore is supported from [secondary regions](#restore-in-secondary-region). <br><br> It's unsupported from [snapshots](backup-azure-vms-introduction.md#snapshot-creation) restore point. <br><br> It's unsupported for [Encrypted Azure VMs](backup-azure-vms-introduction.md#encryption-of-azure-vm-backups). As one of the [restore options](#restore-options), you can create a VM quickly w As one of the [restore options](#restore-options), you can create a disk from a restore point. Then with the disk, you can do one of the following actions: - Use the template that's generated during the restore operation to customize settings, and trigger VM deployment. You edit the default template settings, and submit the template for VM deployment.-- [Attach restored disks](../virtual-machines/windows/attach-managed-disk-portal.yml) to an existing VM.+- [Attach restored disks](/azure/virtual-machines/windows/attach-managed-disk-portal) to an existing VM. - [Create a new VM](./backup-azure-vms-automation.md#create-a-vm-from-restored-disks) from the restored disks using PowerShell. 1. In **Restore configuration** > **Create new** > **Restore Type**, select **Restore disks**. While you restore disks for a Managed VM from a Vault-Standard recovery point, i >[!Note] >- For restoring disk from a Vault-Standard recovery point that is/was greater than 4 TB, Azure Backup doesn't restore the VHD files.->- For information on managed/premium disk performance after restored via Azure Backup, see the [Latency](../virtual-machines/premium-storage-performance.md#latency) section. +>- For information on managed/premium disk performance after restored via Azure Backup, see the [Latency](/azure/virtual-machines/premium-storage-performance#latency) section. ### Use templates to customize a restored VM Currently, secondary region [RPO](azure-backup-glossary.md#recovery-point-object -[Azure zone pinned VMs](../virtual-machines/windows/create-portal-availability-zone.md) can be restored in any [availability zones](../availability-zones/az-overview.md) of the same region. +[Azure zone pinned VMs](/azure/virtual-machines/windows/create-portal-availability-zone) can be restored in any [availability zones](../availability-zones/az-overview.md) of the same region. In the restore process, you'll see the option **Availability Zone.** You'll see your default zone first. To choose a different zone, choose the number of the zone of your choice. If the pinned zone is unavailable, you won't be able to restore the data to another zone because the backed-up data isn't zonally replicated. The restore in availability zones is possible from recovery points in vault tier only. This feature is enabled for Recovery Services vault by default. However, there m ## Restoring unmanaged VMs and disks as managed -You're provided with an option to restore [unmanaged disks](../storage/common/storage-disaster-recovery-guidance.md#azure-unmanaged-disks) as [managed disks](../virtual-machines/managed-disks-overview.md) during restore. By default, the unmanaged VMs / disks are restored as unmanaged VMs / disks. However, if you choose to restore as managed VMs / disks, it's now possible to do so. These restore operations aren't triggered from the snapshot phase but only from the vault phase. This feature isn't available for unmanaged encrypted VMs. +You're provided with an option to restore [unmanaged disks](../storage/common/storage-disaster-recovery-guidance.md#azure-unmanaged-disks) as [managed disks](/azure/virtual-machines/managed-disks-overview) during restore. By default, the unmanaged VMs / disks are restored as unmanaged VMs / disks. However, if you choose to restore as managed VMs / disks, it's now possible to do so. These restore operations aren't triggered from the snapshot phase but only from the vault phase. This feature isn't available for unmanaged encrypted VMs. ![Restore as managed disks](./media/backup-azure-arm-restore-vms/restore-as-managed-disks.png) There are many common scenarios in which you might need to restore VMs. **Scenario** | **Guidance** | -**Restore VMs using Hybrid Use Benefit** | If a Windows VM uses [Hybrid Use Benefit (HUB) licensing](../virtual-machines/windows/hybrid-use-benefit-licensing.md), restore the disks, and create a new VM using the provided template (with **License Type** set to **Windows_Server**), or PowerShell. This setting can also be applied after creating the VM. +**Restore VMs using Hybrid Use Benefit** | If a Windows VM uses [Hybrid Use Benefit (HUB) licensing](/azure/virtual-machines/windows/hybrid-use-benefit-licensing), restore the disks, and create a new VM using the provided template (with **License Type** set to **Windows_Server**), or PowerShell. This setting can also be applied after creating the VM. **Restore VMs during an Azure datacenter disaster** | If the vault uses GRS and the primary datacenter for the VM goes down, Azure Backup supports restoring backed-up VMs to the paired datacenter. You select a storage account in the paired datacenter, and restore as normal. Azure Backup uses the compute service in the paired region to create the restored VM. [Learn more](/azure/architecture/resiliency/recovery-loss-azure-region) about datacenter resiliency.<br><br> If the vault uses GRS, you can choose the new feature, [Cross Region Restore](#cross-region-restore). This lets you restore to a second region in either full or partial outage scenarios, or even if there's no outage at all. **Bare-metal restore** | The major difference between Azure VMs and on-premises hypervisors is that there's no VM console available in Azure. A console is required for certain scenarios, such as recovering by using a bare-metal recovery (BMR)-type backup. However, VM restore from the vault is a full replacement for BMR.-**Restore VMs with special network configurations** | Special network configurations include VMs using internal or external load balancing, using multiple NICS, or multiple reserved IP addresses. You restore these VMs by using the [restore disk option](#restore-disks). This option makes a copy of the VHDs into the specified storage account, and you can then create a VM with an [internal](../load-balancer/quickstart-load-balancer-standard-internal-powershell.md) or [external](../load-balancer/quickstart-load-balancer-standard-public-powershell.md) load balancer, [multiple NICS](../virtual-machines/windows/multiple-nics.md), or [multiple reserved IP addresses](../virtual-network/ip-services/virtual-network-multiple-ip-addresses-powershell.md), in accordance with your configuration. +**Restore VMs with special network configurations** | Special network configurations include VMs using internal or external load balancing, using multiple NICS, or multiple reserved IP addresses. You restore these VMs by using the [restore disk option](#restore-disks). This option makes a copy of the VHDs into the specified storage account, and you can then create a VM with an [internal](../load-balancer/quickstart-load-balancer-standard-internal-powershell.md) or [external](../load-balancer/quickstart-load-balancer-standard-public-powershell.md) load balancer, [multiple NICS](/azure/virtual-machines/windows/multiple-nics), or [multiple reserved IP addresses](../virtual-network/ip-services/virtual-network-multiple-ip-addresses-powershell.md), in accordance with your configuration. **Network Security Group (NSG) on NIC/Subnet** | Azure VM backup supports Backup and Restore of NSG information at vnet, subnet, and NIC level. **Zone Pinned VMs** | If you back up an Azure VM that's pinned to a zone (with Azure Backup), then you can restore it in the same zone where it was pinned. [Learn more](../availability-zones/az-overview.md)-**Restore VM in any availability set** | When you restore a VM from the portal, there's no option to choose an availability set. A restored VM doesn't have an availability set. If you use the restore disk option, then you can [specify an availability set](../virtual-machines/windows/tutorial-availability-sets.md) when you create a VM from the disk using the provided template or PowerShell. +**Restore VM in any availability set** | When you restore a VM from the portal, there's no option to choose an availability set. A restored VM doesn't have an availability set. If you use the restore disk option, then you can [specify an availability set](/azure/virtual-machines/windows/tutorial-availability-sets) when you create a VM from the disk using the provided template or PowerShell. **Restore special VMs such as SQL VMs** | If you're backing up a SQL VM using Azure VM backup and then use the restore VM option or create a VM after restoring disks, then the newly created VM must be registered with the SQL provider as mentioned [here](/azure/azure-sql/virtual-machines/windows/sql-agent-extension-manually-register-single-vm?tabs=azure-cli%2cbash). This will convert the restored VM into a SQL VM. ### Restore domain controller VMs There are a few things to note after restoring a VM: - Extensions present during the backup configuration are installed, but not enabled. If you see an issue, reinstall the extensions. In the case of disk replacement, reinstallation of extensions is not required. - If the backed-up VM had a static IP address, the restored VM will have a dynamic IP address to avoid conflict. You can [add a static IP address to the restored VM](/powershell/module/az.network/set-aznetworkinterfaceipconfig#description).-- A restored VM doesn't have an availability set. If you use the restore disk option, then you can [specify an availability set](../virtual-machines/windows/tutorial-availability-sets.md) when you create a VM from the disk using the provided template or PowerShell.+- A restored VM doesn't have an availability set. If you use the restore disk option, then you can [specify an availability set](/azure/virtual-machines/windows/tutorial-availability-sets) when you create a VM from the disk using the provided template or PowerShell. - If you use a cloud-init-based Linux distribution, such as Ubuntu, for security reasons the password is blocked after the restore. Use the `VMAccess` extension on the restored VM to [reset the password](/troubleshoot/azure/virtual-machines/reset-password). We recommend using SSH keys on these distributions, so you don't need to reset the password after the restore. - If you're unable to access a VM once restored because the VM has a broken relationship with the domain controller, then follow the steps below to bring up the VM: - Attach OS disk as a data disk to a recovered VM. |
backup | Backup Azure Arm Vms Prepare | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-arm-vms-prepare.md | Azure Backup backs up Azure VMs by installing an extension to the Azure VM agent **VM** | **Details** | **Windows** | 1. [Download and install](https://go.microsoft.com/fwlink/?LinkID=394789&clcid=0x409) the agent MSI file.<br/><br/> 2. Install with admin permissions on the machine.<br/><br/> 3. Verify the installation. In *C:\WindowsAzure\Packages* on the VM, right-click **WaAppAgent.exe** > **Properties**. On the **Details** tab, **Product Version** should be 2.6.1198.718 or higher.<br/><br/> If you're updating the agent, make sure that no backup operations are running, and [reinstall the agent](https://go.microsoft.com/fwlink/?LinkID=394789&clcid=0x409).-**Linux** | Install by using an RPM or a DEB package from your distribution's package repository. This is the preferred method for installing and upgrading the Azure Linux agent. All the [endorsed distribution providers](../virtual-machines/linux/endorsed-distros.md) integrate the Azure Linux agent package into their images and repositories. The agent is available on [GitHub](https://github.com/Azure/WALinuxAgent), but we don't recommend installing from there.<br/><br/> If you're updating the agent, make sure no backup operations are running, and update the binaries. +**Linux** | Install by using an RPM or a DEB package from your distribution's package repository. This is the preferred method for installing and upgrading the Azure Linux agent. All the [endorsed distribution providers](/azure/virtual-machines/linux/endorsed-distros) integrate the Azure Linux agent package into their images and repositories. The agent is available on [GitHub](https://github.com/Azure/WALinuxAgent), but we don't recommend installing from there.<br/><br/> If you're updating the agent, make sure no backup operations are running, and update the binaries. ## Next steps |
backup | Backup Azure Dataprotection Use Rest Api Create Update Disk Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-dataprotection-use-rest-api-create-update-disk-policy.md | The policy says: >[!IMPORTANT] >The time formats support only DateTime. They don't support only Time. The time of the day indicates the backup start time, and not the time when the backup completes. -The time required for completing the backup operation depends on various factors including size of the disk, and churn rate between consecutive backups. However, Azure Disk Backup is an agentless backup that uses [incremental snapshots](../virtual-machines/disks-incremental-snapshots.md), which doesn't impact the production application performance. +The time required for completing the backup operation depends on various factors including size of the disk, and churn rate between consecutive backups. However, Azure Disk Backup is an agentless backup that uses [incremental snapshots](/azure/virtual-machines/disks-incremental-snapshots), which doesn't impact the production application performance. To know more details about policy creation, refer to the [Azure Disk Backup policy](backup-managed-disks.md#create-backup-policy) document. |
backup | Backup Azure Linux Database Consistent Enhanced Pre Post | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-linux-database-consistent-enhanced-pre-post.md | The new _enhanced_ pre-post script framework has the following key benefits: The following the list of databases are covered under the enhanced framework: -- [Oracle (Generally Available)](../virtual-machines/workloads/oracle/oracle-database-backup-azure-backup.md) - [Link to support matrix](backup-support-matrix-iaas.md#support-matrix-for-managed-pre-and-post-scripts-for-linux-databases)+- [Oracle (Generally Available)](/azure/virtual-machines/workloads/oracle/oracle-database-backup-azure-backup) - [Link to support matrix](backup-support-matrix-iaas.md#support-matrix-for-managed-pre-and-post-scripts-for-linux-databases) - MySQL (Preview) ## Prerequisites |
backup | Backup Azure Microsoft Azure Backup | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-microsoft-azure-backup.md | The first step towards getting the Azure Backup Server up and running is to set ### Using a server in Azure -When choosing a server for running Azure Backup Server, it's recommended you start with a gallery image of Windows Server 2022 Datacenter or Windows Server 2019 Datacenter. The article, [Create your first Windows virtual machine in the Azure portal](../virtual-machines/windows/quick-create-portal.md?toc=/azure/virtual-machines/windows/toc.json), provides a tutorial for getting started with the recommended virtual machine in Azure, even if you've never used Azure before. The recommended minimum requirements for the server virtual machine (VM) should be: Standard_A4_v2 with four cores and 8-GB RAM. +When choosing a server for running Azure Backup Server, it's recommended you start with a gallery image of Windows Server 2022 Datacenter or Windows Server 2019 Datacenter. The article, [Create your first Windows virtual machine in the Azure portal](/azure/virtual-machines/windows/quick-create-portal?toc=/azure/virtual-machines/windows/toc.json), provides a tutorial for getting started with the recommended virtual machine in Azure, even if you've never used Azure before. The recommended minimum requirements for the server virtual machine (VM) should be: Standard_A4_v2 with four cores and 8-GB RAM. Protecting workloads with Azure Backup Server has many nuances. The [protection matrix for MABS](./backup-mabs-protection-matrix.md) helps explain these nuances. Before deploying the machine, read this article completely. |
backup | Backup Azure Policy Supported Skus | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-policy-supported-skus.md | -> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). +> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). Azure Backup provides a built-in policy (using Azure Policy) that can be assigned to **all Azure VMs in a specified location within a subscription or resource group**. When this policy is assigned to a given scope, all new VMs created in that scope are automatically configured for backup to an **existing vault in the same location and subscription**. The table below lists all the VM SKUs supported by this policy. |
backup | Backup Azure Restore Files From Vm | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-restore-files-from-vm.md | -> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](~/articles/virtual-machines/workloads/centos/centos-end-of-life.md). +> This article references CentOS, a Linux distribution that is End Of Life (EOL) status. Please consider your use and planning accordingly. For more information, see the [CentOS End Of Life guidance](/azure/virtual-machines/workloads/centos/centos-end-of-life). Azure Backup provides the capability to restore [Azure virtual machines (VMs) and disks](./backup-azure-arm-restore-vms.md) from Azure VM backups, also known as recovery points. This article explains how to recover files and folders from an Azure VM backup. Restoring files and folders is available only for Azure VMs deployed using the Resource Manager model and protected to a Recovery Services vault. |
backup | Backup Azure Sql Backup Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-sql-backup-cli.md | -This article assumes that you already have an SQL database installed on an Azure VM. (You can also [create a VM using Azure CLI](../virtual-machines/linux/quick-create-cli.md)). +This article assumes that you already have an SQL database installed on an Azure VM. (You can also [create a VM using Azure CLI](/azure/virtual-machines/linux/quick-create-cli)). In this article, you'll learn how to: > [!div class="checklist"] See the [currently supported scenarios](sql-support-matrix.md) for SQL in Azure A Recovery Services vault is a logical container that stores the backup data for each protected resource, such as Azure VMs or workloads running on Azure VMs - for example, SQL or HANA databases. When the backup job for a protected resource runs, it creates a recovery point inside the Recovery Services vault. You can then use one of these recovery points to restore data to a given point in time. -Create a Recovery Services vault with the [az backup vault create](/cli/azure/backup/vault#az-backup-vault-create) command. Use the resource group and location as that of the VM you want to protect. Learn how to create a VM using Azure CLI with [this VM quickstart](../virtual-machines/linux/quick-create-cli.md). +Create a Recovery Services vault with the [az backup vault create](/cli/azure/backup/vault#az-backup-vault-create) command. Use the resource group and location as that of the VM you want to protect. Learn how to create a VM using Azure CLI with [this VM quickstart](/azure/virtual-machines/linux/quick-create-cli). For this article, we'll use: |
backup | Backup Azure Troubleshoot Vm Backup Fails Snapshot Timeout | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-troubleshoot-vm-backup-fails-snapshot-timeout.md | Most common backup failures can be self-resolved by following the troubleshootin ### Step 1: Check Azure VM health -- **Ensure Azure VM provisioning state is 'Running'**: If the [VM provisioning state](../virtual-machines/states-billing.md) is in the **Stopped/Deallocated/Updating** state, then it will interfere with the backup operation. Open *Azure portal > VM > Overview >* and check the VM status to ensure it's **Running** and retry the backup operation.+- **Ensure Azure VM provisioning state is 'Running'**: If the [VM provisioning state](/azure/virtual-machines/states-billing) is in the **Stopped/Deallocated/Updating** state, then it will interfere with the backup operation. Open *Azure portal > VM > Overview >* and check the VM status to ensure it's **Running** and retry the backup operation. - **Review pending OS updates or reboots**: Ensure there are no pending OS update or pending reboots on the VM. ### Step 2: Check Azure VM Guest Agent service health Most common backup failures can be self-resolved by following the troubleshootin - **Ensure Azure VM Guest Agent service is started and up-to-date**: - On a Windows VM: - Navigate to **services.msc** and ensure **Windows Azure VM Guest Agent service** is up and running. Also, ensure the [latest version](https://go.microsoft.com/fwlink/?LinkID=394789&clcid=0x409) is installed. To learn more, see [Windows VM guest agent issues](backup-azure-troubleshoot-vm-backup-fails-snapshot-timeout.md#the-agent-installed-in-the-vm-but-unresponsive-for-windows-vms).- - The Azure VM Agent is installed by default on any Windows VM deployed from an Azure Marketplace image from the portal, PowerShell, Command Line Interface, or an Azure Resource Manager template. A [manual installation of the Agent](../virtual-machines/extensions/agent-windows.md#manual-installation) may be necessary when you create a custom VM image that's deployed to Azure. + - The Azure VM Agent is installed by default on any Windows VM deployed from an Azure Marketplace image from the portal, PowerShell, Command Line Interface, or an Azure Resource Manager template. A [manual installation of the Agent](/azure/virtual-machines/extensions/agent-windows#manual-installation) may be necessary when you create a custom VM image that's deployed to Azure. - Review the support matrix to check if VM runs on the [supported Windows operating system](backup-support-matrix-iaas.md#operating-system-support-windows). - On Linux VM,- - Ensure the Azure VM Guest Agent service is running by executing the command `ps -e`. Also, ensure the [latest version](../virtual-machines/extensions/update-linux-agent.md) is installed. To learn more, see [Linux VM guest agent issues](backup-azure-troubleshoot-vm-backup-fails-snapshot-timeout.md#the-agent-installed-in-the-vm-is-out-of-date-for-linux-vms). - - Ensure the [Linux VM agent dependencies on system packages](../virtual-machines/extensions/agent-linux.md#requirements) have the supported configuration. For example: Supported Python version is 2.6 and above. + - Ensure the Azure VM Guest Agent service is running by executing the command `ps -e`. Also, ensure the [latest version](/azure/virtual-machines/extensions/update-linux-agent) is installed. To learn more, see [Linux VM guest agent issues](backup-azure-troubleshoot-vm-backup-fails-snapshot-timeout.md#the-agent-installed-in-the-vm-is-out-of-date-for-linux-vms). + - Ensure the [Linux VM agent dependencies on system packages](/azure/virtual-machines/extensions/agent-linux#requirements) have the supported configuration. For example: Supported Python version is 2.6 and above. - Review the support matrix to check if VM runs on the [supported Linux operating system.](backup-support-matrix-iaas.md#operating-system-support-linux) ### Step 3: Check Azure VM Extension health Most common backup failures can be self-resolved by following the troubleshootin - **Ensure all Azure VM Extensions are in 'provisioning succeeded' state**: If any extension is in a failed state, then it can interfere with the backup. - *Open  Azure portal > VM > Settings > Extensions > Extensions status* and check if all the extensions are in **provisioning succeeded** state.-- Ensure all [extension issues](../virtual-machines/extensions/overview.md#troubleshoot-extensions) are resolved and retry the backup operation.+- Ensure all [extension issues](/azure/virtual-machines/extensions/overview#troubleshoot-extensions) are resolved and retry the backup operation. - **Ensure COM+ System Application** is up and running. Also, the **Distributed Transaction Coordinator service** should be running as **Network Service account**. Follow the steps in this article to [troubleshoot COM+ and MSDTC issues](backup-azure-vms-troubleshoot.md#extensionsnapshotfailedcom--extensioninstallationfailedcom--extensioninstallationfailedmdtcextension-installationoperation-failed-due-to-a-com-error). ### Step 4: Check Azure Backup Extension health Azure Backup uses the VM Snapshot Extension to take an application consistent ba - `C:\Packages\Plugins\Microsoft.Azure.RecoveryServices.VMSnapshot` - `C:\WindowsAzure\Logs\Plugins\Microsoft.Azure.RecoveryServices.VMSnapshot` -- **Check if network access is required**: Extension packages are downloaded from the Azure Storage extension repository and extension status uploads are posted to Azure Storage. [Learn more](../virtual-machines/extensions/features-windows.md#network-access).+- **Check if network access is required**: Extension packages are downloaded from the Azure Storage extension repository and extension status uploads are posted to Azure Storage. [Learn more](/azure/virtual-machines/extensions/features-windows#network-access). - If you're on a non-supported version of the agent, you need to allow outbound access to Azure storage in that region from the VM.- - If you've blocked access to `168.63.129.16` using the guest firewall or with a proxy, extensions will fail regardless of the above. Ports 80, 443, and 32526 are required, [Learn more](../virtual-machines/extensions/features-windows.md#network-access). + - If you've blocked access to `168.63.129.16` using the guest firewall or with a proxy, extensions will fail regardless of the above. Ports 80, 443, and 32526 are required, [Learn more](/azure/virtual-machines/extensions/features-windows#network-access). - **Ensure DHCP is enabled inside the guest VM**: This is required to get the host or fabric address from DHCP for the IaaS VM backup to work. If you need a static private IP, you should configure it through the Azure portal or PowerShell and make sure the DHCP option inside the VM is enabled, [Learn more](backup-azure-troubleshoot-vm-backup-fails-snapshot-timeout.md#the-snapshot-status-cannot-be-retrieved-or-a-snapshot-cannot-be-taken). After you register and schedule a VM for the Azure Backup service, Backup starts **Error code**: UserErrorVmProvisioningStateFailed<br> **Error message**: The VM is in failed provisioning state<br> -This error occurs when one of the extension failures puts the VM into provisioning failed state.<br>**Open  Azure portal > VM > Settings > Extensions > Extensions status** and check if all extensions are in **provisioning succeeded** state. To learn more, see [Provisioning states](../virtual-machines/states-billing.md). +This error occurs when one of the extension failures puts the VM into provisioning failed state.<br>**Open  Azure portal > VM > Settings > Extensions > Extensions status** and check if all extensions are in **provisioning succeeded** state. To learn more, see [Provisioning states](/azure/virtual-machines/states-billing). - If any extension is in a failed state, then it can interfere with the backup. Ensure those extension issues are resolved and retry the backup operation. - If the VM provisioning state is in an updating state, it can interfere with the backup. Ensure that it's healthy and retry the backup operation. Also, verify that [Microsoft .NET 4.5 is installed](/dotnet/framework/migration- Most agent-related or extension-related failures for Linux VMs are caused by issues that affect an outdated VM agent. To troubleshoot this issue, follow these general guidelines: -1. Follow the instructions for [updating the Linux VM agent](../virtual-machines/extensions/update-linux-agent.md). +1. Follow the instructions for [updating the Linux VM agent](/azure/virtual-machines/extensions/update-linux-agent). > [!NOTE] > We *strongly recommend* that you update the agent only through a distribution repository. We don't recommend downloading the agent code directly from GitHub and updating it. If the latest agent for your distribution is not available, contact distribution support for instructions on how to install it. To check for the most recent agent, go to the [Windows Azure Linux agent](https://github.com/Azure/WALinuxAgent/releases) page in the GitHub repository. |
backup | Backup Azure Vms Agentless Multi Disk Crash Consistent Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-vms-agentless-multi-disk-crash-consistent-overview.md | -Azure Backup supports agentless VM backups by using multi-disk [crash-consistent restore points](../virtual-machines/virtual-machines-create-restore-points.md) (preview). The [Enhanced VM backup policy](backup-azure-vms-enhanced-policy.md) now enables you to configure the consistency type of the backups (application-consistent restore points or crash-consistent restore points preview) for Azure VMs. This feature also enables Azure VM backup to retry the backup operation with *crash-consistent snapshots* (for *supported VMs*) if the application-consistent snapshot fails. +Azure Backup supports agentless VM backups by using multi-disk [crash-consistent restore points](/azure/virtual-machines/virtual-machines-create-restore-points) (preview). The [Enhanced VM backup policy](backup-azure-vms-enhanced-policy.md) now enables you to configure the consistency type of the backups (application-consistent restore points or crash-consistent restore points preview) for Azure VMs. This feature also enables Azure VM backup to retry the backup operation with *crash-consistent snapshots* (for *supported VMs*) if the application-consistent snapshot fails. ## When do I choose crash-consistent backup over application-consistent backup? Choose to perform crash-consistent backup in the following scenarios: - If your workload is performance sensitive and can tolerate recovery from crash-consistent backups, crash-consistent backups help quiesce VM I/O for a shorter period during backup. Crash-consistent backup doesn't use Volume Shadow Copy Service (VSS) (for Windows) or *fsfreeze* (for Linux) to avoid the associated quiescing delays. -- If you don't want to install the [VM Agent](../virtual-machines/extensions/agent-windows.md) or [snapshot extension](../virtual-machines/extensions/vmsnapshot-windows.md) required for application-consistent or file-system-consistent snapshots in your Azure VM, use crash-consistent backups for an agentless backup solution.+- If you don't want to install the [VM Agent](/azure/virtual-machines/extensions/agent-windows) or [snapshot extension](/azure/virtual-machines/extensions/vmsnapshot-windows) required for application-consistent or file-system-consistent snapshots in your Azure VM, use crash-consistent backups for an agentless backup solution. - If your operating system is not supported for application or file-system-consistent backup, use crash-consistent backups. Crash-consistent backup is operating system agnostic as it doesn't rely on the VM agent or snapshot extension. |
backup | Backup Azure Vms Automation | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-vms-automation.md | If cross-region restore is enabled on the vault with which you've protected your #### Cross-zonal restore -You can restore [Azure zone pinned VMs](../virtual-machines/windows/create-portal-availability-zone.md) in any [availability zones](../availability-zones/az-overview.md) of the same region. +You can restore [Azure zone pinned VMs](/azure/virtual-machines/windows/create-portal-availability-zone) in any [availability zones](../availability-zones/az-overview.md) of the same region. To restore a VM to another zone, specify the `TargetZoneNumber` parameter in the [Restore-AzRecoveryServicesBackupItem](/powershell/module/az.recoveryservices/restore-azrecoveryservicesbackupitem) cmdlet. Cross-zonal restore is supported only in scenarios where: To replace the disks and configuration information, perform the following steps: * Step 1: [Restore the disks](backup-azure-vms-automation.md#restore-the-disks)-* Step 2: [Detach data disk using PowerShell](../virtual-machines/windows/detach-disk.yml#detach-a-data-disk-using-powershell) -* Step 3: [Attach data disk to Windows VM with PowerShell](../virtual-machines/windows/attach-disk-ps.md) +* Step 2: [Detach data disk using PowerShell](/azure/virtual-machines/windows/detach-disk#detach-a-data-disk-using-powershell) +* Step 3: [Attach data disk to Windows VM with PowerShell](/azure/virtual-machines/windows/attach-disk-ps) ## Create a VM from restored disks The following section lists steps necessary to create a VM using `VMConfig` file } ``` - * **Managed and non-encrypted VMs** - For managed non-encrypted VMs, attach the restored managed disks. For in-depth information, see [Attach a data disk to a Windows VM using PowerShell](../virtual-machines/windows/attach-disk-ps.md). + * **Managed and non-encrypted VMs** - For managed non-encrypted VMs, attach the restored managed disks. For in-depth information, see [Attach a data disk to a Windows VM using PowerShell](/azure/virtual-machines/windows/attach-disk-ps). - * **Managed and encrypted VMs with Microsoft Entra ID (BEK only)** - For managed encrypted VMs with Microsoft Entra ID (encrypted using BEK only), attach the restored managed disks. For in-depth information, see [Attach a data disk to a Windows VM using PowerShell](../virtual-machines/windows/attach-disk-ps.md). + * **Managed and encrypted VMs with Microsoft Entra ID (BEK only)** - For managed encrypted VMs with Microsoft Entra ID (encrypted using BEK only), attach the restored managed disks. For in-depth information, see [Attach a data disk to a Windows VM using PowerShell](/azure/virtual-machines/windows/attach-disk-ps). - * **Managed and encrypted VMs with Microsoft Entra ID (BEK and KEK)** - For managed encrypted VMs with Microsoft Entra ID (encrypted using BEK and KEK), attach the restored managed disks. For in-depth information, see [Attach a data disk to a Windows VM using PowerShell](../virtual-machines/windows/attach-disk-ps.md). + * **Managed and encrypted VMs with Microsoft Entra ID (BEK and KEK)** - For managed encrypted VMs with Microsoft Entra ID (encrypted using BEK and KEK), attach the restored managed disks. For in-depth information, see [Attach a data disk to a Windows VM using PowerShell](/azure/virtual-machines/windows/attach-disk-ps). * **Managed and encrypted VMs without Microsoft Entra ID (BEK only)** -For managed, encrypted VMs without Microsoft Entra ID (encrypted using BEK only), if source **keyVault/secret are not available** restore the secrets to key vault using the procedure in [Restore an non-encrypted virtual machine from an Azure Backup recovery point](backup-azure-restore-key-secret.md). Then execute the following scripts to set encryption details on the restored OS disk (this step isn't required for a data disk). The $dekurl can be fetched from the restored keyVault. The following section lists steps necessary to create a VM using `VMConfig` file Update-AzDisk -ResourceGroupName "testvault" -DiskName $obj.'properties.StorageProfile'.osDisk.name -DiskUpdate $diskupdateconfig ``` - After the secrets are available and the encryption details are set on the OS disk, to attach the restored managed disks, see [Attach a data disk to a Windows VM using PowerShell](../virtual-machines/windows/attach-disk-ps.md). + After the secrets are available and the encryption details are set on the OS disk, to attach the restored managed disks, see [Attach a data disk to a Windows VM using PowerShell](/azure/virtual-machines/windows/attach-disk-ps). * **Managed and encrypted VMs without Microsoft Entra ID (BEK and KEK)** - For managed, encrypted VMs without Microsoft Entra ID (encrypted using BEK & KEK), if source **keyVault/key/secret are not available** restore the key and secrets to key vault using the procedure in [Restore an non-encrypted virtual machine from an Azure Backup recovery point](backup-azure-restore-key-secret.md). Then execute the following scripts to set encryption details on the restored OS disk (this step isn't required for data disks). The $dekurl and $kekurl can be fetched from the restored keyVault. The following section lists steps necessary to create a VM using `VMConfig` file Update-AzDisk -ResourceGroupName "testvault" -DiskName $obj.'properties.StorageProfile'.osDisk.name -DiskUpdate $diskupdateconfig ``` - After the key/secrets are available and the encryption details are set on the OS disk, to attach the restored managed disks, see [Attach a data disk to a Windows VM using PowerShell](../virtual-machines/windows/attach-disk-ps.md). + After the key/secrets are available and the encryption details are set on the OS disk, to attach the restored managed disks, see [Attach a data disk to a Windows VM using PowerShell](/azure/virtual-machines/windows/attach-disk-ps). 5. Set the Network settings. |
backup | Backup Azure Vms Encryption | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-vms-encryption.md | This section describes the supported scenarios for backup and restore of encrypt ### Encryption using platform-managed keys -By default, all the disks in your VMs are automatically encrypted-at-rest using platform-managed keys (PMK) that use [storage service encryption](../storage/common/storage-service-encryption.md). You can back up these VMs using Azure Backup without any specific actions required to support encryption on your end. For more information about encryption with platform-managed keys, [see this article](../virtual-machines/disk-encryption.md#platform-managed-keys). +By default, all the disks in your VMs are automatically encrypted-at-rest using platform-managed keys (PMK) that use [storage service encryption](../storage/common/storage-service-encryption.md). You can back up these VMs using Azure Backup without any specific actions required to support encryption on your end. For more information about encryption with platform-managed keys, [see this article](/azure/virtual-machines/disk-encryption#platform-managed-keys). ![Encrypted disks](./media/backup-encryption/encrypted-disks.png) When you encrypt disks with customer-managed keys (CMK), the key used for encryp You don't need to perform any explicit actions for backup or restore of VMs that use customer-managed keys for encrypting their disks. The backup data for these VMs stored in the vault will be encrypted with the same methods as the [encryption used on the vault](encryption-at-rest-with-cmk.md). -For more information about encryption of managed disks with customer-managed keys, see [this article](../virtual-machines/disk-encryption.md#customer-managed-keys). +For more information about encryption of managed disks with customer-managed keys, see [this article](/azure/virtual-machines/disk-encryption#customer-managed-keys). ### Encryption support using ADE Azure Backup can back up and restore Azure VMs using ADE with and without the Mi **Unmanaged** | Yes | Yes **Managed** | Yes | Yes -- Learn more about [ADE](../virtual-machines/disk-encryption-overview.md), [Key Vault](/azure/key-vault/general/overview), and [KEKs](../virtual-machine-scale-sets/disk-encryption-key-vault.md#set-up-a-key-encryption-key-kek).-- Read the [FAQ](../virtual-machines/disk-encryption-overview.md) for Azure VM disk encryption.+- Learn more about [ADE](/azure/virtual-machines/disk-encryption-overview), [Key Vault](/azure/key-vault/general/overview), and [KEKs](/azure/virtual-machine-scale-sets/disk-encryption-key-vault#set-up-a-key-encryption-key-kek). +- Read the [FAQ](/azure/virtual-machines/disk-encryption-overview) for Azure VM disk encryption. ### Limitations Before you back up or restore encrypted Azure VNs, review the following limitati Before you start, do the following: -1. Make sure you have one or more [Windows](../virtual-machines/linux/disk-encryption-overview.md) or [Linux](../virtual-machines/linux/disk-encryption-overview.md) VMs with ADE enabled. +1. Make sure you have one or more [Windows](/azure/virtual-machines/linux/disk-encryption-overview) or [Linux](/azure/virtual-machines/linux/disk-encryption-overview) VMs with ADE enabled. 2. [Review the support matrix](backup-support-matrix-iaas.md) for Azure VM backup 3. [Create](backup-create-rs-vault.md) a Recovery Services Backup vault if you don't have one. 4. If you enable encryption for VMs that are already enabled for backup, you simply need to provide Backup with permissions to access the Key Vault so that backups can continue without disruption. [Learn more](#provide-permissions) about assigning these permissions. |
backup | Backup Azure Vms Enhanced Policy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-vms-enhanced-policy.md | -This article explains how to use _Enhanced policy_ to configure _Multiple Backups Per Day_ and back up [Trusted Launch VMs](../virtual-machines/trusted-launch.md) with Azure Backup service. +This article explains how to use _Enhanced policy_ to configure _Multiple Backups Per Day_ and back up [Trusted Launch VMs](/azure/virtual-machines/trusted-launch) with Azure Backup service. -Azure Backup now supports _Enhanced policy_ that's needed to support new Azure offerings. For example, [Trusted Launch VM](../virtual-machines/trusted-launch.md) is supported with _Enhanced policy_ only. +Azure Backup now supports _Enhanced policy_ that's needed to support new Azure offerings. For example, [Trusted Launch VM](/azure/virtual-machines/trusted-launch) is supported with _Enhanced policy_ only. >[!Important] >- [Default policy](./backup-during-vm-creation.md#create-a-vm-with-backup-configured) will not support protecting newer Azure offerings, such as [Trusted Launch VM](backup-support-matrix-iaas.md#tvm-backup), [Ultra SSD](backup-support-matrix-iaas.md#vm-storage-support), [Premium SSD v2](backup-support-matrix-iaas.md#vm-storage-support), [Shared disk](backup-support-matrix-iaas.md#vm-storage-support), and Confidential Azure VMs. >- Enhanced policy now supports protecting both Ultra SSD and Premium SSD v2.->- Backups for VMs having [data access authentication enabled disks](../virtual-machines/windows/download-vhd.md?tabs=azure-portal#secure-downloads-and-uploads-with-azure-ad) will fail. +>- Backups for VMs having [data access authentication enabled disks](/azure/virtual-machines/windows/download-vhd?tabs=azure-portal#secure-downloads-and-uploads-with-azure-ad) will fail. >- If you're protecting a VM with an enhanced policy, it incurs additional snapshot costs. [Learn more](backup-instant-restore-capability.md#cost-impact). >- Once you enable a VM backup with Enhanced policy, Azure Backup doesn't allow to change the policy type to *Standard*. >- Azure Backup now supports the migration to enhanced policy for the Azure VM backups using standard policy. [Learn more](backup-azure-vm-migrate-enhanced-policy.md). |
backup | Backup Azure Vms First Look Arm | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-vms-first-look-arm.md | Azure Backup provides independent and isolated backups to guard against unintend To back up Azure VMs, Azure Backup installs an extension on the VM agent running on the machine. If your VM was created from an Azure Marketplace image, the agent will be running. In some cases, for example if you create a custom VM, or you migrate a machine from on-premises, you might need to install the agent manually. -- If you do need to install the VM agent manually, follow the instructions for [Windows](../virtual-machines/extensions/agent-windows.md) or [Linux](../virtual-machines/extensions/agent-linux.md) VMs.+- If you do need to install the VM agent manually, follow the instructions for [Windows](/azure/virtual-machines/extensions/agent-windows) or [Linux](/azure/virtual-machines/extensions/agent-linux) VMs. - After the agent is installed, when you enable backup, Azure Backup installs the backup extension to the agent. It updates and patches the extension without user intervention. ## Back up from Azure VM settings |
backup | Backup Azure Vms Introduction | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-vms-introduction.md | When you back up Azure VMs with Azure Backup, VMs are encrypted at rest with Sto **Encryption** | **Details** | **Support** | | -**SSE** | With SSE, Azure Storage provides encryption at rest by automatically encrypting data before storing it. Azure Storage also decrypts data before retrieving it. Azure Backup supports backups of VMs with two types of Storage Service Encryption:<li> **SSE with platform-managed keys**: This encryption is by default for all disks in your VMs. See more [here](../virtual-machines/disk-encryption.md#platform-managed-keys).<li> **SSE with customer-managed keys**. With CMK, you manage the keys used to encrypt the disks. See more [here](../virtual-machines/disk-encryption.md#customer-managed-keys). | Azure Backup uses SSE for at-rest encryption of Azure VMs. +**SSE** | With SSE, Azure Storage provides encryption at rest by automatically encrypting data before storing it. Azure Storage also decrypts data before retrieving it. Azure Backup supports backups of VMs with two types of Storage Service Encryption:<li> **SSE with platform-managed keys**: This encryption is by default for all disks in your VMs. See more [here](/azure/virtual-machines/disk-encryption#platform-managed-keys).<li> **SSE with customer-managed keys**. With CMK, you manage the keys used to encrypt the disks. See more [here](/azure/virtual-machines/disk-encryption#customer-managed-keys). | Azure Backup uses SSE for at-rest encryption of Azure VMs. **Azure Disk Encryption** | Azure Disk Encryption encrypts both OS and data disks for Azure VMs.<br/><br/> Azure Disk Encryption integrates with BitLocker encryption keys (BEKs), which are safeguarded in a key vault as secrets. Azure Disk Encryption also integrates with Azure Key Vault key encryption keys (KEKs). | Azure Backup supports backup of managed and unmanaged Azure VMs encrypted with BEKs only, or with BEKs together with KEKs.<br/><br/> Both BEKs and KEKs are backed up and encrypted.<br/><br/> Because KEKs and BEKs are backed up, users with the necessary permissions can restore keys and secrets back to the key vault if needed. These users can also recover the encrypted VM.<br/><br/> Encrypted keys and secrets can't be read by unauthorized users or by Azure. For managed and unmanaged Azure VMs, Backup supports both VMs encrypted with BEKs only or VMs encrypted with BEKs together with KEKs. |
backup | Backup Azure Vms Troubleshoot | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-azure-vms-troubleshoot.md | Solution: * Check for possibilities to distribute the load across the VM disks. This will reduce the load on single disks. You can [check the IOPs throttling by enabling diagnostic metrics at storage level](/troubleshoot/azure/virtual-machines/performance-diagnostics#install-and-run-performance-diagnostics-on-your-vm). * Change the backup policy to perform backups during off peak hours, when the load on the VM is at its lowest.-* Upgrade the Azure disks to support higher IOPs. [Learn more here](../virtual-machines/disks-types.md) +* Upgrade the Azure disks to support higher IOPs. [Learn more here](/azure/virtual-machines/disks-types) ### ExtensionFailedVssServiceInBadState - Snapshot operation failed due to VSS (Volume Shadow Copy) service in bad state This will ensure the snapshots are taken through host instead of Guest. Retry th **Step 2:** Try changing the backup schedule to a time when the VM is under less load (like less CPU or IOPS) -**Step 3:** Try [increasing the size of the VM](../virtual-machines/resize-vm.md) and retry the operation +**Step 3:** Try [increasing the size of the VM](/azure/virtual-machines/resize-vm) and retry the operation ### 320001, ResourceNotFound - Could not perform the operation as VM no longer exists / 400094, BCMV2VMNotFound - The virtual machine doesn't exist / An Azure virtual machine wasn't found If after restore, you notice the disks are offline then: * Ensure you are not restoring to the same source, [Learn more](./backup-azure-restore-files-from-vm.md#step-2-ensure-the-machine-meets-the-requirements-before-executing-the-script). ### Folder is missing when a Linux VM is recovered as a new VM-This issue can occur if disks are mounted to a directory using the device name (e.g., /dev/sdc1) instead of UUID. When the VM reboots or when it is recovered as a new VM, the device names are assigned in a random order. To ensure that the right drive is mounted to your directory, always mount drives using UUID obtained from the `blkid` utility. [Learn more](../virtual-machines/linux/attach-disk-portal.yml). +This issue can occur if disks are mounted to a directory using the device name (e.g., /dev/sdc1) instead of UUID. When the VM reboots or when it is recovered as a new VM, the device names are assigned in a random order. To ensure that the right drive is mounted to your directory, always mount drives using UUID obtained from the `blkid` utility. [Learn more](/azure/virtual-machines/linux/attach-disk-portal). ### UserErrorInstantRpNotFound - Restore failed because the Snapshot of the VM was not found Typically, the VM Agent is already present in VMs that are created from the Azur #### Linux VMs - Update the agent -* To update the Linux VM Agent, follow the instructions in the article [Updating the Linux VM Agent](../virtual-machines/extensions/update-linux-agent.md?toc=/azure/virtual-machines/linux/toc.json). +* To update the Linux VM Agent, follow the instructions in the article [Updating the Linux VM Agent](/azure/virtual-machines/extensions/update-linux-agent?toc=/azure/virtual-machines/linux/toc.json). > [!NOTE] > Always use the distribution repository to update the agent. |
backup | Backup During Vm Creation | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-during-vm-creation.md | If you aren't already signed in to your account, sign in to the [Azure portal](h >[!Note] >To create a VM from a non-Marketplace image or swap the OS disk of a VM with a non-Marketplace image, remove the plan information from the VM. This helps in seamless VM restore. -3. Set up the VM in accordance with the [Windows](../virtual-machines/windows/quick-create-portal.md) or [Linux](../virtual-machines/linux/quick-create-portal.md) instructions. +3. Set up the VM in accordance with the [Windows](/azure/virtual-machines/windows/quick-create-portal) or [Linux](/azure/virtual-machines/linux/quick-create-portal) instructions. 4. On the **Management** tab, in **Enable backup**, select **On**. 5. Azure Backup backups to a Recovery Services vault. Select **Create New** if you don't have an existing vault. |
backup | Backup Encryption | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-encryption.md | Azure Backup includes encryption on two levels: | Encryption level | Description | | | | | **Encryption of data in the Recovery Services vault** | - **Using platform-managed keys**: By default, all your data is encrypted using platform-managed keys. You don't need to take any explicit action from your end to enable this encryption. It applies to all workloads being backed-up to your Recovery Services vault. <br><br> - **Using customer-managed keys**: When backing up your Azure Virtual Machines, you can choose to encrypt your data using encryption keys owned and managed by you. Azure Backup lets you use your RSA keys stored in the Azure Key Vault for encrypting your backups. The encryption key used for encrypting backups may be different from the one used for the source. The data is protected using an AES 256 based data encryption key (DEK), which is, in turn, protected using your keys. This gives you full control over the data and the keys. To allow encryption, it's required that you grant the Recovery Services vault access to the encryption key in the Azure Key Vault. You can disable the key or revoke access whenever needed. However, you must enable encryption using your keys before you attempt to protect any items to the vault. [Learn more here](encryption-at-rest-with-cmk.md). <br><br> - **Infrastructure-level encryption**: In addition to encrypting your data in the Recovery Services vault using customer-managed keys, you can also choose to have an additional layer of encryption configured on the storage infrastructure. This infrastructure encryption is managed by the platform. Together with encryption at rest using customer-managed keys, it allows two-layer encryption of your backup data. Infrastructure encryption can only be configured if you first choose to use your own keys for encryption at rest. Infrastructure encryption uses platform-managed keys for encrypting data. |-| **Encryption specific to the workload being backed-up** | - **Azure virtual machine backup**: Azure Backup supports backup of VMs with disks encrypted using [platform-managed keys](../virtual-machines/disk-encryption.md#platform-managed-keys), as well as [customer-managed keys](../virtual-machines/disk-encryption.md#customer-managed-keys) owned and managed by you. In addition, you can also back up your Azure Virtual machines that have their OS or data disks encrypted using [Azure Disk Encryption](backup-azure-vms-encryption.md#encryption-support-using-ade). ADE uses BitLocker for Windows VMs, and DM-Crypt for Linux VMs, to perform in-guest encryption. <br><br> - **TDE - enabled database backup is supported**. To restore a TDE-encrypted database to another SQL Server, you need to first [restore the certificate to the destination server](/sql/relational-databases/security/encryption/move-a-tde-protected-database-to-another-sql-server). The backup compression for TDE-enabled databases for SQL Server 2016 and newer versions is available, but at lower transfer size as explained [here](https://techcommunity.microsoft.com/t5/sql-server/backup-compression-for-tde-enabled-databases-important-fixes-in/ba-p/385593). | +| **Encryption specific to the workload being backed-up** | - **Azure virtual machine backup**: Azure Backup supports backup of VMs with disks encrypted using [platform-managed keys](/azure/virtual-machines/disk-encryption#platform-managed-keys), as well as [customer-managed keys](/azure/virtual-machines/disk-encryption#customer-managed-keys) owned and managed by you. In addition, you can also back up your Azure Virtual machines that have their OS or data disks encrypted using [Azure Disk Encryption](backup-azure-vms-encryption.md#encryption-support-using-ade). ADE uses BitLocker for Windows VMs, and DM-Crypt for Linux VMs, to perform in-guest encryption. <br><br> - **TDE - enabled database backup is supported**. To restore a TDE-encrypted database to another SQL Server, you need to first [restore the certificate to the destination server](/sql/relational-databases/security/encryption/move-a-tde-protected-database-to-another-sql-server). The backup compression for TDE-enabled databases for SQL Server 2016 and newer versions is available, but at lower transfer size as explained [here](https://techcommunity.microsoft.com/t5/sql-server/backup-compression-for-tde-enabled-databases-important-fixes-in/ba-p/385593). | ## Next steps |
backup | Backup Mabs Install Azure Stack | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-mabs-install-azure-stack.md | The Azure Backup Server virtual machine must be joined to a domain. A domain use ## Using an IaaS VM in Azure Stack Hub -When choosing a server for Azure Backup Server, start with a Windows Server 2022 Datacenter or Windows Server 2019 Datacenter gallery image. The article, [Create your first Windows virtual machine in the Azure portal](../virtual-machines/windows/quick-create-portal.md?toc=/azure/virtual-machines/windows/toc.json), provides a tutorial for getting started with the recommended virtual machine. The recommended minimum requirements for the server virtual machine (VM) should be: A2 Standard with two cores and 3.5-GB RAM. Use DPM\MABS [capacity planner](https://www.microsoft.com/download/details.aspx?id=54301) to get the appropriate RAM size and accordingly choose the IaaS VM size. +When choosing a server for Azure Backup Server, start with a Windows Server 2022 Datacenter or Windows Server 2019 Datacenter gallery image. The article, [Create your first Windows virtual machine in the Azure portal](/azure/virtual-machines/windows/quick-create-portal?toc=/azure/virtual-machines/windows/toc.json), provides a tutorial for getting started with the recommended virtual machine. The recommended minimum requirements for the server virtual machine (VM) should be: A2 Standard with two cores and 3.5-GB RAM. Use DPM\MABS [capacity planner](https://www.microsoft.com/download/details.aspx?id=54301) to get the appropriate RAM size and accordingly choose the IaaS VM size. Protecting workloads with Azure Backup Server has many nuances. The [protection matrix for MABS](./backup-mabs-protection-matrix.md) helps explain these nuances. Before deploying the machine, read this article completely. |
backup | Backup Mabs Protection Matrix | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-mabs-protection-matrix.md | The following sections details the protection support matrix for MABS: | **Workload** | **Version** | **Azure Backup Server installation** | **Supported Azure Backup Server** | **Protection and recovery** | | | -- | | - | |-| Linux | Linux running as [Hyper-V](back-up-hyper-v-virtual-machines-mabs.md) or [VMware](backup-azure-backup-server-vmware.md) or [Stack](backup-mabs-install-azure-stack.md) guest | Physical server, On-premises Hyper-V VM, Stack VM or VMware VM running Windows Server. | V4 | Hyper-V must be running on Windows Server 2016, Windows Server 2019, or Windows Server 2022. Protect: Entire virtual machine <br><br> Recover: Entire virtual machine <br><br> Only file-consistent snapshots are supported. <br><br> For a complete list of supported Linux distributions and versions, see the article, [Linux on distributions endorsed by Azure](../virtual-machines/linux/endorsed-distros.md). | +| Linux | Linux running as [Hyper-V](back-up-hyper-v-virtual-machines-mabs.md) or [VMware](backup-azure-backup-server-vmware.md) or [Stack](backup-mabs-install-azure-stack.md) guest | Physical server, On-premises Hyper-V VM, Stack VM or VMware VM running Windows Server. | V4 | Hyper-V must be running on Windows Server 2016, Windows Server 2019, or Windows Server 2022. Protect: Entire virtual machine <br><br> Recover: Entire virtual machine <br><br> Only file-consistent snapshots are supported. <br><br> For a complete list of supported Linux distributions and versions, see the article, [Linux on distributions endorsed by Azure](/azure/virtual-machines/linux/endorsed-distros). | ## Operating systems and applications at end of support |
backup | Backup Managed Disks Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-managed-disks-cli.md | -This article describes how to back up [Azure Managed Disk](../virtual-machines/managed-disks-overview.md) using Azure CLI. +This article describes how to back up [Azure Managed Disk](/azure/virtual-machines/managed-disks-overview) using Azure CLI. > [!IMPORTANT] > Support for Azure Managed Disks backup and restore via CLI is in preview and available as an extension in Az 2.15.0 version and later. The extension is automatically installed when you run the **az dataprotection** commands. [Learn more](/cli/azure/azure-cli-extensions-overview) about extensions. For example, if you select **Every 4 hours**, then the backups are taken at appr >[!IMPORTANT] >The time of the day indicates the backup start time and not the time when the backup completes. -The time required for completing the backup operation depends on various factors including size of the disk, and churn rate between consecutive backups. However, Azure Disk Backup is an agentless backup that uses [incremental snapshots](../virtual-machines/disks-incremental-snapshots.md), which doesn't impact the production application performance. +The time required for completing the backup operation depends on various factors including size of the disk, and churn rate between consecutive backups. However, Azure Disk Backup is an agentless backup that uses [incremental snapshots](/azure/virtual-machines/disks-incremental-snapshots), which doesn't impact the production application performance. >[!NOTE] >Although the selected vault may have the global-redundancy setting, currently, Azure Disk Backup supports snapshot datastore only. All backups are stored in a resource group in your subscription and aren't copied to the Backup vault storage. |
backup | Backup Managed Disks Ps | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-managed-disks-ps.md | -This article explains how to back up [Azure Managed Disk](../virtual-machines/managed-disks-overview.md) using Azure PowerShell. +This article explains how to back up [Azure Managed Disk](/azure/virtual-machines/managed-disks-overview) using Azure PowerShell. In this article, you'll learn how to: SourceDataStoreType : OperationalStore TargetDataStoreCopySetting : ``` -Azure Disk Backup offers multiple backups per day. If you require more frequent backups, choose the **Hourly** backup frequency with the ability to take backups with intervals of every 4, 6, 8 or 12 hours. The backups are scheduled based on the **Time** interval selected. For example, if you select **Every 4 hours**, then the backups are taken at approximately in the interval of every 4 hours so the backups are distributed equally across the day. If a once a day backup is sufficient, then choose the **Daily** backup frequency. In the daily backup frequency, you can specify the time of the day when your backups are taken. It's important to note that the time of the day indicates the backup start time and not the time when the backup completes. The time required for completing the backup operation is dependent on various factors including size of the disk, and churn rate between consecutive backups. However, Azure Disk backup is an agentless backup that uses [incremental snapshots](../virtual-machines/disks-incremental-snapshots.md), which doesn't impact the production application performance. +Azure Disk Backup offers multiple backups per day. If you require more frequent backups, choose the **Hourly** backup frequency with the ability to take backups with intervals of every 4, 6, 8 or 12 hours. The backups are scheduled based on the **Time** interval selected. For example, if you select **Every 4 hours**, then the backups are taken at approximately in the interval of every 4 hours so the backups are distributed equally across the day. If a once a day backup is sufficient, then choose the **Daily** backup frequency. In the daily backup frequency, you can specify the time of the day when your backups are taken. It's important to note that the time of the day indicates the backup start time and not the time when the backup completes. The time required for completing the backup operation is dependent on various factors including size of the disk, and churn rate between consecutive backups. However, Azure Disk backup is an agentless backup that uses [incremental snapshots](/azure/virtual-machines/disks-incremental-snapshots), which doesn't impact the production application performance. >[!NOTE] >- Although the selected vault may have the global-redundancy setting, currently Azure Disk Backup supports snapshot datastore only. All backups are stored in a resource group in your subscription and aren't copied to backup vault storage. |
backup | Backup Managed Disks | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-managed-disks.md | -This article explains how to back up [Azure Managed Disk](../virtual-machines/managed-disks-overview.md) from the Azure portal. +This article explains how to back up [Azure Managed Disk](/azure/virtual-machines/managed-disks-overview) from the Azure portal. In this article, you'll learn how to: A Backup vault is a storage entity in Azure that holds backup data for various n ![Select backup schedule frequency](./media/backup-managed-disks/backup-schedule-frequency.png) - Azure Disk Backup offers multiple backups per day. If you require more frequent backups, choose the **Hourly** backup frequency with the ability to take backups with intervals of every *1*, *2*, *4*, *6*, *8*, or *12* hours. The backups are scheduled based on the **Time** interval selected. For example, if you select **Every 4 hours**, then the backups are taken at approximately in the interval of every 4 hours so the backups are distributed equally across the day. If a once a day backup is sufficient, then choose the **Daily** backup frequency. In the daily backup frequency, you can specify the time of the day when your backups are taken. It's important to note that the time of the day indicates the backup start time and not the time when the backup completes. The time required for completing the backup operation is dependent on various factors including size of the disk, and churn rate between consecutive backups. However, Azure Disk backup is an agentless backup that uses [incremental snapshots](../virtual-machines/disks-incremental-snapshots.md), which doesn't impact the production application performance. + Azure Disk Backup offers multiple backups per day. If you require more frequent backups, choose the **Hourly** backup frequency with the ability to take backups with intervals of every *1*, *2*, *4*, *6*, *8*, or *12* hours. The backups are scheduled based on the **Time** interval selected. For example, if you select **Every 4 hours**, then the backups are taken at approximately in the interval of every 4 hours so the backups are distributed equally across the day. If a once a day backup is sufficient, then choose the **Daily** backup frequency. In the daily backup frequency, you can specify the time of the day when your backups are taken. It's important to note that the time of the day indicates the backup start time and not the time when the backup completes. The time required for completing the backup operation is dependent on various factors including size of the disk, and churn rate between consecutive backups. However, Azure Disk backup is an agentless backup that uses [incremental snapshots](/azure/virtual-machines/disks-incremental-snapshots), which doesn't impact the production application performance. 1. In the **Backup policy** tab, select retention settings that meet the recovery point objective (RPO) requirement. A Backup vault is a storage entity in Azure that holds backup data for various n ![Retention settings](./media/backup-managed-disks/retention-settings.png) >[!NOTE]- >Azure Backup for Managed Disks uses incremental snapshots which are limited to 500 snapshots per disk. At a point in time you can have 500 snapshots for a disk. Thus, to prevent backup failure the retention duration is limited by the snapshot limit. To allow you to take on-demand backups aside from scheduled backups, backup policy limits the total backups to 450. Learn more about [incremental snapshots](../virtual-machines/disks-incremental-snapshots.md#restrictions) for managed disk. + >Azure Backup for Managed Disks uses incremental snapshots which are limited to 500 snapshots per disk. At a point in time you can have 500 snapshots for a disk. Thus, to prevent backup failure the retention duration is limited by the snapshot limit. To allow you to take on-demand backups aside from scheduled backups, backup policy limits the total backups to 450. Learn more about [incremental snapshots](/azure/virtual-machines/disks-incremental-snapshots#restrictions) for managed disk. You can either set a maximum retention limit of 1 year or 450 disk snapshots, whichever reaches first. For example, if you have opted for a backup frequency of 12 hours, then you can retain each recovery point for maximum 225 days as the snapshot limit will be breached beyond that. To configure disk backup, follow these steps: >[!Note] >- Ensure that both the backup vault and the disk to be backed up are in same location.- >- Azure Backup uses [_incremental snapshots_](../virtual-machines/disks-incremental-snapshots.md#restrictions) of managed disks, which store only the delta changes to the disk as the last snapshot on Standard HDD storage, regardless of the storage type of the parent disk. For additional reliability, incremental snapshots are stored on Zone Redundant Storage (ZRS) by default in the ZRS supported regions. Currently, Azure Disk Backup supports operational backup of managed disks that doesn't copy backups to the Backup vault storage. So, the backup storage redundancy setting of the Backup vault doesnΓÇÖt apply to the recovery points. + >- Azure Backup uses [_incremental snapshots_](/azure/virtual-machines/disks-incremental-snapshots#restrictions) of managed disks, which store only the delta changes to the disk as the last snapshot on Standard HDD storage, regardless of the storage type of the parent disk. For additional reliability, incremental snapshots are stored on Zone Redundant Storage (ZRS) by default in the ZRS supported regions. Currently, Azure Disk Backup supports operational backup of managed disks that doesn't copy backups to the Backup vault storage. So, the backup storage redundancy setting of the Backup vault doesnΓÇÖt apply to the recovery points. :::image type="content" source="./media/backup-managed-disks/select-backup-vault-inline.png" alt-text="Screenshot showing the process to select a Backup vault." lightbox="./media/backup-managed-disks/select-backup-vault-expanded.png"::: To configure disk backup, follow these steps: - You can use this resource group for storing snapshots across multiple disks that are being (or planned to be) backed up. - - You can't create an incremental snapshot for a particular disk outside of that disk's subscription. So, choose the resource group within the same subscription where the disk needs to be backed up. [Learn more](../virtual-machines/disks-incremental-snapshots.md#restrictions) about incremental snapshot for managed disks. + - You can't create an incremental snapshot for a particular disk outside of that disk's subscription. So, choose the resource group within the same subscription where the disk needs to be backed up. [Learn more](/azure/virtual-machines/disks-incremental-snapshots#restrictions) about incremental snapshot for managed disks. - Once you configure the backup of a disk, you canΓÇÖt change the Snapshot Resource Group thatΓÇÖs assigned to a backup instance. |
backup | Backup Release Notes Archived | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-release-notes-archived.md | This article lists all the past releases of features and improvements from Azure ## Azure Disk Backup (in preview) -Azure Disk Backup offers a turnkey solution that provides snapshot lifecycle management for [Azure Managed Disks](../virtual-machines/managed-disks-overview.md) by automating periodic creation of snapshots and retaining it for a configured duration using backup policy. You can manage the disk snapshots with zero infrastructure cost and without the need for custom scripting or any management overhead. This is a crash-consistent backup solution that takes point-in-time backup of a managed disk using [incremental snapshots](../virtual-machines/disks-incremental-snapshots.md) with support for multiple backups per day. It's also an agent-less solution and doesn't impact production application performance. It supports backup and restore of both OS and data disks (including shared disks), whether or not they're currently attached to a running Azure virtual machine. +Azure Disk Backup offers a turnkey solution that provides snapshot lifecycle management for [Azure Managed Disks](/azure/virtual-machines/managed-disks-overview) by automating periodic creation of snapshots and retaining it for a configured duration using backup policy. You can manage the disk snapshots with zero infrastructure cost and without the need for custom scripting or any management overhead. This is a crash-consistent backup solution that takes point-in-time backup of a managed disk using [incremental snapshots](/azure/virtual-machines/disks-incremental-snapshots) with support for multiple backups per day. It's also an agent-less solution and doesn't impact production application performance. It supports backup and restore of both OS and data disks (including shared disks), whether or not they're currently attached to a running Azure virtual machine. For more information, see [Azure Disk Backup (in preview)](disk-backup-overview.md). |
backup | Backup Sql Server Azure Troubleshoot | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-sql-server-azure-troubleshoot.md | If you'd like to trigger a restore on the healthy SQL instances, do the followin | Error message | Possible causes | Recommended actions | ||||-| Azure Backup service uses Azure VM guest agent for doing backup but guest agent is not available on the target server. | The guest agent isn't enabled or is unhealthy. | [Install the VM guest agent](../virtual-machines/extensions/agent-windows.md) manually. | +| Azure Backup service uses Azure VM guest agent for doing backup but guest agent is not available on the target server. | The guest agent isn't enabled or is unhealthy. | [Install the VM guest agent](/azure/virtual-machines/extensions/agent-windows) manually. | ### AutoProtectionCancelledOrNotValid |
backup | Backup Sql Server Database Azure Vms | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-sql-server-database-azure-vms.md | Before you back up a SQL Server database, check the following criteria: 1. Identify or create a [Recovery Services vault](backup-sql-server-database-azure-vms.md#create-a-recovery-services-vault) in the same region and subscription as the VM hosting the SQL Server instance. 1. Verify that the VM has [network connectivity](backup-sql-server-database-azure-vms.md#establish-network-connectivity).-1. Make sure that the [Azure Virtual Machine Agent](../virtual-machines/extensions/agent-windows.md) is installed on the VM. +1. Make sure that the [Azure Virtual Machine Agent](/azure/virtual-machines/extensions/agent-windows) is installed on the VM. 1. Make sure that .NET 4.5.2 version or above is installed on the VM. 1. Make sure that the SQL Server databases follow the [database naming guidelines for Azure Backup](#database-naming-guidelines-for-azure-backup). 1. Ensure that the combined length of the SQL Server VM name and the resource group name doesn't exceed 84 characters for Azure Resource Manager VMs (or 77 characters for classic VMs). This limitation is because some characters are reserved by the service. |
backup | Backup Support Matrix Iaas | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/backup-support-matrix-iaas.md | Here's how you can back up and restore Azure VMs by using the Azure Backup servi **Scenario** | **Backup** | **Agent** |**Restore** | | | -Direct backup of Azure VMs | Back up the entire VM. | For application or file-system consistent backups, no additional agent is needed on the Azure VM. Azure Backup installs and uses an extension to the [Azure VM agent](../virtual-machines/extensions/agent-windows.md) that's running on the VM. <br><br> You can also use agentless crash-consistent backups. [Learn more](backup-azure-vms-agentless-multi-disk-crash-consistent-overview.md). | Restore as follows:<br/><br/> - **Create a basic VM**. This is useful if the VM has no special configuration, such as multiple IP addresses.<br/><br/> - **Restore the VM disk**. Restore the disk. Then attach it to an existing VM, or create a new VM from the disk by using PowerShell.<br/><br/> - **Replace the VM disk**. If a VM exists and it uses managed disks (unencrypted), you can restore a disk and use it to replace an existing disk on the VM.<br/><br/> - **Restore specific files or folders**. You can restore files or folders from a VM instead of restoring the entire VM. +Direct backup of Azure VMs | Back up the entire VM. | For application or file-system consistent backups, no additional agent is needed on the Azure VM. Azure Backup installs and uses an extension to the [Azure VM agent](/azure/virtual-machines/extensions/agent-windows) that's running on the VM. <br><br> You can also use agentless crash-consistent backups. [Learn more](backup-azure-vms-agentless-multi-disk-crash-consistent-overview.md). | Restore as follows:<br/><br/> - **Create a basic VM**. This is useful if the VM has no special configuration, such as multiple IP addresses.<br/><br/> - **Restore the VM disk**. Restore the disk. Then attach it to an existing VM, or create a new VM from the disk by using PowerShell.<br/><br/> - **Replace the VM disk**. If a VM exists and it uses managed disks (unencrypted), you can restore a disk and use it to replace an existing disk on the VM.<br/><br/> - **Restore specific files or folders**. You can restore files or folders from a VM instead of restoring the entire VM. Direct backup of Azure VMs (Windows only) | Back up specific files, folders, or volumes. | Install the [Azure Recovery Services agent](backup-azure-file-folder-backup-faq.yml).<br/><br/> You can run the MARS agent alongside the backup extension for the Azure VM agent to back up the VM at the file or folder level. | Restore specific files or folders. Backup of Azure VMs to the backup server | Back up files, folders, or volumes; system state or bare metal files; and app data to System Center DPM or to Microsoft Azure Backup Server (MABS).<br/><br/> DPM or MABS then backs up to the backup vault. | Install the DPM or MABS protection agent on the VM. The MARS agent is installed on DPM or MABS.| Restore files, folders, or volumes; system state or bare metal files; and app data. Backup Linux Azure VMs with ZFS Pool Configuration | Not supported ## Operating system support (Linux) -For Linux VM backups using the Linux Azure VM agent, Azure Backup supports the list of [Linux distributions endorsed by Azure](../virtual-machines/linux/endorsed-distros.md). Note the following: +For Linux VM backups using the Linux Azure VM agent, Azure Backup supports the list of [Linux distributions endorsed by Azure](/azure/virtual-machines/linux/endorsed-distros). Note the following: - Agent-based VM backup doesn't support CoreOS Linux. - Agent-based VM backup doesn't support 32-bit operating systems.-- Other bring-your-own Linux distributions might work as long as the [Azure VM agent for Linux](../virtual-machines/extensions/agent-linux.md) is available on the VM, and as long as Python is supported.+- Other bring-your-own Linux distributions might work as long as the [Azure VM agent for Linux](/azure/virtual-machines/extensions/agent-linux) is available on the VM, and as long as Python is supported. - Agent-based VM backup doesn't support a proxy-configured Linux VM if it doesn't have Python version 2.7 or later installed. - [Agentless crash-consistent backups](backup-azure-vms-agentless-multi-disk-crash-consistent-overview.md) are operating system agnostic and can be used to back up VMs whose operating system isn't supported for agent-based backups. - Azure Backup doesn't support backing up Network File System (NFS) files that are mounted from storage, or from any other NFS server, to Linux or Windows machines. It backs up only disks that are locally attached to the VM. Azure Backup provides the following support for customers to author their own pr |Supported database |OS version |Database version | ||||-|Oracle in Azure VMs | [Oracle Linux](../virtual-machines/linux/endorsed-distros.md) | Oracle 12.x or later | +|Oracle in Azure VMs | [Oracle Linux](/azure/virtual-machines/linux/endorsed-distros) | Oracle 12.x or later | Recovery points on DPM or MABS disk | 64 for file servers, and 448 for app serve | **Create a new VM** | This option quickly creates and gets a basic VM up and running from a restore point.<br/><br/> You can specify a name for the VM, select the resource group and virtual network in which it will be placed, and specify a storage account for the restored VM. The new VM must be created in the same region as the source VM. **Restore disk** | This option restores a VM disk, which can you can then use to create a new VM.<br/><br/> Azure Backup provides a template to help you customize and create a VM. <br/><br> The restore job generates a template that you can download and use to specify custom VM settings and create a VM.<br/><br/> The disks are copied to the resource group that you specify.<br/><br/> Alternatively, you can attach the disk to an existing VM, or create a new VM by using PowerShell.<br/><br/> This option is useful if you want to customize the VM, add configuration settings that weren't there at the time of backup, or add settings that must be configured via the template or PowerShell.-**Replace existing** | You can restore a disk and use it to replace a disk on the existing VM.<br/><br/> The current VM must exist. If it has been deleted, you can't use this option.<br/><br/> Azure Backup takes a snapshot of the existing VM before replacing the disk, and it stores the snapshot in the staging location that you specify. Existing disks connected to the VM are replaced with the selected restore point.<br/><br/> The snapshot is copied to the vault and retained in accordance with the retention policy. <br/><br/> After the replace-disk operation, the original disk is retained in the resource group. You can choose to manually delete the original disks if they aren't needed. <br/><br/>This option is supported for unencrypted managed VMs and for VMs [created from custom images](https://azure.microsoft.com/resources/videos/create-a-custom-virtual-machine-image-in-azure-resource-manager-with-powershell/). It's not supported for unmanaged disks and VMs, classic VMs, and [generalized VMs](../virtual-machines/capture-image-resource.yml).<br/><br/> If the restore point has more or fewer disks than the current VM, the number of disks in the restore point will only reflect the VM configuration.<br><br> This option is also supported for VMs with linked resources, like [user-assigned managed identity](../active-directory/managed-identities-azure-resources/overview.md) and [Azure Key Vault](/azure/key-vault/general/overview). +**Replace existing** | You can restore a disk and use it to replace a disk on the existing VM.<br/><br/> The current VM must exist. If it has been deleted, you can't use this option.<br/><br/> Azure Backup takes a snapshot of the existing VM before replacing the disk, and it stores the snapshot in the staging location that you specify. Existing disks connected to the VM are replaced with the selected restore point.<br/><br/> The snapshot is copied to the vault and retained in accordance with the retention policy. <br/><br/> After the replace-disk operation, the original disk is retained in the resource group. You can choose to manually delete the original disks if they aren't needed. <br/><br/>This option is supported for unencrypted managed VMs and for VMs [created from custom images](https://azure.microsoft.com/resources/videos/create-a-custom-virtual-machine-image-in-azure-resource-manager-with-powershell/). It's not supported for unmanaged disks and VMs, classic VMs, and [generalized VMs](/azure/virtual-machines/capture-image-resource).<br/><br/> If the restore point has more or fewer disks than the current VM, the number of disks in the restore point will only reflect the VM configuration.<br><br> This option is also supported for VMs with linked resources, like [user-assigned managed identity](../active-directory/managed-identities-azure-resources/overview.md) and [Azure Key Vault](/azure/key-vault/general/overview). **Cross Region (secondary region)** | You can use cross-region restore to restore Azure VMs in the secondary region, which is an [Azure paired region](../availability-zones/cross-region-replication-azure.md).<br><br> You can restore all the Azure VMs for the selected recovery point if the backup is done in the secondary region.<br><br> This feature is available for the following options:<br> - [Create a VM](./backup-azure-arm-restore-vms.md#create-a-vm) <br> - [Restore disks](./backup-azure-arm-restore-vms.md#restore-disks) <br><br> We don't currently support the [Replace existing disks](./backup-azure-arm-restore-vms.md#replace-existing-disks) option.<br><br> Backup admins and app admins have permissions to perform the restore operation on a secondary region. **Cross Subscription** | Allowed only if the [Cross Subscription Restore property](backup-azure-arm-restore-vms.md#cross-subscription-restore-for-azure-vm) is enabled for your Recovery Services vault. <br><br> You can restore Azure Virtual Machines or disks to a different subscription within the same tenant as the source subscription (as per the Azure RBAC capabilities) from restore points. <br><br> This feature is available for the following options:<br> - [Create a VM](./backup-azure-arm-restore-vms.md#create-a-vm) <br> - [Restore disks](./backup-azure-arm-restore-vms.md#restore-disks) <br><br> Cross Subscription Restore is unsupported for: <br> - [Snapshots](backup-azure-vms-introduction.md#snapshot-creation) tier recovery points. It's also unsupported for [unmanaged VMs](backup-azure-arm-restore-vms.md#restoring-unmanaged-vms-and-disks-as-managed) and [VMs with disks having Azure Encryptions (ADE)](backup-azure-vms-encryption.md#encryption-support-using-ade). <br> - [VMs with CMK encrypted disks](backup-azure-vms-encryption.md). **Cross Zonal Restore** | You can use cross-zonal restore to restore Azure zone-pinned VMs in available zones. You can restore Azure VMs or disks to different zones (one of the Azure RBAC capabilities) from restore points. Note that when you select a zone to restore, it selects the [logical zone](../reliability/availability-zones-overview.md#zonal-and-zone-redundant-services) (and not the physical zone) as per the Azure subscription you will use to restore to. <br><br> This feature is available for the following options:<br> - [Create a VM](./backup-azure-arm-restore-vms.md#create-a-vm) <br> - [Restore disks](./backup-azure-arm-restore-vms.md#restore-disks) <br><br> Cross-zonal restore is unsupported for [snapshots](backup-azure-vms-introduction.md#snapshot-creation) of restore points. It's also unsupported for [encrypted Azure VMs](backup-azure-vms-introduction.md#encryption-of-azure-vm-backups). Restore a VM in a different virtual network |Supported.<br/><br/> The virtual ne **Compute** | **Support** | -Back up VMs of a certain size |You can back up any Azure VM that has at least two CPU cores and 1 GB of RAM.<br/><br/> [Learn more](../virtual-machines/sizes.md). -Back up VMs in [availability sets](../virtual-machines/availability.md#availability-sets) | Supported.<br/><br/> You can't restore a VM in an availability set by using the option to quickly create a VM. Instead, when you restore the VM, restore the disk and use it to deploy a VM, or restore a disk and use it to replace an existing disk. -Back up VMs that are deployed with [Azure Hybrid Benefit](../virtual-machines/windows/hybrid-use-benefit-licensing.md) | Supported. +Back up VMs of a certain size |You can back up any Azure VM that has at least two CPU cores and 1 GB of RAM.<br/><br/> [Learn more](/azure/virtual-machines/sizes). +Back up VMs in [availability sets](/azure/virtual-machines/availability#availability-sets) | Supported.<br/><br/> You can't restore a VM in an availability set by using the option to quickly create a VM. Instead, when you restore the VM, restore the disk and use it to deploy a VM, or restore a disk and use it to replace an existing disk. +Back up VMs that are deployed with [Azure Hybrid Benefit](/azure/virtual-machines/windows/hybrid-use-benefit-licensing) | Supported. Back up VMs that are deployed from [Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps?filters=virtual-machine-images) (published by Microsoft or a third party) |Supported.<br/><br/> The VMs must be running a supported operating system.<br/><br/> When you're recovering files on the VM, you can restore only to a compatible OS (not an earlier or later OS). We don't restore Azure Marketplace VMs backed as VMs, because these need purchase information. They're restored only as disks. Back up VMs that are deployed from a custom image (third-party) |Supported.<br/><br/> The VMs must be running a supported operating system.<br/><br/> When you're recovering files on VMs, you can restore only to a compatible OS (not an earlier or later OS). Back up VMs that are migrated to Azure| Supported.<br/><br/> To back up a VM, make sure that the VM agent is installed on the migrated machine. Back up a VM with [diagnostic settings](../azure-monitor/essentials/platform-log Restore zone-pinned VMs | Supported (where [availability zones](https://azure.microsoft.com/global-infrastructure/availability-zones/) are available).<br/><br/>Azure Backup now supports [restoring Azure VMs to a any availability zones](backup-azure-arm-restore-vms.md#restore-options) other than the zone that's pinned in VMs. This support enables you to restore VMs when the primary zone is unavailable. Back up Gen2 VMs | Supported. <br><br/> Azure Backup supports backup and restore of [Gen2 VMs](https://azure.microsoft.com/updates/generation-2-virtual-machines-in-azure-public-preview/). When these VMs are restored from a recovery point, they're restored as [Gen2 VMs](https://azure.microsoft.com/updates/generation-2-virtual-machines-in-azure-public-preview/). Back up Azure VMs with locks | Supported for managed VMs. <br><br> Not supported for unmanaged VMs.-[Restore spot VMs](../virtual-machines/spot-vms.md) | Not supported. <br><br/> Azure Backup restores spot VMs as regular Azure VMs. -[Restore VMs in an Azure dedicated host](../virtual-machines/dedicated-hosts.md) | Supported.<br></br>When you're restoring an Azure VM through the [Create new](backup-azure-arm-restore-vms.md#create-a-vm) option, the VM can't be restored in the dedicated host, even when the restore is successful. To achieve this, we recommend that you [restore as disks](backup-azure-arm-restore-vms.md#restore-disks). While you're restoring as disks by using the template, create a VM in a dedicated host, and then attach the disks.<br></br>This is not applicable in a secondary region while you're performing [cross-region restore](backup-azure-arm-restore-vms.md#cross-region-restore). +[Restore spot VMs](/azure/virtual-machines/spot-vms) | Not supported. <br><br/> Azure Backup restores spot VMs as regular Azure VMs. +[Restore VMs in an Azure dedicated host](/azure/virtual-machines/dedicated-hosts) | Supported.<br></br>When you're restoring an Azure VM through the [Create new](backup-azure-arm-restore-vms.md#create-a-vm) option, the VM can't be restored in the dedicated host, even when the restore is successful. To achieve this, we recommend that you [restore as disks](backup-azure-arm-restore-vms.md#restore-disks). While you're restoring as disks by using the template, create a VM in a dedicated host, and then attach the disks.<br></br>This is not applicable in a secondary region while you're performing [cross-region restore](backup-azure-arm-restore-vms.md#cross-region-restore). Configure standalone Azure VMs in Windows Storage Spaces | Not supported.-[Restore Virtual Machine Scale Sets](../virtual-machine-scale-sets/virtual-machine-scale-sets-orchestration-modes.md#scale-sets-with-flexible-orchestration) | Supported for the flexible orchestration model to back up and restore a single Azure VM. +[Restore Virtual Machine Scale Sets](/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-orchestration-modes#scale-sets-with-flexible-orchestration) | Supported for the flexible orchestration model to back up and restore a single Azure VM. Restore with managed identities | Supported for managed Azure VMs. <br><br> Not supported for classic and unmanaged Azure VMs. <br><br> Cross-region restore isn't supported with managed identities. <br><br> Currently, this is available in all Azure public and national cloud regions. <br><br> [Learn more](backup-azure-arm-restore-vms.md#restore-vms-with-managed-identities).-<a name="tvm-backup">Back up trusted launch VMs</a> | Backup is supported. <br><br> Backup of trusted launch VMs is supported through [Enhanced policy](backup-azure-vms-enhanced-policy.md). You can enable backup through a [Recovery Services vault](./backup-azure-arm-vms-prepare.md), the [pane for managing a VM](./backup-during-vm-creation.md#start-a-backup-after-creating-the-vm), and the [pane for creating a VM](backup-during-vm-creation.md#create-a-vm-with-backup-configured). <br><br> **Feature details** <br><br> - Backup is supported in all regions where trusted launch VMs are available. <br><br> - Configuration of backups, alerts, and monitoring for trusted launch VMs is supported through the backup center. <br><br> - Migration of an existing [Gen2 VM](../virtual-machines/generation-2.md) (protected with Azure Backup) to a trusted launch VM is currently not supported. [Learn how to create a trusted launch VM](../virtual-machines/trusted-launch-portal.md?tabs=portal#deploy-a-trusted-launch-vm). <br><br> - Item-level restore is supported for the scenarios mentioned [here](backup-support-matrix-iaas.md#support-for-file-level-restore). <br><br> Note that if the trusted launch VM was created by converting a Standard VM, ensure that you remove all the recovery points created using Standard policy before enabling the backup operation for the VM. +<a name="tvm-backup">Back up trusted launch VMs</a> | Backup is supported. <br><br> Backup of trusted launch VMs is supported through [Enhanced policy](backup-azure-vms-enhanced-policy.md). You can enable backup through a [Recovery Services vault](./backup-azure-arm-vms-prepare.md), the [pane for managing a VM](./backup-during-vm-creation.md#start-a-backup-after-creating-the-vm), and the [pane for creating a VM](backup-during-vm-creation.md#create-a-vm-with-backup-configured). <br><br> **Feature details** <br><br> - Backup is supported in all regions where trusted launch VMs are available. <br><br> - Configuration of backups, alerts, and monitoring for trusted launch VMs is supported through the backup center. <br><br> - Migration of an existing [Gen2 VM](/azure/virtual-machines/generation-2) (protected with Azure Backup) to a trusted launch VM is currently not supported. [Learn how to create a trusted launch VM](/azure/virtual-machines/trusted-launch-portal?tabs=portal#deploy-a-trusted-launch-vm). <br><br> - Item-level restore is supported for the scenarios mentioned [here](backup-support-matrix-iaas.md#support-for-file-level-restore). <br><br> Note that if the trusted launch VM was created by converting a Standard VM, ensure that you remove all the recovery points created using Standard policy before enabling the backup operation for the VM. [Back up confidential VMs](../confidential-computing/confidential-vm-overview.md) | Unsupported. <br><br> Note that the following limited preview support scenarios are discontinued and currently not available: <br><br> - Backup of Confidential VMs with no confidential disk encryption. <br> - Backup of Confidential VMs with confidential OS disk encryption through a platform-managed key (PMK). Backup of VMs with SSE and CMK encryption using HSM | Supported. <br><br> You must assign the permissions get, wrap, and uwrap key to the Key Vault to User-assgined managed identity. Backup of VMs with SSE and CMK encryption using HSM | Supported. <br><br> You mu | Azure VM data disks | Support for backup of Azure VMs is up to 32 disks.<br><br> Support for backup of Azure VMs with unmanaged disks or classic VMs is up to 16 disks only. Data disk size | Individual disk size can be up to 32 TB and a maximum of 256 TB combined for all disks in a VM.-Storage type | Standard HDD, Standard SSD, Premium SSD. <br><br> Backup and restore of [zone-redundant storage disks](../virtual-machines/disks-redundancy.md#zone-redundant-storage-for-managed-disks) is supported. +Storage type | Standard HDD, Standard SSD, Premium SSD. <br><br> Backup and restore of [zone-redundant storage disks](/azure/virtual-machines/disks-redundancy#zone-redundant-storage-for-managed-disks) is supported. Managed disks | Supported. Encrypted disks | Supported.<br/><br/> Azure VMs enabled with Azure Disk Encryption can be backed up (with or without the Microsoft Entra app).<br/><br/> Encrypted VMs can't be recovered at the file or folder level. You must recover the entire VM.<br/><br/> You can enable encryption on VMs that Azure Backup is already protecting. <br><br> You can back up and restore disks encrypted via platform-managed keys or customer-managed keys. You can also assign a disk-encryption set while restoring in the same region. That is, providing a disk-encryption set while performing cross-region restore is currently not supported. However, you can assign the disk-encryption set to the restored disk after the restore is complete. Disks with a write accelerator enabled | Azure VMs with disk backup for a write accelerator became available in all Azure public regions on May 18, 2022. If disk backup for a write accelerator is not required as part of VM backup, you can choose to remove it by using the [selective disk feature](selective-disk-backup-restore.md). <br><br>**Important** <br> Virtual machines with write accelerator disks need internet connectivity for a successful backup, even though those disks are excluded from the backup. Backup and restore of deduplicated VMs or disks | Azure Backup doesn't support d Adding a disk to a protected VM | Supported. Resizing a disk on a protected VM | Supported. Shared storage| Backing up VMs by using Cluster Shared Volumes (CSV) or Scale-Out File Server isn't supported. CSV writers are likely to fail during backup. On restore, disks that contain CSV volumes might not come up.-[Shared disks](../virtual-machines/disks-shared-enable.md) | Not supported. <br><br> - You can exclude shared disk with Enhanced policy and backup the other supported disks in the VM. <br><br> - You can use S2D to create a shared disk or standalone volumes by combining capacities from disks in different VMs. Azure Backup doesn't support backup of a shared volume (between VMs for database cluster or cluster Configuration) created using S2D. -<a name="ultra-disk-backup">Ultra disks</a> | Supported with [Enhanced policy](backup-azure-vms-enhanced-policy.md). <br><br> [Supported regions](../virtual-machines/disks-types.md#ultra-disk-limitations). <br><br> - Configuration of Ultra disk protection is supported via Recovery Services vault and via virtual machine blade. <br><br> - Cross-region restore is currently not supported for machines using Ultra disks. <br><br> - GRS type vaults cannot be used for enabling backup. <br><br> - File-level restore is currently not supported for machines using Ultra disks. -<a name="premium-ssd-v2-backup">Premium SSD v2</a> | Supported with [Enhanced policy](backup-azure-vms-enhanced-policy.md). <br><br> [Supported regions](../virtual-machines/disks-types.md#regional-availability). <br><br> - Configuration of Premium SSD v2 disk protection is supported via Recovery Services vault and via virtual machine blade. <br><br> - Cross-region restore is currently not supported for machines using Premium v2 disks and GRS type vaults cannot be used for enabling backup. <br><br> - File-level restore is currently not supported for machines using Premium SSD v2 disks. -[Temporary disks](../virtual-machines/managed-disks-overview.md#temporary-disk) | Azure Backup doesn't back up temporary disks. -NVMe/[ephemeral disks](../virtual-machines/ephemeral-os-disks.md) | Not supported. +[Shared disks](/azure/virtual-machines/disks-shared-enable) | Not supported. <br><br> - You can exclude shared disk with Enhanced policy and backup the other supported disks in the VM. <br><br> - You can use S2D to create a shared disk or standalone volumes by combining capacities from disks in different VMs. Azure Backup doesn't support backup of a shared volume (between VMs for database cluster or cluster Configuration) created using S2D. +<a name="ultra-disk-backup">Ultra disks</a> | Supported with [Enhanced policy](backup-azure-vms-enhanced-policy.md). <br><br> [Supported regions](/azure/virtual-machines/disks-types#ultra-disk-limitations). <br><br> - Configuration of Ultra disk protection is supported via Recovery Services vault and via virtual machine blade. <br><br> - Cross-region restore is currently not supported for machines using Ultra disks. <br><br> - GRS type vaults cannot be used for enabling backup. <br><br> - File-level restore is currently not supported for machines using Ultra disks. +<a name="premium-ssd-v2-backup">Premium SSD v2</a> | Supported with [Enhanced policy](backup-azure-vms-enhanced-policy.md). <br><br> [Supported regions](/azure/virtual-machines/disks-types#regional-availability). <br><br> - Configuration of Premium SSD v2 disk protection is supported via Recovery Services vault and via virtual machine blade. <br><br> - Cross-region restore is currently not supported for machines using Premium v2 disks and GRS type vaults cannot be used for enabling backup. <br><br> - File-level restore is currently not supported for machines using Premium SSD v2 disks. +[Temporary disks](/azure/virtual-machines/managed-disks-overview#temporary-disk) | Azure Backup doesn't back up temporary disks. +NVMe/[ephemeral disks](/azure/virtual-machines/ephemeral-os-disks) | Not supported. [Resilient File System (ReFS)](/windows-server/storage/refs/refs-overview) restore | Supported. Volume Shadow Copy Service (VSS) supports app-consistent backups on ReFS. Dynamic disk with spanned or striped volumes | Supported, unless you enable the selective disk feature on an Azure VM. VMs with encryption at host | Supported Disks with enabled Data Access with Microsoft Entra authentication for disk upload/download | Not Supported Storage Replicas | Not supported-[Performance-plus disks](../virtual-machines/disks-enable-performance.md) | Recovering from snapshot tier (instant restore) will recover disks as performance-plus disks. Recovering from vault does not respect the performance-plus flag and will restore disks as normal disks. +[Performance-plus disks](/azure/virtual-machines/disks-enable-performance) | Recovering from snapshot tier (instant restore) will recover disks as performance-plus disks. Recovering from vault does not respect the performance-plus flag and will restore disks as normal disks. ## VM network support |
backup | Disk Backup Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/disk-backup-overview.md | -Azure Disk Backup offers a turnkey solution that provides snapshot lifecycle management for managed disks by automating periodic creation of snapshots and retaining it for configured duration using backup policy. You can manage the disk snapshots with zero infrastructure cost and without the need for custom scripting or any management overhead. This is a crash-consistent backup solution that takes point-in-time backup of a managed disk using [incremental snapshots](../virtual-machines/disks-incremental-snapshots.md) with support for multiple backups per day. It's also an agent-less solution and doesn't impact production application performance. It supports backup and restore of both OS and data disks (including shared disks), whether or not they're currently attached to a running Azure virtual machine. +Azure Disk Backup offers a turnkey solution that provides snapshot lifecycle management for managed disks by automating periodic creation of snapshots and retaining it for configured duration using backup policy. You can manage the disk snapshots with zero infrastructure cost and without the need for custom scripting or any management overhead. This is a crash-consistent backup solution that takes point-in-time backup of a managed disk using [incremental snapshots](/azure/virtual-machines/disks-incremental-snapshots) with support for multiple backups per day. It's also an agent-less solution and doesn't impact production application performance. It supports backup and restore of both OS and data disks (including shared disks), whether or not they're currently attached to a running Azure virtual machine. If you require application-consistent backup of virtual machine including the data disks, or an option to restore an entire virtual machine from backup, restore a file or folder, or restore to a secondary region, then use the [Azure VM backup](backup-azure-vms-introduction.md) solution. Azure Backup offers side-by-side support for backup of managed disks using Disk Backup in addition to [Azure VM backup](./backup-azure-vms-introduction.md) solutions. This is useful when you need once-a-day application consistent backups of virtual machines and also more frequent backups of OS disks or a specific data disk that are crash consistent, and don't impact the production application performance. Azure Disk Backup is integrated into Backup Center, which provides a **single un ## Key benefits of Disk Backup -Azure Disk backup is an agentless and crash consistent solution that uses [incremental snapshots](../virtual-machines/disks-incremental-snapshots.md) and offers the following advantages: +Azure Disk backup is an agentless and crash consistent solution that uses [incremental snapshots](/azure/virtual-machines/disks-incremental-snapshots) and offers the following advantages: - More frequent and quick backups without interrupting the virtual machine. - Doesn't affect the performance of the production application. Consider Azure Disk Backup in scenarios where: - To configure backup, go to the Backup vault, assign a backup policy, select the managed disk that needs to be backed up and provide a resource group where the snapshots are to be stored and managed. Azure Backup automatically triggers scheduled backup jobs that create an incremental snapshot of the disk according to the backup frequency. Older snapshots are deleted according to the retention duration specified by the backup policy. -- Azure Backup uses [incremental snapshots](../virtual-machines/disks-incremental-snapshots.md#restrictions) of the managed disk. Incremental snapshots are a cost-effective, point-in-time backup of managed disks that are billed for the delta changes to the disk since the last snapshot. These are always stored on the most cost-effective storage, standard HDD storage regardless of the storage type of the parent disks. The first snapshot of the disk will occupy the used size of the disk, and consecutive incremental snapshots store delta changes to the disk since the last snapshot. Azure Backup automatically assigns tag to the snapshots it creates to uniquely identify them. +- Azure Backup uses [incremental snapshots](/azure/virtual-machines/disks-incremental-snapshots#restrictions) of the managed disk. Incremental snapshots are a cost-effective, point-in-time backup of managed disks that are billed for the delta changes to the disk since the last snapshot. These are always stored on the most cost-effective storage, standard HDD storage regardless of the storage type of the parent disks. The first snapshot of the disk will occupy the used size of the disk, and consecutive incremental snapshots store delta changes to the disk since the last snapshot. Azure Backup automatically assigns tag to the snapshots it creates to uniquely identify them. - Once you configure the backup of a managed disk, a backup instance will be created within the backup vault. Using the backup instance, you can find health of backup operations, trigger on-demand backups, and perform restore operations. You can also view health of backups across multiple vaults and backup instances using Backup Center, which provides a single pane of glass view. So, if the policy is for *n* snapshots, you can find *n+1* snapshots at times. F ## Pricing -Azure Backup uses [incremental snapshots](../virtual-machines/disks-incremental-snapshots.md) of the managed disk. Incremental snapshots are charged per GiB of the storage occupied by the delta changes since the last snapshot. For example, if you're using a managed disk with a provisioned size of 128 GiB, with 100 GiB used, the first incremental snapshot is billed only for the used size of 100 GiB. 20 GiB of data is added on the disk before you create the second snapshot. Now, the second incremental snapshot is billed for only 20 GiB. +Azure Backup uses [incremental snapshots](/azure/virtual-machines/disks-incremental-snapshots) of the managed disk. Incremental snapshots are charged per GiB of the storage occupied by the delta changes since the last snapshot. For example, if you're using a managed disk with a provisioned size of 128 GiB, with 100 GiB used, the first incremental snapshot is billed only for the used size of 100 GiB. 20 GiB of data is added on the disk before you create the second snapshot. Now, the second incremental snapshot is billed for only 20 GiB. Incremental snapshots are always stored on standard storage, irrespective of the storage type of parent-managed disks, and are charged based on the pricing of standard storage. For example, incremental snapshots of a Premium SSD-Managed Disk are stored on standard storage. By default, they are stored on ZRS in regions that support ZRS. Otherwise, they are stored on locally redundant storage (LRS). The per GiB pricing of both the options, LRS and ZRS, is the same. |
backup | Disk Backup Support Matrix | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/disk-backup-support-matrix.md | Azure Disk Backup is available in all public cloud and Sovereign cloud regions. - Currently, the Original-Location Recovery (OLR) option to restore by replacing existing source disks from where the backups were taken isn't supported. You can restore from recovery point to create a new disk either in the same resource group as that of the source disk from where the backups were taken or in any other resource group. This is known as Alternate-Location Recovery (ALR). -- Azure Backup for Managed Disks uses incremental snapshots, which are limited to 500 snapshots per disk. To allow you to take on-demand backup aside from scheduled backups, Backup policy limits the total backups to 420. Learn more about [incremental snapshot](../virtual-machines/disks-incremental-snapshots.md#restrictions) for managed disks.+- Azure Backup for Managed Disks uses incremental snapshots, which are limited to 500 snapshots per disk. To allow you to take on-demand backup aside from scheduled backups, Backup policy limits the total backups to 420. Learn more about [incremental snapshot](/azure/virtual-machines/disks-incremental-snapshots#restrictions) for managed disks. - You can either set a maximum retention limit of 1 year or 450 disk snapshots, whichever reaches first. For example, if you have opted for a backup frequency of 12 hours, then you can retain each recovery point for maximum 225 days as the snapshot limit will be breached beyond that. Azure Disk Backup is available in all public cloud and Sovereign cloud regions. - Currently, the Backup policy can't be modified, and the Snapshot Resource group that is assigned to a backup instance when y |