+description: Learn about Advisor permissions, how to manage access to Advisor recommendations and reviews.

+Learn how to manage access to recommendations and reviews for your organization.

+## Roles and associated access

+Advisor uses the built-in roles provided by Azure role-based access control (Azure RBAC).

+Review the following section to learn more about each role and the associated access.

+### Roles to view, dismiss, and postpone recommendations

+| Role | View recommendations | Dismiss and postpone recommendations |

+|:|: |: |

+| Subscription Reader | X | |

+| Subscription Contributor | X | X |

+| Subscription Owner | X | X |

+| Resource group Reader | X | |

+| Resource group Contributor | X | X |

+| Resource group Owner | X | X |

+| Resource Reader | X | |

+| Resource Contributor | X | X |

+| Resource Owner | X | X |

+### Roles to edit rules and configurations

+| Role | Edit rules | Edit subscription configuration | Edit resource group configuration |

+|:|: |: |: |

+| Subscription Contributor | X | X | X |

+| Subscription Owner | X | X | X |

+| Resource group Contributor | | | X |

+| Resource group Owner | | | X |

+> [!NOTE]

+> You must have access to the resource associated with the recommendation to view a recommendation.

+To learn more about built-in roles, see [Azure built-in roles](/azure/role-based-access-control/built-in-roles "Azure built-in roles | Azure RBAC | Microsoft Learn"). To learn more about Azure role-based access control (Azure RBAC), see [What is Azure role-based access control (Azure RBAC)?](/azure/role-based-access-control/overview "What is Azure role-based access control (Azure RBAC)? | Azure RBAC | Microsoft Learn").

+## Available actions to build custom roles

+If your organization requires roles that don't match the Azure built-in roles, create your own custom role. A custom role works like a built-in role and allow you to assign it to users, groups, and service principals at management group, subscription, and resource group scopes. Use the following actions to create your custom role.

+| Action | Details |

+|: |: |

+| `Microsoft.Advisor/generateRecommendations/action` | Create a Recommendation. |

+| `Microsoft.Advisor/register/action` | Register with the Provider. |

+| `Microsoft.Advisor/unregister/action` | Unregister with the Provider. |

+| `Microsoft.Advisor/advisorScore/read` | Gets Advisor score. |

+| `Microsoft.Advisor/configurations/read` | Read Configurations. |

+| `Microsoft.Advisor/configurations/write` | Create or update Configuration. |

+| `Microsoft.Advisor/generateRecommendations/read` | Get status of `generateRecommendations` action. |

+| `Microsoft.Advisor/metadata/read` | Read Metadata. |

+| `Microsoft.Advisor/operations/read` | Get operations. |

+| `Microsoft.Advisor/recommendations/read` | Read recommendations. |

+| `Microsoft.Advisor/recommendations/write` | Create recommendations. |

+| `Microsoft.Advisor/recommendations/available/action` | New recommendation is available. |

+| `Microsoft.Advisor/recommendations/suppressions/read` | Read Suppressions. |

+| `Microsoft.Advisor/recommendations/suppressions/write` | Create or update Suppressions. |

+| `Microsoft.Advisor/recommendations/suppressions/delete` | Delete Suppression. |

+| `Microsoft.Advisor/suppressions/read` | Read Suppressions. |

+| `Microsoft.Advisor/suppressions/write` | Create or update Suppressions. |

+| `Microsoft.Advisor/suppressions/delete` | Delete Suppression. |

+| `Microsoft.Advisor/assessmentTypes/read` | Reads `AssessmentTypes`. |

+| `Microsoft.Advisor/assessments/read` | Reads Assessments. |

+| `Microsoft.Advisor/assessments/write` | Create Assessments. |

+| `Microsoft.Advisor/resiliencyReviews/read` | Reads `resiliencyReviews`. |

+| `Microsoft.Advisor/triageRecommendations/read` | Reads `triageRecommendations`. |

+| `Microsoft.Advisor/triageRecommendations/approve/action` | Approves `triageRecommendations`. |

+| `Microsoft.Advisor/triageRecommendations/reject/action` | Rejects `triageRecommendations`. |

+| `Microsoft.Advisor/triageRecommendations/reset/action` | Resets `triageRecommendations`. |

+| `Microsoft.Advisor/workloads/read` | Reads workloads. |

+> For example, you must have a sufficient permission level for a virtual machine (VM) to view recommendations associated with the VM.

+To learn more about custom roles, see [Azure custom roles](/azure/role-based-access-control/custom-roles "Azure custom roles | Azure RBAC | Microsoft Learn").

+If your permission level is too low, your access to the associated action is blocked. Review common problems in the following section.

+### Configure subscription or resource group is blocked

+When you try to configure a subscription or resource group, the option to include or exclude is blocked. The blocked status indicates that your permission level for that resource group or subscription is insufficient. To learn how to change your permission level, see [Tutorial: Grant a user access to Azure resources using the Azure portal](/azure/role-based-access-control/quickstart-assign-role-user-portal "Tutorial: Grant a user access to Azure resources using the Azure portal | Azure RBAC | Microsoft Learn").

+### Postpone or dismiss is allowed, but sends an error

+When you try to postpone or dismiss a recommendation, you receive an error. The error indicates that your permission level is insufficient. You must have a sufficient permission level to dismiss recommendations.

+> [!TIP]

+> After you dismiss a recommendation, you must manually reactivate it before it is added in your list of recommendations. If you dismiss a recommendation, you may miss important advice that optimizes your Azure deployment.

+To postpone or dismiss a recommendation, verify that your permission level for the resource associated with the recommendation is set to Contributor or better. To learn how to change your permission level, see [Tutorial: Grant a user access to Azure resources using the Azure portal](/azure/role-based-access-control/quickstart-assign-role-user-portal "Tutorial: Grant a user access to Azure resources using the Azure portal | Azure RBAC | Microsoft Learn").

+This article provided an overview of how Advisor uses Azure role-based access control (Azure RBAC) to control user permissions and how to resolve common problems. To learn more about Advisor, see the following articles.

+* [Introduction to Azure Advisor](./advisor-overview.md "Introduction to Azure Advisor | Azure Advisor | Microsoft Learn")

+* [Azure Advisor portal basics](./advisor-get-started.md "Azure Advisor portal basics | Azure Advisor | Microsoft Learn")

+## Get solutions to common issues

+In the Azure portal, you can find answers to common AI service issues.

+1. Go to your Azure AI services resource in the Azure portal. You can find it on the list on this page: [Azure AI services](https://ms.portal.azure.com/#view/Microsoft_Azure_ProjectOxford/CognitiveServicesHub/~/AllCognitiveServices). If you're a United States government customer, use the [Azure portal for the United States government](https://portal.azure.us).

+1. In the left pane, under **Help**, select **Support + Troubleshooting**.

+1. Describe your issue in the text box, and answer the remaining questions in the form.

+1. You'll find Learn articles and other resources that might help you resolve your issue.

+Explore the range of Azure support options and [choose the plan](https://azure.microsoft.com/support/plans) that best fits, whether you're a developer just starting your cloud journey or a large organization deploying business-critical, strategic applications. Azure customers can create and manage support requests in the Azure portal.

+To submit a support request for Azure AI services, follow the instructions on the [New support request](https://ms.portal.azure.com/#view/Microsoft_Azure_Support/NewSupportRequestV3Blade) page in the Azure portal. Select **Cognitive Services** in the **Service type** dropdown field.

+> If you want to extract text from PDFs, Office files, or HTML documents and document images, use the [Document Intelligence Read OCR model](../../ai-services/document-intelligence/concept-read.md). It's optimized for text-heavy digital and scanned documents and uses an asynchronous API that makes it easy to power your intelligent document processing scenarios.

+OCR is a machine-learning-based technique for extracting text from in-the-wild and non-document images like product labels, user-generated images, screenshots, street signs, and posters. The Azure AI Vision OCR service provides a fast, synchronous API for lightweight scenarios where images aren't text-heavy. This allows OCR to be embedded in near real-time user experiences to enrich content understanding and follow-up user actions with fast turn-around times.

+## What is Azure AI Vision v4.0 Read OCR?

+The new Azure AI Vision Image Analysis 4.0 REST API offers the ability to extract printed or handwritten text from images in a unified performance-enhanced synchronous API that makes it easy to get all image insights including OCR results in a single API operation. The Read OCR engine is built on top of multiple deep learning models supported by universal script-based models for [global language support](./language-support.md).

+> You can also use the OCR feature in conjunction with the [Azure OpenAI](/azure/ai-services/openai/overview) service. The **GPT-4 Turbo with Vision** model lets you chat with an AI assistant that can analyze the images you share, and the Vision Enhancement option uses Image Analysis to give the AI assistant more details (readable text and object locations) about the image. For more information, see the [GPT-4 Turbo with Vision quickstart](/azure/ai-services/openai/gpt-v-quickstart).

+The Azure AI Face service provides AI algorithms that detect, recognize, and analyze human faces in images. Facial recognition software is important in many scenarios, such as identification, touchless access control, and automatic face blurring for privacy.

+The following are common use cases for the Face service:

+**Verify user identity**: Verify a person against a trusted face image. This verification could be used to grant access to digital or physical properties such as a bank account, access to a building, and so on. In most cases, the trusted face image could come from a government-issued ID such as a passport or driverΓÇÖs license, or it could come from an enrollment photo taken in person. During verification, liveness detection can play a critical role in verifying that the image comes from a real person, not a printed photo or mask. For more details on verification with liveness, see the [liveness tutorial](./Tutorials/liveness.md). For identity verification without liveness, follow the [quickstart](./quickstarts-sdk/identity-client-library.md).

+**Liveness detection**: Liveness detection is an anti-spoofing feature that checks whether a user is physically present in front of the camera. It's used to prevent spoofing attacks using a printed photo, recorded video, or a 3D mask of the user's face. [Liveness tutorial](./Tutorials/liveness.md)

+## Face recognition operations

+To find four similar faces, the **matchPerson** mode returns A and B, which show the same person as the target face. The **matchFace** mode returns A, B, C, and D, which is exactly four candidates, even if some aren't the same person as the target or have low similarity. For more information, the [Find Similar API](/rest/api/face/face-recognition-operations/find-similar) reference documentation.

+All of the faces in a returned group are likely to belong to the same person, but there can be several different groups for a single person. Those groups are differentiated by another factor, such as expression, for example. For more information, see the [Group API](/rest/api/face/face-recognition-operations/group) reference documentation.

+> [!div class="nextstepaction"]

+> [Quickstart](quickstarts-sdk/identity-client-library.md)

+You can analyze images to provide insights about their visual features and characteristics. All of the features in this table are provided by the Analyze Image API. Follow a [quickstart](./quickstarts-sdk/image-analysis-client-library-40.md) to get started.

+> You can leverage the Read text and Object detection features of Image Analysis through the [Azure OpenAI](/azure/ai-services/openai/overview) service. The **GPT-4 Turbo with Vision** model lets you chat with an AI assistant that can analyze the images you share, and the Vision Enhancement option uses Image Analysis to give the AI assistant more details about the image (readable text and object locations). For more information, see the [GPT-4 Turbo with Vision quickstart](/azure/ai-services/openai/gpt-v-quickstart).

+Get started with Image Analysis by following the quickstart guide in your preferred development language and API version:

+The Azure AI Vision service gives you access to advanced algorithms that process images and return information based on the visual features you're interested in. The following table lists the major product categories.

+| [Optical Character Recognition (OCR)](overview-ocr.md)|The Optical Character Recognition (OCR) service extracts text from images. You can use the Read API to extract printed and handwritten text from photos and documents. It uses deep-learning-based models and works with text on various surfaces and backgrounds. These include business documents, invoices, receipts, posters, business cards, letters, and whiteboards. The OCR APIs support extracting printed text in [several languages](./language-support.md). Follow the [OCR quickstart](quickstarts-sdk/client-library.md) to get started.|

+## Get started

+* [Quickstart: Azure Face](/azure/ai-services/computer-vision/quickstarts-sdk/identity-client-library)

+description: Learn how to read text from images in your application using Image Analysis 4.0 through a native client SDK in the language of your choice.

+## Subcategory: Age

+The PII service supports the Age subcategory within the broader Quantity category (since Age is the personally identifiable piece of information).

+Azure OpenAI Service includes a content filtering system that works alongside core models, including DALL-E image generation models. This system works by running both the prompt and completion through an ensemble of classification models designed to detect and prevent the output of harmful content. The content filtering system detects and takes action on specific categories of potentially harmful content in both input prompts and output completions. Variations in API configurations and application design might affect completions and thus filtering behavior.

+The text content filtering models for the hate, sexual, violence, and self-harm categories have been specifically trained and tested on the following languages: English, German, Japanese, Spanish, French, Italian, Portuguese, and Chinese. However, the service can work in many other languages, but the quality might vary. In all cases, you should do your own testing to ensure that it works for your application.

+In addition to the content filtering system, Azure OpenAI Service performs monitoring to detect content and/or behaviors that suggest use of the service in a manner that might violate applicable product terms. For more information about understanding and mitigating risks associated with your application, see the [Transparency Note for Azure OpenAI](/legal/cognitive-services/openai/transparency-note?tabs=text). For more information about how data is processed for content filtering and abuse monitoring, see [Data, privacy, and security for Azure OpenAI Service](/legal/cognitive-services/openai/data-privacy?context=/azure/ai-services/openai/context/context#preventing-abuse-and-harmful-content-generation).

+## Content filter types

+### Risk categories

+|User Prompt Attacks |User prompt attacks are User Prompts designed to provoke the Generative AI model into exhibiting behaviors it was trained to avoid or to break the rules set in the System Message. Such attacks can vary from intricate roleplay to subtle subversion of the safety objective. |

+|Indirect Attacks |Indirect Attacks, also referred to as Indirect Prompt Attacks or Cross-Domain Prompt Injection Attacks, are a potential vulnerability where third parties place malicious instructions inside of documents that the Generative AI system can access and process. Requires [document embedding and formatting](#embedding-documents-in-your-prompt). |

+* GPT-4o

+* GPT-4o mini

+The safety system parses this structured format and applies the following behavior:

+| `gpt-35-turbo` | 0301 | No earlier than November 1, 2024 | `gpt-4o-mini` |

+| `gpt-4`<br>`gpt-4-32k` | 0314 | **Deprecation:** November 1, 2024 <br> **Retirement:** June 6, 2025 | `gpt-4o` |

+| `gpt-4`<br>`gpt-4-32k` | 0613 | **Deprecation:** November 1, 2024 <br> **Retirement:** June 6, 2025 | `gpt-4o` |

+### August 22, 2024

+* Updated `gpt-35-turbo` (0301) retirement date to no earlier than November 1, 2024.

+* Updated `gpt4` and `gpt-4-32k` (0314 and 0613) deprecation date to November 1, 2024.

+Provisioned quota granularity is changing from model-specific to model-independent. Rather than each model and version within subscription and region having its own quota limit, there's a single quota item per subscription and region that limits the total number of PTUs that can be deployed across all supported models and versions.

+Starting on August 12, 2024, existing customers' current, model-specific quota has been converted to model-independent. This happens automatically. No quota is lost in the transition. Existing quota limits are summed and assigned to a new model-independent quota item.

+The following quota screenshot shows model-independent quota being used by deployments of different types, as well as the link for requesting additional quota.

+We also recommend that customers using commitments now create their deployments before creating or expanding commitments to cover them. This guarantees that capacity is available before creating a commitment and prevents over-purchase of the commitment. To support this, the restriction that prevented deployments from being created larger than their commitments has been removed. This new approach to quota, capacity availability and commitments matches what is provided under the hourly/reservation model, and the guidance to deploy before purchasing a commitment (or reservation, for the hourly model) is the same for both.

+> The following description of payment models does not apply to the older "Provisioned Classic (PTU-C)" offering. They only affect the Provisioned (aka Provisioned Managed) offering. Provisioned Classic continues to be governed by the unchanged monthly commitment payment model.

+- A regional, monthly commitment is required to use provisioned (longer terms available contractually).

+- Commitments are bound to Azure OpenAI resources, which makes moving deployments across resources difficult.

+> **Models released after August 1, 2024 require the use of the Hourly/Reservation payment model.** They are not deployable on Azure OpenAI resources that have active commitments. To deploy models released after August 1, existing customers must either:

+> - Migrate an existing resource off its commitments.

+## Payment model framework

+With the release of the hourly/reserved payment model, payment options are more flexible and the model around provisioned payments has changed. When the one-month commitments were the only way to purchase provisioned, the model was:

+1. Get a PTU quota from your Microsoft account team.

+1. "Purchase" quota from a commitment on the resource where you want to deploy.

+1. Create deployments on the resource up to the limit of the commitment.

+The key difference between this model and the new model is that previously the only way to pay for provisioned was through a one-month term discount. Now, you can deploy and pay for deployments hourly if you choose and make a separate decision on whether to discount them via **either** a one-month commitment (like before) or an Azure reservation.

+With this insight, the new way to think about payment models is the following:

+1. Get a PTU quota using the self-service form.

+1. Create deployments using your quota.

+1. Optionally purchase or extend a commitment or a reservation to apply a term discount to your deployments.

+Steps 1 and 2 are the same in all cases. The difference is whether a commitment or an Azure reservation is used as the vehicle to provide the discount. In both models:

+* It's possible to deploy more PTUs than you discount. (for example creating a short-term deployment to try a new model is enabled by deploying without purchasing a discount)

+* The discount method (commitment or reservation) applies the discounted price to a fixed number of PTUs and has a scope that defines which deployments are counted against the discount.

+ |Discount type |Available Scopes (within a region) |

+ |||

+ |Commitment | Azure OpenAI resource |

+ |Row2 | Resource group, single subscription, management group (group of subscriptions), shared (all subscriptions in a billing account) |

+* The discounted price is applied to deployed PTUs up to the number of discounted PTUs in the discount.

+* The number of deployed PTUs exceeding the discounted PTUs (or not covered by any discount) are charged the hourly rate.

+* The best practice is to create deployments first, and then to apply discounts. This is to guarantee that service. capacity is available to support your deployments prior to creating a term commitment for PTUs you cannot use.

+> [!NOTE]

+> When you follow best practices, you may receive hourly charges between the time you create the deployment and increase your discount (commitment or reservation).

+>

+> For this reason, we recommend that you be prepared to increase your discount immediately following the deployment. The prerequisites for purchasing an Azure reservations are different than for commitments, and we recommend you validate them prior to deployment if you intend to use them to discount your deployment. For more information, see [Permissions to view and manage Azure reservations](../../../cost-management-billing/reservations/view-reservations.md)

+## Mapping deployments to discounting method

+Customers using Azure OpenAI Provisioned prior to August 2024 can use either or both payment models simultaneously within a subscription. The payment model used for each deployment is determined based on its Azure OpenAI resource:

+**Resource has an active Commitment**

+* The commitment discounts all deployments on the resource up to the number of PTUs on the commitment. Any excess PTUs will be billed hourly.

+**Resource does not have an active commitment**

+* The deployments under the resource are eligible to be discounted by an Azure reservation. For these deployments to be discounted, they must exist within the scope of an active reservation. All deployments within the scope of the reservation (including possibly deployments on other resources in the same or other subscriptions) will be discounted as a group up to the number of PTUs on the reservation. Any excess PTUs will be billed hourly.

+## Managing Provisioned Throughput Commitments

+Provisioned throughput commitments are created and managed from the **Manage Commitments** menu in Azure OpenAI Studio. You can navigate to this view by selecting **Manage Commitments** from the Quota menu:

+From the **Manage Commitments** view, you can do several things:

+- Purchase new commitments or edit existing commitments.

+- Monitor all commitments in your subscription.

+- Identify and take action on commitments that might cause unexpected billing.

+The following sections will take you through these tasks.

+## Purchase a Provisioned Throughput Commitment

+With your commitment plan ready, the next step is to create the commitments. Commitments are created manually via Azure OpenAI Studio and require the user creating the commitment to have either the [Contributor or Cognitive Services Contributor role](../how-to/role-based-access-control.md) at the subscription level.

+For each new commitment you need to create, follow these steps:

+1. Launch the Provisioned Throughput purchase dialog by selecting **Quotas** > **Provisioned** > **Manage Commitments**.

+2. Select **Purchase commitment**.

+3. Select the Azure OpenAI resource and purchase the commitment. You will see your resources divided into resources with existing commitments, which you can edit and resources that don't currently have a commitment.

+| Setting | Notes |

+||-|

+| **Select a resource** | Choose the resource where you'll create the provisioned deployment. Once you have purchased the commitment, you will be unable to use the PTUs on another resource until the current commitment expires. |

+| **Select a commitment type** | Select Provisioned. (Provisioned is equivalent to Provisioned Managed) |

+| **Current uncommitted provisioned quota** | The number of PTUs currently available for you to commit to this resource. |

+| **Amount to commit (PTU)** | Choose the number of PTUs you're committing to. **This number can be increased during the commitment term, but can't be decreased**. Enter values in increments of 50 for the commitment type Provisioned. |

+| **Commitment tier for current period** | The commitment period is set to one month. |

+| **Renewal settings** | Autorenew at current PTUs <br> Autorenew at lower PTUs <br> Don't autorenew |

+4. Select Purchase. A confirmation dialog will be displayed. After you confirm, your PTUs will be committed, and you can use them to create a provisioned deployment. |

+> [!IMPORTANT]

+> A new commitment is billed up-front for the entire term. If the renewal settings are set to auto-renew, then you will be billed again on each renewal date based on the renewal settings.

+### Edit an existing Provisioned Throughput commitment

+From the Manage Commitments view, you can also edit an existing commitment. There are two types of changes you can make to an existing commitment:

+- You can add PTUs to the commitment.

+- You can change the renewal settings.

+To edit a commitment, select the current to edit, then select Edit commitment.

+### Adding Provisioned Throughput Units to existing commitments

+Adding PTUs to an existing commitment will allow you to create larger or more numerous deployments within the resource. You can do this at any time during the term of your commitment.

+> [!IMPORTANT]

+> When you add PTUs to a commitment, they will be billed immediately, at a pro-rated amount from the current date to the end of the existing commitment term. Adding PTUs does not reset the commitment term.

+### Changing renewal settings

+Commitment renewal settings can be changed at any time before the expiration date of your commitment. Reasons you might want to change the renewal settings include ending your use of provisioned throughput by setting the commitment to not autorenew, or to decrease usage of provisioned throughput by lowering the number of PTUs that will be committed in the next period.

+> [!IMPORTANT]

+> If you allow a commitment to expire or decrease in size such that the deployments under the resource require more PTUs than you have in your resource commitment, you will receive hourly overage charges for any excess PTUs. For example, a resource that has deployments that total 500 PTUs and a commitment for 300 PTUs will generate hourly overage charges for 200 PTUs.

+## Monitor commitments and prevent unexpected billings

+The manage commitments pane provides a subscription wide overview of all resources with commitments and PTU usage within a given Azure Subscription. Of particular importance interest are:

+- **PTUs Committed, Deployed and Usage** ΓÇô These figures provide the sizes of your commitments, and how much is in use by deployments. Maximize your investment by using all of your committed PTUs.

+- **Expiration policy and date** - The expiration date and policy tell you when a commitment will expire and what will happen when it does. A commitment set to autorenew will generate a billing event on the renewal date. For commitments that are expiring, be sure you delete deployments from these resources prior to the expiration date to prevent hourly overage billingThe current renewal settings for a commitment.

+- **Notifications** - Alerts regarding important conditions like unused commitments, and configurations that might result in billing overages. Billing overages can be caused by situations such as when a commitment has expired and deployments are still present, but have shifted to hourly billing.

+## Common Commitment Management Scenarios

+**Discontinue use of provisioned throughput**

+To end use of provisioned throughput, and prevent hourly overage charges after commitment expiration, stop any charges after the current commitments are expired, two steps must be taken:

+1. Set the renewal policy on all commitments to *Don't autorenew*.

+2. Delete the provisioned deployments using the quota.

+**Move a commitment/deployment to a new resource in the same subscription/region**

+It isn't possible in Azure OpenAI Studio to directly *move* a deployment or a commitment to a new resource. Instead, a new deployment needs to be created on the target resource and traffic moved to it. There will need to be a commitment purchased established on the new resource to accomplish this. Because commitments are charged up-front for a 30-day period, it's necessary to time this move with the expiration of the original commitment to minimize overlap with the new commitment and ΓÇ£double-billingΓÇ¥ during the overlap.

+There are two approaches that can be taken to implement this transition.

+**Option 1: No-Overlap Switchover**

+This option requires some downtime, but requires no extra quota and generates no extra costs.

+| Steps | Notes |

+|-|-|

+|Set the renewal policy on the existing commitment to expire| This will prevent the commitment from renewing and generating further charges |

+|Before expiration of the existing commitment, delete its deployment | Downtime will start at this point and will last until the new deployment is created and traffic is moved. You'll minimize the duration by timing the deletion to happen as close to the expiration date/time as possible.|

+|After expiration of the existing commitment, create the commitment on the new resource|Minimize downtime by executing this and the next step as soon after expiration as possible.|

+|Create the deployment on the new resource and move traffic to it||

+**Option 2: Overlapped Switchover**

+This option has no downtime by having both existing and new deployments live at the same time. This requires having quota available to create the new deployment, and will generate extra costs for the duration of the overlapped deployments.

+| Steps | Notes |

+|-|-|

+|Set the renewal policy on the existing commitment to expire| Doing so prevents the commitment from renewing and generating further charges.|

+|Before expiration of the existing commitment:<br>1. Create the commitment on the new resource.<br>2. Create the new deployment.<br>3. Switch traffic<br>4. Delete existing deployment| Ensure you leave enough time for all steps before the existing commitment expires, otherwise overage charges will be generated (see next section) for options. |

+If the final step takes longer than expected and will finish after the existing commitment expires, there are three options to minimize overage charges.

+- **Take downtime**: Delete the original deployment then complete the move.

+- **Pay overage**: Keep the original deployment and pay hourly until you have moved off traffic and deleted the deployment.

+- **Reset the original commitment** to renew one more time. This will give you time to complete the move with a known cost.

+Both paying for an overage and resetting the original commitment will generate charges beyond the original expiration date. Paying overage charges might be cheaper than a new one-month commitment if you only need a day or two to complete the move. Compare the costs of both options to find the lowest-cost approach.

+### Move the deployment to a new region and or subscription

+The same approaches apply in moving the commitment and deployment within the region, except that having available quota in the new location will be required in all cases.

+### View and edit an existing resource

+In Azure OpenAI Studio, select **Quota** > **Provisioned** > **Manage commitments** and select a resource with an existing commitment to view/change it.

+> The image generation API creates an image from a text prompt. It does not edit or create variations from existing images.

+> [!NOTE]

+> Azure OpenAI currently only supports text-to-text fine-tuning for all supported models including GPT-4o mini.

+The GPT-4 Turbo with Vision model answers general questions about what's present in images. You can also show it video if you use [Vision enhancement](#use-vision-enhancement-with-video).

+Every response includes a `"finish_reason"` field. It has the following possible values:

+### Detail parameter settings in image processing: Low, High, Auto

+ "finish_reason": {

+Every response includes a `"finish_reason"` field. It has the following possible values:

+Every response includes a `"finish_reason"` field. It has the following possible values:

+## Optionally purchase a reservation

+Following the creation of your deployment, you might want to purchase a term discount via an Azure Reservation. An Azure Reservation can provide a substantial discount on the hourly rate for users intending to use the deployment beyond a few days.

+For more information on purchasing a reservation, see [Save costs with Microsoft Azure OpenAI service Provisioned Reservations](../../../cost-management-billing/reservations/azure-openai.md).

+Managing Azure Reservations

+After a reservation is created, it is a best practice monitor it to ensure it is receiving the usage you are expecting. This may be done via the Azure Reservation Portal or Azure Monitor. Details on these topics and others can be found here:

+* [View Azure reservation utilization](../../../cost-management-billing/reservations/reservation-utilization.md)

+* [View Azure Reservation purchase and refund transactions](../../../cost-management-billing/reservations/view-purchase-refunds.md)

+* [View amortized benefit costs](../../../cost-management-billing/reservations/view-amortized-costs.md)

+* [Charge back Azure Reservation costs](../../../cost-management-billing/reservations/charge-back-usage.md)

+* [Automatically renew Azure reservations](../../../cost-management-billing/reservations/reservation-renew.md)

+To allow your Azure AI Search and Storage Account to recognize your Azure OpenAI Service via Microsoft Entra ID authentication, you need to assign a managed identity for your Azure OpenAI Service. The easiest way is to toggle on system assigned managed identity on Azure portal.

+To allow access to your Azure OpenAI Service from your client machines, like using Azure OpenAI Studio, you need to create [private endpoint connections](/azure/ai-services/cognitive-services-virtual-networks?tabs=portal#use-private-endpoints) that connect to your Azure OpenAI resource.

+To access the Azure OpenAI Service from your on-premises client machines, one of the approaches is to configure Azure VPN Gateway and Azure VPN Client.

+Before requesting a quota increase (where applicable), check your current TPS (transactions per second) and ensure that it's necessary to increase the quota. Speech service uses autoscaling technologies to bring the required computational resources in on-demand mode. At the same time, Speech service tries to keep your costs low by not maintaining an excessive amount of hardware capacity.

+Let's look at an example. Suppose that your application receives response code 429, which indicates that there are too many requests. Your application receives this response even though your workload is within the limits defined by the [Quotas and limits reference](#quotas-and-limits-reference). The most likely explanation is that Speech service is scaling up to your demand and didn't reach the required scale yet. Therefore the service doesn't immediately have enough resources to serve the request. In such cases, increasing the quota wonΓÇÖt help. In most cases, the Speech service will scale up soon, and the issue causing response code 429 will be resolved.

+> The `audio` element is not supported by the [Long Audio API](migrate-to-batch-synthesis.md#text-inputs). For long-form text to speech, use the [batch synthesis API](batch-synthesis.md) instead.

+## Monitor Azure text to speech metrics

+Monitoring key metrics associated with text to speech services is crucial for managing resource usage and controlling costs. This section will guide you on how to find usage information in the Azure portal and provide detailed definitions of the key metrics. For more details on Azure monitor metrics, refer to [Azure Monitor Metrics overview](/azure/azure-monitor/essentials/data-platform-metrics).

+### How to find usage information in the Azure portal

+To effectively manage your Azure resources, it's essential to access and review usage information regularly. Here's how to find the usage information:

+1. Go to the [Azure portal](https://ms.portal.azure.com/) and sign in with your Azure account.

+1. Navigate to **Resources** and select your resource you wish to monitor.

+1. Select **Metrics** under **Monitoring** from the left-hand menu.

+ :::image type="content" source="media/text-to-speech/monitoring-metrics.png" alt-text="Screenshot of selecting metrics option under monitoring.":::

+1. Customize metric views.

+ You can filter data by resource type, metric type, time range, and other parameters to create custom views that align with your monitoring needs. Additionally, you can save the metric view to dashboards by selecting **Save to dashboard** for easy access to frequently used metrics.

+1. Set up alerts.

+ To manage usage more effectively, set up alerts by navigating to the **Alerts** tab under **Monitoring** from the left-hand menu. Alerts can notify you when your usage reaches specific thresholds, helping to prevent unexpected costs.

+### Definition of metrics

+Below is a table summarizing the key metrics for Azure text to speech services.

+| **Metric name** | **Description** |

+|-|--|

+| **Synthesized Characters** | Tracks the number of characters converted into speech, including prebuilt neural voice and custom neural voice. For details on billable characters, see [Billable characters](#billable-characters). |

+| **Video Seconds Synthesized** | Measures the total duration of video synthesized, including batch avatar synthesis, real-time avatar synthesis, and custom avatar synthesis. |

+| **Avatar Model Hosting Seconds** | Tracks the total time in seconds that your custom avatar model is hosted. |

+| **Voice Model Hosting Hours** | Tracks the total time in hours that your custom neural voice model is hosted. |

+| **Voice Model Training Minutes** | Measures the total time in minutes for training your custom neural voice model. |

+|**Ocp-Apim-Subscription-Key**|Your Translator service API key from the Azure portal.|***Required***|

+|**Ocp-Apim-Subscription-Region**|The region where your resource was created. |***Required*** when using a regional (geographic) resource like **West US**|

+|**Content-Type**|The content type of the payload. The accepted value is **application/json** or **charset=UTF-8**.| ***Required***|

+|**Ocp-Apim-Subscription-Key**|Your Translator service API key from the Azure portal.|***Required***|

+|**Ocp-Apim-Subscription-Region**|The region where your resource was created. |***Required*** when using a regional (geographic) resource like **West US**.</br>&bullet.|

+|**Content-Type**|The content type of the payload. The accepted value is **application/json** or **charset=UTF-8**.| ***Required***|

+|**Ocp-Apim-Subscription-Key**|Your Translator service API key from the Azure portal.|***Required***|

+|**Ocp-Apim-Subscription-Region**|The region where your resource was created. |***Required*** when using a regional (geographic) resource like **West US**.</br>&bullet.|

+|**Content-Type**|The content type of the payload. The accepted value is **application/json** or **charset=UTF-8**.|***Required***|

+|**Ocp-Apim-Subscription-Key**|Your Translator service API key from the Azure portal.|***Required***|

+|**Ocp-Apim-Subscription-Region**|The region where your resource was created. |***Required*** when using a regional (geographic) resource like **West US**.</br>&bullet.|

+|**Content-Type**|The content type of the payload. The accepted value is **application/json** or **charset=UTF-8**.|***Required***|

+|**Ocp-Apim-Subscription-Key**|Your Translator service API key from the Azure portal.|***Required***|

+|**Ocp-Apim-Subscription-Region**|The region where your resource was created. |***Required*** when using a regional (geographic) resource like **West US**.</br>&bullet.|

+|**Content-Type**|The content type of the payload. The accepted value is **application/json** or **charset=UTF-8**.|***Required***|

+| . |

+* [Meta-Llama-3.1-70B-Instruct](https://ai.azure.com/explore/models/Meta-Llama-3.1-70B-Instruct/version/1/registry/azureml-meta)

+* [Meta-Llama-3.1-8B-Instruct](https://ai.azure.com/explore/models/Meta-Llama-3.1-8B-Instruct/version/1/registry/azureml-meta)

+* [Meta-Llama-3-70B-Instruct](https://ai.azure.com/explore/models/Meta-Llama-3-70B-Instruct/version/6/registry/azureml-meta)

+* [Meta-Llama-3-8B-Instruct](https://ai.azure.com/explore/models/Meta-Llama-3-8B-Instruct/version/6/registry/azureml-meta)

+* [Llama-2-70b-chat](https://ai.azure.com/explore/models/Llama-2-70b-chat/version/20/registry/azureml-meta)

+* [Llama-2-13b-chat](https://ai.azure.com/explore/models/Llama-2-13b-chat/version/20/registry/azureml-meta)

+* [Llama-2-7b-chat](https://ai.azure.com/explore/models/Llama-2-7b-chat/version/24/registry/azureml-meta)

+* [Meta-Llama-3.1-70B-Instruct](https://ai.azure.com/explore/models/Meta-Llama-3.1-70B-Instruct/version/1/registry/azureml-meta)

+* [Meta-Llama-3.1-8B-Instruct](https://ai.azure.com/explore/models/Meta-Llama-3.1-8B-Instruct/version/1/registry/azureml-meta)

+* [Meta-Llama-3-70B-Instruct](https://ai.azure.com/explore/models/Meta-Llama-3-70B-Instruct/version/6/registry/azureml-meta)

+* [Meta-Llama-3-8B-Instruct](https://ai.azure.com/explore/models/Meta-Llama-3-8B-Instruct/version/6/registry/azureml-meta)

+* [Llama-2-70b-chat](https://ai.azure.com/explore/models/Llama-2-70b-chat/version/20/registry/azureml-meta)

+* [Llama-2-13b-chat](https://ai.azure.com/explore/models/Llama-2-13b-chat/version/20/registry/azureml-meta)

+* [Llama-2-7b-chat](https://ai.azure.com/explore/models/Llama-2-7b-chat/version/24/registry/azureml-meta)

+* [Meta-Llama-3.1-70B-Instruct](https://ai.azure.com/explore/models/Meta-Llama-3.1-70B-Instruct/version/1/registry/azureml-meta)

+* [Meta-Llama-3.1-8B-Instruct](https://ai.azure.com/explore/models/Meta-Llama-3.1-8B-Instruct/version/1/registry/azureml-meta)

+* [Meta-Llama-3-70B-Instruct](https://ai.azure.com/explore/models/Meta-Llama-3-70B-Instruct/version/6/registry/azureml-meta)

+* [Meta-Llama-3-8B-Instruct](https://ai.azure.com/explore/models/Meta-Llama-3-8B-Instruct/version/6/registry/azureml-meta)

+* [Llama-2-70b-chat](https://ai.azure.com/explore/models/Llama-2-70b-chat/version/20/registry/azureml-meta)

+* [Llama-2-13b-chat](https://ai.azure.com/explore/models/Llama-2-13b-chat/version/20/registry/azureml-meta)

+* [Llama-2-7b-chat](https://ai.azure.com/explore/models/Llama-2-7b-chat/version/24/registry/azureml-meta)

+* [Meta-Llama-3.1-70B-Instruct](https://ai.azure.com/explore/models/Meta-Llama-3.1-70B-Instruct/version/1/registry/azureml-meta)

+* [Meta-Llama-3.1-8B-Instruct](https://ai.azure.com/explore/models/Meta-Llama-3.1-8B-Instruct/version/1/registry/azureml-meta)

+* [Meta-Llama-3-70B-Instruct](https://ai.azure.com/explore/models/Meta-Llama-3-70B-Instruct/version/6/registry/azureml-meta)

+* [Meta-Llama-3-8B-Instruct](https://ai.azure.com/explore/models/Meta-Llama-3-8B-Instruct/version/6/registry/azureml-meta)

+* [Llama-2-70b-chat](https://ai.azure.com/explore/models/Llama-2-70b-chat/version/20/registry/azureml-meta)

+* [Llama-2-13b-chat](https://ai.azure.com/explore/models/Llama-2-13b-chat/version/20/registry/azureml-meta)

+* [Llama-2-7b-chat](https://ai.azure.com/explore/models/Llama-2-7b-chat/version/24/registry/azureml-meta)

+| Azure AI Inference package for JavaScript | JavaScript | [Link](https://github.com/Azure/azureml-examples/blob/main/sdk/typescript/README.md) |

+* [Plan and manage costs (marketplace)](costs-plan-manage.md#monitor-costs-for-models-offered-through-the-azure-marketplace)

+ > [!TIP]

+ > The **Content filter (preview)** option is enabled by default. Leave the default setting for the service to detect harmful content such as hate, self-harm, sexual, and violent content. For more information about content filtering, see [Content filtering in Azure AI Studio](../concepts/content-filtering.md).

+- [Get started building a chat app using the prompt flow SDK](../../quickstarts/get-started-code.md)

+Next, you can add your data to the model to help it answer questions about your products. Try the [Deploy an enterprise chat web app](../tutorials/deploy-chat-web-app.md) tutorial to learn more.

+- You need to have **Microsoft.Web** resource provider registered in the selected subscription, to be able to deploy to a web app.

+> [!NOTE]

+> You need to have **Microsoft.Web** resource provider registered in the selected subscription, to be able to deploy to a web app.

+- [Get started building a chat app using the prompt flow SDK](../quickstarts/get-started-code.md)

+1. Make sure **Resource specific** is selected as the destination table.

+1. Select **Save**.

+* Learn about [Built-in API analytics dashboard retirement (March 2027)](breaking-changes/analytics-dashboard-retirement-march-2027.md)

+ Title: 'Tutorial: Python connect to Azure services securely with Key Vault'

+description: Learn how to secure connectivity to back-end Azure services that don't support managed identity natively from a Python web app

+ms.devlang: python

+# ms.devlang: python, azurecli

+# Tutorial: Secure Cognitive Service connection from Python App Service using Key Vault

+## Configure Python app

+Clone the sample repository locally and deploy the sample application to App Service. Replace *\<app-name>* with a unique name.

+```azurecli-interactive

+# Clone and prepare sample application

+git clone https://github.com/Azure-Samples/app-service-language-detector.git

+cd app-service-language-detector/python

+zip -r default.zip .

+# Save app name as variable for convenience

+appName=<app-name>

+az appservice plan create --resource-group $groupName --name $appName --sku FREE --location $region --is-linux

+az webapp create --resource-group $groupName --plan $appName --name $appName --runtime "python:3.11"

+az webapp config appsettings set --resource-group $groupName --name $appName --settings SCM_DO_BUILD_DURING_DEPLOYMENT=true

+az webapp deploy --resource-group $groupName --name $appName --src-path ./default.zip

+```

+The preceding commands:

+* Create a linux app service plan

+* Create a web app for Python 3.11

+* Configure the web app to install the python packages on deployment

+* Upload the zip file, and install the python packages

+## Configure secrets as app settings

+>

+> * Create a resource group.

+> * Create a new AKS cluster.

+> * Create a new application gateway.

+> * Enable the AGIC add-on in the existing AKS cluster through Azure CLI.

+> * Enable the AGIC add-on in the existing AKS cluster through Azure portal.

+> * Peer the application gateway virtual network with the AKS cluster virtual network.

+> * Deploy a sample application using AGIC for ingress on the AKS cluster.

+> * Check that the application is reachable through application gateway.

+## Enable the AGIC add-on in existing AKS cluster through Azure portal

+1. From the [Azure portal home page](https://portal.azure.com/), navigate to your AKS cluster resource.

+2. In the service menu, under **Settings**, select **Networking** > **Virtual network integration**.

+3. Under **Application Gateway ingress controller**, select **Manage**.

+4. On the **Application Gateway ingress controller** page, select the **checkbox** to enable the ingress controller, and then select your existing application gateway from the dropdown list.

+5. Select **Save**.

+* **Azure Resource Manager method:** You can start a runbook using the SDK of a programming language. Below is a C# code snippet for starting a runbook in your Automation account. You can view all the code at our [GitHub repository](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/automation/Azure.ResourceManager.Automation/tests/AutomationManagementTestBase.cs).

+* **Azure classic deployment model method:** You can start a runbook by using the SDK of a programming language. Below is a C# code snippet for starting a runbook in your Automation account. You can view all the code at our [GitHub repository](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/automation/Azure.ResourceManager.Automation/tests/AutomationManagementTestBase.cs).

+## August 13, 2024

+**Image tag**: `v1.32.0_2024-08-13`

+For complete release version information, review [Version log](version-log.md#august-13-2024).

+## August 13, 2024

+|Component|Value|

+|--|--|

+|Container images tag |`v1.32.0_2024-08-13`|

+|**CRD names and version:**| |

+|`activedirectoryconnectors.arcdata.microsoft.com`| v1beta1, v1beta2, v1, v2|

+|`datacontrollers.arcdata.microsoft.com`| v1beta1, v1 through v5|

+|`exporttasks.tasks.arcdata.microsoft.com`| v1beta1, v1, v2|

+|`failovergroups.sql.arcdata.microsoft.com`| v1beta1, v1beta2, v1, v2|

+|`kafkas.arcdata.microsoft.com`| v1beta1 through v1beta4|

+|`monitors.arcdata.microsoft.com`| v1beta1, v1, v3|

+|`postgresqls.arcdata.microsoft.com`| v1beta1 through v1beta6|

+|`postgresqlrestoretasks.tasks.postgresql.arcdata.microsoft.com`| v1beta1|

+|`sqlmanagedinstances.sql.arcdata.microsoft.com`| v1beta1, v1 through v13|

+|`sqlmanagedinstancemonitoringprofiles.arcdata.microsoft.com`| v1beta1, v1beta2|

+|`sqlmanagedinstancereprovisionreplicatasks.tasks.sql.arcdata.microsoft.com`| v1beta1|

+|`sqlmanagedinstancerestoretasks.tasks.sql.arcdata.microsoft.com`| v1beta1, v1|

+|`telemetrycollectors.arcdata.microsoft.com`| v1beta1 through v1beta5|

+|`telemetryrouters.arcdata.microsoft.com`| v1beta1 through v1beta5|

+|Azure Resource Manager (ARM) API version|2023-11-01-preview|

+|`arcdata` Azure CLI extension version|1.5.17 ([Download](https://aka.ms/az-cli-arcdata-ext))|

+|Arc-enabled Kubernetes helm chart extension version|1.32.0|

+|Azure Arc Extension for Azure Data Studio<br/>`arc`<br/>`azcli`|<br/>1.8.0 ([Download](https://aka.ms/ads-arcdata-ext))</br>1.8.0 ([Download](https://aka.ms/ads-azcli-ext))|

+|SQL Database version | 972 |

+## July 9, 2024

+`func azure functionapp fetch-app-settings` supports these optional arguments:

+| Option | Description |

+| | -- |

+| **`--access-token`** | Lets you use a specific access token when performing authenticated `azure` actions. |

+| **`--access-token-stdin `** | Reads a specific access token from a standard input. Use this when reading the token directly from a previous command such as [`az account get-access-token`](/cli/azure/account#az-account-get-access-token). |

+| **`--management-url`** | Sets the management URL for your cloud. Use this when running in a sovereign cloud. |

+| **`--slot`** | Optional name of a specific slot to which to publish. |

+| **`--subscription`** | Sets the default subscription to use. |

+`func azure functionapp list-functions` supports these optional arguments:

+| Option | Description |

+| | -- |

+| **`--access-token`** | Lets you use a specific access token when performing authenticated `azure` actions. |

+| **`--access-token-stdin `** | Reads a specific access token from a standard input. Use this when reading the token directly from a previous command such as [`az account get-access-token`](/cli/azure/account#az-account-get-access-token). |

+| **`--management-url`** | Sets the management URL for your cloud. Use this when running in a sovereign cloud. |

+| **`--show-keys`** | Shows HTTP function endpoint URLs that include their default access keys. These URLs can be used to access function endpoints with `function` level [HTTP authentication](functions-bindings-http-webhook-trigger.md#http-auth). |

+| **`--slot`** | Optional name of a specific slot to which to publish. |

+| **`--subscription`** | Sets the default subscription to use. |

+The `func azure functionapp logstream` command supports these optional arguments:

+| **`--access-token`** | Lets you use a specific access token when performing authenticated `azure` actions. |

+| **`--access-token-stdin `** | Reads a specific access token from a standard input. Use this when reading the token directly from a previous command such as [`az account get-access-token`](/cli/azure/account#az-account-get-access-token). |

+| **`--management-url`** | Sets the management URL for your cloud. Use this when running in a sovereign cloud. |

+| **`--slot`** | Optional name of a specific slot to which to publish. |

+| **`--subscription`** | Sets the default subscription to use. |

+| **`--show-keys`** | Shows HTTP function endpoint URLs that include their default access keys. These URLs can be used to access function endpoints with `function` level [HTTP authentication](functions-bindings-http-webhook-trigger.md#http-auth). |

+To publish your local code to a function app in Azure, use the [`func azure functionapp publish`](./functions-core-tools-reference.md#func-azure-functionapp-publish) command, as in the following example:

+We strongly recommended to always update to the latest version, or opt in to the [Automatic Extension Update](/azure/virtual-machines/automatic-extension-upgrade) feature. A version is not automatically rolled out until it meets a high quality bar which can take as long as 5 weeks after the initial release.

+| August 2024 | **Windows**<ul><li>Added columns to the SecurityEvent table: Keywords, Opcode, Correlation, ProcessId, ThreadId, EventRecordId.</li><li>AMA: Support AMA Client Installer support for W365 Azure Virtual Desktop (AVD) tenants/partners.</li></ul>**Linux Features**<ul><li>Enable Dynamic Linking of OpenSSL 1.1 in all regions</li><li>Add Computer field to Custom Logs</li><li>Add EventHub upload support for Custom Logs </li><li>Reliability improvement for upload task scheduling</li><li>Added support for SUSE15 SP5, and AWS 3 distributions</li></ul>**Linux Fixes**<ul><li>Fix Direct upload to storage for perf counters when no other destination is configured. You don't see perf counters If storage was the only configured destination for perf counters, they wouldn't see perf counters in their blob or table.</li><li>Fluent-Bit updated to version 3.0.7. This fixes the issue with Fluent-Bit creating junk files in the root directory on process shutdown.</li><li>Fix proxy for system-wide proxy using http(s)_proxy env var </li><li>Support for syslog hostnames that are up to 255characters</li><li>Stop sending rows longer than 1MB. This exceeds ingestion limits and destabilizes the agent. Now the row is gracefully dropped and a diagnostic message is written.</li><li>Set max disk space used for rsyslog spooling to 1GB. There was no limit before which could lead to high memory usage.</li><li>Use random available TCP port when there is a port conflict with AMA port 28230 and 28330 . This resolved issues where port 28230 and 28330 were already in uses by the customer which prevented data upload to Azure.</li></ul>| 1.29 | 1.32.6 |

+> The recommendation is to enable [Automatic Extension Upgrade](/azure/virtual-machines/automatic-extension-upgrade) to update installed extensions to the stable version across all regions. A version is not automatically rolled out until it meets a high quality bar which can take as long as 5 weeks after the initial release. Upgrades are issued in batches, so you may see some of your virtual machines, scale-sets or Arc-enabled servers get upgraded before others. If you need to upgrade an extension immediately, you may use the manual instructions below.

+> The Log Analytics agent will be [retired on **August 31, 2024**](https://azure.microsoft.com/updates/were-retiring-the-log-analytics-agent-in-azure-monitor-on-31-august-2024/). The depreciation does not apply to MMA agent connected exclusively to an On-Prem SCOM installation.

+>

+> You can expect the following when you use the MMA or OMS agent after August 31, 2024.

+>!Note

+> The removal does not work on MMA agents that were installed using the MSI installer. It only works on the VM extensions.

+>

+### New AKS cluster (Prometheus, Container insights, and Grafana)

+When you create a new AKS cluster in the Azure portal, you can enable Prometheus, Container insights, and Grafana from the **Monitoring** tab. Make sure that you check the **Enable Container Logs**, **Enable Prometheus metrics**, and **Enable Grafana** checkboxes.

+### Existing cluster (Prometheus, Container insights, and Grafana)

+1. Navigate to your AKS cluster in the Azure portal.

+2. In the service menu, under **Monitoring**, select **Insights** > **Configure monitoring**.

+3. Container insights is already enabled. Select the **Enable Prometheus metrics** and **Enable Grafana** checkboxes. If you have existing Azure Monitor workspace and Grafana workspace, then they're selected for you.

+4. Select **Advanced settings** if you want to select alternate workspaces or create new ones. The **Cost presets** setting allows you to modify the default collection details to reduce your monitoring costs. See [Enable cost optimization settings in Container insights](./container-insights-cost-config.md) for details.

+5. Select **Configure**.

+1. Navigate to your AKS cluster in the Azure portal.

+2. In the service menu, under **Monitoring**, select **Insights** > **Configure monitoring**.

+3. Select the **Enable Prometheus metrics** checkbox.

+4. Select **Advanced settings** if you want to select alternate workspaces or create new ones. The **Cost presets** setting allows you to modify the default collection details to reduce your monitoring costs.

+5. Select **Configure**.

+ :::image type="Key vaults in portal" source="media/create-key-vault/azure-portal-key-vaults.png" alt-text="Screenshot that shows the icon for key vaults in the Azure portal.":::

+> | certificateOrders | resource group | 3-50 | Alphanumerics. |

+- A simple protocol allows clients to publish massages directly to each other.

+A simple WebSocket client follows a client<->server architecture, as the following sequence diagram shows:

+3. When the client sends messages, the service triggers a `message` event to the event handler. This event contains the messages sent in a WebSocket frame. Your code needs to dispatch the messages inside this event handler. If the event handler returns a nonsuccessful response code, the service drops the client connection. The service also pushes a `message` event to all concerned event listeners, if any. If the service can't find any registered servers to receive the messages, the service also drops the client connection.

+You noticed that for a [simple WebSocket client](#the-simple-websocket-client), the _server_ is a **must have** role to receive the `message` events from clients. A simple WebSocket connection always triggers a `message` event when it sends messages, and always relies on the server-side to process messages and do other operations. With the help of the `json.webpubsub.azure.v1` subprotocol, an authorized client can join a group and publish messages to a group directly. It can also route messages to different event handlers / event listeners by customizing the _event_ the message belongs.

+ Asynchronous events don't block the client workflow. Instead, they send a notification to the server. When such an event trigger fails, the service logs the error detail.

+A client can publish to other clients only when it's _authorized_ to. The `role`s of the client determines the _initial_ permissions the client has:

+To establish secure authentication and authorization between your service and webhook, consider the following options and steps:

+1. Enable Identity for the Web PubSub service.

+1. Select from existing Microsoft Entra application that stands for your webhook web app.

+You can configure multiple event listeners. The order in which you configure them doesn't affect their functionality. If an event matches multiple listeners, the event is dispatched to all matching listeners. See the following diagram for an example. For example, if you configure four event listeners simultaneously, each listener that receives a match processes the event. A client event that matches with three of those listeners is sent to three listeners, with the remaining listener ignored.

+You can combine an [event handler](#event-handler) and event listeners for the same event. In this case, both event handler and event listeners receive the event.

+The _event handler role_ handles communication from the service to the server while _the manager role_ handles communication from the server to the service. Once you combine the two roles, the data flow between service and server looks similar to the following diagram using the HTTP protocol.

+7. For oauth2/v2.0/token endpoint, pass the 'scope' instead of 'resource'

+ ```

+ client_id: *your client id*

+ client_secret: *your client secret*

+ grant_type: client_credentials

+ scope: https://webpubsub.azure.com/.default

+ ```

+### Accessing Cloud Shell from VNET Isolation with a Private DNS Zone - Failed to request a terminal

+- **Details**: Cloud Shell uses Azure Relay for terminal connections. Cloud Shell can fail to

+ request a terminal due to DNS resolution problems. This failure can be caused when you launch a

+ nonisolated Cloud Shell session from within a VNet-isolated environment that includes a private

+ DNS Zone for the servicebus domain.

+- **Resolution**: There are two ways to resolve this problem. You can follow the instructions in

+ [Deploy Cloud Shell in a virtual network][01]. Or, you can add a DNS record for the Azure Relay

+ instance that Cloud Shell uses.

+ The following steps show you how to identify the DNS name of the Cloud Shell instance and how to

+ create a DNS record for that name.

+ 1. Try to start Cloud Shell using your web browser. Use the browser's Developer Tools to find the

+ Azure Relay instance name. In Microsoft Edge or Google Chrome, hit the <kbd>F12</kbd> key to

+ open the Developer Tools. Select the **Network** tab. Find the **Search** box in the top right

+ corner. Search for `terminals?` to find the request for a Cloud Shell terminal. Select the one

+ of the request entries found by the search. In the **Headers** tab, find the hostname in the

+ **Request URL**. The name is similar to

+ `ccon-prod-<region-name>-aci-XX.servicebus.windows.net`.

+ The following screenshot shows the Developer Tools in Microsoft Edge for a successful request

+ for a terminal. The hostname is `ccon-prod-southcentalus-aci-02.servicebus.windows.net`. In

+ your case, the request should be unsuccessful, but you can find the hostname you need to

+ resolve.

+ [](media/faq-troubleshooting/devtools-large.png#lightbox)

+ 1. From a host outside of your private network, run the `nslookup` command to find the IP address

+ of the hostname as found in the previous step.

+ ```bash

+ nslookup ccon-prod-southcentalus-aci-02.servicebus.windows.net

+ ```

+ The results should look similar to the following example:

+ ```Output

+ Server: 168.63.129.16

+ Address: 168.63.129.16#53

+ Non-authoritative answer:

+ ccon-prod-southcentralus-aci-02.servicebus.windows.net canonical name = ns-sb2-prod-sn3-012.cloudapp.net.

+ Name: ns-sb2-prod-sn3-012.cloudapp.net

+ Address: 40.84.152.91

+ ```

+ 1. Add an A record for the public IP in the Private DNS Zone of the VNET isolated setup. For this

+ example, the DNS record would have the following properties:

+ - Name: ccon-prod-southcentralus-aci-02

+ - Type: A

+ - TTL: 1 hour

+ - IP Address: 40.84.152.91

+ For more information about creating DNS records in a private DNS zone, see

+ [Manage DNS record sets and records with Azure DNS][02].

+ service.

+<!-- link references -->

+[01]: /azure/cloud-shell/vnet/overview

+[02]: /azure/dns/dns-operations-recordsets-portal

+ Title: Message Analysis transparency FAQ

+description: Learn about the Message Analysis transparency FAQ

+# Message Analysis: Responsible AI transparency FAQ

+## What is Message Analysis?

+Message Analysis is an AI feature that analyses the incoming customer messages to extract insights that help developers enhance customer interactions. It detects the language, determines the intent (like a service question or complaint), and identifies key topics. Message Analysis can help businesses understand how well their communication strategies are working and improve their interactions with customers.

+## What can Message Analysis do?

+Message Analysis leverages advanced AI capabilities with Azure OpenAI to offer multifaceted functionality for customer interaction. It uses Azure OpenAI services to process messages received through platforms like WhatsApp. HereΓÇÖs what it does:

+* Language Detection: Identifies the language of the message, provides confidence scores, and translate the message into English if the original message isn't in English.

+* Intent Recognition: Analyzes the message to determine the customerΓÇÖs purpose, such as seeking help or providing feedback.

+* Key Phrase Extraction: Extracts important terms and names from the message, which can be crucial for context.

+This combination of features enables businesses to tailor their responses and better manage customer interactions.

+## What are Message AnalysisΓÇÖs intended uses?

+* Providing Message Analysis for agents or departments helps businesses resolve issues efficiently and provide a seamless end-user experience.

+* Providing immediate feedback to customers by recognizing their needs.

+* Enhancing the efficiency of customer service teams by prioritizing messages based on urgency or emotion.

+* Improving the quality of customer interactions by understanding the context and nuances of their queries or comments.

+## How was Message Analysis evaluated? What metrics are used to measure performance?

+* Pre-Deployment Testing:

+ * Unit Testing: Develop and run unit tests for each component of the system to ensure they function correctly in isolation.

+ * Integration Testing: Test the integration of different system components, such as the interaction between the webhook receiver, Azure OpenAI API, and Event Grid. Testing helps to identify issues where components interact.

+* Validation and Verification:

+ * Manual Verification: Conduct manual testing sessions where team members simulate real-world use cases to see how well the system processes and analyzes messages.

+ * Bug Bashing: Organize bug bashing events where team members and stakeholders work together to find as many issues as possible within a short time. These events can help uncover unexpected bugs or usability problems.

+* Feedback in Production:

+ * User Feedback: Collect and analyze feedback from end-users. This direct input can provide insights into how well the feature meets user needs and expectations.

+ * User Surveys and Interviews: Conduct surveys and interviews with users to gather qualitative data on the systemΓÇÖs performance and the user experience.

+## What are the limitations of Message Analysis? How can users minimize the impact of Message AnalysisΓÇÖs limitations when using the system?

+* False positives:

+ * The system may occasionally generate false positive analyses, particularly when dealing with ambiguous, conflicting, or sarcastic content, and culturally specific phrases and idioms from customer messages that it cannot accurately interpret.

+* Unsupported languages/ Translation Issues:

+ * If the model doesn't support the language, it can't be detected correctly or translated properly. There may also be misleading translations in the supported languages that you need to correct or build your own translation models.

+

+## Which operational factors and settings enable effective and responsible use of Message Analysis?

+* Explicit Meta-Prompt Components: Enhance the system's prompts with explicit meta-prompt components that guide the AI in understanding the context of the conversation better. This approach can improve the relevance and accuracy of the analysis by providing clearer instructions on what the system should focus on during its assessments.

+* Canned Responses for Sensitive Messages: Flags sensitive topics or questions in the analysis response. This helps ensure that replies are respectful and legally compliant, reducing the risk of errors or inappropriate responses generated by the AI.

+* Phased Release Plan: To gather feedback and ensure system stability, implement a staged rollout starting with a preview involving a limited user base before a full deployment. This phased approach enables real-time adjustments and risk management based on actual user experiences.

+* Update Incident Response Plan: Regularly update the incident response plan to include procedures that address the integration of new features or potential new threats. This strategy ensures the team is prepared to handle unexpected situations effectively and can maintain system integrity and user trust.

+* Rollback Plan: Develop a rollback strategy that enables quick reversion to a previous stable state if the new feature leads to unexpected issues. To ensure rapid response capabilities during critical situations, implement this strategy in the deployment pipelines.

+* Feedback Analysis: To gather actionable insights, regularly collect and analyze feedback from users, particularly from Contoso. This feedback is crucial for continuous improvement and helps the development team understand the real-world impact of the features, leading to more targeted and effective updates.

+## Next steps

+- [Enable Message Analysis With Azure OpenAI Quick Start](../../../quickstarts/advanced-messaging/message-analysis/message-analysis-with-azure-openai-quickstart.md)

+- [Handle Advanced Messaging events](../../../quickstarts/advanced-messaging/whatsapp/handle-advanced-messaging-events.md)

+- [Send WhatsApp template messages](../whatsapp/template-messages.md)

+ Title: Connect Azure Communication Services to Azure OpenAI services for Message Analysis

+description: Provides a conceptual doc for connecting Azure Communication Services to Azure AI services for Message Analysis.

+# Connect Azure Communication Services to Azure OpenAI services for Message Analysis

+Azure Communication Services Advanced Messaging enables developers to create workflows for incoming messages within Azure Communication Services using event triggers. These triggers can initiate actions rooted in tailored business logic. Developers can analyze and gain insights from inbound messages to enhance customer service experience. With the integration of the AI-driven event trigger, developers can utilize AI analysis to bolster customer support. Content analysis is streamlined using Azure OpenAI Services, which also supports various AI model preferences.

+In addition, there's no need for developers and businesses to handle credentials themselves. When linking your Azure AI services, managed identities are utilized to access resources owned by you.

+You can incorporate Azure OpenAI capabilities into your app's messaging system by activating the Message Analysis feature within your Communication Service resources on the Azure portal. When enabling the feature, you're going to configure an Azure OpenAI endpoint, and selecting the preferred model. This efficient method empowers developers to meet their needs and scale effectively for meeting analytical objectives without the need to invest considerable time and effort into developing and maintaining a custom AI solution for interpreting message content.

+> [!NOTE]

+> This integration is supported in limited regions for Azure AI services. For more information about which regions are supported please view the limitations section at the bottom of this document. This integration only supports Multi-service Cognitive Service resource. We recommend if you're creating a new Azure AI Service resource you create a Multi-service Cognitive Service resource or when you're connecting an existing resource confirm that it is a Multi-service Cognitive Service resource.

+## Common Scenarios for Message Analysis

+Developers are now able to deliver differentiated customer experiences and modernize the internal processes by easily integrating the Azure OpenAI to the message flow. Some of the key use cases that you can incorporate in your applications are listed below.

+### Language Detection

+Identifies the language of the message, provides confidence scores, and translate the message into English if the original message isn't in English

+### Intent Recognition

+Analyzes the message to determine the customerΓÇÖs purpose, such as seeking help or providing feedback.

+### Key Phrase Extraction

+Extracts important terms and names from the message, which can be crucial for context.

+### Build Automation

+As a business, I can build automation on top of incoming WhatsApp messages.

+## Azure AI services regions supported

+This integration between Azure Communication Services and Azure AI services is only supported in the following regions:

+- centralus

+- northcentralus

+- southcentralus

+- westcentralus

+- eastus

+- eastus2

+- westus

+- westus2

+- westus3

+- canadacentral

+- northeurope

+- westeurope

+- uksouth

+- southafricanorth

+- centralindia

+- eastasia

+- southeastasia

+- australiaeast

+- brazilsouth

+- uaenorth

+## Next steps

+- [Enable Message Analysis With Azure OpenAI Quick Start](../../../quickstarts/advanced-messaging/message-analysis/message-analysis-with-azure-openai-quickstart.md)

+- [Handle Advanced Messaging events](../../../quickstarts/advanced-messaging/whatsapp/handle-advanced-messaging-events.md)

+- [Send WhatsApp template messages](../whatsapp/template-messages.md)

+##### Android platform support

+The Android ecosystem is extensive, encompassing various versions and specialized platforms designed for diverse types of devices. The next table lists the Android platforms currently available:

+| Devices | Description | Support |

+| -- | --| -- |

+| Phones and tablets | Standard devices running [Android Commercial](https://developer.android.com/get-started). | Fully support with [the video resolution](./voice-video-calling/calling-sdk-features.md?#supported-video-resolutions). |

+| TV apps or gaming | Apps running running [Android TV](https://developer.android.com/tv), optimized for the TV experience, focused on streaming services and gaming. |Audio-only support |

+| Smartwatches or wearables devices | Simple user interface and lower power consumption, designed to operate on small screens with limited hardware, using [Wear OS](https://wearos.google.com/). |Audio-only support |

+| Automobile | Car head units running [Android Automotive OS (AAOS)](https://source.android.com/docs/automotive/start/what_automotive). |Audio-only support |

+| Mirror auto applications | Apps that allow driver to mirror their phone to a carΓÇÖs built-in screens, running [Android Auto](https://www.android.com/auto/). | Audio-only support |

+| Custom devices | Custom devices or applications using [Android Open Source Project (AOSP)](https://source.android.com/), running custom operating systems for specialized hardware, like ruggedized devices, kiosks, or smart glasses; devices where performance, security, or customization is critical. |Audio-only support |

+> [!NOTE]

+> We **only support video calls on phones and tablets**. For use cases involving video on non-standard devices or platforms (such as smart glasses or custom devices), we suggest [contacting us](https://github.com/Azure/communication) early in your development process to help determine the most suitable integration approach.

+In case that you found issues during your implementation we encourage you to visit [the troubleshooting guide](./troubleshooting-info.md?#accessing-support-files-in-the-calling-sdk).

+You get three years warning before these APIs stop working and are forced to update to v25. This update might require a code change.

+We highly recommend identifying and validating your scenario by visiting the supported [Android platforms](../sdk-options.md?#android-platform-support)

+ Title: Message Analysis with Azure OpenAI

+description: "In this quickstart, you learn how to enable Message Analysis with Azure OpenAI"

+# Quickstart: Enable Message Analysis with Azure OpenAI

+Azure Communication Services enables you to receive Message Analysis results using your own Azure OpenAI resource.

+## Prerequisites

+- [Azure account with an active subscription](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).

+- [Register Event Grid Resource Provider](../../sms/handle-sms-events.md#register-an-event-grid-resource-provider).

+- [Create an Azure Communication Services resource](../../create-communication-resource.md).

+- [WhatsApp Channel under Azure Communication Services resource](../whatsapp/connect-whatsapp-business-account.md).

+- [Azure OpenAI resource](../../../../ai-services/openai/how-to/create-resource.md).

+## Setup

+1. **Connect Azure Communication Services with Azure OpenAI

+ a. Open your Azure Communication Services resource and click the **Cognitive Services** tab.

+ b. If system-assigned managed identity isn't enabled, you'll need to enable it.

+ c. In the Cognitive Services tab, click **Enable Managed Identity**.

+

+ :::image type="content" source="./media/get-started/enabled-identity.png" lightbox="./media/get-started/enabled-identity.png" alt-text="Screenshot of Enable Managed Identity button.":::

+ d. Enable system assigned identity. This action begins the creation of the identity. A pop-up alert notifies you that the request is being processed.

+

+ :::image type="content" source="./media/get-started/enable-system-identity.png" lightbox="./media/get-started/enable-system-identity.png" alt-text="Screenshot of enable managed identity.":::

+

+ e. When managed identity is enabled, the Cognitive Service tab displays a **Connect cognitive service** button to connect the two services.

+

+ :::image type="content" source="./media/get-started/cognitive-services.png" lightbox="./media/get-started/cognitive-services.png" alt-text="Screenshot of Connect cognitive services button.":::

+ f. Click **Connect cognitive service**, then select the Subscription, Resource Group, and Resource, and click **Connect** in the context pane.

+

+ :::image type="content" source="./media/get-started/choose-options.png" lightbox="./media/get-started/choose-options.png" alt-text="Screenshot of Subscription, Resource Group, and Resource in pane.":::

+2. **Enable Message Analysis:**

+ a. Go to the **Channels** page of the **Advanced Messaging** tab in your Azure Communication Services resource.

+ :::image type="content" source="./media/get-started/channels-page.png" lightbox="./media/get-started/channels-page.png" alt-text="Screenshot that shows the channels page.":::

+

+ b. Select the channel of your choice to enable Message Analysis on. The system displays a channel details dialog.

+ :::image type="content" source="./media/get-started/channel-details-list.png" lightbox="./media/get-started/channel-details-list.png" alt-text="Screenshot that shows the channel details page.":::

+ c. Toggle **Allow Message Analysis**. Select one of the connected Azure OpenAI services and choose the desired deployment model for the Message Analysis feature. Then click **Save**.

+ :::image type="content" source="./media/get-started/enable-message-analysis.png" lightbox="./media/get-started/enable-message-analysis.png" alt-text="Screenshot that shows how to enable Message Analysis.":::

+3. **Set up Event Grid subscription:**

+ Subscribe to Advanced Message Analysis Completed event by creating or modifying an event subscription. See [Subscribe to Advanced Messaging events](../whatsapp/handle-advanced-messaging-events.md#set-up-event-grid-viewer) for more details on creating event subscriptions.

+ :::image type="content" source="./media/get-started/create-event-subscription-message-analysis.png" lightbox="./media/get-started/create-event-subscription-message-analysis.png" alt-text="Screenshot that shows how to create Message Analysis event subscription properties.":::

+

+4. **See Message Analysis in action**

+ a. Send a message from WhatsApp Customer to Contoso business phone number.

+

+ b. Receive the Message Analysis event in the Event Grid Viewer that you set up in Step **3**. Details on the AdvancedMessageAnalysisCompleted event schema can be found at [Azure Communication Services - Advanced Messaging events](../../../../../articles/event-grid/communication-services-advanced-messaging-events.md#microsoftcommunicationadvancedmessageanalysiscompletedpreview-event)

+ :::image type="content" source="./media/get-started/event-grid-viewer.png" lightbox="./media/get-started/event-grid-viewer.png" alt-text="Screenshot that shows Message Analysis event being received at Event Grid Viewer.":::

+## Clean up resources

+If you want to clean up and remove a Communication Services subscription, you can delete the resource or resource group. Deleting the resource group also deletes any other resources associated with it. Learn more about [cleaning up resources](../../create-communication-resource.md#clean-up-resources).

+## Learn more about responsible AI

+- [Message Analysis Transparency FAQ](../../../concepts/advanced-messaging/message-analysis/message-analysis-transparency-faq.md)

+- [Microsoft AI principles](https://www.microsoft.com/ai/responsible-ai)

+- [Microsoft responsible AI resources](https://www.microsoft.com/ai/responsible-ai-resources)

+- [Microsoft Azure Learning courses on responsible AI](https://learn.microsoft.com/training/paths/responsible-ai-business-principles)

+ - `Site Name` - Create a name that is globally unique. This site name is used to create a domain to connect to your Event Grid Viewer.

+ - `Hosting Plan Name` - Create any name to identify your hosting plan.

+ - `Sku` - The sku F1 can be used for development and testing purposes. If you encounter validation errors creating your Event Grid Viewer that say there's no more capacity for the F1 plan, try selecting a different region. For more information about skus, see [App Service pricing](https://azure.microsoft.com/pricing/details/app-service/windows/)

+

+ - Optional: Select the AdvancedMessageAnalysisCompleted event, currently in public preview, to receive Message Analysis events. Instruction on how to enable Message Analysis can be found at [Enable Message Analysis with Azure OpenAI](../message-analysis/message-analysis-with-azure-openai-quickstart.md)

+

+ [!INCLUDE [Public Preview Notice](../../../includes/public-preview-include.md)]

+

+ :::image type="content" source="../message-analysis/media/get-started/create-event-subscription-message-analysis.png" lightbox="../message-analysis/media/get-started/create-event-subscription-message-analysis.png" alt-text="Screenshot that shows how to create Message Analysis event subscription properties.":::

+

+| Deleting your app or environment doesn't work | This issue is often accompanied by a message such as **provisioningState: ScheduledForDelete**. | [Manually delete the associated VNet](#manually-delete-the-vnet-being-used-by-the-azure-container-apps-environment) |

+## Manually delete the VNet being used by the Azure Container Apps environment

+If you receive the message **provisioningState: ScheduledForDelete**, but your environment fails to actually delete, make sure to delete your associated VNet manually.

+1. Identify the VNet being used by the environment you're trying to delete. Replace the \<PLACEHOLDERS\> with your values.

+ ```azurecli

+ az containerapp env show --resource-group <RESOURCE_GROUP> --name <ENVIRONMENT>

+ ```

+ In the output, look for `infrastructureSubnetId` and note down the VNet ID. An example VNet ID is `vNet::myVNet.id`.

+2. Delete the VNet manually:

+ ```azurecli

+ az network vnet delete --resource-group <RESOURCE_GROUP> --name <VNET_ID>

+ ```

+3. Delete the Azure Container Apps environment:

+ ```azurecli

+ az containerapp env delete --resource-group <RESOURCE_GROUP> --name <ENVIRONMENT> --yes

+ ```

+> [!NOTE]

+> A billing administer can fully manage savings plans. However, after purchase, a savings planΓÇÖs directory canΓÇÖt get changed.

+If you aren't a billing administrator and you change from shared to single scope, you can only select a subscription where you're the owner. Only subscriptions within the same billing account/profile as the savings plan can be selected.

+## Cancellations, exchanges, and trade-ins

+Currently, the billing subscription used for monthly payments of a savings plan can't be changed.

+If you have Azure savings plan for compute questions, contact your account team or [create a support request](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/newsupportrequest). Temporarily, Microsoft only provides answers to expert support requests in English for questions about Azure savings plan for compute.

+Third-party software vendors in the Azure Marketplace publish external services. For example, SendGrid is an external service that you can purchase in Azure, but Microsoft doesn't publish it. Some Microsoft products are sold through Azure Marketplace, too.

+- If you don't have an MCA or MPA, your external services are billed separately from your Azure services. You receive two invoices each billing period: one invoice for Azure services and another for Marketplaces purchases.

+- Each external service has a different billing model. Some services are billed in a pay-as-you-go fashion while others have monthly charges that are fixed.

+- You can't use monthly free credits for external services. If you're using an Azure subscription that includes [free credits](https://azure.microsoft.com/pricing/spending-limits/), they can't be applied to charges from external services. When you provision a new external service or resource, a warning is shown. You can choose to continue with the provisioning or cancel it.

+EA customers can see external service spending in the [Azure portal](https://portal.azure.com). To view and download Azure Marketplace charges, navigate to the **Usage + charges** menu.

+1. Review the **Type** column in the list of invoices. If an invoice is for a Marketplace service, the type is **Azure Marketplace and Reservations**.

+ :::image type="content" border="true" source="./media/understand-azure-marketplace-charges/marketplace-type-twd.png" alt-text="Screenshot showing billing invoices with Azure Marketplace and Reservations highlighted.":::

+1. To filter by type so that you're only looking at invoices for Azure Marketplace and Reservations, select the **Type** filter. Then select **Azure Marketplace and Reservations** in the drop-down.

+1. Select the download symbol for the invoice that you want to download.

+1. Type *'Yes'* in the confirmation windows.

+> "Deprecated" means we intend to remove the connector from a future release. Unless they are in *Preview*, connectors remain fully supported until they are officially deprecated. This deprecation notification can span a few months or longer. After removal, the connector will no longer work. This notice is to allow you sufficient time to plan and update your code before the connector is deprecated.

+The following legacy connectors or legacy driver versions will be deprecated, but new updated versions are available in Azure Data Factory. You can update existing data sources to use the new connectors moving forward.

+- [Google Ads/Adwords](connector-google-adwords.md#upgrade-the-google-ads-driver-version)

+- [Google BigQuery](connector-google-bigquery.md#upgrade-the-google-bigquery-linked-service)

+- [MariaDB](connector-mariadb.md#upgrade-the-mariadb-driver-version)

+- [MongoDB](connector-mongodb.md#upgrade-the-mongodb-linked-service)

+- [MySQL](connector-mysql.md#upgrade-the-mysql-driver-version)

+- [Salesforce](connector-salesforce.md#upgrade-the-salesforce-linked-service)

+- [Salesforce Service Cloud](connector-salesforce-service-cloud.md#upgrade-the-salesforce-service-cloud-linked-service)

+- [ServiceNow](connector-servicenow.md#upgrade-your-servicenow-linked-service)

+- [Snowflake](connector-snowflake.md#upgrade-the-snowflake-linked-service)

+The following connectors are scheduled for deprecation on December 31, 2024. You should plan to migrate to alternative solutions for linked services that use these connectors before the deprecation date.

+- [Phoenix](connector-phoenix.md)

+## Connectors deprecated

+The following connector was deprecated.

+- [Amazon Marketplace Web Service (MWS)](connector-amazon-marketplace-web-service.md)

+## Options to replace deprecated connectors

+If legacy connectors are deprecated with no updated connectors available, you can still use the

+[ODBC Connector](connector-odbc.md) which enables you to continue using these data sources with their native ODBC drivers, or other alternatives. This can enable you to continue using them indefinitely into the future.

+*Step 2*: Set **Pagination rules** as **"Headers.{id}" : "RANGE:0:100:10"**.

+Azure Digital Twins can also use [event routes](concepts-route-events.md) to send data to downstream services, such as [Azure Maps](../azure-maps/about-azure-maps.md), for storage, workflow integration, analytics, and more.

+To send Azure Digital Twins data to most Azure services, such as [Azure Maps](../azure-maps/about-azure-maps.md) or [Azure Storage](../storage/common/storage-introduction.md), start by attaching the destination service to an *endpoint*.

+For egress of data outside Azure Digital Twins, typical downstream targets for event routes are Azure Maps, storage, and analytics solutions. Azure Digital Twins implements *at least once* delivery for data emitted to egress services.

+>Version 2 of DTDL is also used for data models throughout other Azure IoT services, including [IoT Plug and Play](../iot/overview-iot-plug-and-play.md). This compatibility helps you connect your Azure Digital Twins solution with other parts of the Azure ecosystem.

+* Downstream services to provide things like workflow integration (like Logic Apps), cold storage (like Azure Data Lake), or analytics (like Azure Data Explorer).

+ Title: What is Azure Classroom?

+# What is Azure Classroom?

+The Microsoft [Azure Classroom](https://portal.azure.com/#blade/Microsoft_Azure_Education/EducationMenuBlade/quickstart) is a tool that helps academic users provision and manage cloud credit across Azure subscriptions.

+This tool is useful when you need to manage many cloud-based student projects. Azure Classroom is also useful for research purposes when you don't yet know your Azure credit needs.

+To access Azure Classroom, you must first receive an email notification that confirms your approval for an academic sponsorship and contains your approved credit amount. After you have signed in, you can navigate to the Education Hub in the Azure portal.

+ Title: Get started with Azure Classroom

+description: Learn how to quickly get started with using Azure Classroom.

+# Getting started with Azure Classroom

+Before you access Azure Classroom you must complete signup by clicking the **signup here** link in the invitation email. After you complete the signup you can navigate to the Azure Education Hub to begin allocating this credit to students via labs.

+The SignedURL key in the response object can be then used to upload files into Azure Blob Storage. The expiry time of the SignedURL for File service and Dataset service is 1 hour as per [security enhancements from OSDU](https://community.opengroup.org/osdu/platform/system/file/-/issues/78).

+| [Microsoft.Communication.AdvancedMessageAnalysisCompleted(Preview)](#microsoftcommunicationadvancedmessageanalysiscompletedpreview-event) | Published when Communication Service completes an AI Analysis with a customer message. |

+### Microsoft.Communication.AdvancedMessageAnalysisCompleted(Preview) event

+Published when Communication Service completes an AI Analysis with a customer message.

+Example scenario: A WhatsApp user sends a WhatsApp message to a WhatsApp Business Number that is connected to an active Advanced Messaging channel in a Communication Services resource that has opted in for Message Analysis feature. As a result, a Microsoft.Communication.AdvancedMessageAnalysisCompleted with the analysis of the user's WhatsApp message is published.

+#### Attribute list

+Details for the attributes specific to `Microsoft.Communication.AdvancedMessageAnalysisCompleted` events.

+| Attribute | Type | Nullable | Description |

+|:|:--:|:--:|-|

+| channelType | `string` | ✔️ | Channel type of the channel that the message was sent on. |

+| from | `string` | ✔️ | The channel ID that sent the message, formatted as a GUID. |

+| to | `string` | ✔️ | Recipient ID that the message was sent to. |

+| receivedTimestamp | `DateTimeOffset` | ✔️ | Timestamp of the message. |

+| originalMessage | `string` | ✔️ | The original user message. |

+| intentAnalysis | `string` | ✔️ | The intent analysis of the received user message. |

+| languageDetection | [`LanguageDetection`](#languagedetection) | ✔️ | Contains the language detection of the received user message. |

+| extractedKeyPhrases | `List<string>` | ✔️ | Contains the key phrases of of the received user message. |

+##### LanguageDetection

+| Attribute | Type | Nullable | Description |

+|:|:--:|:--:||

+| language | `string` | ✔️ | The languege detected. |

+| confidenceScore | `float` | ✔️ | The confidence score of the language detected. |

+| translation | `string` | ✔️ | The message translation. |

+#### Examples

+##### Message Analysis Completed

+```json

+[{

+ "id": "df1c2d92-6155-4ad7-a865-cb8497106c52",

+ "topic": "/subscriptions/{subscription-id}/resourcegroups/{resourcegroup-name}/providers/microsoft.communication/communicationservices/acsxplatmsg-test",

+ "subject": "advancedMessage/sender/{sender@id}/recipient/00000000-0000-0000-0000-000000000000",

+ "data": {

+ "originalMessage": "Hello, could u help me order some flowers for MotherΓÇÖs Day?",

+ "channelType": "whatsapp",

+ "languageDetection": {

+ "language": "English",

+ "confidenceScore": 0.99

+ },

+ "intentAnalysis": "Order request: The customer is contacting customer service to request assistance with ordering flowers for Mother's Day.",

+ "extractedKeyPhrases": [

+ "order",

+ "flowers",

+ "Mother's Day"

+ ],

+ "from": "{sender@id}",

+ "to": "00000000-0000-0000-0000-000000000000",

+ "receivedTimestamp": "2024-07-05T19:10:35.28+00:00"

+ },

+ "eventType": "Microsoft.Communication.AdvancedMessageAnalysisCompleted",

+ "dataVersion": "1.0",

+ "metadataVersion": "1",

+ "eventTime": "2024-07-05T19:10:35.2806524Z"

+}]

+```

+- **MQTT broker authentication methods** - [X.509 certificate authentication](mqtt-client-authentication.md) is the industry authentication standard in IoT devices, [Microsoft Entra IDauthentication](mqtt-client-microsoft-entra-token-and-rbac.md) is Azure's authentication standard for applications and [OAuth 2.0 (JSON Web Token) authentication](oauth-json-web-token-authentication.md) provides a lightweight, secure, and flexible option for MQTT clients that are not provisioned in Azure.

+> [!NOTE]

+> **Regarding TLS 1.0 / 1.1 deprecation**: For system topics, you need to take action only for the event delivery to webhook destinations. If the destination supports TLS 1.2, the event delivery happens using 1.2. If the destination doesn't support TLS 1.2, the event delivery automatically falls back to 1.0 and 1.1. Post Oct 31st 2024, event delivery using 1.0 and 1.1 won't be supported. Ensure that your webhook destinations support TLS 1.2. One easy way to check for TLS 1.2 support is to use [Qualys SSL Labs](https://www.ssllabs.com/ssltest/). If the report shows that TLS 1.2 is supported, no action is required. For more information, see the following blog post: [Retirement: Upcoming TLS changes for Azure Event Grid](https://azure.microsoft.com/updates/v2/TLS-changes-for-Azure-Event-Grid)

+description: Describes the SDKs for Azure Event Grid. These SDKs provide management, publishing, and consumption of events in Azure Event Grid.

+> [!NOTE]

+> **Regarding TLS 1.0 / 1.1 deprecation**: For system topics, you need to take action only for the event delivery to webhook destinations. If the destination supports TLS 1.2, the event delivery happens using 1.2. If the destination doesn't support TLS 1.2, the event delivery automatically falls back to 1.0 and 1.1. Post Oct 31st 2024, event delivery using 1.0 and 1.1 won't be supported. Ensure that your webhook destinations support TLS 1.2. One easy way to check for TLS 1.2 support is to use [Qualys SSL Labs](https://www.ssllabs.com/ssltest/). If the report shows that TLS 1.2 is supported, no action is required. For more information, see the following blog post: [Retirement: Upcoming TLS changes for Azure Event Grid](https://azure.microsoft.com/updates/v2/TLS-changes-for-Azure-Event-Grid)

+| .NET | [`Azure.ResourceManager.EventGrid`](https://www.nuget.org/packages/Azure.ResourceManager.EventGrid/). The beta package has the latest `Namespaces` API. | .NET reference: [Preview](/dotnet/api/overview/azure/resourcemanager.eventgrid-readme?view=azure-dotnet-preview&preserve-view=true), [GA](/dotnet/api/overview/azure/event-grid) | [.NET samples](https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/eventgrid/Azure.ResourceManager.EventGrid/samples) |

+| Java | [`azure-resourcemanager-eventgrid`](https://central.sonatype.com/artifact/com.azure.resourcemanager/azure-resourcemanager-eventgrid/). The beta package has the latest `Namespaces` API. | Java reference: [Preview](/java/api/overview/azure/resourcemanager-eventgrid-readme?view=azure-java-preview&preserve-view=true), [GA](/java/api/overview/azure/event-grid) | [Java samples](https://github.com/azure/azure-sdk-for-java/tree/main/sdk/eventgrid/azure-resourcemanager-eventgrid/src/samples) |

+| JavaScript | [`@azure/arm-eventgrid`](https://www.npmjs.com/package/@azure/arm-eventgrid). The beta package has the latest `Namespaces` API. | JavaScript reference: [Preview](/javascript/api/overview/azure/arm-eventgrid-readme?view=azure-node-preview&preserve-view=true), [GA](/javascript/api/overview/azure/event-grid) | [JavaScript and TypeScript samples](https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/eventgrid/arm-eventgrid) |

+| Python | [`azure-mgmt-eventgrid`](https://pypi.org/project/azure-mgmt-eventgrid/). The beta package has the latest `Namespaces` API. | Python reference: [Preview](/python/api/azure-mgmt-eventgrid/?view=azure-python-preview&preserve-view=true), [GA](/python/api/overview/azure/event-grid) | [Python samples](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/eventgrid/azure-mgmt-eventgrid/generated_samples)

+| .NET | [`Azure.Messaging.EventGrid`](https://www.nuget.org/packages/Azure.Messaging.EventGrid/). The beta package has the latest `Namespaces` API. | [.NET reference](/dotnet/api/overview/azure/messaging.eventgrid-readme?view=azure-dotnet-preview&preserve-view=true) | [.NET samples](https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/eventgrid/Azure.Messaging.EventGrid/samples) |

+|Java | [`azure-messaging-eventgrid`](https://central.sonatype.com/artifact/com.azure/azure-messaging-eventgrid/). The beta package has the latest `Namespaces` API. | [Java reference](/java/api/overview/azure/messaging-eventgrid-readme?view=azure-java-preview&preserve-view=true) | [Java samples](https://github.com/Azure/azure-sdk-for-java/tree/main/sdk/eventgrid/azure-messaging-eventgrid/src/samples/java) |

+| JavaScript | [`@azure/eventgrid`](https://www.npmjs.com/package/@azure/eventgrid). The beta package has the latest `Namespaces` API. | [JavaScript reference](/javascript/api/overview/azure/eventgrid-readme?view=azure-node-preview&preserve-view=true) | [JavaScript and TypeScript samples](https://github.com/Azure/azure-sdk-for-js/tree/main/sdk/eventgrid/eventgrid) |

+| Python | [`azure-eventgrid`](https://pypi.org/project/azure-eventgrid/). The beta package has the latest `Namespaces` API. | [Python reference](/python/api/overview/azure/eventgrid-readme?view=azure-python-preview&preserve-view=true) | [Python samples](https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/eventgrid/azure-eventgrid/samples) |

+ Title: Send events to webhooks hosted in private destinations

+description: Shows how to send events to webhooks in private destinations using Azure Event Grid and Azure Relay.

+# Customer intent: As a developer, I want to know how to send events to webhooks hosted in private destinations such as on-premises servers or virtual machines.

+# Send events to webhooks hosted in private destinations using Azure Event Grid and Azure Relay

+In this article, you learn how to receive events from Azure Event Grid to webhooks hosted in private destinations, such as on-premises servers or virtual machines, using Azure Relay.

+Azure Relay is a service that enables you to securely expose services that reside within a corporate enterprise network to the public cloud, without having to open a firewall connection or require intrusive changes to a corporate network infrastructure.

+Azure Relay supports hybrid connections, which are a secure, open-protocol evolution of the existing Azure Relay features that can be implemented on any platform and in any language that has a basic WebSocket capability, which includes the option to accept relayed traffic initiated from Azure Event Grid. See [Azure Relay Hybrid Connections protocol guide - Azure Relay](../azure-relay/relay-hybrid-connections-protocol.md).

+## Receive events from Event Grid basic resources to webhooks in private destinations

+This section gives you the high-level steps for receiving events from Event Grid basic resources to webhooks hosted in private destinations using Azure Relay.

+1. Create an Azure Relay resource. You can use the Azure portal, Azure CLI, or Azure Resource Manager templates to create a Relay namespace and a hybrid connection. For more information, see [Create Azure Relay namespaces and hybrid connections using Azure portal](../azure-relay/relay-hybrid-connections-http-requests-dotnet-get-started.md).

+ > [!NOTE]

+ > Ensure you have enabled the option: **client authorization required**. This option ensures that only authorized clients can connect to your hybrid connection endpoint. You can use the Azure portal or Azure CLI to enable the client authorization and manage the client authorization rules. For more information, see [Secure Azure Relay Hybrid Connections](../azure-relay/relay-authentication-and-authorization.md).

+1. Implement the Azure Relay hybrid connection listener.

+ - **Option 1**: You can use the Azure Relay SDK for .NET to programmatically create a hybrid connection listener and handle the incoming requests. For more information, see [Azure Relay Hybrid Connections - HTTP requests in .NET](../azure-relay/relay-hybrid-connections-http-requests-dotnet-get-started.md).

+ - **Option 2**: Azure Relay Bridge. You can use Azure Relay Bridge, a cross-platform command line tool that can create VPN-less TCP tunnels from and to anywhere. You can run the Azure Relay Bridge as a Docker container or as a standalone executable. For more information, see [Azure Relay Bridge](https://github.com/Azure/azure-relay-bridge).

+1. Ensure your hybrid connection listener is connected. You can use the following Azure CLI command to list the hybrid connections in your namespace and check their status.

+ ```azurecli

+ az relay hyco list --resource-group [resource-group-name] --namespace-name [namespace-name]. You should see a "listenerCount" attribute in the properties of your hybrid connection.

+ ```

+1. Create an Azure Event Grid system topic. You can use the Azure portal, Azure CLI, or Azure Resource Manager templates to create a system topic that corresponds to an Azure service that has events, such as Storage accounts, event hubs, or Azure subscriptions. For more information, see [System topics in Azure Event Grid](create-view-manage-system-topics.md).

+1. Create an event subscription to the system topic. You can use the Azure portal, Azure CLI, or Azure Resource Manager templates to create an event subscription that defines the filter criteria and the destination endpoint for the events. In this case, select the **Azure Relay Hybrid Connection** as the endpoint type and provide the connection string of your hybrid connection. For more information, see [Azure Relay Hybrid Connection as an event handler](handler-relay-hybrid-connections.md).

+## Considerations when using webhooks to receive events from Azure Event Grid

+Ensure you have the Cloud Events validation handshake implemented. Here's the sample code in C# that demonstrates how to validate the Cloud Event schema handshake required during the subscription creation. You can use this sample code as a reference to implement your own validation handshake logic in the language of your preference.

+```csharp

+if (context.Request.HttpMethod == "OPTIONS" && context.Request.Url.PathAndQuery == _settings!.relayWebhookPath)

+{

+ context.Response.StatusCode = HttpStatusCode.OK;

+ context.Response.StatusDescription = "OK";

+ var origin = context.Request.Headers["Webhook-Request-Origin"];

+ context.Response.Headers.Add("Webhook-Allowed-Origin", origin);

+ using (var sw = new StreamWriter(context.Response.OutputStream))

+ {

+ sw.WriteLine("OK");

+ }

+ context.Response.Close();

+}

+```

+If you want to forward events from the Azure Relay Bridge to your local webhook you can use the following command:

+```bash

+.\azbridge.exe -x "AzureRelayConnectionString" -H [HybridConnectionName]:[http/https]/localhost:[ApplicationPort] -v

+```

+## Related content

+- [Azure Relay Hybrid Connection as an event handler](handler-relay-hybrid-connections.md)

+- [Azure Relay Bridge](https://github.com/Azure/azure-relay-bridge)

+2. If there are no exact frontend hosts match, the request get rejected and a 404: Bad Request error gets sent.

+| images.fabrikam.com | Error 404: Bad Request |

+| contoso.com | Error 404: Bad Request |

+| www\.adventure-works.com | Error 404: Bad Request |

+| www\.northwindtraders.com | Error 404: Bad Request |

+1. If there are no routing rules found with a matching path, then request gets rejected and a 404: Bad Request error gets set sent.

+> | profile.domain.com/other | None. Error 404: Bad Request |

+There are two elements to run REST API commands: the REST API URI and the request body. For information, go to [Policy Assignments - Create](/rest/api/policy/policy-assignments/create).

+For information, go to [Policy Assignments - Create](/rest/api/policy/policy-assignments/create).

+For more information, go to [Policy States - List Query Results For Resource Group](/rest/api/policy/policy-states/list-query-results-for-resource-group).

+For more information, go to [Policy Assignments - Delete](/rest/api/policy/policy-assignments/delete) and [Policy Assignments - Get](/rest/api/policy/policy-assignments/get).

+> Attestations can be created and managed only through Azure Policy [Azure Resource Manager (ARM) API](/rest/api/policy/attestations), [PowerShell](/powershell/module/az.policyinsights) or [Azure CLI](/cli/azure/policy/attestation).

+ [policyMetadata operation group](/rest/api/policy/policy-metadata/get-resource).

+### Configuring the Gatekeeper Config

+Changing the Gatekeeper config is unsupported, as it contains critical security settings. Edits to the config will be reconciled.

+### Using data.inventory in constraint templates

+Currently, several built-in policies make use of [data replication](https://open-policy-agent.github.io/gatekeeper/website/docs/sync), which enables users to sync existing on-cluster resources to the OPA cache and reference them during evaluation of an AdmissionReview request. Data replication policies can be differentiated by the presence of `data.inventory` in the Rego, as well as the presence of the `metadata.gatekeeper.sh/requires-sync-data` annotation, which informs the Azure Policy addon what resources need to be cached for policy evaluation to work properly. (Note that this differs from standalone Gatekeeper, where this annotation is descriptive, not prescriptive.)

+Data replication is currently blocked for use in custom policy definitions, because replicating resources with high instance counts can dramatically increase the Gatekeeper pods\' resource usage if not used carefully. You will see a `ConstraintTemplateInstallFailed` error when attempting to create a custom policy definition containing a constraint template with this annotation.

+> Removing the annotation may appear to mitigate the error you see, but then the policy addon will not sync any required resources for that constraint template into the cache. Thus, your policies will be evaluated against an empty `data.inventory` (assuming that no built-in is assigned that replicates the requisite resources). This will lead to misleading compliance results. As noted [previously](#configuring-the-gatekeeper-config), manually editing the config to cache the required resources is also not permitted.

+- REST API: In the _PUT_ [create](/rest/api/policy/policy-assignments/create) operation as part of

+Subscription](/rest/api/policy/policy-states/summarize-for-subscription):

+[Azure Policy Events](/rest/api/policy/policy-events) reference article.

+[03]: /azure/virtual-machines/extensions/iaas-antimalware-windows

+ [Azure Policy Definitions - Create or Update](/rest/api/policy/policy-definitions/create-or-update)

+ [Policy Definitions - Create or Update At Management Group](/rest/api/policy/policy-definitions/create-or-update-at-management-group).

+Addition of `SystemMSI` and Automated DCR for Log analytics, given the deprecation of [New Azure Monitor experience (preview)](./hdinsight-hadoop-oms-log-analytics-tutorial.md).

+> [!NOTE]

+> Effective Image number 2407260448, customers using portal for log analytics will have default [Azure Monitor Agent](./azure-monitor-agent.md) experience. In case you wish to switch to Azure Monitor experience (preview), you can pin your clusters to old images by creating a [support request](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/newsupportrequest).

+The Microsoft Azure Import/Export service might fail to copy some of your files or parts of a file to the Windows Azure Blob service. Some reasons for failures include:

+|**/d:**<TargetDirectories\>|**Required.** One or more semicolon-separated directories that contain the original files that were imported. The import drive might also be used, but isn't required if alternate locations of original files are available.|

+When this copy log is passed to the Azure Import/Export Tool, the tool tries to finish the import for this file by copying the missing contents across the network. Following the previously supplied example, the tool looks for the original file `\animals\koala.jpg` within the two directories `C:\Users\bob\Pictures` and `X:\BobBackup\photos`. If the file `C:\Users\bob\Pictures\animals\koala.jpg` exists, the Azure Import/Export Tool copies the missing range of data to the corresponding blob `http://bobmediaaccount.blob.core.windows.net/pictures/animals/koala.jpg`.

+In some situations, the tool might not be able to find or open the necessary file for one of the following reasons: the file couldn't be found or isn't accessible, the file name is ambiguous, or the content of the file is no longer correct.

+The tool writes the problematic file paths to `9WM35C2V_pathmap.txt`, one on each line. For instance, the file might contain the following entries after running the command:

+To learn more about message properties, see [System Properties of device-to-cloud IoT Hub messages](../../iot-hub/iot-hub-devguide-messages-construct.md#system-properties-of-device-to-cloud-messages).

+ 2022-10-07 18:14:59,408 DEBUG (main) [com.microsoft.azure.sdk.iot.device.transport.IotHubTransport] - Message was queued to be sent later ( Message details: Correlation Id [aaaa0000-bb11-2222-33cc-444444dddddd] Message Id [2e1717be-cfcf-41a7-b1c0-59edeb8ea865] )

+ 2022-10-07 18:14:59,409 DEBUG (contoso-hub-2.azure-devices.net-sn-007-888-abc-mac-a1-b2-c3-d4-e5-f6-c32c76d0-Cxn0e70bbf7-8476-441d-8626-c17250585ee6-azure-iot-sdk-IotHubSendTask) [com.microsoft.azure.sdk.iot.device.transport.IotHubTransport] - Sending message ( Message details: Correlation Id [aaaa0000-bb11-2222-33cc-444444dddddd] Message Id [2e1717be-cfcf-41a7-b1c0-59edeb8ea865] )

+ 2022-10-07 18:14:59,777 DEBUG (MQTT Call: sn-007-888-abc-mac-a1-b2-c3-d4-e5-f6) [com.microsoft.azure.sdk.iot.device.transport.IotHubTransport] - IotHub message was acknowledged. Checking if there is record of sending this message ( Message details: Correlation Id [aaaa0000-bb11-2222-33cc-444444dddddd] Message Id [2e1717be-cfcf-41a7-b1c0-59edeb8ea865] )

+ 2022-10-07 18:14:59,779 DEBUG (contoso-hub-2.azure-devices.net-sn-007-888-abc-mac-a1-b2-c3-d4-e5-f6-c32c76d0-Cxn0e70bbf7-8476-441d-8626-c17250585ee6-azure-iot-sdk-IotHubSendTask) [com.microsoft.azure.sdk.iot.device.transport.IotHubTransport] - Invoking the callback function for sent message, IoT Hub responded to message ( Message details: Correlation Id [aaaa0000-bb11-2222-33cc-444444dddddd] Message Id [2e1717be-cfcf-41a7-b1c0-59edeb8ea865] ) with status OK

+ "CorrelationId": "aaaa0000-bb11-2222-33cc-444444dddddd",

+ "CorrelationId": "aaaa0000-bb11-2222-33cc-444444dddddd",

+ 2022-05-11 09:42:26,077 DEBUG (main) [com.microsoft.azure.sdk.iot.device.transport.IotHubTransport] - Message was queued to be sent later ( Message details: Correlation Id [aaaa0000-bb11-2222-33cc-444444dddddd] Message Id [28069a3d-f6be-4274-a48b-1ee539524eeb] )

+ 2022-05-11 09:42:26,079 DEBUG (MyExampleHub.azure-devices.net-java-device-01-ee6c362d-Cxn7a1fb819-e46d-4658-9b03-ca50c88c0440-azure-iot-sdk-IotHubSendTask) [com.microsoft.azure.sdk.iot.device.transport.IotHubTransport] - Sending message ( Message details: Correlation Id [aaaa0000-bb11-2222-33cc-444444dddddd] Message Id [28069a3d-f6be-4274-a48b-1ee539524eeb] )

+ 2022-05-11 09:42:26,422 DEBUG (MQTT Call: java-device-01) [com.microsoft.azure.sdk.iot.device.transport.IotHubTransport] - IotHub message was acknowledged. Checking if there is record of sending this message ( Message details: Correlation Id [aaaa0000-bb11-2222-33cc-444444dddddd] Message Id [28069a3d-f6be-4274-a48b-1ee539524eeb] )

+ 2022-05-11 09:42:26,425 DEBUG (MyExampleHub.azure-devices.net-java-device-01-ee6c362d-Cxn7a1fb819-e46d-4658-9b03-ca50c88c0440-azure-iot-sdk-IotHubSendTask) [com.microsoft.azure.sdk.iot.device.transport.IotHubTransport] - Invoking the callback function for sent message, IoT Hub responded to message ( Message details: Correlation Id [aaaa0000-bb11-2222-33cc-444444dddddd] Message Id [28069a3d-f6be-4274-a48b-1ee539524eeb] ) with status OK

+ 2022-10-21 10:41:31,539 DEBUG (main) [com.microsoft.azure.sdk.iot.device.transport.IotHubTransport] - Message was queued to be sent later ( Message details: Correlation Id [aaaa0000-bb11-2222-33cc-444444dddddd] Message Id [4d8d39c8-5a38-4299-8f07-3ae02cdc3218] )

+ 2022-10-21 10:41:31,540 DEBUG (contoso-hub-2.azure-devices.net-device-01-d7c67552-Cxn0bd73809-420e-46fe-91ee-942520b775db-azure-iot-sdk-IotHubSendTask) [com.microsoft.azure.sdk.iot.device.transport.IotHubTransport] - Sending message ( Message details: Correlation Id [aaaa0000-bb11-2222-33cc-444444dddddd] Message Id [4d8d39c8-5a38-4299-8f07-3ae02cdc3218] )

+ 2022-10-21 10:41:31,844 DEBUG (MQTT Call: device-01) [com.microsoft.azure.sdk.iot.device.transport.IotHubTransport] - IotHub message was acknowledged. Checking if there is record of sending this message ( Message details: Correlation Id [aaaa0000-bb11-2222-33cc-444444dddddd] Message Id [4d8d39c8-5a38-4299-8f07-3ae02cdc3218] )

+ 2022-10-21 10:41:31,846 DEBUG (contoso-hub-2.azure-devices.net-device-01-d7c67552-Cxn0bd73809-420e-46fe-91ee-942520b775db-azure-iot-sdk-IotHubSendTask) [com.microsoft.azure.sdk.iot.device.transport.IotHubTransport] - Invoking the callback function for sent message, IoT Hub responded to message ( Message details: Correlation Id [aaaa0000-bb11-2222-33cc-444444dddddd] Message Id [4d8d39c8-5a38-4299-8f07-3ae02cdc3218] ) with status OK

+ Title: Understand message format

+description: This article describes the format and expected content of IoT Hub messages for cloud-to-device and device-to-cloud messages.

+To support interoperability across protocols, IoT Hub defines a common set of messaging features that are available in all device-facing protocols. These features can be used in both [device-to-cloud messages](iot-hub-devguide-messages-d2c.md) and [cloud-to-device messages](iot-hub-devguide-messages-c2d.md).

+IoT Hub implements device-to-cloud messaging using a streaming messaging pattern. IoT Hub's device-to-cloud messages are more like [Event Hubs](../event-hubs/index.yml) *events* than [Service Bus](../service-bus-messaging/index.yml) *messages* in that there's a high volume of events passing through the service that multiple readers can read.

+* A predetermined set of *system properties* as described later in this article.

+Each device protocol implements setting properties in different ways. For more information, see the [MQTT protocol guide](../iot/iot-mqtt-connect-to-iot-hub.md) and [AMQP protocol guide](./iot-hub-amqp-support.md) developer guides for details.

+When you send device-to-cloud messages using the HTTPS protocol or send cloud-to-device messages, property names and values can only contain ASCII alphanumeric characters, plus ``! # $ % & ' * + - . ^ _ ` | ~`` .

+* IoT Hub doesn't allow arbitrary partitioning. Device-to-cloud messages are partitioned based on their originating **deviceId**.

+* You can stamp messages with information that goes into the application properties. For more information, see [message enrichments](iot-hub-message-enrichments-overview.md).

+> Each IoT Hub protocol provides a message content type property which is respected when routing data to custom endpoints. To have your data properly handled at the destination (for example, JSON being treated as a parsable string instead of Base64 encoded binary data), provide the appropriate content type and charset for the message.

+To use your message body in an IoT Hub routing query, provide a valid JSON object for the message and set the content type property of the message to `application/json;charset=utf-8`.

+The following example shows a valid, routable message body:

+## System properties of device-to-cloud messages

+| message-id |A user-settable identifier for the message used for request-reply patterns. Format: A case-sensitive string (up to 128 characters long) of ASCII 7-bit alphanumeric characters plus `- : . + % _ # * ? ! ( ) , = @ ; $ '`. | Yes | messageId |

+| user-id |An ID used to specify the origin of messages. | Yes | userId |

+## Application properties of device-to-cloud messages

+A common use of application properties is to send a timestamp from the device using the `iothub-creation-time-utc` property to record when the message was sent by the device. The format of this timestamp must be UTC with no timezone information. For example, `2021-04-21T11:30:16Z` is valid, but `2021-04-21T11:30:16-07:00` is invalid.

+ "applicationId":"00001111-aaaa-2222-bbbb-3333cccc4444",

+## System properties of cloud-to-device messages

+| message-id |A user-settable identifier for the message used for request-reply patterns. Format: A case-sensitive string (up to 128 characters long) of ASCII 7-bit alphanumeric characters plus `- : . + % _ # * ? ! ( ) , = @ ; $ '`. |Yes|

+| user-id |An ID used to specify the origin of messages. When messages are generated by IoT Hub, the user ID is the IoT hub name. |Yes|

+### System property names

+The system property names vary based on the endpoint to which the messages are being routed.

+This article provides the properties and schemas for non-telemetry events emitted by Azure IoT Hub. Non-telemetry events are different from device-to-cloud and cloud-to-device messages in that IoT Hub emits these events in response to specific state changes associated with your devices. For example, lifecycle changes like a device or module being created or deleted, or connection state changes like a device or module connecting or disconnecting.

+IoT Hub sets the following system properties on each event.

+IoT Hub sets the following application properties on each event.

+**Body**: The body contains a sequence number. The sequence number is a string representation of a hexadecimal number. You can use string compare to identify the larger number. If you're converting the string to hex, then the number will be a 256-bit number. The sequence number is strictly increasing, so the latest event has a higher number than older events. This is useful if you have frequent device connects and disconnects, and want to ensure that only the latest event is used to trigger a downstream action.

+ "correlation_id": "aaaa0000-bb11-2222-33cc-444444dddddd",

+**Body**: The body contains a representation of the device twin or module twin. It includes the device ID and module ID, the twin etag, the version property, and the tags, properties, and associated metadata of the twin.

+**Body**: On an update, the body contains the version property of the twin and the updated tags and properties and their associated metadata. On a replace, the body contains the device ID and module ID, the twin etag, the version property, and all the tags, properties, and associated metadata of the device or module twin.

+For more information about DSS authorization, see [state store keys](https://github.com/Azure/iotedge-broker/blob/main/docs/authorization/readme.md#state-store-keys).

+Some classes require files, such as large data files, to be stored externally.

+Some classes require files, such as large data files, to be stored externally.

+ Title: Monitoring data reference for Azure Load Balancer

+description: This article contains important reference material you need when you monitor Azure Load Balancer by using Azure Monitor.

+# Azure Load Balancer monitoring data reference

+See [Monitor Azure Load Balancer](monitor-load-balancer.md) for details on the data you can collect for Load Balancer and how to use it.

+### Supported metrics for Microsoft.Network/loadBalancers

+The following table lists the metrics available for the Microsoft.Network/loadBalancers resource type.

+<!-- [!INCLUDE [Microsoft.Network/loadBalancers](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/metrics/microsoft-network-loadbalancers-metrics-include.md)] -->

+<!-- Manually included due to inprocess dimensions. Once those dimensions are completed, please reinstate this include and remove the manual copy. Please do not remove this comment. rboucher 2024_08_23 -->

+|Metric|Name in REST API|Unit|Aggregation|Dimensions|Time Grains|DS Export|

+||||||||

+|**Allocated SNAT Ports**<br><br>Total number of SNAT ports allocated within time period |`AllocatedSnatPorts` |Count |Average |`FrontendIPAddress`, `BackendIPAddress`, `ProtocolType` |PT1M |No|

+|**Byte Count**<br><br>Total number of Bytes transmitted within time period |`ByteCount` |Bytes |Total |`FrontendIPAddress`, `FrontendPort`, `Direction`|PT1M |Yes|

+|**Health Probe Status**<br><br>Average Load Balancer health probe status per time duration |`DipAvailability` |Count |Average |`ProtocolType`, `BackendPort`, `FrontendIPAddress`, `FrontendPort`, `BackendIPAddress`|PT1M |Yes|

+|**Health Probe Status**<br><br>Azure Cross-region Load Balancer backend health and status per time duration |`GlobalBackendAvailability` |Count |Average |`FrontendIPAddress`, `FrontendPort`, `BackendIPAddress`, `ProtocolType` |PT1M |Yes|

+|**Packet Count**<br><br>Total number of Packets transmitted within time period |`PacketCount` |Count |Total |`FrontendIPAddress`, `FrontendPort`, `Direction`|PT1M |Yes|

+|**SNAT Connection Count**<br><br>Total number of new SNAT connections created within time period |`SnatConnectionCount` |Count |Total |`FrontendIPAddress`, `BackendIPAddress`, `ConnectionState`|PT1M |Yes|

+|**SYN Count**<br><br>Total number of SYN Packets transmitted within time period |`SYNCount` |Count |Total |`FrontendIPAddress`, `FrontendPort`, `Direction`|PT1M |Yes|

+|**Used SNAT Ports**<br><br>Total number of SNAT ports used within time period |`UsedSnatPorts` |Count |Average |`FrontendIPAddress`, `BackendIPAddress`, `ProtocolType` |PT1M |No|

+|**Data Path Availability**<br><br>Average Load Balancer data path availability per time duration |`VipAvailability` |Count |Average |`FrontendIPAddress`, `FrontendPort`|PT1M |Yes|

+### Load balancer metrics

+This table includes additional information about metrics from the Microsoft.Network/loadBalancers table:

+| Metric | Resource type | Description |

+|: |:- |:-- |

+| Allocated SNAT ports | Public load balancer | Standard Load Balancer reports the number of SNAT ports allocated per backend instance. |

+| Byte count | Public and internal load balancer | Standard Load Balancer reports the data processed per front end. You might notice that the bytes aren't distributed equally across the backend instances. This behavior is expected as Azure's Load Balancer algorithm is based on flows. |

+| Health probe status | Public and internal load balancer | Standard Load Balancer uses a distributed health-probing service that monitors your application endpoint's health according to your configuration settings. This metric provides an aggregate or per-endpoint filtered view of each instance endpoint in the load balancer pool. You can see how Load Balancer views the health of your application, as indicated by your health probe configuration. |

+| SNAT connection count | Public load balancer | Standard Load Balancer reports the number of outbound flows that are masqueraded to the Public IP address front end. Source network address translation (SNAT) ports are an exhaustible resource. This metric can give an indication of how heavily your application is relying on SNAT for outbound originated flows. Counters for successful and failed outbound SNAT flows are reported and can be used to troubleshoot and understand the health of your outbound flows. |

+| SYN count (synchronize) | Public and internal load balancer | Standard Load Balancer doesnΓÇÖt terminate Transmission Control Protocol (TCP) connections or interact with TCP or User Data-gram Packet (UDP) flows. Flows and their handshakes are always between the source and the virtual machine instance. To better troubleshoot your TCP protocol scenarios, you can make use of SYN packets counters to understand how many TCP connection attempts are made. The metric reports the number of TCP SYN packets that were received. |

+| Used SNAT ports | Public load balancer | Standard Load Balancer reports the number of SNAT ports that are utilized per backend instance. |

+| Data path availability | Public and internal load balancer | Standard Load Balancer continuously exercises the data path from within a region to the load balancer front end, all the way to the SDN stack that supports your virtual machine. As long as healthy instances remain, the measurement follows the same path as your application's load-balanced traffic. The data path that your customer's use is also validated. The measurement is invisible to your application and doesn't interfere with other operations. |

+This table includes additional information about global metrics from the Microsoft.Network/loadBalancers table:

+| Metric | Resource type | Description |

+|: |:- |:-- |

+| Health probe status | Public global load balancer | Global load balancer uses a distributed health-probing service that monitors your application endpoint's health according to your configuration settings. This metric provides an aggregate or per-endpoint filtered view of each instance regional load balancer in the global load balancer's backend pool. You can see how global load balancer views the health of your application, as indicated by your health probe configuration. |

+| Data path availability | Public global load balancer| Global load balancer continuously exercises the data path from within a region to the load balancer front end, all the way to the SDN stack that supports your virtual machine. As long as healthy instances remain, the measurement follows the same path as your application's load-balanced traffic. The data path that your customer's use is also validated. The measurement is invisible to your application and doesn't interfere with other operations. |

+> [!NOTE]

+> Bandwidth-related metrics such as SYN packet, byte count, and packet count doesn't capture any traffic to an internal load balancer by using a UDR, such as from an NVA or firewall.

+>

+> Max and min aggregations are not available for the SYN count, packet count, SNAT connection count, and byte count metrics.

+> Count aggregation is not recommended for Data path availability and health probe status. Use average instead for best represented health data.

+| Dimension | Name | Description |

+|:-|:--|:|

+| BackendIPAddress | Backend IP | The backend IP address of one or more relevant load balancing rules |

+| BackendPort | Backend Port | The backend port of one or more relevant load balancing rules |

+| ConnectionState | Connection state | The state of SNAT connection. The state can be pending, successful, or failed |

+| Direction | Direction | The direction traffic is flowing. This value can be inbound or outbound. |

+| FrontendIPAddress | Frontend IP | The frontend IP address of one or more relevant load balancing rules |

+| FrontendPort | Frontend Port | The frontend port of one or more relevant load balancing rules |

+| ProtocolType | Protocol Type | The protocol of the relevant load balancing rule. The protocol can be TCP or UDP |

+### Supported resource logs for Microsoft.Network/loadBalancers

+### Load Balancer Microsoft.Network/LoadBalancers

+- [ALBHealthEvent](/azure/azure-monitor/reference/tables/albhealthevent#columns)

+- [AzureActivity](/azure/azure-monitor/reference/tables/azureactivity#columns)

+- [Microsoft.Network resource provider operations](/azure/role-based-access-control/resource-provider-operations#microsoftnetwork)

+## Related content

+- See [Monitor Azure Load Balancer](monitor-load-balancer.md) for a description of monitoring Load Balancer.

+- See [Monitor Azure resources with Azure Monitor](/azure/azure-monitor/essentials/monitor-azure-resource) for details on monitoring Azure resources.

+ Title: Monitor Azure Load Balancer

+description: Start here to learn how to monitor Azure Load Balancer by using Azure Monitor and Azure Monitor Insights.

+# Monitor Azure Load Balancer

+Load Balancer provides other monitoring data through:

+- [Health Probes](./load-balancer-custom-probe-overview.md)

+- [Resource health status](./load-balancer-standard-diagnostics.md#resource-health-status)

+- [REST API](load-balancer-query-metrics-rest-api.md)

+- Functional dependency view

+- Metrics dashboard

+- Overview tab

+- Frontend and Backend Availability tab

+- Data Throughput tab

+- Flow Distribution

+- Connection Monitors

+- Metric Definitions

+For more information about the resource types for Load Balancer, see [Azure Load Balancer monitoring data reference](monitor-load-balancer-reference.md).

+You can analyze metrics for Load Balancer with metrics from other Azure services using metrics explorer by opening **Metrics** from the **Azure Monitor** menu. See [Analyze metrics with Azure Monitor metrics explorer](../azure-monitor/essentials/analyze-metrics.md) for details on using this tool.

+For a list of available metrics for Load Balancer, see [Azure Load Balancer monitoring data reference](monitor-load-balancer-reference.md#metrics).

+For the available resource log categories, their associated Log Analytics tables, and the log schemas for Load Balancer, see [Azure Load Balancer monitoring data reference](monitor-load-balancer-reference.md#resource-logs).

+Resource logs aren't collected and stored until you create a diagnostic setting and route them to one or more locations. You can create a diagnostic setting with the Azure portal, Azure PowerShell, or the Azure CLI.

+To use the Azure portal and for general guidance, see [Create diagnostic setting to collect platform logs and metrics in Azure](../azure-monitor/essentials/diagnostic-settings.md). To use PowerShell or the Azure CLI, see the following sections.

+## Analyzing Load Balancer Traffic with NSG flow logs

+[NSG flow logs](../network-watcher/nsg-flow-logs-overview.md) is a feature of Azure Network Watcher that allows you to log information about IP traffic flowing through a network security group. Flow data is sent to Azure Storage from where you can access it and export it to a visualization tool, security information and event management (SIEM) solution, or intrusion detection system (IDS).

+NSG flow logs can be used to analyze traffic flowing through the load balancer.

+> [!NOTE]

+> NSG flow logs don't contain the load balancers frontend IP address. To analyze the traffic flowing into a load balancer, the NSG flow logs would need to be filtered by the private IP addresses of the load balancerΓÇÖs backend pool members.

+### Load Balancer alert rules

+The following table lists some suggested alert rules for Load Balancer. These alerts are just examples. You can set alerts for any metric, log entry, or activity log entry listed in the [Azure Load Balancer monitoring data reference](monitor-load-balancer-reference.md).

+| Alert type | Condition | Description |

+| Load balancing rule unavailable due to unavailable VMs | If data path availability split by Frontend IP address and Frontend Port (all known and future values) is equal to zero, or in a second independent alert, if health probe status is equal to zero, then fire alerts | These alerts help determine if the data path availability for any configured load balancing rules isn't servicing traffic due to all VMs in the associated backend pool being probed down by the configured health probe. Review load balancer [troubleshooting guide](load-balancer-troubleshoot.md) to investigate the potential root cause. |

+## Related content

+- See [Azure Load Balancer monitoring data reference](monitor-load-balancer-reference.md) for a reference of the metrics, logs, and other important values created for Load Balancer.

+- See [Monitoring Azure resources with Azure Monitor](/azure/azure-monitor/essentials/monitor-azure-resource) for general details on monitoring Azure resources.

+Time series data can be large due to the number of series in the data, the number of historical observations, or both. **Many models** and hierarchical time series, or **HTS**, are scaling solutions for the former scenario, where the data consists of a large number of time series. In these cases, it can be beneficial for model accuracy and scalability to partition the data into groups and train a large number of independent models in parallel on the groups. Conversely, there are scenarios where one or a few high-capacity models are better. **Distributed DNN training** targets this case. We review concepts around these scenarios in the remainder of the article.

+AutoML uses the new context data to update lag and other lookback features, and also to update models like ARIMA that keep an internal state. This operation _doesn't_ update or re-fit model parameters.

+Evaluation is the process of generating predictions on a test set held-out from the training data and computing metrics from these predictions that guide model deployment decisions. Accordingly, there's an inference mode suited for model evaluation - a rolling forecast. We review it in the following subsection.

+> Azure Machine Learning doesn't support all VM sizes that Azure Compute supports. To list the available VM sizes supported by specific compute VM types, use one of the following methods:

+ The data assets ID looks like `/subscriptions/<subscription>/resourcegroups/<resource-group>/providers/Microsoft.MachineLearningServices/workspaces/<workspace>/data/<data-asset>/versions/<version>`. You can also use the `azureml:<datasset_name>@latest` format to specify the input.

+These Datastore URIs are a known implementation of the [Filesystem spec](https://filesystem-spec.readthedocs.io/en/latest/https://docsupdatetracker.net/index.html) (`fsspec`): a unified pythonic interface to local, remote, and embedded file systems and bytes storage. First, use pip to install the `azureml-fsspec` package and its dependency `azureml-dataprep` package. Then, you can use the Azure Machine Learning Datastore `fsspec` implementation.

+> :::image type="content" source="media/how-to-access-data-interactive/datastore-uri-copy.png" alt-text="Screenshot highlighting the copy of the datastore URI.":::

+> :::image type="content" source="media/how-to-access-data-interactive/datastore-uri-copy.png" alt-text="Screenshot highlighting the copy of the datastore URI.":::

+> :::image type="content" source="media/how-to-access-data-interactive/datastore-uri-copy.png" alt-text="Screenshot highlighting the copy of the datastore URI.":::

+description: Convert custom models to MLflow model format for no code deployment with endpoints in Azure Machine Learning.

+#customer intent: As a data scientist, I want to convert a model to an MLflow format to use the benefits of MLflow.

+In this article, learn how to convert your custom ML model into MLflow format. [MLflow](https://www.mlflow.org) is an open-source library for managing the lifecycle of your machine learning experiments. In some cases, you might use a machine learning framework without its built-in MLflow model flavor support. Due to this lack of built-in MLflow model flavor, you can't log or register the model with MLflow model fluent APIs. To resolve this issue, you can convert your model to an MLflow format where you can apply the following benefits of Azure Machine Learning and MLflow models.

+With Azure Machine Learning, MLflow models get the added benefits of:

+- No code deployment

+- Portability as an open source standard format

+- Ability to deploy both locally and on cloud

+MLflow provides support for various [machine learning frameworks](https://mlflow.org/docs/latest/models.html#built-in-model-flavors), such as scikit-learn, Keras, and Pytorch. MLflow might not cover every use case. For example, you might want to create an MLflow model with a framework that MLflow doesn't natively support. You might want to change the way your model does preprocessing or post-processing when running jobs. To learn more about MLflow models, see [From artifacts to models in MLflow](concept-mlflow-models.md).

+If you didn't train your model with MLFlow and want to use Azure Machine Learning's MLflow no-code deployment offering, you need to convert your custom model to MLFLow. For more information, see [Custom Python Models](https://mlflow.org/docs/latest/models.html#custom-python-models).

+- Install the `mlflow` package

+Before you can convert your model to an MLflow supported format, you need to create a Python wrapper for your model. The following code demonstrates how to create a Python wrapper for an `sklearn` model.

+## Create a Conda environment

+Next, create Conda environment for the new MLflow Model that contains all necessary dependencies. If not indicated, the environment is inferred from the current installation. If not, it can be specified.

+## Load the MLflow formatted model and test predictions

+After your environment is ready, pass the `SKlearnWrapper`, the Conda environment, and your newly created artifacts dictionary to the `mlflow.pyfunc.save_model()` method. Doing so saves the model to your disk.

+To ensure that your newly saved MLflow formatted model didn't change during the save, load your model and print a test prediction to compare your original model.

+The following code prints a test prediction from the mlflow formatted model and a test prediction from the sklearn model. It saves the test predictions to your disk for comparison.

+After you confirm that your model saved correctly, you can create a test run. Register and save your MLflow formatted model to your model registry.

+> In some cases, you might use a machine learning framework without its built-in MLflow model flavor support. For instance, the `vaderSentiment` library is a standard natural language processing (NLP) library used for sentiment analysis. Since it lacks a built-in MLflow model flavor, you cannot log or register the model with MLflow model fluent APIs. For an example on how to save, log and register a model that doesn't have a supported built-in MLflow model flavor, see [Registering an Unsupported Machine Learning Model](https://mlflow.org/docs/latest/model-registry.html#registering-an-unsupported-machine-learning-model).

+## Related content

+- [Deploy MLflow models to online endpoints](how-to-deploy-mlflow-models-online-endpoints.md)

+- [MLflow and Azure Machine Learning](concept-mlflow.md)

+# customer intent: To create a compute instance in Azure Machine Learning for development and testing purposes.

+For more information on the classes, methods, and parameters for creating a compute instance, see the following reference documents:

+* [`ComputeInstance` class](/python/api/azure-ai-ml/azure.ai.ml.entities.computeinstance).

+* [`ComputeInstanceSshSettings` class](/python/api/azure-ai-ml/azure.ai.ml.entities.computeinstancesshsettings)

+A compute instance won't be considered idle if any custom application is running. To shutdown a compute with a custom application automatically, a schedule needs to be set up, or the custom application needs to be removed. There are also some basic bounds around inactivity time periods; compute instance must be inactive for a minimum of 15 mins and a maximum of three days. We also don't track VS Code SSH connections to determine activity.

+## Related content

+* Use the compute instance in VS Code:

+ * [Tutorial: Model development on a cloud workstation](tutorial-cloud-workstation.md)

+ * [Work in VS Code remotely connected to a compute instance (preview)](how-to-work-in-vs-code-remote.md)

+description: Learn to use the Azure Machine Learning studio, SDK, and CLI to deploy your AutoML model as a web service that Azure automatically manages.

+In this article, you learn how to deploy an AutoML-trained machine learning model to an online real-time inference endpoint. Automated machine learning, also referred to as automated ML or AutoML, is the process of automating the time-consuming, iterative tasks of developing a machine learning model. For more information, see [What is automated machine learning (AutoML)?](concept-automated-ml.md)

+In the following sections, you learn how to deploy AutoML trained machine learning model to online endpoints using:

+- An AutoML-trained machine learning model. For more information, see [Tutorial: Train a classification model with no-code AutoML](tutorial-first-experiment-automated-ml.md) or [Tutorial: Forecast demand with no-code automated machine learning](tutorial-automated-ml-forecast.md).

+Deploying an AutoML-trained model from the Automated ML page is a no-code experience. That is, you don't need to prepare a scoring script and environment because both are autogenerated.

+1. In Azure Machine Learning studio, go to the **Automated ML** page.

+1. Select your experiment and run it.

+1. Choose the **Models + child jobs** tab.

+1. Select the model that you want to deploy.

+1. After you select a model, the **Deploy** button is available with a dropdown menu.

+1. Select **Real-time endpoint** option.

+ :::image type="content" source="media/how-to-deploy-automl-endpoint/deploy-button.png" lightbox="media/how-to-deploy-automl-endpoint/deploy-button.png" alt-text="Screenshot showing the Deploy button's drop-down menu.":::

+ The system generates the Model and Environment needed for the deployment.

+ :::image type="content" source="media/how-to-deploy-automl-endpoint/deploy-model.png" alt-text="Screenshot showing the deployment page where you can change values and then select Deploy.":::

+If you want to have more control over the deployment, you can download the training artifacts and deploy them.

+To download the components, you need for deployment:

+1. Go to your Automated ML experiment and run it in your machine learning workspace.

+1. Choose the **Models + child jobs** tab.

+1. Select the model you want to use. After you select a model, the **Download** button is enabled.

+1. Choose **Download**.

+ :::image type="content" source="media/how-to-deploy-automl-endpoint/download-model.png" lightbox="media/how-to-deploy-automl-endpoint/download-model.png" alt-text="Screenshot showing the selection of the model and download button.":::

+You receive a *.zip* file that contains:

+- A conda environment specification file named *conda_env_\<VERSION>.yml*

+- A Python scoring file named *scoring_file_\<VERSION>.py*

+- The model itself, in a Python *.pkl* file named *model.pkl*

+1. In Azure Machine Learning studio, go to the **Models** page.

+1. Select Select **+ Register** > **From local files**.

+1. Register the model you downloaded from Automated ML run.

+1. Go to the Environments page, select **Custom environment**, and select **+ Create** to create an environment for your deployment. Use the downloaded conda yaml to create a custom environment.

+1. Select the model, and from the D**eploy** dropdown menu, select **Real-time endpoint**.

+1. Complete all the steps in wizard to create an online endpoint and deployment.

+### Configure the CLI

+To create a deployment from the CLI, you need the Azure CLI with the ML v2 extension. Run the following command to confirm:

+1. Sign in.

+ :::code language="azurecli" source="~/azureml-examples-main/cli/misc.sh" id="az_login":::

+1. If you have access to multiple Azure subscriptions, you can set your active subscription.

+ :::code language="azurecli" source="~/azureml-examples-main/cli/misc.sh" id="az_account_set":::

+1. Set the default resource group and workspace to where you want to create the deployment.

+ :::code language="azurecli" source="~/azureml-examples-main/cli/setup.sh" id="az_configure_defaults":::

+### Put the scoring file in its own directory

+Create a directory called *src*. Save the scoring file that you downloaded to it. This directory is uploaded to Azure and contains all the source code necessary to do inference. For an AutoML model, there's just the single scoring file.

+### Create the endpoint and deployment yaml file

+To create an online endpoint from the command line, create an *endpoint.yml* and a *deployment.yml* file. The following code, taken from the [Azure Machine Learning Examples repo](https://github.com/Azure/azureml-examples), shows the *endpoints/online/managed/sample/*, which captures all the required inputs.

+*automl_endpoint.yml*

+*automl_deployment.yml*

+You need to modify this file to use the files you downloaded from the AutoML Models page.

+1. Create a file *automl_endpoint.yml* and *automl_deployment.yml* and paste the contents of the preceding examples.

+1. In the *automl_deployment.yml* file, change the value of the keys at the following paths.

+ | Path | Change to |

+ |:- |: |

+ | `model:path` | The path to the *model.pkl* file you downloaded. |

+ | `code_configuration:code:path` | The directory in which you placed the scoring file. |

+ | `code_configuration:scoring_script` | The name of the Python scoring file (*scoring_file_\<VERSION>.py*). |

+ | `environment:conda_file` | A file URL for the downloaded conda environment file (*conda_env_\<VERSION>.yml*). |

+1. From the command line, run:

+After you create a deployment, you can score it as described in [Invoke the endpoint to score data by using your model](how-to-deploy-online-endpoints.md#invoke-the-endpoint-to-score-data-by-using-your-model).

+### Configure the Python SDK

+If you need to install the Python SDK v2, install with this command:

+### Put the scoring file in its own directory

+Create a directory called *src*. Save the scoring file that you downloaded to it. This directory is uploaded to Azure and contains all the source code necessary to do inference. For an AutoML model, there's just the single scoring file.

+### Connect to Azure Machine Learning workspace

+1. Import the required libraries.

+ ```python

+ # import required libraries

+ from azure.ai.ml import MLClient

+ from azure.ai.ml.entities import (

+ ManagedOnlineEndpoint,

+ ManagedOnlineDeployment,

+ Model,

+ Environment,

+ CodeConfiguration,

+ )

+ from azure.identity import DefaultAzureCredential

+ ```

+1. Configure workspace details and get a handle to the workspace.

+ ```python

+ # enter details of your Azure Machine Learning workspace

+ subscription_id = "<SUBSCRIPTION_ID>"

+ resource_group = "<RESOURCE_GROUP>"

+ workspace = "<AZUREML_WORKSPACE_NAME>"

+ ```

+ ```python

+ # get a handle to the workspace

+ ml_client = MLClient(

+ DefaultAzureCredential(), subscription_id, resource_group, workspace

+ )

+ ```

+### Create the endpoint and deployment

+Create the managed online endpoints and deployments.

+1. Configure online endpoint.

+ > [!TIP]

+ > - `name`: The name of the endpoint. It must be unique in the Azure region. The name for an endpoint must start with an upper- or lowercase letter and only consist of '-'s and alphanumeric characters. For more information on the naming rules, see [endpoint limits](how-to-manage-quotas.md#azure-machine-learning-online-endpoints-and-batch-endpoints).

+ > - `auth_mode` : Use `key` for key-based authentication. Use `aml_token` for Azure Machine Learning token-based authentication. A `key` doesn't expire, but `aml_token` does expire. For more information on authenticating, see [Authenticate to an online endpoint](how-to-authenticate-online-endpoint.md).

+1. Create the endpoint.

+ Using the `MLClient` created earlier, create the Endpoint in the workspace. This command starts the endpoint creation. It returns a confirmation response while the endpoint creation continues.

+1. Configure online deployment.

+ A deployment is a set of resources required for hosting the model that does the actual inferencing. Create a deployment for our endpoint using the `ManagedOnlineDeployment` class.

+ In this example, the files you downloaded from the AutoML Models page are in the *src* directory. You can modify the parameters in the code to suit your situation.

+ |: |: |

+ | `model:path` | The path to the *model.pkl* file you downloaded. |

+ | `code_configuration:code:path` | The directory in which you placed the scoring file. |

+ | `code_configuration:scoring_script` | The name of the Python scoring file (*scoring_file_\<VERSION>.py*). |

+ | `environment:conda_file` | A file URL for the downloaded conda environment file (*conda_env_\<VERSION>.yml*). |

+1. Create the deployment.

+ Using the `MLClient` created earlier, create the deployment in the workspace. This command starts creating the deployment. It returns a confirmation response while the deployment creation continues.

+ ```python

+ ml_client.begin_create_or_update(blue_deployment)

+ ```

+To learn more about deploying to managed online endpoints with SDK, see [Deploy and score a machine learning model by using an online endpoint](how-to-deploy-managed-online-endpoint-sdk-v2.md).

+## Related content

+- [Troubleshooting online endpoints deployment and scoring](how-to-troubleshoot-managed-online-endpoints.md)

+- [Perform safe rollout of new deployments for real-time inference](how-to-safely-rollout-online-endpoints.md)

+ > [!TIP]

+ > The **Content filter (preview)** option is enabled by default. Leave the default setting for the service to detect harmful content such as hate, self-harm, sexual, and violent content. For more information about content filtering, see [Content safety for models deployed via serverless APIs](concept-model-catalog.md#content-safety-for-models-deployed-via-maas).

+description: Learn how to deploy a model in batch endpoints that process images by using Azure Machine Learning.

+#customer intent: As a data scientist, I want to use batch model deployments for machine learning, such as classifying images according to a taxonomy.

+You can use batch model deployments for processing tabular data, but also any other file types, like images. Those deployments are supported in both MLflow and custom models. In this article, you learn how to deploy a model that classifies images according to the ImageNet taxonomy.

+## Prerequisites

+This article uses a model that was built using TensorFlow along with the RestNet architecture. For more information, see [Identity Mappings in Deep Residual Networks](https://arxiv.org/abs/1603.05027). You can download [a sample of this model](https://azuremlexampledata.blob.core.windows.net/data/imagenet/model.zip). The model has the following constraints:

+- It works with images of size 244x244 (tensors of `(224, 224, 3)`).

+- It requires inputs to be scaled to the range `[0,1]`.

+The information in this article is based on code samples contained in the [azureml-examples](https://github.com/azure/azureml-examples) repository. To run the commands locally without having to copy/paste YAML and other files, clone the repo. Change directories to *cli/endpoints/batch/deploy-models/imagenet-classifier* if you're using the Azure CLI or *sdk/python/endpoints/batch/deploy-models/imagenet-classifier* if you're using the SDK for Python.

+In this example, you learn how to deploy a deep learning model that can classify a given image according to the [taxonomy of ImageNet](https://image-net.org/).

+Create the endpoint that hosts the model:

+1. Specify the name of the endpoint.

+ ```azurecli

+ ENDPOINT_NAME="imagenet-classifier-batch"

+ ```

+1. Create the following YAML file to define the batch endpoint, named *endpoint.yml*:

+ :::code language="yaml" source="~/azureml-examples-main/cli/endpoints/batch/deploy-models/imagenet-classifier/endpoint.yml":::

+ To create the endpoint, run the following code:

+ :::code language="azurecli" source="~/azureml-examples-main/cli/endpoints/batch/deploy-models/imagenet-classifier/deploy-and-run.sh" ID="create_endpoint" :::

+1. Specify the name of the endpoint.

+ ```python

+ endpoint_name="imagenet-classifier-batch"

+ ```

+1. Configure the endpoint.

+ ```python

+ endpoint = BatchEndpoint(

+ name=endpoint_name,

+ description="An batch service to perform ImageNet image classification",

+ )

+ ```

+1. To create the endpoint, run the following code:

+ ```python

+ ml_client.batch_endpoints.begin_create_or_update(endpoint)

+ ```

+### Register the model

+Model deployments can only deploy registered models. You need to register the model. You can skip this step if the model you're trying to deploy is already registered.

+1. Download a copy of the model.

+ # [Azure CLI](#tab/cli)

+ :::code language="azurecli" source="~/azureml-examples-main/cli/endpoints/batch/deploy-models/imagenet-classifier/deploy-and-run.sh" ID="download_model" :::

+ # [Python](#tab/python)

+ ```python

+ import os

+ import urllib.request

+ from zipfile import ZipFile

+ response = urllib.request.urlretrieve('https://azuremlexampledata.blob.core.windows.net/data/imagenet/model.zip', 'model.zip')

+ os.mkdirs("imagenet-classifier", exits_ok=True)

+ with ZipFile(response[0], 'r') as zip:

+ model_path = zip.extractall(path="imagenet-classifier")

+ ```

+1. Register the model.

+ # [Azure CLI](#tab/cli)

+ ```azurecli

+ MODEL_NAME='imagenet-classifier'

+ az ml model create --name $MODEL_NAME --path "model"

+ ```

+ # [Python](#tab/python)

+ ```python

+ model_name = 'imagenet-classifier'

+ model = ml_client.models.create_or_update(

+ Model(name=model_name, path=model_path, type=AssetTypes.CUSTOM_MODEL)

+ )

+ ```

+### Create a scoring script

+Create a scoring script that can read the images provided by the batch deployment and return the scores of the model.

+> - The `init` method loads the model using the `keras` module in `tensorflow`.

+> - The `run` method runs for each mini-batch the batch deployment provides.

+> - The `run` method reads one image of the file at a time.

+> - The `run` method resizes the images to the expected sizes for the model.

+> - The `run` method rescales the images to the range `[0,1]` domain, which is what the model expects.

+> - The script returns the classes and the probabilities associated with the predictions.

+This code is the *code/score-by-file/batch_driver.py* file:

+> Although images are provided in mini-batches by the deployment, this scoring script processes one image at a time. This is a common pattern because trying to load the entire batch and send it to the model at once might result in high-memory pressure on the batch executor (OOM exceptions).

+>

+> There are certain cases where doing so enables high throughput in the scoring task. This is the case for batch deployments over GPU hardware where you want to achieve high GPU utilization. For a scoring script that takes advantage of this approach, see [High throughput deployments](#high-throughput-deployments).

+> If you want to deploy a generative model, which generates files, learn how to author a scoring script: [Customize outputs in batch deployments](how-to-deploy-model-custom-output.md).

+### Create the deployment

+After you create the scoring script, create a batch deployment for it. Use the following procedure:

+1. Ensure that you have a compute cluster created where you can create the deployment. In this example, use a compute cluster named `gpu-cluster`. Although not required, using GPUs speeds up the processing.

+1. Indicate over which environment to run the deployment. In this example, the model runs on `TensorFlow`. Azure Machine Learning already has an environment with the required software installed, so you can reuse this environment. You need to add a couple of dependencies in a *conda.yml* file.

+ The environment definition is included in the deployment file.

+ Get a reference to the environment.

+1. Create the deployment.

+ To create a new deployment under the created endpoint, create a `YAML` configuration like the following example. For other properties, see the [full batch endpoint YAML schema](reference-yaml-endpoint-batch.md).

+ Create the deployment with the following command:

+ To create a new deployment with the indicated environment and scoring script, use the following code:

+ Create the deployment with the following command:

+1. Although you can invoke a specific deployment inside of an endpoint, you usually want to invoke the endpoint itself, and let the endpoint decide which deployment to use. Such deployment is called the *default* deployment.

+ This approach lets you change the default deployment and change the model serving the deployment without changing the contract with the user invoking the endpoint. Use the following code to update the default deployment:

+Your batch endpoint is ready to be used.

+## Test the deployment

+For testing the endpoint, use a sample of 1,000 images from the original ImageNet dataset. Batch endpoints can only process data that is located in the cloud and that is accessible from the Azure Machine Learning workspace. Upload it to an Azure Machine Learning data store. Create a data asset that can be used to invoke the endpoint for scoring.

+> [!NOTE]

+> Batch endpoints accept data that can be placed in multiple types of locations.

+1. Download the associated sample data.

+ > [!NOTE]

+ > If you don't have `wget` installed locally, install it or use a browser to get the *.zip* file.

+1. Create the data asset from the data downloaded.

+ 1. Create a data asset definition in a `YAML` file called *imagenet-sample-unlabeled.yml*:

+ :::code language="yaml" source="~/azureml-examples-main/cli/endpoints/batch/deploy-models/imagenet-classifier/imagenet-sample-unlabeled.yml":::

+ 1. Create the data asset.

+ :::code language="azurecli" source="~/azureml-examples-main/cli/endpoints/batch/deploy-models/imagenet-classifier/deploy-and-run.sh" ID="create_sample_data_asset" :::

+ 1. Specify these values:

+ ```python

+ data_path = "data"

+ dataset_name = "imagenet-sample-unlabeled"

+ imagenet_sample = Data(

+ path=data_path,

+ type=AssetTypes.URI_FOLDER,

+ description="A sample of 1000 images from the original ImageNet dataset",

+ name=dataset_name,

+ )

+ ```

+ 1. Create the data asset.

+ ```python

+ ml_client.data.create_or_update(imagenet_sample)

+ ```

+ To get the newly created data asset, use this code:

+ ```python

+ imagenet_sample = ml_client.data.get(dataset_name, label="latest")

+ ```

+1. When the data is uploaded and ready to be used, invoke the endpoint.

+ > If the utility `jq` isn't installed, see [Download jq](https://stedolan.github.io/jq/download/).

+ > You don't indicate the deployment name in the invoke operation. That's because the endpoint automatically routes the job to the default deployment. Since the endpoint only has one deployment, that one is the default. You can target an specific deployment by indicating the argument/parameter `deployment_name`.

+1. A batch job starts as soon as the command returns. You can monitor the status of the job until it finishes.

+1. After the deployment finishes, download the predictions.

+1. The predictions look like the following output. The predictions are combined with the labels for the convenience of the reader. To learn more about how to achieve this effect, see the associated notebook.

+As mentioned before, the deployment processes one image a time, even when the batch deployment is providing a batch of them. In most cases, this approach is best. It simplifies how the models run and avoids any possible out-of-memory problems. However, in certain other cases, you might want to saturate as much as possible the underlying hardware. This situation is the case GPUs, for instance.

+On those cases, you might want to do inference on the entire batch of data. That approach implies loading the entire set of images to memory and sending them directly to the model. The following example uses `TensorFlow` to read batch of images and score them all at once. It also uses `TensorFlow` ops to do any data preprocessing. The entire pipeline happens on the same device being used (CPU/GPU).

+> Some models have a non-linear relationship with the size of the inputs in terms of the memory consumption. To avoid out-of-memory exceptions, batch again (as done in this example) or decrease the size of the batches created by the batch deployment.

+1. Create the scoring script *code/score-by-batch/batch_driver.py*:

+ :::code language="python" source="~/azureml-examples-main/cli/endpoints/batch/deploy-models/imagenet-classifier/code/score-by-batch/batch_driver.py" :::

+ - This script constructs a tensor dataset from the mini-batch sent by the batch deployment. This dataset is preprocessed to obtain the expected tensors for the model using the `map` operation with the function `decode_img`.

+ - The dataset is batched again (16) to send the data to the model. Use this parameter to control how much information you can load into memory and send to the model at once. If running on a GPU, you need to carefully tune this parameter to achieve the maximum usage of the GPU just before getting an OOM exception.

+ - After predictions are computed, the tensors are converted to `numpy.ndarray`.

+1. Create the deployment.

+ 1. To create a new deployment under the created endpoint, create a `YAML` configuration like the following example. For other properties, see the [full batch endpoint YAML schema](reference-yaml-endpoint-batch.md).

+ 1. Create the deployment with the following command:

+ 1. To create a new deployment with the indicated environment and scoring script, use the following code:

+ 1. Create the deployment with the following command:

+1. You can use this new deployment with the sample data shown before. Remember that to invoke this deployment either indicate the name of the deployment in the invocation method or set it as the default one.

+> - Image files supported include: *.png*, *.jpg*, *.jpeg*, *.tiff*, *.bmp*, and *.gif*.

+> - MLflow models should expect to receive a `np.ndarray` as input that matches the dimensions of the input image. In order to support multiple image sizes on each batch, the batch executor invokes the MLflow model once per image file.

+> - MLflow models are highly encouraged to include a signature. If they do, it must be of type `TensorSpec`. Inputs are reshaped to match tensor's shape if available. If no signature is available, tensors of type `np.uint8` are inferred.

+> - For models that include a signature and are expected to handle variable size of images, include a signature that can guarantee it. For instance, the following signature example allows batches of 3 channeled images.

+You can find a working example in the Jupyter notebook [imagenet-classifier-mlflow.ipynb](https://github.com/Azure/azureml-examples/blob/main/sdk/python/endpoints/batch/deploy-models/imagenet-classifier/imagenet-classifier-mlflow.ipynb). For more information about how to use MLflow models in batch deployments, see [Using MLflow models in batch deployments](how-to-mlflow-batch.md).

+- [Deploy MLflow models in batch deployments](how-to-mlflow-batch.md)

+- [Deploy language models in batch endpoints](how-to-nlp-processing-batch.md)

+This article shows how to use R in Azure Machine Learning studio on a compute instance that runs an R kernel in a Jupyter notebook.

+The popular RStudio IDE also works. You can install RStudio or Posit Workbench in a custom container on a compute instance. However, this has limitations in reading and writing to your Azure Machine Learning workspace.

+> The code shown in this article works on an Azure Machine Learning compute instance. The compute instance has an environment and configuration file necessary for the code to run successfully.

+- A basic understand of using Jupyter notebooks in Azure Machine Learning studio. Visit the [Model development on a cloud workstation](tutorial-cloud-workstation.md) resource for more information.

+You'll use a notebook in your Azure Machine Learning workspace, on a compute instance.

+1. On the notebook toolbar, make sure your compute instance is running. If not, start it now.

+1. Create a new file on the compute instance, called **setup.sh**.

+1. Ensure you have the correct version of `reticulate`. For a version less than 1.26, try to use a newer compute instance.

+ 1. To retrieve the URI, run the code.

+1. Use Pandas read functions to read the file or files into the R environment.

+ > 1. Select the elipsis (**...**) next to it.

+ > :::image type="content" source="media/how-to-r-interactive-development/datastore-uri-copy.png" alt-text="Screenshot highlighting the copy of the datastore URI.":::

+ 2. Create a filestore object using the previously mentioned URI:

+> You must update the `.libPaths` in each interactive R script to access user installed libraries. Add this code to the top of each interactive R script or notebook.

+ Title: "Use low priority VMs in batch deployments"

+description: Learn how to use low priority virtual machines in Azure Machine Learning to save costs when you run batch inference jobs.

+#customer intent: As an analyst, I want to run batch inference workloads in the most cost efficient way possible.

+# Use low priority VMs for batch deployments

+Azure batch deployments support low priority virtual machines (VMs) to reduce the cost of batch inference workloads. Low priority VMs enable a large amount of compute power to be used for a low cost. Low priority virtual machines take advantage of surplus capacity in Azure. When you specify low priority VMs in your pools, Azure can use this surplus, when available.

+> [!TIP]

+> The tradeoff for using low priority VMs is that those virtual machines might not be available or they might be preempted at any time, depending on available capacity. For this reason, this approach is most suitable for batch and asynchronous processing workloads, where job completion time is flexible and the work is distributed across many virtual machines.

+Low priority virtual machines are offered at a reduced price compared with dedicated virtual machines. For pricing details, see [Azure Machine Learning pricing](https://azure.microsoft.com/pricing/details/machine-learning/).

+- Batch deployment jobs consume low priority VMs by running on Azure Machine Learning compute clusters created with low priority VMs. After a deployment is associated with a low priority VMs cluster, all the jobs produced by such deployment use low priority VMs. Per-job configuration isn't possible.

+- Low priority VMs have a separate vCPU quota that differs from the one for dedicated VMs. Low-priority cores per region have a default limit of 100 to 3,000, depending on your subscription. The number of low-priority cores per subscription can be increased and is a single value across VM families. See [Azure Machine Learning compute quotas](how-to-manage-quotas.md#azure-machine-learning-compute).

+### Considerations and use cases

+Many batch workloads are a good fit for low priority VMs. Using low priority VMs can introduce execution delays when deallocation of VMs occurs. If you have flexibility in the time jobs have to finish, you might tolerate the potential drops in capacity.

+When you deploy models under batch endpoints, rescheduling can be done at the minibatch level. That approach has the benefit that deallocation only impacts those minibatches that are currently being processed and not finished on the affected node. All completed progress is kept.

+### Limitations

+- After a deployment is associated with a low priority VMs cluster, all the jobs produced by such deployment use low priority VMs. Per-job configuration isn't possible.

+- Rescheduling is done at the mini-batch level, regardless of the progress. No checkpointing capability is provided.

+> [!WARNING]

+> In the cases where the entire cluster is preempted or running on a single-node cluster, the job is cancelled because there is no capacity available for it to run. Resubmitting is required in this case.

+## Create batch deployments that use low priority VMs

+Batch deployment jobs consume low priority VMs by running on Azure Machine Learning compute clusters created with low priority VMs.

+> [!NOTE]

+> After a deployment is associated with a low priority VMs cluster, all the jobs produced by such deployment use low priority VMs. Per-job configuration is not possible.

+# [Azure CLI](#tab/cli)

+Create a compute definition `YAML` like the following one, *low-pri-cluster.yml*:

+```yaml

+$schema: https://azuremlschemas.azureedge.net/latest/amlCompute.schema.json

+name: low-pri-cluster

+type: amlcompute

+size: STANDARD_DS3_v2

+min_instances: 0

+max_instances: 2

+idle_time_before_scale_down: 120

+tier: low_priority

+```

+Create the compute using the following command:

+```azurecli

+az ml compute create -f low-pri-cluster.yml

+```

+# [Python](#tab/sdk)

+To create a new compute cluster with low priority VMs where to create the deployment, use the following script:

+```python

+from azure.ai.ml.entities import AmlCompute

+compute_name = "low-pri-cluster"

+compute_cluster = AmlCompute(

+ name=compute_name,

+ description="Low priority compute cluster",

+ min_instances=0,

+ max_instances=2,

+ tier='LowPriority'

+)

+ml_client.begin_create_or_update(compute_cluster)

+```

+After you create the new compute, you can create or update your deployment to use the new cluster:

+# [Azure CLI](#tab/cli)

+To create or update a deployment under the new compute cluster, create a `YAML` configuration file, *endpoint.yml*:

+```yaml

+$schema: https://azuremlschemas.azureedge.net/latest/batchDeployment.schema.json

+endpoint_name: heart-classifier-batch

+name: classifier-xgboost

+description: A heart condition classifier based on XGBoost

+type: model

+model: azureml:heart-classifier@latest

+compute: azureml:low-pri-cluster

+resources:

+ instance_count: 2

+settings:

+ max_concurrency_per_instance: 2

+ mini_batch_size: 2

+ output_action: append_row

+ output_file_name: predictions.csv

+ retry_settings:

+ max_retries: 3

+ timeout: 300

+```

+Then, create the deployment with the following command:

+```azurecli

+az ml batch-endpoint create -f endpoint.yml

+```

+# [Python](#tab/sdk)

+To create or update a deployment under the new compute cluster, use the following script:

+```python

+deployment = ModelBatchDeployment(

+ name="classifier-xgboost",

+ description="A heart condition classifier based on XGBoost",

+ endpoint_name=endpoint.name,

+ model=model,

+ compute=compute_name,

+ settings=ModelBatchDeploymentSettings(

+ instance_count=2,

+ max_concurrency_per_instance=2,

+ mini_batch_size=2,

+ output_action=BatchDeploymentOutputAction.APPEND_ROW,

+ output_file_name="predictions.csv",

+ retry_settings=BatchRetrySettings(max_retries=3, timeout=300),

+)

+ml_client.batch_deployments.begin_create_or_update(deployment)

+```

+To view these metrics in the Azure portal:

+1. Select **Metrics** from the **Monitoring** section.

+1. Select the metrics you desire from the **Metric** list.

+## Related content

+- [Create an Azure Machine Learning compute cluster](how-to-create-attach-compute-cluster.md)

+- [Deploy MLflow models in batch deployments](how-to-mlflow-batch.md)

+- [Manage compute resources for model training](how-to-create-attach-compute-studio.md)

+ Title: MLflow tracking for Azure Databricks machine learning experiments

+description: Set up MLflow with Azure Machine Learning to log metrics and artifacts from Azure Databricks machine learning experiments.

+#customer intent: As a data scientist, I want to integrate Azure Databricks with Azure Machine Learning to connect the products.

+# Track Azure Databricks machine learning experiments with MLflow and Azure Machine Learning

+In this article, you learn:

+> - How to [log models with MLflow](#register-models-in-the-registry-with-mlflow) to get them registered in Azure Machine Learning.

+> - How to [deploy and consume models registered in Azure Machine Learning](#deploy-and-consume-models-registered-in-azure-machine-learning).

+- The `azureml-mlflow` package, which handles the connectivity with Azure Machine Learning, including authentication.

+- An [Azure Databricks workspace and cluster](/azure/databricks/scenarios/quickstart-create-databricks-workspace-portal).

+- An [Azure Machine Learning Workspace](quickstart-create-resources.md).

+See which [access permissions](how-to-assign-roles.md#mlflow-operations) you need to perform your MLflow operations with your workspace.

+The [Training models in Azure Databricks and deploying them on Azure Machine Learning](https://github.com/Azure/azureml-examples/blob/main/sdk/python/using-mlflow/deploy/track_with_databricks_deploy_aml.ipynb) repository demonstrates how to train models in Azure Databricks and deploy them in Azure Machine Learning. It also describes how to track the experiments and models with the MLflow instance in Azure Databricks. It describes how to use Azure Machine Learning for deployment.

+To install libraries on your cluster:

+1. Navigate to the **Libraries** tab and select **Install New**.

+ :::image type="content" source="./media/how-to-use-mlflow-azure-databricks/azure-databricks-cluster-libraries.png" alt-text="Screenshot showing mlflow with azure databricks.":::

+1. In the **Package** field, type *azureml-mlflow* and then select **Install**. Repeat this step as necessary to install other packages to your cluster for your experiment.

+ :::image type="content" source="./media/how-to-use-mlflow-azure-databricks/install-libraries.png" alt-text="Screenshot showing Azure DB install mlflow library.":::

+You can configure Azure Databricks to track experiments using MLflow in two ways:

+- [Track in both Azure Databricks workspace and Azure Machine Learning workspace (dual-tracking)](#dual-track-on-azure-databricks-and-azure-machine-learning)

+- [Track exclusively on Azure Machine Learning](#track-exclusively-on-azure-machine-learning-workspace)

+By default, when you link your Azure Databricks workspace, dual-tracking is configured for you.

+### Dual-track on Azure Databricks and Azure Machine Learning

+Linking your Azure Databricks workspace to your Azure Machine Learning workspace enables you to track your experiment data in the Azure Machine Learning workspace and Azure Databricks workspace at the same time. This configuration is called *Dual-tracking*.

+Dual-tracking in a [private link enabled Azure Machine Learning workspace](how-to-configure-private-link.md) isn't currently supported. Configure [exclusive tracking with your Azure Machine Learning workspace](#track-exclusively-on-azure-machine-learning-workspace) instead.

+Dual-tracking isn't currently supported in Microsoft Azure operated by 21Vianet. Configure [exclusive tracking with your Azure Machine Learning workspace](#track-exclusively-on-azure-machine-learning-workspace) instead.

+To link your Azure Databricks workspace to a new or existing Azure Machine Learning workspace:

+1. Sign in to the [Azure portal](https://portal.azure.com).

+1. Navigate to your Azure Databricks workspace **Overview** page.

+1. Select **Link Azure Machine Learning workspace**.

+ :::image type="content" source="./media/how-to-use-mlflow-azure-databricks/link-workspaces.png" lightbox="./media/how-to-use-mlflow-azure-databricks/link-workspaces.png" alt-text="Screenshot shows the Link Azure Databricks and Azure Machine Learning workspaces option.":::

+After you link your Azure Databricks workspace with your Azure Machine Learning workspace, MLflow tracking is automatically tracked in the following places:

+- The linked Azure Machine Learning workspace.

+- Your original Azure Databricks workspace.

+You can use then MLflow in Azure Databricks in the same way that you're used to. The following example sets the experiment name as usual in Azure Databricks and start logging some parameters.

+> [!NOTE]

+> As opposed to tracking, model registries don't support registering models at the same time on both Azure Machine Learning and Azure Databricks. For more information, see [Register models in the registry with MLflow](#register-models-in-the-registry-with-mlflow).

+### Track exclusively on Azure Machine Learning workspace

+If you prefer to manage your tracked experiments in a centralized location, you can set MLflow tracking to *only* track in your Azure Machine Learning workspace. This configuration has the advantage of enabling easier path to deployment using Azure Machine Learning deployment options.

+Configure the MLflow tracking URI to point exclusively to Azure Machine Learning, as shown in the following example:

+#### Configure tracking URI

+1. Get the tracking URI for your workspace.

+ # [Azure CLI](#tab/cli)

+ [!INCLUDE [cli v2](includes/machine-learning-cli-v2.md)]

+ 1. Sign in and configure your workspace.

+ ```bash

+ az account set --subscription <subscription>

+ az configure --defaults workspace=<workspace> group=<resource-group> location=<location>

+ ```

+ 1. You can get the tracking URI using the `az ml workspace` command.

+ ```bash

+ az ml workspace show --query mlflow_tracking_uri

+ ```

+ # [Python](#tab/python)

+ [!INCLUDE [sdk v2](includes/machine-learning-sdk-v2.md)]

+ You can get the Azure Machine Learning MLflow tracking URI using the [Azure Machine Learning SDK v2 for Python](concept-v2.md). Ensure you have the library `azure-ai-ml` installed in the compute that you're using. The following sample gets the unique MLFLow tracking URI associated with your workspace.

+ 1. Sign in into your workspace using the `MLClient`. The easier way to do that is by using the workspace config file.

+ ```python

+ from azure.ai.ml import MLClient

+ from azure.identity import DefaultAzureCredential

+ ml_client = MLClient.from_config(credential=DefaultAzureCredential())

+ ```

+ > [!TIP]

+ > To download the workspace configuration file:

+ >

+ > 1. Navigate to [Azure Machine Learning studio](https://ml.azure.com).

+ > 1. Select the upper-right corner of the page > **Download config file**.

+ > 1. Save the file `config.json` in the same directory where you are working.

+ Alternatively, you can use the subscription ID, resource group name, and workspace name to get it.

+ ```python

+ from azure.ai.ml import MLClient

+ from azure.identity import DefaultAzureCredential

+ #Enter details of your Azure Machine Learning workspace

+ subscription_id = '<SUBSCRIPTION_ID>'

+ resource_group = '<RESOURCE_GROUP>'

+ workspace_name = '<WORKSPACE_NAME>'

+ ml_client = MLClient(credential=DefaultAzureCredential(),

+ subscription_id=subscription_id,

+ resource_group_name=resource_group)

+ ```

+ > [!IMPORTANT]

+ > `DefaultAzureCredential` tries to pull the credentials from the available context. If you want to specify credentials in a different way, for instance using the web browser in an interactive way, you can use `InteractiveBrowserCredential` or any other method available in [`azure.identity`](https://pypi.org/project/azure-identity/) package.

+ 1. Get the Azure Machine Learning Tracking URI.

+ ```python

+ mlflow_tracking_uri = ml_client.workspaces.get(ml_client.workspace_name).mlflow_tracking_uri

+ ```

+ # [Studio](#tab/studio)

+ Use the Azure Machine Learning portal to get the tracking URI.

+ 1. Open the [Azure Machine Learning studio portal](https://ml.azure.com) and sign in using your credentials.

+ 1. Select the name of your workspace to show the **Directory + Subscription + Workspace** page.

+ 1. Select **View all properties in Azure Portal**.

+ 1. On the **Essentials** section, find the property **MLflow tracking URI**.

+ # [Manually](#tab/manual)

+ You can construct the Azure Machine Learning Tracking URI using the subscription ID, region of where the resource is deployed, resource group name, and workspace name. The following code sample shows how.

+ > [!WARNING]

+ > If you're working in a private link-enabled workspace, the MLflow endpoint also uses a private link to communicate with Azure Machine Learning. Consequently, the tracking URI looks different than shown here. You need to get the tracking URI using the Azure Machine Learning SDK or CLI v2 on those cases.

+ ```python

+ region = "<LOCATION>"

+ subscription_id = '<SUBSCRIPTION_ID>'

+ resource_group = '<RESOURCE_GROUP>'

+ workspace_name = '<AML_WORKSPACE_NAME>'

+ mlflow_tracking_uri = f"azureml://{region}.api.azureml.ms/mlflow/v1.0/subscriptions/{subscription_id}/resourceGroups/{resource_group}/providers/Microsoft.MachineLearningServices/workspaces/{workspace_name}"

+ ```

+1. Configure the tracking URI.

+ # [Use MLflow SDK](#tab/mlflow)

+ The method [`set_tracking_uri()`](https://mlflow.org/docs/latest/python_api/mlflow.html#mlflow.set_tracking_uri) points the MLflow tracking URI to that URI.

+ ```python

+ import mlflow

+ mlflow.set_tracking_uri(mlflow_tracking_uri)

+ ```

+ # [Use environment variables](#tab/environ)

+ You can set the MLflow environment variables [MLFLOW_TRACKING_URI](https://mlflow.org/docs/latest/tracking.html#logging-to-a-tracking-server) in your compute to make any interaction with MLflow in the compute to point by default to Azure Machine Learning.

+ ```bash

+ MLFLOW_TRACKING_URI=$(az ml workspace show --query mlflow_tracking_uri | sed 's/"//g')

+ ```

+

+> [!TIP]

+> When working with shared environments, like an Azure Databricks cluster, Azure Synapse Analytics cluster, or similar, you can set the environment variable `MLFLOW_TRACKING_URI` at the cluster level. This approach allows you to automatically configure the MLflow tracking URI to point to Azure Machine Learning for all the sessions that run in the cluster rather than to do it on a per-session basis.

+>

+> :::image type="content" source="./media/how-to-use-mlflow-azure-databricks/env.png" alt-text="Screenshot shows Advanced options where you can configure the environment variables in an Azure Databricks cluster.":::

+>

+> After you configure the environment variable, any experiment running in such cluster is tracked in Azure Machine Learning.

+#### Configure authentication

+After you configure tracking, configure how to authenticate to the associated workspace. By default, the Azure Machine Learning plugin for MLflow opens a browser to interactively prompt for credentials. For other ways to configure authentication for MLflow in Azure Machine Learning workspaces, see [Configure MLflow for Azure Machine Learning: Configure authentication](how-to-use-mlflow-configure-tracking.md#configure-authentication).

+#### Name experiment in Azure Machine Learning

+When you configure MLflow to exclusively track experiments in Azure Machine Learning workspace, the experiment naming convention has to follow the one used by Azure Machine Learning. In Azure Databricks, experiments are named with the path to where the experiment is saved, for instance `/Users/alice@contoso.com/iris-classifier`. However, in Azure Machine Learning, you provide the experiment name directly. The same experiment would be named `iris-classifier` directly.

+#### Track parameters, metrics and artifacts

+After this configuration, you can use MLflow in Azure Databricks in the same way as you're used to. For more information, see [Log & view metrics and log files](how-to-log-view-metrics.md).

+## Log models with MLflow

+After your model is trained, you can log it to the tracking server with the `mlflow.<model_flavor>.log_model()` method. `<model_flavor>` refers to the framework associated with the model. [Learn what model flavors are supported](https://mlflow.org/docs/latest/models.html#model-api).

+In the following example, a model created with the Spark library MLLib is being registered.

+The flavor `spark` doesn't correspond to the fact that you're training a model in a Spark cluster. Instead, it follows from the training framework used. You can train a model using TensorFlow with Spark. The flavor to use would be `tensorflow`.

+Models are logged inside of the run being tracked. That fact means that models are available in either both Azure Databricks and Azure Machine Learning (default) or exclusively in Azure Machine Learning if you configured the tracking URI to point to it.

+> The parameter `registered_model_name` has not been specified. For more information about this parameter and the registry, see [Registering models in the registry with MLflow](#register-models-in-the-registry-with-mlflow).

+## Register models in the registry with MLflow

+As opposed to tracking, model registries can't operate at the same time in Azure Databricks and Azure Machine Learning. They have to use either one or the other. By default, model registries use the Azure Databricks workspace. If you choose to [set MLflow tracking to only track in your Azure Machine Learning workspace](#track-exclusively-on-azure-machine-learning-workspace), the model registry is the Azure Machine Learning workspace.

+If you use the default configuration, the following code logs a model inside the corresponding runs of both Azure Databricks and Azure Machine Learning, but it registers it only on Azure Databricks.

+- If a registered model with the name doesnΓÇÖt exist, the method registers a new model, creates version 1, and returns a `ModelVersion` MLflow object.

+- If a registered model with the name already exists, the method creates a new model version and returns the version object.

+### Use Azure Machine Learning registry with MLflow

+If you want to use Azure Machine Learning Model Registry instead of Azure Databricks, we recommend that you [set MLflow tracking to only track in your Azure Machine Learning workspace](#track-exclusively-on-azure-machine-learning-workspace). This approach removes the ambiguity of where models are being registered and simplifies the configuration.

+If you want to continue using the dual-tracking capabilities but register models in Azure Machine Learning, you can instruct MLflow to use Azure Machine Learning for model registries by configuring the MLflow Model Registry URI. This URI has the same format and value that the MLflow that tracks URI.

+> The value of `azureml_mlflow_uri` was obtained in the same way as described in [Set MLflow tracking to only track in your Azure Machine Learning workspace](#track-exclusively-on-azure-machine-learning-workspace).

+For a complete example of this scenario, see [Training models in Azure Databricks and deploying them on Azure Machine Learning](https://github.com/Azure/azureml-examples/blob/main/sdk/python/using-mlflow/deploy/track_with_databricks_deploy_aml.ipynb).

+## Deploy and consume models registered in Azure Machine Learning

+Models registered in Azure Machine Learning Service using MLflow can be consumed as:

+- An Azure Machine Learning endpoint (real-time and batch). This deployment allows you to use Azure Machine Learning deployment capabilities for both real-time and batch inference in Azure Container Instances, Azure Kubernetes, or Managed Inference Endpoints.

+- MLFlow model objects or Pandas user-defined functions (UDFs), which can be used in Azure Databricks notebooks in streaming or batch pipelines.

+### Deploy models to Azure Machine Learning endpoints

+You can use the `azureml-mlflow` plugin to deploy a model to your Azure Machine Learning workspace. For more information about how to deploy models to the different targets [How to deploy MLflow models](how-to-deploy-mlflow-models.md).

+> Models need to be registered in Azure Machine Learning registry in order to deploy them. If your models are registered in the MLflow instance inside Azure Databricks, register them again in Azure Machine Learning. For more information, see [Training models in Azure Databricks and deploying them on Azure Machine Learning](https://github.com/Azure/azureml-examples/blob/main/sdk/python/using-mlflow/deploy/track_with_databricks_deploy_aml.ipynb)

+### Deploy models to Azure Databricks for batch scoring using UDFs

+You can choose Azure Databricks clusters for batch scoring. By using Mlflow, you can resolve any model from the registry you're connected to. You usually use one of the following methods:

+- If your model was trained and built with Spark libraries like `MLLib`, use `mlflow.pyfunc.spark_udf` to load a model and used it as a Spark Pandas UDF to score new data.

+- If your model wasn't trained or built with Spark libraries, either use `mlflow.pyfunc.load_model` or `mlflow.<flavor>.load_model` to load the model in the cluster driver. You need to orchestrate any parallelization or work distribution you want to happen in the cluster. MLflow doesn't install any library your model requires to run. Those libraries need to be installed in the cluster before running it.

+For more ways to reference models from the registry, see [Loading models from registry](how-to-manage-models-mlflow.md#load-models-from-registry).

+After the model is loaded, you can use this command to score new data.

+If you want to keep your Azure Databricks workspace, but no longer need the Azure Machine Learning workspace, you can delete the Azure Machine Learning workspace. This action results in unlinking your Azure Databricks workspace and the Azure Machine Learning workspace.

+If you don't plan to use the logged metrics and artifacts in your workspace, delete the resource group that contains the storage account and workspace.

+1. In the Azure portal, search for *Resource groups*. Under **services**, select **Resource groups**.

+1. In the **Resource groups** list, find and select the resource group that you created to open it.

+1. In the **Overview** page, select **Delete resource group**.

+1. To verify deletion, enter the resource group's name.

+## Related content

+- [Deploy MLflow models as an Azure web service](how-to-deploy-mlflow-models.md)

+- [Manage your models](concept-model-management-and-deployment.md)

+- [Track experiment jobs with MLflow and Azure Machine Learning](how-to-use-mlflow.md)

+- [Azure Databricks and MLflow](/azure/databricks/applications/mlflow/)

+description: 'Learn to view costs for a managed online endpoint in Azure Machine Learning in the Azure portal.'

+#customer intent: As an analyst, I need to view the costs associated with the machine learning endpoints for a workspace.

+Learn how to view costs for a managed online endpoint. Costs for your endpoints accrue to the associated workspace. You can see costs for a specific endpoint by using tags.

+> This article only applies to viewing costs for Azure Machine Learning managed online endpoints. Managed online endpoints are different from other resources since they must use tags to track costs.

+>

+> For more information on managing and optimizing cost for Azure Machine Learning, see [Manage and optimize Azure Machine Learning costs](how-to-manage-optimize-cost.md). For more information on viewing the costs of other Azure resources, see [Quickstart: Start using Cost analysis](../cost-management-billing/costs/quick-acm-cost-analysis.md).

+- Have at least [Billing Reader](../role-based-access-control/role-assignments-portal.yml) access on the subscription where the endpoint is deployed.

+- In the [Azure portal](https://portal.azure.com), select **Cost Analysis** for your subscription.

+ :::image type="content" source="./media/how-to-view-online-endpoints-costs/online-endpoints-cost-analysis.png" alt-text="Screenshot of a subscription in the Azure portal showing red box around Cost Analysis button.":::

+ :::image type="content" source="./media/how-to-view-online-endpoints-costs/online-endpoints-cost-analysis-add-filter.png" lightbox="./media/how-to-view-online-endpoints-costs/online-endpoints-cost-analysis-add-filter.png" alt-text="Screenshot of the Cost Analysis view showing a red box around the Add filter button.":::

+Create a tag filter to show your managed online endpoint and managed online deployment:

+1. Select **Add filter** > **Tag** > **azuremlendpoint**: *\<your endpoint name>*.

+1. Select **Add filter** > **Tag** > **azuremldeployment**: *\<your deployment name>*.

+ > [!NOTE]

+ > Dollar values in this image are fictitious and do not reflect actual costs.

+ :::image type="content" source="./media/how-to-view-online-endpoints-costs/online-endpoints-cost-analysis-select-endpoint-deployment.png" lightbox="./media/how-to-view-online-endpoints-costs/online-endpoints-cost-analysis-select-endpoint-deployment.png" alt-text="Screenshot of the Cost Analysis view showing a red box around the Tag buttons.":::

+> Managed online endpoints use virtual machines (VMs) for the deployments. If you submitted a request to create an online deployment and it failed, it might have passed the stage when compute is created. In that case, the failed deployment would incur charges. If you finished debugging or investigating the failure, you can delete the failed deployments to save the cost.

+## Related content

+- [Endpoints for inference in production](concept-endpoints.md)

+- [Monitor online endpoints](./how-to-monitor-online-endpoints.md)

+- [Deploy and score a machine learning model by using an online endpoint](how-to-deploy-online-endpoints.md)

+- [Manage and optimize Azure Machine Learning costs](how-to-manage-optimize-cost.md)

+* Download and unzip the [**odFridgeObjects.zip*](https://automlsamplenotebookdata.blob.core.windows.net/image-object-detection/odFridgeObjects.zip) data file. The dataset is annotated in Pascal VOC format, where each image corresponds to an xml file. Each xml file contains information on where its corresponding image file is located and also contains information about the bounding boxes and the object labels. In order to use this data, you first need to convert it to the required JSONL format as seen in the [Convert the downloaded data to JSONL](https://github.com/Azure/azureml-examples/blob/main/sdk/python/jobs/automl-standalone-jobs/automl-image-object-detection-task-fridge-items/automl-image-object-detection-task-fridge-items.ipynb) section of the notebook.

+A sample [decentralized RBAC application](https://github.com/microsoft/ccf-app-samples/tree/main/decentralized-rbac-app) is published in GitHub for reference.

+1. In the **Servers, databases and web apps** tab, in **Azure Migrate: Discovery and assessment** tile, select **Groups**.

+2. Select the group you want to refine.

+1. After you've discovered servers for assessment, in **Servers, databases and web apps** > **Azure Migrate: Discovery and assessment**, select **Overview**.

+ - To migrate machines and workloads to Azure, select **Discover, assess and migrate**.

+ - If you created an Azure Migrate project using the **Discover, assess and migrate** option in the portal, the Migration and modernization tool is automatically added to the project. To add additional migration tools, in **Servers, databases and web apps** > **Migration and modernization**, select **Click here**.

+If you created an Azure Migrate project using the **Explore more** > **Web apps** option in the portal, the Web app migration tool is automatically added to the project.

+- Select **Refresh** on the **Servers, databases and web apps** tab to see the count of the discovered servers in Azure Migrate: Discovery and assessment and Migration and modernization.

+1. After the assessment is created, view it in **Servers, databases and web apps** > **Azure Migrate: Discovery and assessment** > **Assessments**.

+1. After the assessment is created, view it in **Servers, databases and web apps** > **Azure Migrate: Discovery and assessment** > **Assessments**.

+1. In **Migration goals** > **Servers, databases and web apps** > **Azure Migrate: Discovery and assessment**, select **Discover**.

+1. In **Migration goals** > **Servers, databases and web apps** > **Azure Migrate: Discovery and assessment**, select **Discover**.

+1. In **Migration goals**, select **Servers, databases and web apps** > **Migration and modernization**, selectΓÇ»**Replicated servers** under **Replications**.

+1. In **Migration goals** > **Servers, databases and web apps** > **Migration and modernization**, select **Test migrated servers**.

+ - Consider deploying [Microsoft Cost Management](../../cost-management-billing/cost-management-billing-overview.md) to monitor resource usage and spending.

+## Related content

+## Related content

+## Related content

+## Related content

+- Learn more about the benefits and key features of using [Shared storage](./shared-storage.md).

+## Related content

+## Related content

+ Title: Disaster recovery for Modeling and Simulation Workbench

+description: This article provides an overview of disaster recovery for Azure Modeling and Simulation Workbench workbench component.

+# Disaster recovery for Modeling and Simulation Workbench

+This article explains how to configure a disaster recovery environment for Azure Modeling and Simulation Workbench. Azure data center outages are rare but can last anywhere from a few minutes to hours. Data Center outages can cause disruption to the environments hosted in that data center. By following the steps in this article, Azure Modeling and Simulation workbench customers will continue to operate in the cloud in the event of a data center outage for the primary region hosting your workbench instance.

+Planning for disaster recovery involves identifying expected recovery point objectives (RPO) and recovery time objectives (RTO) for your instance. Based upon your risk-tolerance and expected RPO, follow these instructions at an interval appropriate for your business needs.

+A typical disaster recovery workflow starts with a failure of a critical service in your primary region. As the issue gets investigated, Azure publishes an expected time for the primary region to recover. If this timeframe is not acceptable for business continuity, and the problem does not impact your secondary region, you would start the process to fail over to the secondary region.

+## Achieving business continuity for Azure Modeling and Simulation Workbench

+To be prepared for a data center outage, you can have a Modeling and Simulation workbench instance provisioned in a secondary region.

+These Workbench resources can be configured to match the resources that exist in the primary Azure Modeling and Simulation workbench instance. Users in the workbench instance environment can be provisioned ahead of time, or when you switch to the secondary region. Chamber and connector resources can be put in a stopped state post deployment to invoke idle billing meters when not being used actively.

+Alternatively, if you don't want to have an Azure Modeling and Simulation Workbench instance provisioned in the secondary region until an outage impacts your primary region, follow the provided steps in the Quickstart, but stop before creating the Azure Modeling and Simulation Workbench instance in the secondary region. That step can be executed when you choose to create the workbench resources in the secondary region as a failover.

+## Prerequisites

+- Ensure that the services and features that your account uses are supported in the target secondary region.

+## Verify Entra ID tenant

+The workspace source and destination can be in the same subscription. If source and destination for workbench are different subscriptions, the subscriptions must exist within the same Entra ID tenant. Use Azure PowerShell to verify that both subscriptions have the same tenant ID.

+```powershell

+Get-AzSubscription -SubscriptionId <your-source-subscription>.TenantId

+Get-AzSubscription-SubscriptionId <your-destination-subscription>.TenantId

+```

+## Prepare

+To be prepared to work in a backup region, you would need to do some preparation ahead of the outage.

+First identify your backup region.

+List of supported regions can be found on the [Azure product availability roadmap](https://global.azure.com/product-roadmap/pam/roadmap), and searching for the service name: **Azure Modeling and Simulation Workbench**.

+

+Then, create a backup of your Azure Key Vault and keys used by Azure Modeling and Simulation in Key Vault including:

+1. Application Client Id key

+2. Application Secret key

+## Configure the new instance

+In the event of your primary region failure, and decision to work in a backup region, you would create a Modeling and Simulation Workbench instance in your backup region.

+1. Register to the Azure Modeling and Simulation Workbench Resource Provider as described in [Create an Azure Modeling and Simulation Workbench](/azure/modeling-simulation-workbench/quickstart-create-portal#register-azure-modeling-and-simulation-workbench-resource-provider).

+1. Create an Azure Modeling and Simulation Workbench using this section of the Quickstart.

+1. If desired, upload data into the new backup instance following Upload Files section of instructions.

+You can now do your work in the new workbench instance created in the backup region.

+## Cleanup

+Once your primary region is up and operating, and you no longer need your backup instance, you can delete it.

+## Related content

+- [Backup and disaster recovery for Azure applications](/azure/reliability/cross-region-replication-azure)

+- [Azure status](https://azure.status.microsoft/status)

+ Title: Shared storage for Modeling and Simulation Workbench

+description: This article provides an overview of shared storage for Azure Modeling and Simulation Workbench workbench component.

+# Shared storage for Modeling and Simulation Workbench

+To enable cross team and/or cross-organization collaboration in a secure manner within the workbench, a shared storage resource allows for selective data sharing between collaborating parties. It's an Azure NetApp Files based storage volume and is available to deploy in multiples of 4 TBs. Workbench owners can create multiple shared storage instances on demand and dynamically link them to existing chambers to facilitate secure collaboration.

+Users who are provisioned to a specific chamber can access all shared storage volumes linked to that chamber. Once users get deprovisioned from a chamber or that chamber gets deleted, they lose access to any linked shared storage volumes.

+## Key features of shared storage

+**Performance**: A shared storage resource within the workbench is high-performance Azure NetApp Files based, targeting complex engineering workloads. It isn't limited to being used as a data transfer mechanism. The resource can also be used to run simulations.

+**Scalability**: Users can adjust the storage capacity and performance tier according to their needs, just like chamber private storage.

+**Management**: Workbench Owners can manage storage capacity, resize storage, and change performance tiers through the Azure portal.

+## Related content

+- [Business continuity: Disaster recovery](./disaster-recovery.md)

+- You can now create up to 20 IP addresses per Azure Red Hat OpenShift cluster load balancer. This feature was previously in preview but is now generally available. See [Configure multiple IP addresses per cluster load balancer](howto-multiple-ips.md) for details. Azure Red Hat OpenShift 4.x has a 250 pod-per-node limit and a 250 compute node limit. For instructions on adding large clusters, see [Deploy a large Azure Red Hat OpenShift cluster](howto-large-clusters.md).

+- There's a change in the order of actions performed by Site Reliability Engineers of Azure RedHat OpenShift. To maintain the health of a cluster, a timely action is necessary if control plane resources are over-utilized. Now the control plane is resized proactively to maintain cluster health. After the resize of the control plane, a notification is sent out to you with the details of the changes made to the control plane. Make sure you have the quota available in your subscription for Site Reliability Engineers to perform the cluster resize action.

+description: In this guide, learn how to create an APC Gateway.

+# Quickstart: Create an APC Gateway

+> Deleting and modifying existing APC Gateways is not supported during the preview. Please open a support ticket in the Azure Portal if you need to delete an APC Gateway.

+>

+> [!NOTE]

+> Moving an APC Gateway to a different resource group is not supported. If you need to move an APC Gateway to a different resource group, you must delete it and recreate it.

+- Register your Azure subscription with the provider `Microsoft.ProgrammableConnectivity`, following [these instructions](/azure/azure-resource-manager/management/resource-providers-and-types)

+### Create a new APC Gateway

+1. Select the **Subscription**, **Resource Group**, and **Region** for the gateway.

+In order to use the operators' APIs, you must provide extra details, which are shared with the operators.

+1. Fill out the Application name, Application description, Legal entity, Tax number, and the privacy manager's email address in the text boxes.

+1. Repeat for each line.

+### Wait for approval

+On clicking **Create** your APC Gateway and one or more Operator API Connections are created. Each Operator API Connection represents a connection between your APC Gateway and a particular API at a particular operator.

+Operator API Connections don't finish deploying until the relevant operator has approved your onboarding request. For some operators approval is a manual process, and so may take several days.

+After an operator approves your onboarding request for an Operator API Connection, you are able to use APC with that Operator API Connection. This is the case even if your APC Gateway has other Operator API Connections that are not yet approved, with that operator or with another operator.

+- APC uses [Azure RBAC](/azure/role-based-access-control/overview) to control access. Choose the identity that you are going to use to access APC. This can be your own user identity, a [Service Principal](/entra/identity-platform/app-objects-and-service-principals), or a [Managed Identity](/entra/identity/managed-identities-azure-resources/overview). Add the role assignment `Azure Programmable Connectivity Gateway Dataplane User` for your chosen identity over a scope that includes your APC Gateway (e.g. the APC Gateway itself, the Resource Group that contains it, or the Subscription that contains it). For more details, see the following instructions:

+ - [Assign Azure roles using the Azure portal](/azure/role-based-access-control/role-assignments-portal)

+ - [Assign Azure roles using Azure CLI](/azure/role-based-access-control/role-assignments-cli)

+ - [Assign Azure roles using Azure PowerShell](/azure/role-based-access-control/role-assignments-powershell)

+### Contact APC using an SDK

+You can use a .NET SDK to contact APC. For more information and usage samples, see the [documentation](/dotnet/api/overview/azure/communication.programmableconnectivity-readme).

+If you use the .NET SDK, it is recommended that you also use the [.NET Entra Authentication SDK](/entra/msal/dotnet/).

+### Contact APC using HTTP requests

+#### Obtain an auth token

+To contact APC using HTTP requests, you must obtain an auth token, and set the header `Authorization` to the value of this token. There are numerous ways to do this. Some examples are shown below.

+# [Obtain a token for a Service Principal](#tab/service-principal)

+To obtain a token for a Service Principal, follow instructions in the [Entra documentation](/entra/identity-platform/v2-oauth2-client-creds-grant-flow#get-a-token)

+# [Obtain a token for your own user identity](#tab/user-identity)

+Obtain a token for your own user identity using the Azure CLI command [get-access-token](/cli/azure/account?view=azure-cli-latest#az-account-get-access-token&preserve-view=true) or the PowerShell command [Get-AzAccessToken](/powershell/module/az.accounts/get-azaccesstoken). Set the `--resource` parameter (in Azure CLI) or the `-ResourceUrl` parameter (in PowerShell) to `https://management.azure.com/`.

+#### Set other headers

+All requests must contain the following header:

+- `apc-gateway-id`: This must have the value of `<APC_IDENTIFIER>` obtained in [Prerequisites](#prerequisites).

+Requests may also contain the following optional header:

+- `x-ms-client-request-id`: This is a unique ID to identify the specific request. This is useful for diagnosing and fixing errors.

+#### Retrieve the last time that a SIM card was changed

+Make a POST request to the endpoint `https://<APC_URL>/sim-swap/sim-swap:retrieve`.

+It must contain a [bearer token](#obtain-an-auth-token) and [other required headers](#set-other-headers).

+#### Verify that a SIM card has been swapped in a certain time frame

+Make a POST request to the endpoint `https://<APC_URL>/sim-swap/sim-swap:verify`.

+It must contain a [bearer token](#obtain-an-auth-token) and [other required headers](#set-other-headers).

+#### Verify the location of a device

+It must contain a [bearer token](#obtain-an-auth-token) and [other required headers](#set-other-headers).

+#### Verify the number of a device

+##### Frontend authorization call

+It must contain a [bearer token](#obtain-an-auth-token) and [other required headers](#set-other-headers).

+##### Number Verification call

+It must contain a [bearer token](#obtain-an-auth-token) and [other required headers](#set-other-headers).

+#### Obtain the network of a device

+It must contain a [bearer token](#obtain-an-auth-token) and [other required headers](#set-other-headers).

+1. Do you know which tier you want to use? Tiers are covered in the next step. Check [region availability by tier](search-sku-tier.md#region-availability-by-tier) to determine if you can create a search service at the desired tier in your region of choice.

+## Choose a tier

+Azure AI Search is offered in [multiple pricing tiers](https://azure.microsoft.com/pricing/details/search/): Free, Basic, Standard, or Storage Optimized. Each tier has its own [capacity and limits](search-limits-quotas-capacity.md). There are also several features that are tier-dependent.

+Review the [tier descriptions](search-sku-tier.md) for computing characteristics and [feature availability](search-sku-tier.md#feature-availability-by-tier).

+Basic and Standard are the most common choices for production workloads, but many customers start with the Free service. Among the billable tiers, key differences are partition size and speed, and limits on the number of objects you can create.

+Search services created after April 3, 2024 have larger partitions and higher vector quotas.

+Currently, some regions are tier-constrained. For more information, see [region availability by tier](search-sku-tier.md#region-availability-by-tier).

+Remember, a pricing tier can't be changed once the service is created. If you need a higher or lower tier, you should re-create the service.

+- Blog post: [Frequently asked questions about the unified security operations platform](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/frequently-asked-questions-about-the-unified-security-operations/ba-p/4212048)

+## Apache HTTP Server

+## Apache Tomcat

+## Cisco Meraki

+## JBoss Enterprise Application Platform

+## JuniperIDP

+## MarkLogic Audit

+## MongoDB Audit

+## NGINX HTTP Server

+## Oracle WebLogic Server

+## PostgreSQL Events

+## SecurityBridge Threat Detection for SAP

+## SquidProxy

+## Ubiquiti UniFi

+## VMware vCenter

+## Zscaler Private Access (ZPA)

+### Code samples

+- [View code samples from this article (GitHub)](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/Java/blob-devguide/blob-devguide-containers/src/main/java/com/blobs/devguide/containers/ContainerCreate.java)

+### Code samples

+- [View code samples from this article (GitHub)](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/Java/blob-devguide/blob-devguide-containers/src/main/java/com/blobs/devguide/containers/ContainerDelete.java)

+### Code samples

+- [View code samples from this article (GitHub)](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/Java/blob-devguide/blob-devguide-containers/src/main/java/com/blobs/devguide/containers/ContainerLease.java)

+### Code samples

+- [View code samples from this article (GitHub)](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/Java/blob-devguide/blob-devguide-containers/src/main/java/com/blobs/devguide/containers/ContainerPropertiesMetadata.java)

+### Code samples

+- [View code samples from this article (GitHub)](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/Java/blob-devguide/blob-devguide-blobs/src/main/java/com/blobs/devguide/blobs/BlobSAS.java)

+### Code samples

+- [View code samples from this article (GitHub)](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/Java/blob-devguide/blob-devguide-containers/src/main/java/com/blobs/devguide/containers/ContainerList.java)

+### Code samples

+- [View code samples from this article (GitHub)](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/Java/blob-devguide/blob-devguide-blobs/src/main/java/com/blobs/devguide/blobs/BlobCopy.java)

+### Code samples

+- [View code samples from this article (GitHub)](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/Java/blob-devguide/blob-devguide-blobs/src/main/java/com/blobs/devguide/blobs/BlobDelete.java)

+### Code samples

+- [View code samples from this article (GitHub)](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/Java/blob-devguide/blob-devguide-blobs/src/main/java/com/blobs/devguide/blobs/BlobDownload.java)

+To connect an app to Blob Storage, create an instance of the [BlobServiceClient](/java/api/com.azure.storage.blob.blobserviceclient) class. You can also use the [BlobServiceAsyncClient](/java/api/com.azure.storage.blob.blobserviceasyncclient) class for [asynchronous programming](/azure/developer/java/sdk/async-programming). This object is your starting point to interact with data resources at the storage account level. You can use it to operate on the storage account and its containers. You can also use the service client to create container clients or blob clients, depending on the resource you need to work with.

+To authorize with Microsoft Entra ID, you'll need to use a [security principal](../../active-directory/develop/app-objects-and-service-principals.md). Which type of security principal you need depends on where your app runs. Use the following table as a guide:

+| Where the app runs | Security principal | Guidance |

+## Build your app

+As you build apps to work with data resources in Azure Blob Storage, your code primarily interacts with three resource types: storage accounts, containers, and blobs. To learn more about these resource types, how they relate to one another, and how apps interact with resources, see [Understand how apps interact with Blob Storage data resources](storage-blob-object-model.md).

+The following guides show you how to access data and perform specific actions using the Azure Storage client library for Java:

+| [Configure a retry policy](storage-retry-policy-java.md) | Implement retry policies for client operations. |

+| [Create a container](storage-blob-container-create-java.md) | Create blob containers. |

+| [Create a user delegation SAS (blobs)](storage-blob-user-delegation-sas-create-java.md) | Create a user delegation SAS for a blob. |

+| [Create a user delegation SAS (containers)](storage-blob-container-user-delegation-sas-create-java.md) | Create a user delegation SAS for a container. |

+| [Create and manage blob leases](storage-blob-lease-java.md) | Establish and manage a lock on a blob. |

+| [Create and manage container leases](storage-blob-container-lease-java.md) | Establish and manage a lock on a container. |

+| [Delete and restore containers](storage-blob-container-delete-java.md) | Delete containers, and if soft-delete is enabled, restore deleted containers. |

+| [Download blobs](storage-blob-download-java.md) | Download blobs by using strings, streams, and file paths. |

+| [List blobs](storage-blobs-list-java.md) | List blobs in different ways. |

+| [List containers](storage-blob-containers-list-java.md) | List containers in an account and the various options available to customize a listing. |

+| [Manage properties and metadata (containers)](storage-blob-container-properties-metadata-java.md) | Get and set properties and metadata for containers. |

+| [Performance tuning for data transfers](storage-blobs-tune-upload-download-java.md) | Optimize performance for data transfer operations. |

+| [Upload blobs](storage-blob-upload-java.md) | Learn how to upload blobs by using strings, streams, file paths, and other methods. |

+### Code samples

+- [View code samples from this article (GitHub)](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/Java/blob-devguide/blob-devguide-blobs/src/main/java/com/blobs/devguide/blobs/BlobLease.java)

+### Code samples

+- [View code samples from this article (GitHub)](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/Java/blob-devguide/blob-devguide-blobs/src/main/java/com/blobs/devguide/blobs/BlobPropertiesMetadataTags.java)

+### Code samples

+- [View code samples from this article (GitHub)](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/Java/blob-devguide/blob-devguide-blobs/src/main/java/com/blobs/devguide/blobs/BlobPropertiesMetadataTags.java)

+### Code samples

+- [View code samples from this article (GitHub)](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/Java/blob-devguide/blob-devguide-blobs/src/main/java/com/blobs/devguide/blobs/BlobUpload.java)

+### Code samples

+- [View code samples from this article (GitHub)](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/Java/blob-devguide/blob-devguide-blobs/src/main/java/com/blobs/devguide/blobs/BlobAccessTier.java)

+### Code samples

+- [View code samples from this article (GitHub)](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/Java/blob-devguide/blob-devguide-blobs/src/main/java/com/blobs/devguide/blobs/BlobSAS.java)

+### Code samples

+- [View code samples from this article (GitHub)](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/Java/blob-devguide/blob-devguide-blobs/src/main/java/com/blobs/devguide/blobs/BlobList.java)

+- This article is part of the Blob Storage developer guide for Java. See the full list of developer guide articles at [Build your app](storage-blob-java-get-started.md#build-your-app).

+## Next steps

+- This article is part of the Blob Storage developer guide for Java. See the full list of developer guide articles at [Build your app](storage-blob-java-get-started.md#build-your-app).

+|Azure Synapse Apache Spark pool|[Query failure with a LIKE clause using Synapse Dedicated SQL Pool Connector in Spark 3.4 runtime](#query-failure-with-a-like-clause-using-synapse-dedicated-sql-pool-connector-in-spark-34-runtime)|Has Workaround|

+## Azure Synapse Analytics Apache Spark pool active known issues summary

+The following are known issues with the Synapse Spark.

+### Query failure with a LIKE clause using Synapse Dedicated SQL Pool Connector in Spark 3.4 runtime

+The open source Apache Spark 3.4 has introduced an [issue](https://issues.apache.org/jir), it can generate an invalid SQL query for Synapse SQL and the Synapse Spark notebook or batch job would throw an error similar to:

+`com.microsoft.spark.sqlanalytics.SQLAnalyticsConnectorException: com.microsoft.sqlserver.jdbc.SQLServerException: Parse error at line: 1, column: XXX: Incorrect syntax near ''%test%''`

+**Workaround**: The engineering team is currently aware of this behavior and working on a fix. If you encountered a similar error, please engage Microsoft Support Team for assistance and to provide a temporary workaround.

+# Azure Synapse Runtime for Apache Spark 2.4 (disabled)

+> Disablement notification for Azure Synapse Runtime for Apache Spark 2.4

+> * Effective August 23, 2024, __Azure Synapse Runtime for Apache Spark 2.4 has been disabled.__  

+* Azure Synapse Runtime for Apache Spark 2.4 has been replaced with a **more recent version of the runtime ([Azure Synapse Runtime for Apache Spark 3.4 (GA)](/azure/synapse-analytics/spark/apache-spark-34-runtime).**

+* On July 29, 2022, we announced that Azure Synapse Runtime for Apache Spark 2.4 would become deprecated as of September 29, 2023.

+* Post September 29, 2023, support ended. Utilizing Spark 2.4 post the support cutoff date is undertaken at one's own risk.

+* Announcements about the 2.4 deprecation were also added within the product. The lifecycle for Synapse Spark states that for deprecated runtimes, ["Spark Pool definitions and associated metadata will remain in the Synapse workspace for a defined period after the applicable End of Support date. However, all pipelines, jobs, and notebooks will no longer be able to execute”.](/azure/synapse-analytics/spark/runtime-for-apache-spark-lifecycle-and-supportability) 

+For migration guidance, please see the [Upgrade to Azure Synapse runtimes for Apache Spark 3.4 & previous runtimes deprecation - Microsoft Community Hub](https://techcommunity.microsoft.com/t5/azure-synapse-analytics-blog/upgrade-to-azure-synapse-runtimes-for-apache-spark-3-4-amp/ba-p/4177758) blog post.

+```powershell

+```powershell

+```powershell

+ - The [Azure Connected Machine agent](/azure/azure-arc/servers/agent-overview) on Azure Stack HCI VMs created outside the Azure Virtual Desktop service, such as with an automated pipeline. The virtual machines use the agent to communicate with [Azure Instance Metadata Service](/azure/virtual-machines/instance-metadata-service), which is a [required endpoint for Azure Virtual Desktop](../virtual-desktop/required-fqdn-endpoint.md).

+* You have a functioning ExpressRoute circuit that is linked to the virtual network where the VPN gateway is (or will be) created.

+* You can reach resources over RFC1918 (private) IP in the virtual network over the ExpressRoute circuit.

+For traffic from on-premises networks to Azure, the Azure prefixes are advertised via both the ExpressRoute private peering BGP, and the VPN BGP if BGP is configured on your VPN gateway. The result is two network routes (paths) toward Azure from the on-premises networks:

+> [!WARNING]

+> If you advertise the same prefixes over both ExpressRoute and VPN connections, Azure will use the ExpressRoute path directly without VPN protection.

+1. Configure a Site-to-Site connection. For steps, see the [Site-to-site configuration](./tutorial-site-to-site-portal.md) article. Be sure to pick a gateway with a Standard Public IP.

+1. On the **Overview** page, select **See More** to view the private IP address. Write down this information to use later in the configuration steps. If you have an active-active mode VPN gateway, you'll see two private IP addresses.

+ :::image type="content" source="media/site-to-site-vpn-private-peering/see-more.png" alt-text="Screenshot of the Overview page with See More selected." lightbox="media/site-to-site-vpn-private-peering/see-more.png":::

+1. To enable **Use Azure Private IP Address** on the connection, go to the **Configuration** page. Set **Use Azure Private IP Address** to **Enabled**, then select **Save**.

+1. Use the private IP address that you wrote down in step 3 as the remote IP on your on-premises firewall to establish the Site-to-Site tunnel over the ExpressRoute private peering.

+ > [!NOTE]

+ > Configuring BGP on your VPN gateway is not required to achieve a VPN connection over ExpressRoute private peering.

+VPN gateways are migrated as part of VNet migration from classic to Resource Manager. This migration is done one VNet at a time. There aren't additional requirements in terms of tools or prerequisites to migrate. Migration steps are identical to the existing VNet migration and are documented at [IaaS resources migration page](/azure/virtual-machines/migration-classic-resource-manager-ps).

+After learning about VPN gateway migration support, go to [platform-supported migration of IaaS resources from classic to Resource Manager](/azure/virtual-machines/migration-classic-resource-manager-ps) to get started.

+This topology requires two local network gateways and two connections to support the pair of on-premises VPN devices, and BGP is required to allow simultaneous connectivity on the two connections to the same on-premises network. These requirements are the same as the [above](#activeactiveonprem).

+This article helps you configure the necessary VPN Gateway point-to-site (P2S) server settings to let you securely connect individual clients running Windows, Linux, or macOS to an Azure virtual network (VNet). P2S VPN connections are useful when you want to connect to your VNet from a remote location, such as when you're telecommuting from home or a conference. You can also use P2S instead of a site-to-site (S2S) VPN when you have only a few clients that need to connect to a virtual network (VNet).

+P2S connections don't require a VPN device or a public-facing IP address. There are various different configuration options available for P2S. For more information about point-to-site VPN, see [About point-to-site VPN](point-to-site-about.md).

+The steps in this article create a P2S configuration that uses **certificate authentication** and the Azure portal. To create this configuration using the Azure PowerShell, see the [Configure P2S - Certificate - PowerShell](vpn-gateway-howto-point-to-site-rm-ps.md) article. For RADIUS authentication, see the [P2S RADIUS](point-to-site-how-to-radius-ps.md) article. For Microsoft Entra authentication, see the [P2S Microsoft Entra ID](openvpn-azure-ad-tenant.md) article.

+### Tunnel and authentication type

+1. For **Tunnel type**, select the tunnel type that you want to use. For this exercise, from the dropdown, select **IKEv2 and OpenVPN(SSL)**.

+1. For **Authentication type**, select the authentication type that you want to use. For this exercise, from the dropdown, select **Azure certificate**. If you're interested in other authentication types, see the articles for [Microsoft Entra ID](openvpn-azure-ad-tenant.md) and [RADIUS](point-to-site-how-to-radius-ps.md).

+## <a name="publicip3"></a>Additional IP address

+If you have an active-active mode gateway that uses an availability zone SKU (AZ SKU), you need a third public IP address. If this setting doesn't apply to your gateway, you don't need to add an additional IP address.

+1. Open the certificate with a text editor, such as Notepad. When copying the certificate data, make sure that you copy the text as one continuous line:

+ :::image type="content" source="./media/vpn-gateway-howto-point-to-site-resource-manager-portal/certificate.png" alt-text="Screenshot of data in the certificate." lightbox="./media/vpn-gateway-howto-point-to-site-resource-manager-portal/certificate-expand.png":::

+1. Go to your **Virtual network gateway -> Point-to-site configuration** page in the **Root certificate** section. This section is only visible if you have selected **Azure certificate** for the authentication type.

+ :::image type="content" source="./media/vpn-gateway-howto-point-to-site-resource-manager-portal/public-certificate-data.png" alt-text="Screenshot of certificate data field." lightbox="./media/vpn-gateway-howto-point-to-site-resource-manager-portal/public-certificate-data.png":::