Updates from: 08/04/2021 03:11:57
Service Microsoft Docs article Related commit history on GitHub Change details
active-directory-b2c Age Gating https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/age-gating.md
When you sign-in as a minor, you should see the following error message: *Unfort
## Enable age gating in your custom policy
-1. Get the example of an age gating policy on [GitHub](https://github.com/azure-ad-b2c/samples/tree/master/age-gating).
+1. Get the example of an age gating policy on [GitHub](https://github.com/azure-ad-b2c/samples/tree/master/policies).
1. In each file, replace the string `yourtenant` with the name of your Azure AD B2C tenant. For example, if the name of your B2C tenant is *contosob2c*, all instances of `yourtenant.onmicrosoft.com` become `contosob2c.onmicrosoft.com`. 1. Upload the policy files.
When you sign-in as a minor, you should see the following error message: *Unfort
## Next steps - Learn how to [Manage user access in Azure AD B2C](manage-user-access.md).-
active-directory-b2c Enable Authentication Web Api https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/enable-authentication-web-api.md
The authentication function also verifies that the web API is called with the ri
## Step 5: Configure the web server
-In a development environment, set the web API to listen on an incoming HTTP requests port number. In this example, use HTTP port 6000. The base URI of the web API is `http://localhost:6000`.
+In a development environment, set the web API to listen on incoming HTTP requests port number. In this example, use HTTP port 6000. The base URI of the web API will be: <'http://localhost:6000'>
# [ASP.NET Core](#tab/csharpclient)
active-directory-b2c Page Layout https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/page-layout.md
Previously updated : 05/26/2021 Last updated : 08/03/2021
Azure AD B2C page layout uses the following versions of the [jQuery library](htt
## Self-asserted page (selfasserted)
+**2.1.7**
+- Fixed a language encoding issue that is causing the request to fail.
+- Fixed an accessibility bug to show inline error messages only on form submission.
+ **2.1.6** - Fixed password error get cleared when typing too quickly on a different field.
Azure AD B2C page layout uses the following versions of the [jQuery library](htt
## MFA page (multifactor)
+**1.2.5**
+- Fixed a language encoding issue that is causing the request to fail.
+ **1.2.4** - Updated jQuery version to 3.5.1. - Updated HandlebarJS version to 4.7.6.
active-directory-b2c Whats New Docs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/whats-new-docs.md
Title: "What's new in Azure Active Directory business-to-customer (B2C)" description: "New and updated documentation for the Azure Active Directory business-to-customer (B2C)." Previously updated : 07/12/2021 Last updated : 08/03/2021
Welcome to what's new in Azure Active Directory B2C documentation. This article lists new docs that have been added and those that have had significant updates in the last three months. To learn what's new with the B2C service, see [What's new in Azure Active Directory](../active-directory/fundamentals/whats-new.md).
+## July 2021
+
+### New articles
+
+- [Configure authentication in a sample Angular Single Page application using Azure Active Directory B2C](configure-authentication-sample-angular-spa-app.md)
+- [Configure authentication in a sample iOS Swift application using Azure Active Directory B2C](configure-authentication-sample-ios-app.md)
+- [Configure authentication options in an Angular application using Azure Active Directory B2C](enable-authentication-angular-spa-app-options.md)
+- [Enable authentication in your own Angular Application using Azure Active Directory B2C](enable-authentication-angular-spa-app.md)
+- [Configure authentication options in an iOS Swift application using Azure Active Directory B2C](enable-authentication-ios-app-options.md)
+- [Enable authentication in your own iOS Swift application using Azure Active Directory B2C](enable-authentication-ios-app.md)
+
+### Updated articles
+
+- [Customize the user interface in Azure Active Directory B2C](customize-ui.md)
+- [Integer claims transformations](integer-transformations.md)
+- [Enable JavaScript and page layout versions in Azure Active Directory B2C](javascript-and-page-layout.md)
+- [Monitor Azure AD B2C with Azure Monitor](azure-monitor.md)
+- [Page layout versions](page-layout.md)
+- [Set up a password reset flow in Azure Active Directory B2C](add-password-reset-policy.md)
++ ## June 2021 ### New articles
active-directory Whats New Docs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/app-provisioning/whats-new-docs.md
Title: "What's new in Azure Active Directory application provisioning" description: "New and updated documentation for the Azure Active Directory application provisioning." Previously updated : 07/12/2021 Last updated : 08/03/2021
Welcome to what's new in Azure Active Directory application provisioning documentation. This article lists new docs that have been added and those that have had significant updates in the last three months. To learn what's new with the provisioning service, see [What's new in Azure Active Directory](../fundamentals/whats-new.md).
+## July 2021
+
+### Updated articles
+
+- [Reference for writing expressions for attribute mappings in Azure Active Directory](functions-for-customizing-application-data.md)
+- [Configure provisioning using Microsoft Graph APIs](application-provisioning-configuration-api.md)
+- [Plan an automatic user provisioning deployment in Azure Active Directory](plan-auto-user-provisioning.md)
+- [Plan cloud HR application to Azure Active Directory user provisioning](plan-cloud-hr-provision.md)
+- [Known issues for application provisioning in Azure Active Directory](known-issues.md)
+- [Azure AD ECMA Connector Host generic SQL connector tutorial](tutorial-ecma-sql-connector.md)
+- [What is app provisioning in Azure Active Directory?](user-provisioning.md)
+- [Troubleshoot ECMA Connector Host issues](on-premises-ecma-troubleshoot.md)
+- [Export a Microsoft Identity Manager connector for use with the Azure AD ECMA Connector Host](on-premises-migrate-microsoft-identity-manager.md)
+- [Azure AD on-premises application provisioning to SCIM-enabled apps](on-premises-scim-provisioning.md)
+- [Azure AD ECMA Connector Host generic SQL connector configuration](on-premises-sql-connector-configure.md)
++ ## June 2021 ### New articles
active-directory Whats New Docs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/app-proxy/whats-new-docs.md
Title: "What's new in Azure Active Directory application proxy" description: "New and updated documentation for the Azure Active Directory application proxy." Previously updated : 07/12/2021 Last updated : 08/03/2021
# Azure Active Directory application proxy: What's new Welcome to what's new in Azure Active Directory application proxy documentation. This article lists new docs that have been added and those that have had significant updates in the last three months. To learn what's new with the service, see [What's new in Azure Active Directory](../fundamentals/whats-new.md).
+## July 2021
+
+### Updated articles
+
+- [Integrate with Azure Active Directory Application Proxy on a Network Device Enrollment Service (NDES) server](active-directory-app-proxy-protect-ndes.md)
+- [Plan an Azure AD Application Proxy deployment](application-proxy-deployment-plan.md)
+- [Active Directory (Azure AD) Application Proxy frequently asked questions](application-proxy-faq.yml)
+- [Integrate Azure Active Directory Application Proxy with SharePoint (SAML)](application-proxy-integrate-with-sharepoint-server-saml.md)
+- [Enable remote access to SharePoint with Azure Active Directory Application Proxy](application-proxy-integrate-with-sharepoint-server.md)
+- [Using Azure AD Application Proxy to publish on-premises apps for remote users](what-is-application-proxy.md)
+- [Azure Active Directory application proxy: What's new](whats-new-docs.md)
+- [Publish Remote Desktop with Azure Active Directory Application Proxy](application-proxy-integrate-with-remote-desktop-services.md)
+ ## June 2021
active-directory Sample V2 Code https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/sample-v2-code.md
The following samples illustrate web applications that sign in users. Some sampl
> | Java </p> Servlets |[GitHub repo](https://github.com/Azure-Samples/ms-identity-java-servlet-webapp-authentication) | Spring-less Servlet Series <br/> &#8226; [Sign in users](https://github.com/Azure-Samples/ms-identity-java-servlet-webapp-authentication/tree/main/1-Authentication/sign-in) <br/> &#8226; [Sign in users (B2C)](https://github.com/Azure-Samples/ms-identity-java-servlet-webapp-authentication/tree/main/1-Authentication/sign-in-b2c) <br/> &#8226; [Call Microsoft Graph](https://github.com/Azure-Samples/ms-identity-java-servlet-webapp-authentication/tree/main/2-Authorization-I/call-graph) <br/> &#8226; [Use App Roles for access control](https://github.com/Azure-Samples/ms-identity-java-servlet-webapp-authentication/tree/main/3-Authorization-II/roles) <br/> &#8226; [Use Security Groups for access control](https://github.com/Azure-Samples/ms-identity-java-servlet-webapp-authentication/tree/main/3-Authorization-II/groups) <br/> &#8226; [Deploy to Azure App Service](https://github.com/Azure-Samples/ms-identity-java-servlet-webapp-authentication/tree/main/4-Deployment/deploy-to-azure-app-service) | MSAL Java | [Auth code flow](./v2-oauth2-auth-code-flow.md) | > | Java |[GitHub repo](https://github.com/Azure-Samples/ms-identity-java-webapp) | Sign in users, call Microsoft Graph | MSAL Java | [Auth code flow](./v2-oauth2-auth-code-flow.md) | > | Java </p> Spring|[GitHub repo](https://github.com/Azure-Samples/ms-identity-java-webapi) | Sign in users & call Microsoft Graph via OBO </p> &#8226; web API | MSAL Java | &#8226; [Auth code flow](./v2-oauth2-auth-code-flow.md) <br/> &#8226; [On-Behalf-Of (OBO) flow](./v2-oauth2-on-behalf-of-flow.md) |
-> | Node.js </p> Express |[GitHub repo](https://github.com/Azure-Samples/ms-identity-node) | Express web app sample <br/> &#8226; Sign in users | MSAL Node | [Auth code flow](./v2-oauth2-auth-code-flow.md) |
> | Node.js </p> Express |[GitHub repo](https://github.com/Azure-Samples/ms-identity-node) | Express web app series <br/> &#8226; [Sign in users](https://github.com/Azure-Samples/ms-identity-javascript-nodejs-tutorial/blob/main/1-Authentication/1-sign-in/README.md)<br/> &#8226; [Sign in users (B2C)](https://github.com/Azure-Samples/ms-identity-javascript-nodejs-tutorial/blob/main/1-Authentication/2-sign-in-b2c/README.md)<br/> &#8226; [Call Microsoft Graph](https://github.com/Azure-Samples/ms-identity-javascript-nodejs-tutorial/blob/main/2-Authorization/1-call-graph/README.md)<br/> &#8226; [Deploy to Azure App Service](https://github.com/Azure-Samples/ms-identity-javascript-nodejs-tutorial/blob/main/3-Deployment/README.md)<br/> &#8226; [Use App Roles for access control](https://github.com/Azure-Samples/ms-identity-javascript-nodejs-tutorial/blob/main/4-AccessControl/1-app-roles/README.md)<br/> &#8226; [Use Security Groups for access control](https://github.com/Azure-Samples/ms-identity-javascript-nodejs-tutorial/blob/main/4-AccessControl/2-security-groups/README.md) | MSAL Node | [Auth code flow](./v2-oauth2-auth-code-flow.md) | > | Python </p> Flask |[GitHub repo](https://github.com/Azure-Samples/ms-identity-python-flask-tutorial) | Flask Series <br/> &#8226; Sign in users <br/> &#8226; Sign in users (B2C) <br/> &#8226; Call Microsoft Graph <br/> &#8226; Deploy to Azure App Service | MSAL Python | [Auth code flow](./v2-oauth2-auth-code-flow.md) | > | Python </p> Django |[GitHub repo](https://github.com/Azure-Samples/ms-identity-python-django-tutorial) | Django Series <br/> &#8226; [Sign in users](https://github.com/Azure-Samples/ms-identity-python-django-tutorial/tree/main/1-Authentication/sign-in) <br/> &#8226; [Sign in users (B2C)](https://github.com/Azure-Samples/ms-identity-python-django-tutorial/tree/main/1-Authentication/sign-in-b2c) <br/> &#8226; [Call Microsoft Graph](https://github.com/Azure-Samples/ms-identity-python-django-tutorial/tree/main/2-Authorization-I/call-graph) <br/> &#8226; [Deploy to Azure App Service](https://github.com/Azure-Samples/ms-identity-python-django-tutorial/tree/main/3-Deployment/deploy-to-azure-app-service)| MSAL Python | [Auth code flow](./v2-oauth2-auth-code-flow.md) |
To learn about [samples](https://github.com/microsoftgraph/msgraph-community-sam
## See also
-[Microsoft Graph API conceptual and reference](/graph/use-the-api?context=graph%2fapi%2fbeta&view=graph-rest-beta&preserve-view=true)
+[Microsoft Graph API conceptual and reference](/graph/use-the-api?context=graph%2fapi%2fbeta&view=graph-rest-beta&preserve-view=true)
active-directory Licensing Service Plan Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/enterprise-users/licensing-service-plan-reference.md
When managing licenses in [the Azure portal](https://portal.azure.com/#blade/Mic
| AZURE ACTIVE DIRECTORY PREMIUM P2 | AAD_PREMIUM_P2 | 84a661c4-e949-4bd2-a560-ed7766fcaf2b | AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>AAD_PREMIUM_P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>ADALLOM_S_DISCOVERY (932ad362-64a8-4783-9106-97849a1a30b9)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0) | AZURE ACTIVE DIRECTORY PREMIUM P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>AZURE ACTIVE DIRECTORY PREMIUM P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>CLOUD APP SECURITY DISCOVERY (932ad362-64a8-4783-9106-97849a1a30b9)<br/>EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>MICROSOFT AZURE MULTI-FACTOR AUTHENTICATION (8a256a2b-b617-496d-b51b-e76466e88db0) | | AZURE INFORMATION PROTECTION PLAN 1 | RIGHTSMANAGEMENT | c52ea49f-fe5d-4e95-93ba-1de91d380f89 | RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3) | AZURE INFORMATION PROTECTION PREMIUM P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>MICROSOFT AZURE ACTIVE DIRECTORY RIGHTS (bea4c11e-220a-4e6d-8eb8-8ea15d019f90) | | COMMON AREA PHONE | MCOCAP | 295a8eb0-f78d-45c7-8b5b-1eed5ed02dff | MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c) | MICROSOFT 365 PHONE SYSTEM (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>MICROSOFT TEAMS (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c) |
+| Common Area Phone for GCC | MCOCAP_GOV | b1511558-69bd-4e1b-8270-59ca96dba0f3 | MCOEV_GOV (db23fce2-a974-42ef-9002-d78dd42a0f22)<br/>TEAMS_GOV (304767db-7d23-49e8-a945-4a7eb65f9f28)<br/>MCOSTANDARD_GOV (a31ef4a2-f787-435e-8335-e47eb0cafc94) | Microsoft 365 Phone System for Government db23fce2-a974-42ef-9002-d78dd42a0f22)<br/>Microsoft Teams for Government (304767db-7d23-49e8-a945-4a7eb65f9f28)<br/>Skype for Business Online (Plan 2) for Government (a31ef4a2-f787-435e-8335-e47eb0cafc94) |
| COMMUNICATIONS CREDITS | MCOPSTNC | 47794cd0-f0e5-45c5-9033-2eb6b5fc84e0 | MCOPSTNC (505e180f-f7e0-4b65-91d4-00d670bbd18c) | COMMUNICATIONS CREDITS (505e180f-f7e0-4b65-91d4-00d670bbd18c) | | DYNAMICS 365 CUSTOMER ENGAGEMENT PLAN ENTERPRISE EDITION | DYN365_ENTERPRISE_PLAN1 | ea126fc5-a19e-42e2-a731-da9d437bffcf | DYN365_ENTERPRISE_P1 (d56f3deb-50d8-465a-bedb-f079817ccac1)<br/>FLOW_DYN_P2 (b650d915-9886-424b-a08d-633cede56f57)<br/>NBENTERPRISE (03acaee3-9492-4f40-aed4-bcb6b32981b6)<br/>POWERAPPS_DYN_P2 (0b03f40b-c404-40c3-8651-2aceb74365fa)<br/>PROJECT_CLIENT_SUBSCRIPTION (fafd7243-e5c1-4a3a-9e40-495efcb1d3c3)<br/>SHAREPOINT_PROJECT (fe71d6c3-a2ea-4499-9778-da042bf08063)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014) | MICROSOFT SOCIAL ENGAGEMENT - SERVICE DISCONTINUATION (03acaee3-9492-4f40-aed4-bcb6b32981b6)<br/>POWERAPPS FOR DYNAMICS 365 (0b03f40b-c404-40c3-8651-2aceb74365fa)<br/>SHAREPOINT ONLINE (PLAN 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>FLOW FOR DYNAMICS 365 (b650d915-9886-424b-a08d-633cede56f57)<br/>DYNAMICS 365 CUSTOMER ENGAGEMENT PLAN (d56f3deb-50d8-465a-bedb-f079817ccac1)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>PROJECT ONLINE DESKTOP CLIENT (fafd7243-e5c1-4a3a-9e40-495efcb1d3c3)<br/>PROJECT ONLINE SERVICE (fe71d6c3-a2ea-4499-9778-da042bf08063) | | DYNAMICS 365 FOR CUSTOMER SERVICE ENTERPRISE EDITION | DYN365_ENTERPRISE_CUSTOMER_SERVICE | 749742bf-0d37-4158-a120-33567104deeb | DYN365_ENTERPRISE_CUSTOMER_SERVICE (99340b49-fb81-4b1e-976b-8f2ae8e9394f)<br/>FLOW_DYN_APPS (7e6d7d78-73de-46ba-83b1-6d25117334ba)<br/>NBENTERPRISE (03acaee3-9492-4f40-aed4-bcb6b32981b6)<br/>POWERAPPS_DYN_APPS (874fc546-6efe-4d22-90b8-5c4e7aa59f4b)<br/>PROJECT_ESSENTIALS (1259157c-8581-4875-bca7-2ffb18c51bda)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014) |MICROSOFT SOCIAL ENGAGEMENT - SERVICE DISCONTINUATION (03acaee3-9492-4f40-aed4-bcb6b32981b6)<br/>PROJECT ONLINE ESSENTIALS (1259157c-8581-4875-bca7-2ffb18c51bda)<br/>SHAREPOINT ONLINE (PLAN 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>FLOW FOR DYNAMICS 365 (7e6d7d78-73de-46ba-83b1-6d25117334ba)<br/>POWERAPPS FOR DYNAMICS 365 (874fc546-6efe-4d22-90b8-5c4e7aa59f4b)<br/>DYNAMICS 365 FOR CUSTOMER SERVICE (99340b49-fb81-4b1e-976b-8f2ae8e9394f)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014) |
When managing licenses in [the Azure portal](https://portal.azure.com/#blade/Mic
| ENTERPRISE MOBILITY + SECURITY E3 | EMS | efccb6f7-5641-4e0e-bd10-b4976e1bf68e | AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>ADALLOM_S_DISCOVERY (932ad362-64a8-4783-9106-97849a1a30b9)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5) | AZURE ACTIVE DIRECTORY PREMIUM P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>AZURE INFORMATION PROTECTION PREMIUM P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>CLOUD APP SECURITY DISCOVERY (932ad362-64a8-4783-9106-97849a1a30b9)<br/>EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>MICROSOFT AZURE ACTIVE DIRECTORY RIGHTS (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>MICROSOFT AZURE MULTI-FACTOR AUTHENTICATION (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>MICROSOFT INTUNE (c1ec4a95-1f05-45b3-a911-aa3fa01094f5) | | ENTERPRISE MOBILITY + SECURITY E5 | EMSPREMIUM | b05e124f-c7cc-45a0-a6aa-8cf78c946968 | AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>AAD_PREMIUM_P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>RMS_S_PREMIUM2 (5689bec4-755d-4753-8b61-40975025187c)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>ADALLOM_S_STANDALONE (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>ATA (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5) | AZURE ACTIVE DIRECTORY PREMIUM P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>AZURE ACTIVE DIRECTORY PREMIUM P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>AZURE INFORMATION PROTECTION PREMIUM P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>AZURE INFORMATION PROTECTION PREMIUM P2 (5689bec4-755d-4753-8b61-40975025187c)<br/>EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>MICROSOFT AZURE ACTIVE DIRECTORY RIGHTS (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>MICROSOFT AZURE MULTI-FACTOR AUTHENTICATION (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>MICROSOFT CLOUD APP SECURITY (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>MICROSOFT DEFENDER FOR IDENTITY (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>MICROSOFT INTUNE (c1ec4a95-1f05-45b3-a911-aa3fa01094f5) | | Enterprise Mobility + Security G3 GCC | EMS_GOV | c793db86-5237-494e-9b11-dcd4877c2c8c | AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>ADALLOM_S_DISCOVERY (932ad362-64a8-4783-9106-97849a1a30b9)<br/>EXCHANGE_S_FOUNDATION_GOV (922ba911-5694-4e99-a794-73aed9bfeec8)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5) | Azure Active Directory Premium P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>Azure Information Protection Premium P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>Cloud App Security Discovery (932ad362-64a8-4783-9106-97849a1a30b9)<br/>Exchange Foundation for Government (922ba911-5694-4e99-a794-73aed9bfeec8)<br/>Microsoft Azure Active Directory Rights (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Microsoft Azure Multi-Factor Authentication (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5) |
+| Enterprise Mobility + Security G5 GCC | EMSPREMIUM_GOV | 8a180c2b-f4cf-4d44-897c-3d32acc4a60b | AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>AAD_PREMIUM_P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>RMS_S_PREMIUM2 (5689bec4-755d-4753-8b61-40975025187c)<br/>EXCHANGE_S_FOUNDATION_GOV (922ba911-5694-4e99-a794-73aed9bfeec8)<br/>RMS_S_ENTERPRISE) (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>ADALLOM_S_STANDALONE (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>ATA (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5) |Azure Active Directory Premium P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>Azure Active Directory Premium P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>Azure Information Protection Premium P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>Azure Information Protection Premium P2 (5689bec4-755d-4753-8b61-40975025187c)<br/>Exchange Foundation for Government (922ba911-5694-4e99-a794-73aed9bfeec8)<br/>Microsoft Azure Active Directory Rights (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Microsoft Azure Multi-Factor Authentication (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>Microsoft Cloud App Security (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>Microsoft Defender for Identity (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5) |
| EXCHANGE ONLINE (PLAN 1) | EXCHANGESTANDARD | 4b9405b0-7788-4568-add1-99614e613b69 | EXCHANGE_S_STANDARD (9aaf7827-d63c-4b61-89c3-182f06f82e5c) | EXCHANGE ONLINE (PLAN 1) (9aaf7827-d63c-4b61-89c3-182f06f82e5c)| | EXCHANGE ONLINE (PLAN 2) | EXCHANGEENTERPRISE | 19ec0d23-8335-4cbd-94ac-6050e30712fa | EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0) | EXCHANGE ONLINE (PLAN 2) (efb87545-963c-4e0d-99df-69c6916d9eb0) | | EXCHANGE ONLINE ARCHIVING FOR EXCHANGE ONLINE | EXCHANGEARCHIVE_ADDON | ee02fd1b-340e-4a4b-b355-4a514e4c8943 | EXCHANGE_S_ARCHIVE_ADDON (176a09a6-7ec5-4039-ac02-b2791c6ba793) | EXCHANGE ONLINE ARCHIVING FOR EXCHANGE ONLINE (176a09a6-7ec5-4039-ac02-b2791c6ba793) |
When managing licenses in [the Azure portal](https://portal.azure.com/#blade/Mic
| MICROSOFT 365 BUSINESS STANDARD - PREPAID LEGACY | SMB_BUSINESS_PREMIUM | ac5cef5d-921b-4f97-9ef3-c99076e5470f | BPOS_S_TODO_1 (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EXCHANGE_S_STANDARD (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>FLOW_O365_P1 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>FORMS_PLAN_E1 (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>O365_SB_Relationship_Management (5bfe124c-bbdc-4494-8835-f1297d457d79)<br/>OFFICE_BUSINESS (094e7854-93fc-4d55-b2c0-3ab5369ebdc1)<br/>POWERAPPS_O365_P1 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>YAMMER_MIDSIZE (41bf139a-4e60-409f-9346-a1361efc6dfb) | To-Do (Plan 1) (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>MICROSOFT STAFFHUB (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EXCHANGE ONLINE (PLAN 1) (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>FLOW FOR OFFICE 365 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>MICROSOFT FORMS (PLAN E1) (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>OUTLOOK CUSTOMER MANAGER (5bfe124c-bbdc-4494-8835-f1297d457d79)<br/>OFFICE 365 BUSINESS (094e7854-93fc-4d55-b2c0-3ab5369ebdc1)<br/>POWERAPPS FOR OFFICE 365 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>MICROSOFT PLANNER(b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>YAMMER_MIDSIZE (41bf139a-4e60-409f-9346-a1361efc6dfb) | | MICROSOFT 365 BUSINESS PREMIUM | SPB | cbdc14ab-d96c-4c30-b9f4-6ada7cdc1d46 | AAD_SMB (de377cbc-0019-4ec2-b77c-3f223947e102)<br/>BPOS_S_TODO_1 (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EXCHANGE_S_ARCHIVE_ADDON (176a09a6-7ec5-4039-ac02-b2791c6ba793)<br/>EXCHANGE_S_STANDARD (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>FLOW_O365_P1 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>FORMS_PLAN_E1 (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>INTUNE_SMBIZ (8e9ff0ff-aa7a-4b20-83c1-2f636b600ac2)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>O365_SB_Relationship_Management (5bfe124c-bbdc-4494-8835-f1297d457d79)<br/>OFFICE_BUSINESS (094e7854-93fc-4d55-b2c0-3ab5369ebdc1)<br/>POWERAPPS_O365_P1 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>STREAM_O365_E1 (743dd19e-1ce3-4c62-a3ad-49ba8f63a2f6)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>WINBIZ (8e229017-d77b-43d5-9305-903395523b99)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | AZURE ACTIVE DIRECTORY (de377cbc-0019-4ec2-b77c-3f223947e102)<br/>TO-DO (PLAN 1) (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>MICROSOFT STAFFHUB (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EXCHANGE ONLINE ARCHIVING FOR EXCHANGE ONLINE (176a09a6-7ec5-4039-ac02-b2791c6ba793)<br/>EXCHANGE ONLINE (PLAN 1) (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>FLOW FOR OFFICE 365 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>MICROSOFT FORMS (PLAN E1) (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>MICROSOFT INTUNE (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>MICROSOFT INTUNE (8e9ff0ff-aa7a-4b20-83c1-2f636b600ac2)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>MICROSOFT BOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>OUTLOOK CUSTOMER MANAGER (5bfe124c-bbdc-4494-8835-f1297d457d79)<br/>OFFICE 365 BUSINESS (094e7854-93fc-4d55-b2c0-3ab5369ebdc1)<br/>POWERAPPS FOR OFFICE 365 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>MICROSOFT PLANNER(b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT AZURE ACTIVE DIRECTORY RIGHTS (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>AZURE INFORMATION PROTECTION PREMIUM P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>MICROSOFT STREAM FOR O365 E1 SKU (743dd19e-1ce3-4c62-a3ad-49ba8f63a2f6)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>WINDOWS 10 BUSINESS (8e229017-d77b-43d5-9305-903395523b99)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | | MICROSOFT 365 DOMESTIC CALLING PLAN (120 Minutes) | MCOPSTN_5 | 11dee6af-eca8-419f-8061-6864517c1875 | MCOPSTN5 (54a152dc-90de-4996-93d2-bc47e670fc06) | MICROSOFT 365 DOMESTIC CALLING PLAN (120 min) (54a152dc-90de-4996-93d2-bc47e670fc06) |
+| Microsoft 365 Domestic Calling Plan for GCC | MCOPSTN_1_GOV | 923f58ab-fca1-46a1-92f9-89fda21238a8 | MCOPSTN1_GOV (3c8a8792-7866-409b-bb61-1b20ace0368b)<br/>EXCHANGE_S_FOUNDATION_GOV (922ba911-5694-4e99-a794-73aed9bfeec8) | Domestic Calling for Government (3c8a8792-7866-409b-bb61-1b20ace0368b)<br/>Exchange Foundation for Government (922ba911-5694-4e99-a794-73aed9bfeec8) |
| MICROSOFT 365 E3 | SPE_E3 | 05e9a617-0261-4cee-bb44-138d3ef5d965 | AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>ADALLOM_S_DISCOVERY (932ad362-64a8-4783-9106-97849a1a30b9)<br/>BPOS_S_TODO_2 (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW_O365_P2 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>FORMS_PLAN_E3 (2789c901-c14e-48ab-a76a-be334d9d793a)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>POWERAPPS_O365_P2 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>STREAM_O365_E3 (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>WIN10_PRO_ENT_SUB (21b439ba-a0ca-424f-a6cc-52f954a5b111)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | AZURE ACTIVE DIRECTORY PREMIUM P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>CLOUD APP SECURITY DISCOVERY (932ad362-64a8-4783-9106-97849a1a30b9)<br/>TO-DO (PLAN 2) (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>MICROSOFT STAFFHUB (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EXCHANGE ONLINE (PLAN 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW FOR OFFICE 365 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>MICROSOFT FORMS (PLAN E3) (2789c901-c14e-48ab-a76a-be334d9d793a)<br/>MICROSOFT INTUNE (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>MICROSOFT AZURE MULTI-FACTOR AUTHENTICATION (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>POWERAPPS FOR OFFICE 365(c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>MICROSOFT PLANNER(b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT AZURE ACTIVE DIRECTORY RIGHTS (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>AZURE INFORMATION PROTECTION PREMIUM P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>SHAREPOINT ONLINE (PLAN 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>MICROSOFT STREAM FOR O365 E3 SKU (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>WINDOWS 10 ENTERPRISE (21b439ba-a0ca-424f-a6cc-52f954a5b111)<br/>YAMMER ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | | Microsoft 365 E5 | SPE_E5 | 06ebc4ee-1bb5-47dd-8120-11324bc54e06 | MCOMEETADV (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>AAD_PREMIUM_P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>ATA (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>RMS_S_PREMIUM2 (5689bec4-755d-4753-8b61-40975025187c)<br/>LOCKBOX_ENTERPRISE (9f431833-0334-42de-a7dc-70aa40db46db)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW_O365_P3 (07699545-9485-468e-95b6-2fca3738be01)<br/>INFORMATION_BARRIERS (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>MIP_S_CLP2 (efb0351d-3b08-4503-993d-383af8de41e3)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>MYANALYTICS_P2 (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>ADALLOM_S_STANDALONE (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>WINDEFATP (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>FORMS_PLAN_E5 (e212cbc7-0961-4c40-9825-01117710dcb1)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>KAIZALA_STANDALONE (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>EXCHANGE_ANALYTICS (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_E5 (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>EQUIVIO_ANALYTICS (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>ADALLOM_S_O365 (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>ATP_ENTERPRISE (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>THREAT_INTELLIGENCE (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>PAM_ENTERPRISE (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>BI_AZURE_P2 (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>POWERAPPS_O365_P3 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>PREMIUM_ENCRYPTION (617b097b-4b93-4ede-83de-5f075bb5fb2f)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_3 (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>WHITEBOARD_PLAN3 (4a51bca5-1eff-43f5-878c-177680f191af)<br/>WIN10_PRO_ENT_SUB (21b439ba-a0ca-424f-a6cc-52f954a5b111)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | Audio Conferencing (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>Azure Active Directory Premium P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>Azure Active Directory Premium P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>Azure Advanced Threat Protection (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>Azure Information Protection Premium P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>Azure Information Protection Premium P2 (5689bec4-755d-4753-8b61-40975025187c)<br/>Customer Lockbox (9f431833-0334-42de-a7dc-70aa40db46db)<br/>Exchange Online (Plan 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Flow for Office 365 (07699545-9485-468e-95b6-2fca3738be01)<br/>Information Barriers (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>Information Protection for Office 365 - Premium (efb0351d-3b08-4503-993d-383af8de41e3)<br/>Information Protection for Office 365 - Standard (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>Insights by MyAnalytics (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>Microsoft Azure Active Directory Rights (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Microsoft Azure Multi-Factor Authentication (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>Microsoft Cloud App Security (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>MICROSOFT DEFENDER FOR ENDPOINT (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>Microsoft Forms (Plan E5) (e212cbc7-0961-4c40-9825-01117710dcb1)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>Microsoft Kaizala (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>Microsoft MyAnalytics (Full) (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>Microsoft Search (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Microsoft StaffHub (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>Microsoft Stream for O365 E5 SKU (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Mobile Device Management for Office 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>Office 365 Advanced eDiscovery (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>Office 365 Advanced Security Management (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>Microsoft Defender for Office 365 (Plan 1) (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>Microsoft Defender for Office 365 (Plan 2) (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>Office 365 Privileged Access Management (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>Office 365 ProPlus (43de0ff5-c92c-492b-9116-175376d08c38)<br/>Office Online (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>Phone System (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>Power BI Pro (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>PowerApps for Office 365 Plan 3 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>Premium Encryption in Office 365 (617b097b-4b93-4ede-83de-5f075bb5fb2f)<br/>SharePoint Online (Plan 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>Sway (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>To-Do (Plan 3) (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>Whiteboard (Plan 3) (4a51bca5-1eff-43f5-878c-177680f191af)<br/>Windows 10 Enterprise (Original) (21b439ba-a0ca-424f-a6cc-52f954a5b111)<br/>Yammer Enterprise (7547a3fe-08ee-4ccb-b430-5077c5041653) | | Microsoft 365 E3_USGOV_DOD | SPE_E3_USGOV_DOD | d61d61cc-f992-433f-a577-5bd016037eeb | AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>STREAM_O365_E3 (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>TEAMS_AR_DOD (fd500458-c24c-478e-856c-a6067a8376cd)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c) | Azure Active Directory Premium P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>Azure Information Protection Premium P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>Exchange Online (Plan 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Microsoft Azure Active Directory Rights (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Microsoft Azure Multi-Factor Authentication (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>Microsoft Stream for O365 E3 SKU (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>Microsoft Teams for DOD (AR) (fd500458-c24c-478e-856c-a6067a8376cd)<br/>Office 365 ProPlus (43de0ff5-c92c-492b-9116-175376d08c38)<br/>Office Online (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SharePoint Online (Plan 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c) |
When managing licenses in [the Azure portal](https://portal.azure.com/#blade/Mic
| MICROSOFT 365 PHONE SYSTEM_USGOV_DOD | MCOEV_USGOV_DOD | b0e7de67-e503-4934-b729-53d595ba5cd1 | MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7) | MICROSOFT 365 PHONE SYSTEM (4828c8ec-dc2e-4779-b502-87ac9ce28ab7) | | MICROSOFT 365 PHONE SYSTEM_USGOV_GCCHIGH | MCOEV_USGOV_GCCHIGH | 985fcb26-7b94-475b-b512-89356697be71 | MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7) | MICROSOFT 365 PHONE SYSTEM (4828c8ec-dc2e-4779-b502-87ac9ce28ab7) | | MICROSOFT 365 PHONE SYSTEM - VIRTUAL USER | PHONESYSTEM_VIRTUALUSER | 440eaaa8-b3e0-484b-a8be-62870b9ba70a | MCOEV_VIRTUALUSER (f47330e9-c134-43b3-9993-e7f004506889) | MICROSOFT 365 PHONE SYSTEM VIRTUAL USER (f47330e9-c134-43b3-9993-e7f004506889)|
+| Microsoft 365 Phone System - Virtual User for GCC | PHONESYSTEM_VIRTUALUSER_GOV | 2cf22bcb-0c9e-4bc6-8daf-7e7654c0f285 | MCOEV_VIRTUALUSER_GOV (0628a73f-3b4a-4989-bd7b-0f8823144313) | Microsoft 365 Phone System Virtual User for Government (0628a73f-3b4a-4989-bd7b-0f8823144313) |
| MICROSOFT 365 SECURITY AND COMPLIANCE FOR FLW | M365_SECURITY_COMPLIANCE_FOR_FLW | 2347355b-4e81-41a4-9c22-55057a399791 | AAD_PREMIUM_P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>RMS_S_PREMIUM2 (5689bec4-755d-4753-8b61-40975025187c)<br/>LOCKBOX_ENTERPRISE (9f431833-0334-42de-a7dc-70aa40db46db)<br/>MIP_S_Exchange (cd31b152-6326-4d1b-ae1b-997b625182e6)<br/>BPOS_S_DlpAddOn (9bec7e34-c9fa-40b7-a9d1-bd6d1165c7ed)<br/>EXCHANGE_S_ARCHIVE_ADDON (176a09a6-7ec5-4039-ac02-b2791c6ba793)<br/>INFORMATION_BARRIERS (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>MIP_S_CLP2 (efb0351d-3b08-4503-993d-383af8de41e3)<br/>MTP (bf28f719-7844-4079-9c78-c1307898e192)<br/>ADALLOM_S_STANDALONE (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>WINDEFATP (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>ATA (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>ATP_ENTERPRISE (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>THREAT_INTELLIGENCE (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>EQUIVIO_ANALYTICS (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>PAM_ENTERPRISE (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>PREMIUM_ENCRYPTION (617b097b-4b93-4ede-83de-5f075bb5fb2f) | AZURE ACTIVE DIRECTORY PREMIUM P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>AZURE INFORMATION PROTECTION PREMIUM P2 (5689bec4-755d-4753-8b61-40975025187c)<br/>CUSTOMER LOCKBOX (9f431833-0334-42de-a7dc-70aa40db46db)<br/>DATA CLASSIFICATION IN MICROSOFT 365 (cd31b152-6326-4d1b-ae1b-997b625182e6)<br/>DATA LOSS PREVENTION (9bec7e34-c9fa-40b7-a9d1-bd6d1165c7ed)<br/>EXCHANGE ONLINE ARCHIVING FOR EXCHANGE ONLINE (176a09a6-7ec5-4039-ac02-b2791c6ba793)<br/>INFORMATION BARRIERS (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>INFORMATION PROTECTION FOR OFFICE 365 ΓÇô PREMIUM (efb0351d-3b08-4503-993d-383af8de41e3)<br/>MICROSOFT 365 DEFENDER (bf28f719-7844-4079-9c78-c1307898e192)<br/>MICROSOFT CLOUD APP SECURITY (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>MICROSOFT DEFENDER FOR ENDPOINT (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>MICROSOFT DEFENDER FOR IDENTITY (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>MICROSOFT DEFENDER FOR OFFICE 365 (PLAN 1) (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>MICROSOFT DEFENDER FOR OFFICE 365 (PLAN 2) (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>OFFICE 365 ADVANCED EDISCOVERY (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>OFFICE 365 PRIVILEGED ACCESS MANAGEMENT (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>PREMIUM ENCRYPTION IN OFFICE 365 (617b097b-4b93-4ede-83de-5f075bb5fb2f | | MICROSOFT BUSINESS CENTER | MICROSOFT_BUSINESS_CENTER | 726a0894-2c77-4d65-99da-9775ef05aad1 | MICROSOFT_BUSINESS_CENTER (cca845f9-fd51-4df6-b563-976a37c56ce0) | MICROSOFT BUSINESS CENTER (cca845f9-fd51-4df6-b563-976a37c56ce0) |
+| Microsoft Cloud App Security | ADALLOM_STANDALONE | df845ce7-05f9-4894-b5f2-11bbfbcfd2b6 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>ADALLOM_S_STANDALONE (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2) | Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Microsoft Cloud App Security (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2) |
| MICROSOFT DEFENDER FOR ENDPOINT | WIN_DEF_ATP | 111046dd-295b-4d6d-9724-d52ac90bd1f2 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>WINDEFATP (871d91ec-ec1a-452b-a83f-bd76c7d770ef) | Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>MICROSOFT DEFENDER FOR ENDPOINT (871d91ec-ec1a-452b-a83f-bd76c7d770ef) | | MICROSOFT DYNAMICS CRM ONLINE BASIC | CRMPLAN2 | 906af65a-2970-46d5-9b58-4e9aa50f0657 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>FLOW_DYN_APPS (7e6d7d78-73de-46ba-83b1-6d25117334ba)<br/>CRMPLAN2 (bf36ca64-95c6-4918-9275-eb9f4ce2c04f)<br/>POWERAPPS_DYN_APPS (874fc546-6efe-4d22-90b8-5c4e7aa59f4b) | EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>FLOW FOR DYNAMICS 365 (7e6d7d78-73de-46ba-83b1-6d25117334ba)<br/>MICROSOFT DYNAMICS CRM ONLINE BASIC (bf36ca64-95c6-4918-9275-eb9f4ce2c04f)<br/>POWERAPPS FOR DYNAMICS 365 (874fc546-6efe-4d22-90b8-5c4e7aa59f4b) |
+| Microsoft Defender for Identity | ATA | 98defdf7-f6c1-44f5-a1f6-943b6764e7a5 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318 ATA (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>ADALLOM_FOR_AATP (61d18b02-6889-479f-8f36-56e6e0fe5792) | Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Microsoft Defender for Identity (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>SecOps Investigation for MDI (61d18b02-6889-479f-8f36-56e6e0fe5792) |
+| Microsoft Defender for Office 365 (Plan 2) GCC | THREAT_INTELLIGENCE_GOV | 56a59ffb-9df1-421b-9e61-8b568583474d | MTP (bf28f719-7844-4079-9c78-c1307898e192)<br/>ATP_ENTERPRISE_GOV (493ff600-6a2b-4db6-ad37-a7d4eb214516)<br/>THREAT_INTELLIGENCE_GOV (900018f1-0cdb-4ecb-94d4-90281760fdc6) | Microsoft 365 Defender (bf28f719-7844-4079-9c78-c1307898e192)<br/>Microsoft Defender for Office 365 (Plan 1) for Government (493ff600-6a2b-4db6-ad37-a7d4eb214516)<br/>Microsoft Defender for Office 365 (Plan 2) for Government (900018f1-0cdb-4ecb-94d4-90281760fdc6) |
| MICROSOFT DYNAMICS CRM ONLINE | CRMSTANDARD | d17b27af-3f49-4822-99f9-56a661538792 | CRMSTANDARD (f9646fb2-e3b2-4309-95de-dc4833737456)<br/>FLOW_DYN_APPS (7e6d7d78-73de-46ba-83b1-6d25117334ba)<br/>MDM_SALES_COLLABORATION (3413916e-ee66-4071-be30-6f94d4adfeda)<br/>NBPROFESSIONALFORCRM (3e58e97c-9abe-ebab-cd5f-d543d1529634)<br/>POWERAPPS_DYN_APPS (874fc546-6efe-4d22-90b8-5c4e7aa59f4b) | MICROSOFT DYNAMICS CRM ONLINE PROFESSIONAL(f9646fb2-e3b2-4309-95de-dc4833737456)<br/>FLOW FOR DYNAMICS 365 (7e6d7d78-73de-46ba-83b1-6d25117334ba)<br/>MICROSOFT DYNAMICS MARKETING SALES COLLABORATION - ELIGIBILITY CRITERIA APPLY (3413916e-ee66-4071-be30-6f94d4adfeda)<br/>MICROSOFT SOCIAL ENGAGEMENT PROFESSIONAL - ELIGIBILITY CRITERIA APPLY (3e58e97c-9abe-ebab-cd5f-d543d1529634)<br/>POWERAPPS FOR DYNAMICS 365 (874fc546-6efe-4d22-90b8-5c4e7aa59f4b) | | MS IMAGINE ACADEMY | IT_ACADEMY_AD | ba9a34de-4489-469d-879c-0f0f145321cd | IT_ACADEMY_AD (d736def0-1fde-43f0-a5be-e3f8b2de6e41) | MS IMAGINE ACADEMY (d736def0-1fde-43f0-a5be-e3f8b2de6e41) | | MICROSOFT INTUNE DEVICE FOR GOVERNMENT | INTUNE_A_D_GOV | 2c21e77a-e0d6-4570-b38a-7ff2dc17d2ca | EXCHANGE_S_FOUNDATION_GOV (922ba911-5694-4e99-a794-73aed9bfeec8)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5) | Exchange Foundation for Government (922ba911-5694-4e99-a794-73aed9bfeec8)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5) |
When managing licenses in [the Azure portal](https://portal.azure.com/#blade/Mic
| Office 365 A5 for students | ENTERPRISEPREMIUM_STUDENT | ee656612-49fa-43e5-b67e-cb1fdf7699df | AAD_BASIC_EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>LOCKBOX_ENTERPRISE (9f431833-0334-42de-a7dc-70aa40db46db)<br/>EducationAnalyticsP1 (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW_O365_P3 (07699545-9485-468e-95b6-2fca3738be01)<br/>INFORMATION_BARRIERS (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>MIP_S_CLP2 (efb0351d-3b08-4503-993d-383af8de41e3)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>M365_ADVANCED_AUDITING (2f442157-a11c-46b9-ae5b-6e39ff4e5849)<br/>MCOMEETADV (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>COMMUNICATIONS_COMPLIANCE (41fcdd7d-4733-4863-9cf4-c65b83ce2df4)<br/>COMMUNICATIONS_DLP (6dc145d6-95dd-4191-b9c3-185575ee6f6b)<br/>CUSTOMER_KEY (6db1f1db-2b46-403f-be40-e39395f08dbb)<br/>DATA_INVESTIGATIONS (46129a58-a698-46f0-aa5b-17f6586297d9)<br/>OFFICE_FORMS_PLAN_3 (96c1e14a-ef43-418d-b115-9636cdaa8eed)<br/>INFO_GOVERNANCE (e26c2fcc-ab91-4a61-b35c-03cdc8dddf66)<br/>KAIZALA_STANDALONE (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>EXCHANGE_ANALYTICS (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>RECORDS_MANAGEMENT (65cc641f-cccd-4643-97e0-a17e3045e541)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_E5 (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>EQUIVIO_ANALYTICS (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>ADALLOM_S_O365 (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>ATP_ENTERPRISE (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>THREAT_INTELLIGENCE (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>PAM_ENTERPRISE (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>SHAREPOINTWAC_EDU (e03c7e47-402c-463c-ab25-949079bedb21)<br/>BI_AZURE_P2 (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>POWERAPPS_O365_P3 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>PREMIUM_ENCRYPTION (617b097b-4b93-4ede-83de-5f075bb5fb2f)<br/>SCHOOL_DATA_SYNC_P2 (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SHAREPOINTENTERPRISE_EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_3 (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>WHITEBOARD_PLAN3 (4a51bca5-1eff-43f5-878c-177680f191af)<br/>YAMMER_EDU (2078e8df-cff6-4290-98cb-5408261a760a) | Azure Active Directory Basic for EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>Azure Rights Management (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Customer Lockbox (9f431833-0334-42de-a7dc-70aa40db46db)<br/>Education Analytics (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>Exchange Online (Plan 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Flow for Office 365 (07699545-9485-468e-95b6-2fca3738be01)<br/>Information Barriers (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>Information Protection for Office 365 - Premium (efb0351d-3b08-4503-993d-383af8de41e3)<br/>Information Protection for Office 365 - Standard (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>Microsoft 365 Advanced Auditing (2f442157-a11c-46b9-ae5b-6e39ff4e5849)<br/>Microsoft 365 Audio Conferencing (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>Microsoft 365 Phone System (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>Microsoft Bookings (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>Microsoft Communications Compliance (41fcdd7d-4733-4863-9cf4-c65b83ce2df4)<br/>Microsoft Communications DLP (6dc145d6-95dd-4191-b9c3-185575ee6f6b)<br/>Microsoft Customer Key (6db1f1db-2b46-403f-be40-e39395f08dbb)<br/>Microsoft Data Investigations (46129a58-a698-46f0-aa5b-17f6586297d9)<br/>Microsoft Forms (Plan 3) (96c1e14a-ef43-418d-b115-9636cdaa8eed)<br/>Microsoft Information Governance (e26c2fcc-ab91-4a61-b35c-03cdc8dddf66)<br/>Microsoft Kaizala (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>Microsoft MyAnalytics (Full) (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>Microsoft Records Management (65cc641f-cccd-4643-97e0-a17e3045e541)<br/>Microsoft Search (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Microsoft StaffHub (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>Microsoft Stream for O365 E5 SKU (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Mobile Device Management for Office 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>Office 365 Advanced eDiscovery (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>Office 365 Advanced Security Management (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>Microsoft Defender for Office 365 (Plan 1) (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>Microsoft Defender for Office 365 (Plan 2) (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>Office 365 Privileged Access Management (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>Office 365 ProPlus (43de0ff5-c92c-492b-9116-175376d08c38)<br/>Office for the web (Education) (e03c7e47-402c-463c-ab25-949079bedb21)<br/>Power BI Pro (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>PowerApps for Office 365 Plan 3 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>Premium Encryption in Office 365 (617b097b-4b93-4ede-83de-5f075bb5fb2f)<br/>School Data Sync (Plan 2) (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SharePoint Plan 2 for EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>Sway (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>To-Do (Plan 3) (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>Whiteboard (Plan 3) (4a51bca5-1eff-43f5-878c-177680f191af)<br/>Yammer for Academic (2078e8df-cff6-4290-98cb-5408261a760a) | | Office 365 Advanced Compliance | EQUIVIO_ANALYTICS | 1b1b1f7a-8355-43b6-829f-336cfccb744c | LOCKBOX_ENTERPRISE (9f431833-0334-42de-a7dc-70aa40db46db)<br/>INFORMATION_BARRIERS (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>MIP_S_CLP2 (efb0351d-3b08-4503-993d-383af8de41e3)<br/>EQUIVIO_ANALYTICS (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>PAM_ENTERPRISE (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>PREMIUM_ENCRYPTION (617b097b-4b93-4ede-83de-5f075bb5fb2f) | Customer Lockbox (9f431833-0334-42de-a7dc-70aa40db46db)<br/>Information Barriers (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>Information Protection for Office 365 - Premium (efb0351d-3b08-4503-993d-383af8de41e3)<br/>Office 365 Advanced eDiscovery (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>Office 365 Privileged Access Management (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>Premium Encryption in Office 365 (617b097b-4b93-4ede-83de-5f075bb5fb2f) | | Microsoft Defender for Office 365 (Plan 1) | ATP_ENTERPRISE | 4ef96642-f096-40de-a3e9-d83fb2f90211 | ATP_ENTERPRISE (f20fedf3-f3c3-43c3-8267-2bfdd51c0939) | Microsoft Defender for Office 365 (Plan 1) (f20fedf3-f3c3-43c3-8267-2bfdd51c0939) |
+| Office 365 Extra File Storage for GCC | SHAREPOINTSTORAGE_GOV | e5788282-6381-469f-84f0-3d7d4021d34d | EXCHANGE_S_FOUNDATION_GOV (922ba911-5694-4e99-a794-73aed9bfeec8)<br/>SHAREPOINTSTORAGE_GOV (e5bb877f-6ac9-4461-9e43-ca581543ab16) | EXCHANGE_S_FOUNDATION_GOV (922ba911-5694-4e99-a794-73aed9bfeec8)<br/>SHAREPOINTSTORAGE_GOV (e5bb877f-6ac9-4461-9e43-ca581543ab16) |
| OFFICE 365 E1 | STANDARDPACK | 18181a46-0d4e-45cd-891e-60aabd171b4e | BPOS_S_TODO_1 (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EXCHANGE_S_STANDARD (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>FLOW_O365_P1 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>FORMS_PLAN_E1 (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>OFFICEMOBILE_SUBSCRIPTION (c63d4d19-e8cb-460e-b37c-4d6c34603745)<br/>POWERAPPS_O365_P1 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>STREAM_O365_E1 (743dd19e-1ce3-4c62-a3ad-49ba8f63a2f6)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653)) | BPOS_S_TODO_1 (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>MICROSOFT STAFFHUB (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EXCHANGE ONLINE (PLAN 1) (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>FLOW FOR OFFICE 365 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>MICROSOFT FORMS (PLAN E1) (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>OFFICEMOBILE_SUBSCRIPTION (c63d4d19-e8cb-460e-b37c-4d6c34603745)<br/>POWERAPPS FOR OFFICE 365 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>MICROSOFT PLANNER(b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>MICROSOFT STREAM FOR O365 E1 SKU (743dd19e-1ce3-4c62-a3ad-49ba8f63a2f6)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653)) | | OFFICE 365 E2 | STANDARDWOFFPACK | 6634e0ce-1a9f-428c-a498-f84ec7b8aa2e | BPOS_S_TODO_1(5e62787c-c316-451f-b873-1d05acd4d12c)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EXCHANGE_S_STANDARD (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>FLOW_O365_P1 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>FORMS_PLAN_E1 (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>POWERAPPS_O365_P1 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>STREAM_O365_E1 (743dd19e-1ce3-4c62-a3ad-49ba8f63a2f6)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | BPOS_S_TODO_1 (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>MICROSOFT STAFFHUB (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EXCHANGE ONLINE (PLAN 1) (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>FLOW FOR OFFICE 365 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>MICROSOFT FORMS (PLAN E1) (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>POWERAPPS FOR OFFICE 365 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>MICROSOFT PLANNER(b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>MICROSOFT STREAM FOR O365 E1 SKU (743dd19e-1ce3-4c62-a3ad-49ba8f63a2f6)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | | OFFICE 365 E3 | ENTERPRISEPACK | 6fd2c87f-b296-42f0-b197-1e91e994b900 | RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>DYN365_CDS_O365_P2 (4ff01e01-1ba7-4d71-8cf8-ce96c3bbcf14)<br/>CDS_O365_P2 (95b76021-6a53-4741-ab8b-1d1f3d66a95a)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>CONTENTEXPLORER_STANDARD (2b815d45-56e4-4e3a-b65c-66cb9175b560)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>MYANALYTICS_P2 (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>FORMS_PLAN_E3 (2789c901-c14e-48ab-a76a-be334d9d793a)<br/>KAIZALA_O365_P3 (aebd3021-9f8f-4bf8-bbe3-0ed2f4f047a1)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>DESKLESS (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_E3 (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>POWERAPPS_O365_P2 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>FLOW_O365_P2 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>POWER_VIRTUAL_AGENTS_O365_P2 (041fe683-03e4-45b6-b1af-c0cdc516daee)<br/>PROJECT_O365_P2 (31b4e2fc-4cd6-4e7d-9c1b-41407303bd66)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_2 (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>WHITEBOARD_PLAN2 (94a54592-cd8b-425e-87c6-97868b000b91)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | AZURE RIGHTS MANAGEMENT (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>COMMON DATA SERVICE - O365 P2 (4ff01e01-1ba7-4d71-8cf8-ce96c3bbcf14)<br/>COMMON DATA SERVICE FOR TEAMS_P2 (95b76021-6a53-4741-ab8b-1d1f3d66a95a)<br/>EXCHANGE ONLINE (PLAN 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>INFORMATION PROTECTION AND GOVERNANCE ANALYTICS ΓÇô STANDARD (2b815d45-56e4-4e3a-b65c-66cb9175b560)<br/>INFORMATION PROTECTION FOR OFFICE 365 ΓÇô STANDARD (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>INSIGHTS BY MYANALYTICS (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>MICROSOFT 365 APPS FOR ENTERPRISE (43de0ff5-c92c-492b-9116-175376d08c38)<br/>MICROSOFT BOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>MICROSOFT FORMS (PLAN E3) (2789c901-c14e-48ab-a76a-be334d9d793a)<br/>MICROSOFT KAIZALA PRO PLAN 3 (aebd3021-9f8f-4bf8-bbe3-0ed2f4f047a1)<br/>MICROSOFT PLANNER (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>MICROSOFT STAFFHUB (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>MICROSOFT STREAM FOR O365 E3 SKU (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>MICROSOFT TEAMS (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MOBILE DEVICE MANAGEMENT FOR OFFICE 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>OFFICE FOR THE WEB (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>POWER APPS FOR OFFICE 365 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>POWER AUTOMATE FOR OFFICE 365 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>POWER VIRTUAL AGENTS FOR OFFICE 365 P2 (041fe683-03e4-45b6-b1af-c0cdc516daee)<br/>PROJECT FOR OFFICE (PLAN E3) (31b4e2fc-4cd6-4e7d-9c1b-41407303bd66)<br/>SHAREPOINT (PLAN 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TO-DO (PLAN 2) (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>WHITEBOARD (PLAN 2) (94a54592-cd8b-425e-87c6-97868b000b91)<br/>YAMMER ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) |
When managing licenses in [the Azure portal](https://portal.azure.com/#blade/Mic
| OFFICE 365 E5 WITHOUT AUDIO CONFERENCING | ENTERPRISEPREMIUM_NOPSTNCONF | 26d45bd9-adf1-46cd-a9e1-51e9a5524128 | ADALLOM_S_O365 (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>BI_AZURE_P2 (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>BPOS_S_TODO_3 (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>EQUIVIO_ANALYTICS (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>EXCHANGE_ANALYTICS (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW_O365_P3 (07699545-9485-468e-95b6-2fca3738be01)<br/>FORMS_PLAN_E5 (e212cbc7-0961-4c40-9825-01117710dcb1)<br/>LOCKBOX_ENTERPRISE (9f431833-0334-42de-a7dc-70aa40db46db)<br/>MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>POWERAPPS_O365_P3 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>STREAM_O365_E5 (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>THREAT_INTELLIGENCE (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | OFFICE 365 CLOUD APP SECURITY (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>POWER BI PRO (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>BPOS_S_TODO_3 (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>MICROSOFT STAFFHUB (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>OFFICE 365 ADVANCED EDISCOVERY (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>EXCHANGE_ANALYTICS (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>EXCHANGE ONLINE (PLAN 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW FOR OFFICE 365 (07699545-9485-468e-95b6-2fca3738be01)<br/>MICROSOFT FORMS (PLAN E5) (e212cbc7-0961-4c40-9825-01117710dcb1)<br/>LOCKBOX_ENTERPRISE (9f431833-0334-42de-a7dc-70aa40db46db)<br/>PHONE SYSTEM (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>POWERAPPS FOR OFFICE 365 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>MICROSOFT PLANNER(b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT AZURE ACTIVE DIRECTORY RIGHTS (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>SHAREPOINT ONLINE (PLAN 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>MICROSOFT STREAM FOR O365 E5 SKU (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>OFFICE 365 ADVANCED THREAT PROTECTION (PLAN 2) (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | | OFFICE 365 F3 | DESKLESSPACK | 4b585984-651b-448a-9e53-3b10f069cf7f | BPOS_S_TODO_FIRSTLINE (80873e7a-cd2a-4e67-b061-1b5381a676a5)<br/>CDS_O365_F1 (90db65a7-bf11-4904-a79f-ef657605145b)<br/>DESKLESS (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>DYN365_CDS_O365_F1 (ca6e61ec-d4f4-41eb-8b88-d96e0e14323f)<br/>EXCHANGE_S_DESKLESS (4a82b400-a79f-41a4-b4e2-e94f5787b113)<br/>FLOW_O365_S1 (bd91b1a4-9f94-4ecf-b45b-3a65e5c8128a)<br/>FORMS_PLAN_K (f07046bd-2a3c-4b96-b0be-dea79d7cbfb8)<br/>INTUNE_365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>KAIZALA_O365_P1 (73b2a583-6a59-42e3-8e83-54db46bc3278)<br/>MCOIMP (afc06cb0-b4f4-4473-8286-d644f70d8faf)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>OFFICEMOBILE_SUBSCRIPTION (c63d4d19-e8cb-460e-b37c-4d6c34603745)<br/>POWERAPPS_O365_S1 (e0287f9f-e222-4f98-9a83-f379e249159a)<br/>POWER_VIRTUAL_AGENTS_O365_F1 (ba2fdb48-290b-4632-b46a-e4ecc58ac11a)<br/>PROJECT_O365_F3 (7f6f28c2-34bb-4d4b-be36-48ca2e77e1ec)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>RMS_S_BASIC (31cf2cfc-6b0d-4adc-a336-88b724ed8122)<br/>SHAREPOINTDESKLESS (902b47e5-dcb2-4fdc-858b-c63a90a2bdb9)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>STREAM_O365_K (3ffba0d2-38e5-4d5e-8ec0-98f2b05c09d9)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>WHITEBOARD_FIRSTLINE_1 (36b29273-c6d0-477a-aca6-6fbe24f538e3)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | COMMON DATA SERVICE - O365 F1 (ca6e61ec-d4f4-41eb-8b88-d96e0e14323f)<br/>COMMON DATA SERVICE FOR TEAMS_F1 (90db65a7-bf11-4904-a79f-ef657605145b)<br/>EXCHANGE ONLINE KIOSK (4a82b400-a79f-41a4-b4e2-e94f5787b113)<br/>FLOW FOR OFFICE 365 K1 (bd91b1a4-9f94-4ecf-b45b-3a65e5c8128a)<br/>MICROSOFT AZURE RIGHTS MANAGEMENT SERVICE (31cf2cfc-6b0d-4adc-a336-88b724ed8122)<br/>MICROSOFT FORMS (PLAN F1) (f07046bd-2a3c-4b96-b0be-dea79d7cbfb8)<br/>MICROSOFT KAIZALA PRO PLAN 1 (73b2a583-6a59-42e3-8e83-54db46bc3278)<br/>MICROSOFT PLANNER (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>MICROSOFT STAFFHUB (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>MICROSOFT STREAM FOR O365 K SKU (3ffba0d2-38e5-4d5e-8ec0-98f2b05c09d9)<br/>MICROSOFT TEAMS (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MOBILE DEVICE MANAGEMENT FOR OFFICE 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>OFFICE FOR THE WEB (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>OFFICE MOBILE APPS FOR OFFICE 365 (c63d4d19-e8cb-460e-b37c-4d6c34603745)<br/>POWER VIRTUAL AGENTS FOR OFFICE 365 F1 (ba2fdb48-290b-4632-b46a-e4ecc58ac11a)<br/>POWERAPPS FOR OFFICE 365 K1 (e0287f9f-e222-4f98-9a83-f379e249159a)<br/>PROJECT FOR OFFICE (PLAN F) (7f6f28c2-34bb-4d4b-be36-48ca2e77e1ec)<br/>SHAREPOINT KIOSK (902b47e5-dcb2-4fdc-858b-c63a90a2bdb9)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 1) (afc06cb0-b4f4-4473-8286-d644f70d8faf)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TO-DO (FIRSTLINE) (80873e7a-cd2a-4e67-b061-1b5381a676a5)<br/>YAMMER ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | | OFFICE 365 G3 GCC | ENTERPRISEPACK_GOV | 535a3a29-c5f0-42fe-8215-d3b9e1f38c4a | RMS_S_ENTERPRISE_GOV (6a76346d-5d6e-4051-9fe3-ed3f312b5597)<br/>DYN365_CDS_O365_P2_GCC (06162da2-ebf9-4954-99a0-00fee96f95cc)<br/>CDS_O365_P2_GCC (a70bbf38-cdda-470d-adb8-5804b8770f41)<br/>EXCHANGE_S_ENTERPRISE_GOV (8c3069c0-ccdb-44be-ab77-986203a67df2)<br/>FORMS_GOV_E3 (24af5f65-d0f3-467b-9f78-ea798c4aeffc)<br/>Content_Explorer (d9fa6af4-e046-4c89-9226-729a0786685d)<br/>ContentExplorer_Standard (2b815d45-56e4-4e3a-b65c-66cb9175b560)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>MYANALYTICS_P2_GOV (6e5b7995-bd4f-4cbd-9d19-0e32010c72f0)<br/>OFFICESUBSCRIPTION_GOV (de9234ff-6483-44d9-b15e-dca72fdd27af)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>STREAM_O365_E3_GOV (2c1ada27-dbaa-46f9-bda6-ecb94445f758)<br/>TEAMS_GOV (304767db-7d23-49e8-a945-4a7eb65f9f28)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>PROJECTWORKMANAGEMENT_GOV (5b4ef465-7ea1-459a-9f91-033317755a51)<br/>SHAREPOINTWAC_GOV (8f9f0f3b-ca90-406c-a842-95579171f8ec)<br/>POWERAPPS_O365_P2_GOV (0a20c815-5e81-4727-9bdc-2b5a117850c3)<br/>FLOW_O365_P2_GOV (c537f360-6a00-4ace-a7f5-9128d0ac1e4b)<br/>SHAREPOINTENTERPRISE_GOV (153f85dd-d912-4762-af6c-d6e0fb4f6692)<br/>MCOSTANDARD_GOV (a31ef4a2-f787-435e-8335-e47eb0cafc94) | AZURE RIGHTS MANAGEMENT (6a76346d-5d6e-4051-9fe3-ed3f312b5597)<br/>COMMON DATA SERVICE - O365 P2 GCC (06162da2-ebf9-4954-99a0-00fee96f95cc)<br/>COMMON DATA SERVICE FOR TEAMS_P2 GCC (a70bbf38-cdda-470d-adb8-5804b8770f41)<br/>EXCHANGE PLAN 2G (8c3069c0-ccdb-44be-ab77-986203a67df2)<br/>FORMS FOR GOVERNMENT (PLAN E3) (24af5f65-d0f3-467b-9f78-ea798c4aeffc)<br/>INFORMATION PROTECTION AND GOVERNANCE ANALYTICS ΓÇô PREMIUM (d9fa6af4-e046-4c89-9226-729a0786685d)<br/>INFORMATION PROTECTION AND GOVERNANCE ANALYTICS ΓÇô STANDARD (2b815d45-56e4-4e3a-b65c-66cb9175b560)<br/>INFORMATION PROTECTION FOR OFFICE 365 ΓÇô STANDARD (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>INSIGHTS BY MYANALYTICS FOR GOVERNMENT (6e5b7995-bd4f-4cbd-9d19-0e32010c72f0)<br/>MICROSOFT 365 APPS FOR ENTERPRISE G (de9234ff-6483-44d9-b15e-dca72fdd27af)<br/>MICROSOFT BOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>MICROSOFT STREAM FOR O365 FOR GOVERNMENT (E3) (2c1ada27-dbaa-46f9-bda6-ecb94445f758)<br/>MICROSOFT TEAMS FOR GOVERNMENT (304767db-7d23-49e8-a945-4a7eb65f9f28)<br/>MOBILE DEVICE MANAGEMENT FOR OFFICE 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>OFFICE 365 PLANNER FOR GOVERNMENT (5b4ef465-7ea1-459a-9f91-033317755a51)<br/>OFFICE FOR THE WEB (GOVERNMENT) (8f9f0f3b-ca90-406c-a842-95579171f8ec)<br/>POWER APPS FOR OFFICE 365 FOR GOVERNMENT (0a20c815-5e81-4727-9bdc-2b5a117850c3)<br/>POWER AUTOMATE FOR OFFICE 365 FOR GOVERNMENT (c537f360-6a00-4ace-a7f5-9128d0ac1e4b)<br/>SHAREPOINT PLAN 2G (153f85dd-d912-4762-af6c-d6e0fb4f6692)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) FOR GOVERNMENT (a31ef4a2-f787-435e-8335-e47eb0cafc94) |
+| Office 365 G5 GCC | ENTERPRISEPREMIUM_GOV | 8900a2c0-edba-4079-bdf3-b276e293b6a8 | RMS_S_ENTERPRISE_GOV (6a76346d-5d6e-4051-9fe3-ed3f312b5597)<br/>DYN365_CDS_O365_P3_GCC (a7d3fb37-b6df-4085-b509-50810d991a39)<br/>CDS_O365_P3_GCC (bce5e5ca-c2fd-4d53-8ee2-58dfffed4c10)<br/>LOCKBOX_ENTERPRISE_GOV (89b5d3b1-3855-49fe-b46c-87c66dbc1526)<br/>EXCHANGE_S_ENTERPRISE_GOV (8c3069c0-ccdb-44be-ab77-986203a67df2)<br/>FORMS_GOV_E5 (843da3a8-d2cc-4e7a-9e90-dc46019f964c)<br/>INFORMATION_BARRIERS (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>Content_Explorer (d9fa6af4-e046-4c89-9226-729a0786685d)<br/>ContentExplorer_Standard (2b815d45-56e4-4e3a-b65c-66cb9175b560)<br/>MIP_S_CLP2 (efb0351d-3b08-4503-993d-383af8de41e3)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>MICROSOFT_COMMUNICATION_COMPLIANCE (a413a9ff-720c-4822-98ef-2f37c2a21f4c)<br/>M365_ADVANCED_AUDITING (2f442157-a11c-46b9-ae5b-6e39ff4e5849)<br/>OFFICESUBSCRIPTION_GOV (de9234ff-6483-44d9-b15e-dca72fdd27af)<br/>MCOMEETADV_GOV (f544b08d-1645-4287-82de-8d91f37c02a1)<br/>MTP (bf28f719-7844-4079-9c78-c1307898e192)<br/>MCOEV_GOV (db23fce2-a974-42ef-9002-d78dd42a0f22)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>COMMUNICATIONS_DLP (6dc145d6-95dd-4191-b9c3-185575ee6f6b)<br/>CUSTOMER_KEY (6db1f1db-2b46-403f-be40-e39395f08dbb)<br/>ATP_ENTERPRISE_GOV (493ff600-6a2b-4db6-ad37-a7d4eb214516)<br/>THREAT_INTELLIGENCE_GOV (900018f1-0cdb-4ecb-94d4-90281760fdc6)<br/>INFO_GOVERNANCE (e26c2fcc-ab91-4a61-b35c-03cdc8dddf66)<br/>EXCHANGE_ANALYTICS_GOV (208120d1-9adb-4daf-8c22-816bd5d237e7)<br/>RECORDS_MANAGEMENT (65cc641f-cccd-4643-97e0-a17e3045e541)<br/>STREAM_O365_E5_GOV (92c2089d-9a53-49fe-b1a6-9e6bdf959547)<br/>TEAMS_GOV (304767db-7d23-49e8-a945-4a7eb65f9f28)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>EQUIVIO_ANALYTICS_GOV (d1cbfb67-18a8-4792-b643-630b7f19aad1)<br/>ADALLOM_S_O365 (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>PROJECTWORKMANAGEMENT_GOV (5b4ef465-7ea1-459a-9f91-033317755a51)<br/>SHAREPOINTWAC_GOV (8f9f0f3b-ca90-406c-a842-95579171f8ec)<br/>POWERAPPS_O365_P3_GOV (0eacfc38-458a-40d3-9eab-9671258f1a3e)<br/>FLOW_O365_P3_GOV (8055d84a-c172-42eb-b997-6c2ae4628246)<br/>BI_AZURE_P_2_GOV (944e9726-f011-4353-b654-5f7d2663db76)<br/>PREMIUM_ENCRYPTION (617b097b-4b93-4ede-83de-5f075bb5fb2f)<br/>SHAREPOINTENTERPRISE_GOV (153f85dd-d912-4762-af6c-d6e0fb4f6692)<br/>MCOSTANDARD_GOV (a31ef4a2-f787-435e-8335-e47eb0cafc94) | RMS_S_ENTERPRISE_GOV (6a76346d-5d6e-4051-9fe3-ed3f312b5597)<br/>DYN365_CDS_O365_P3_GCC (a7d3fb37-b6df-4085-b509-50810d991a39)<br/>CDS_O365_P3_GCC (bce5e5ca-c2fd-4d53-8ee2-58dfffed4c10)<br/>LOCKBOX_ENTERPRISE_GOV (89b5d3b1-3855-49fe-b46c-87c66dbc1526)<br/>EXCHANGE_S_ENTERPRISE_GOV (8c3069c0-ccdb-44be-ab77-986203a67df2)<br/>FORMS_GOV_E5 (843da3a8-d2cc-4e7a-9e90-dc46019f964c)<br/>INFORMATION_BARRIERS (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>Content_Explorer (d9fa6af4-e046-4c89-9226-729a0786685d)<br/>ContentExplorer_Standard (2b815d45-56e4-4e3a-b65c-66cb9175b560)<br/>MIP_S_CLP2 (efb0351d-3b08-4503-993d-383af8de41e3)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>MICROSOFT_COMMUNICATION_COMPLIANCE (a413a9ff-720c-4822-98ef-2f37c2a21f4c)<br/>M365_ADVANCED_AUDITING (2f442157-a11c-46b9-ae5b-6e39ff4e5849)<br/>OFFICESUBSCRIPTION_GOV (de9234ff-6483-44d9-b15e-dca72fdd27af)<br/>MCOMEETADV_GOV (f544b08d-1645-4287-82de-8d91f37c02a1)<br/>MTP (bf28f719-7844-4079-9c78-c1307898e192)<br/>MCOEV_GOV (db23fce2-a974-42ef-9002-d78dd42a0f22)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>COMMUNICATIONS_DLP (6dc145d6-95dd-4191-b9c3-185575ee6f6b)<br/>CUSTOMER_KEY (6db1f1db-2b46-403f-be40-e39395f08dbb)<br/>ATP_ENTERPRISE_GOV (493ff600-6a2b-4db6-ad37-a7d4eb214516)<br/>THREAT_INTELLIGENCE_GOV (900018f1-0cdb-4ecb-94d4-90281760fdc6)<br/>INFO_GOVERNANCE (e26c2fcc-ab91-4a61-b35c-03cdc8dddf66)<br/>EXCHANGE_ANALYTICS_GOV (208120d1-9adb-4daf-8c22-816bd5d237e7)<br/>RECORDS_MANAGEMENT (65cc641f-cccd-4643-97e0-a17e3045e541)<br/>STREAM_O365_E5_GOV (92c2089d-9a53-49fe-b1a6-9e6bdf959547)<br/>TEAMS_GOV (304767db-7d23-49e8-a945-4a7eb65f9f28)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>EQUIVIO_ANALYTICS_GOV (d1cbfb67-18a8-4792-b643-630b7f19aad1)<br/>ADALLOM_S_O365 (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>PROJECTWORKMANAGEMENT_GOV (5b4ef465-7ea1-459a-9f91-033317755a51)<br/>SHAREPOINTWAC_GOV (8f9f0f3b-ca90-406c-a842-95579171f8ec)<br/>POWERAPPS_O365_P3_GOV (0eacfc38-458a-40d3-9eab-9671258f1a3e)<br/>FLOW_O365_P3_GOV (8055d84a-c172-42eb-b997-6c2ae4628246)<br/>BI_AZURE_P_2_GOV (944e9726-f011-4353-b654-5f7d2663db76)<br/>PREMIUM_ENCRYPTION (617b097b-4b93-4ede-83de-5f075bb5fb2f)<br/>SHAREPOINTENTERPRISE_GOV (153f85dd-d912-4762-af6c-d6e0fb4f6692)<br/>MCOSTANDARD_GOV (a31ef4a2-f787-435e-8335-e47eb0cafc94) |
| OFFICE 365 MIDSIZE BUSINESS | MIDSIZEPACK | 04a7fb0d-32e0-4241-b4f5-3f7618cd1162 | EXCHANGE_S_STANDARD_MIDMARKET (fc52cc4b-ed7d-472d-bbe7-b081c23ecc56)<br/>MCOSTANDARD_MIDMARKET (b2669e95-76ef-4e7e-a367-002f60a39f3e)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>SHAREPOINTENTERPRISE_MIDMARKET (6b5b6a67-fc72-4a1f-a2b5-beecf05de761)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>YAMMER_MIDSIZE (41bf139a-4e60-409f-9346-a1361efc6dfb) | EXCHANGE ONLINE PLAN 1(fc52cc4b-ed7d-472d-bbe7-b081c23ecc56)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) FOR MIDSIZE(b2669e95-76ef-4e7e-a367-002f60a39f3e)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>SHAREPOINT PLAN 1 (6b5b6a67-fc72-4a1f-a2b5-beecf05de761)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>YAMMER_MIDSIZE (41bf139a-4e60-409f-9346-a1361efc6dfb) | | OFFICE 365 SMALL BUSINESS | LITEPACK | bd09678e-b83c-4d3f-aaba-3dad4abd128b | EXCHANGE_L_STANDARD (d42bdbd6-c335-4231-ab3d-c8f348d5aff5)<br/>MCOLITE (70710b6b-3ab4-4a38-9f6d-9f169461650a)<br/>SHAREPOINTLITE (a1f3d0a8-84c0-4ae0-bae4-685917b8ab48)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97) | EXCHANGE ONLINE (P1) (d42bdbd6-c335-4231-ab3d-c8f348d5aff5)<br/>SKYPE FOR BUSINESS ONLINE (PLAN P1) (70710b6b-3ab4-4a38-9f6d-9f169461650a)<br/>SHAREPOINTLITE (a1f3d0a8-84c0-4ae0-bae4-685917b8ab48)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97) | | OFFICE 365 SMALL BUSINESS PREMIUM | LITEPACK_P2 | fc14ec4a-4169-49a4-a51e-2c852931814b | EXCHANGE_L_STANDARD (d42bdbd6-c335-4231-ab3d-c8f348d5aff5)<br/>MCOLITE (70710b6b-3ab4-4a38-9f6d-9f169461650a)<br/>OFFICE_PRO_PLUS_SUBSCRIPTION_SMBIZ (8ca59559-e2ca-470b-b7dd-afd8c0dee963)<br/>SHAREPOINTLITE (a1f3d0a8-84c0-4ae0-bae4-685917b8ab48)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97) | EXCHANGE ONLINE (P1) (d42bdbd6-c335-4231-ab3d-c8f348d5aff5)<br/>SKYPE FOR BUSINESS ONLINE (PLAN P1) (70710b6b-3ab4-4a38-9f6d-9f169461650a)<br/>OFFICE 365 SMALL BUSINESS SUBSCRIPTION (8ca59559-e2ca-470b-b7dd-afd8c0dee963)<br/>SHAREPOINTLITE (a1f3d0a8-84c0-4ae0-bae4-685917b8ab48)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97) |
When managing licenses in [the Azure portal](https://portal.azure.com/#blade/Mic
| PROJECT ONLINE PROFESSIONAL | PROJECTPROFESSIONAL | 53818b1b-4a27-454b-8896-0dba576410e6 | PROJECT_CLIENT_SUBSCRIPTION (fafd7243-e5c1-4a3a-9e40-495efcb1d3c3)<br/>SHAREPOINT_PROJECT (fe71d6c3-a2ea-4499-9778-da042bf08063)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014) | PROJECT ONLINE DESKTOP CLIENT (fafd7243-e5c1-4a3a-9e40-495efcb1d3c3)<br/>SHAREPOINT_PROJECT (fe71d6c3-a2ea-4499-9778-da042bf08063)<br/>SHAREPOINT ONLINE (PLAN 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014) | | PROJECT ONLINE WITH PROJECT FOR OFFICE 365 | PROJECTONLINE_PLAN_2 | f82a60b8-1ee3-4cfb-a4fe-1c6a53c2656c | FORMS_PLAN_E1 (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>PROJECT_CLIENT_SUBSCRIPTION (fafd7243-e5c1-4a3a-9e40-495efcb1d3c3)<br/>SHAREPOINT_PROJECT (fe71d6c3-a2ea-4499-9778-da042bf08063)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97) | MICROSOFT FORMS (PLAN E1) (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>PROJECT ONLINE DESKTOP CLIENT (fafd7243-e5c1-4a3a-9e40-495efcb1d3c3)<br/>SHAREPOINT_PROJECT (fe71d6c3-a2ea-4499-9778-da042bf08063)<br/>SHAREPOINT ONLINE (PLAN 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97) | | PROJECT PLAN 1 | PROJECT_P1 | beb6439c-caad-48d3-bf46-0c82871e12be | DYN365_CDS_FOR_PROJECT_P1 (a6f677b3-62a6-4644-93e7-2a85d240845e)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Power_Automate_For_Project_P1 (00283e6b-2bd8-440f-a2d5-87358e4c89a1)<br/>PROJECT_ESSENTIALS (1259157c-8581-4875-bca7-2ffb18c51bda)<br/>PROJECT_P1 (4a12c688-56c6-461a-87b1-30d6f32136f9)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1) | COMMON DATA SERVICE FOR PROJECT P1 (a6f677b3-62a6-4644-93e7-2a85d240845e)<br/>EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>POWER AUTOMATE FOR PROJECT P1 (00283e6b-2bd8-440f-a2d5-87358e4c89a1)<br/>PROJECT ONLINE ESSENTIALS (1259157c-8581-4875-bca7-2ffb18c51bda)<br/>PROJECT P1 (4a12c688-56c6-461a-87b1-30d6f32136f9)<br/>SHAREPOINT (c7699d2e-19aa-44de-8edf-1736da088ca1) |
+| Project Plan 3 for GCC | PROJECTPROFESSIONAL_GOV | 074c6829-b3a0-430a-ba3d-aca365e57065 | SHAREPOINTWAC_GOV (8f9f0f3b-ca90-406c-a842-95579171f8ec)<br/>PROJECT_CLIENT_SUBSCRIPTION_GOV (45c6831b-ad74-4c7f-bd03-7c2b3fa39067)<br/>SHAREPOINT_PROJECT_GOV (e57afa78-1f19-4542-ba13-b32cd4d8f472)<br/>SHAREPOINTENTERPRISE_GOV (153f85dd-d912-4762-af6c-d6e0fb4f6692) | Office for the web (Government) (8f9f0f3b-ca90-406c-a842-95579171f8ec)<br/>Project Online Desktop Client for Government(45c6831b- ad74-4c7f-bd03-7c2b3fa39067)<br/>Project Online Service for Government (e57afa78-1f19-4542-ba13-b32cd4d8f472)<br/>SharePoint Plan 2G (153f85dd-d912-4762-af6c-d6e0fb4f6692) |
+| Project Plan 5 for GCC | PROJECTPREMIUM_GOV | f2230877-72be-4fec-b1ba-7156d6f75bd6 | EXCHANGE_S_FOUNDATION_GOV (922ba911-5694-4e99-a794-73aed9bfeec8)<br/>SHAREPOINTWAC_GOV (8f9f0f3b-ca90-406c-a842-95579171f8ec)<br/>PROJECT_CLIENT_SUBSCRIPTION_GOV (45c6831b-ad74-4c7f-bd03-7c2b3fa39067)<br/>SHAREPOINT_PROJECT_GOV (e57afa78-1f19-4542-ba13-b32cd4d8f472)<br/>SHAREPOINTENTERPRISE_GOV (153f85dd-d912-4762-af6c-d6e0fb4f6692) | Exchange Foundation for Government (922ba911-5694-4e99-a794-73aed9bfeec8)<br/>Office for the web (Government) (8f9f0f3b-ca90-406c-a842-95579171f8ec)<br/>Project Online Desktop Client for Government (45c6831b-ad74-4c7f-bd03-7c2b3fa39067)<br/>Project Online Service for Government (e57afa78-1f19-4542-ba13-b32cd4d8f472)<br/>SharePoint Plan 2G (153f85dd-d912-4762-af6c-d6e0fb4f6692) |
+| Rights Management Service Basic Content Protection | RMSBASIC | 093e8d14-a334-43d9-93e3-30589a8b47d0 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>RMS_S_BASIC (31cf2cfc-6b0d-4adc-a336-88b724ed8122) | Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>Microsoft Azure Rights Management Service (31cf2cfc-6b0d-4adc-a336-88b724ed8122) |
| SHAREPOINT ONLINE (PLAN 1) | SHAREPOINTSTANDARD | 1fc08a02-8b3d-43b9-831e-f76859e04e1a | SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1) | SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1) | | SHAREPOINT ONLINE (PLAN 2) | SHAREPOINTENTERPRISE | a9732ec9-17d9-494c-a51c-d6b45b384dcb | SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72) | SHAREPOINT ONLINE (PLAN 2) (5dbe027f-2339-4123-9542-606e4d348a72) | | SKYPE FOR BUSINESS ONLINE (PLAN 1) | MCOIMP | b8b749f8-a4ef-4887-9539-c95b1eaa5db7 | MCOIMP (afc06cb0-b4f4-4473-8286-d644f70d8faf) | SKYPE FOR BUSINESS ONLINE (PLAN 1) (afc06cb0-b4f4-4473-8286-d644f70d8faf) |
When managing licenses in [the Azure portal](https://portal.azure.com/#blade/Mic
| WINDOWS 10 ENTERPRISE E3 | WIN10_PRO_ENT_SUB | cb10e6cd-9da4-4992-867b-67546b1db821 | WIN10_PRO_ENT_SUB (21b439ba-a0ca-424f-a6cc-52f954a5b111) | WINDOWS 10 ENTERPRISE (21b439ba-a0ca-424f-a6cc-52f954a5b111) | | WINDOWS 10 ENTERPRISE E3 | WIN10_VDA_E3 | 6a0f6da5-0b87-4190-a6ae-9bb5a2b9546a | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>UNIVERSAL_PRINT_01 (795f6fe0-cc4d-4773-b050-5dde4dc704c9)<br/>Virtualization Rights for Windows 10 (E3/E5+VDA) (e7c91390-7625-45be-94e0-e16907e03118)<br/>WINDOWSUPDATEFORBUSINESS_DEPLOYMENTSERVICE (7bf960f6-2cd9-443a-8046-5dbff9558365) | EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>UNIVERSAL PRINT (795f6fe0-cc4d-4773-b050-5dde4dc704c9)<br/>WINDOWS 10 ENTERPRISE (NEW) (e7c91390-7625-45be-94e0-e16907e03118)<br/>WINDOWS UPDATE FOR BUSINESS DEPLOYMENT SERVICE (7bf960f6-2cd9-443a-8046-5dbff9558365) | | Windows 10 Enterprise E5 | WIN10_VDA_E5 | 488ba24a-39a9-4473-8ee5-19291e71b002 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>WINDEFATP (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>Virtualization Rights for Windows 10 (E3/E5+VDA) (e7c91390-7625-45be-94e0-e16907e03118) | Exchange Foundation (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>MICROSOFT DEFENDER FOR ENDPOINT (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>Windows 10 Enterprise (New) (e7c91390-7625-45be-94e0-e16907e03118) |
+| Windows 10 Enterprise E5 Commercial (GCC Compatible) | WINE5_GCC_COMPAT | 938fd547-d794-42a4-996c-1cc206619580 | EXCHANGE_S_FOUNDATION_GOV (922ba911-5694-4e99-a794-73aed9bfeec8)<br/>WINDEFATP (871d91ec-ec1a-452b-a83f-bd76c7d770ef))<br/>Virtualization Rights for Windows 10 (E3/E5+VDA) (e7c91390-7625-45be-94e0-e16907e03118) | Exchange Foundation for Government (922ba911-5694-4e99-a794-73aed9bfeec8)<br/>Microsoft Defender For Endpoint (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>Windows 10 Enterprise (New) (e7c91390-7625-45be-94e0-e16907e03118) |
| WINDOWS STORE FOR BUSINESS | WINDOWS_STORE | 6470687e-a428-4b7a-bef2-8a291ad947c9 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>WINDOWS_STORE (a420f25f-a7b3-4ff5-a9d0-5d58f73b537d) | EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>WINDOWS STORE SERVICE (a420f25f-a7b3-4ff5-a9d0-5d58f73b537d) | ## Service plans that cannot be assigned at the same time
active-directory Whats New Docs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/external-identities/whats-new-docs.md
Title: "What's new in Azure Active Directory external identities" description: "New and updated documentation for the Azure Active Directory external identities." Previously updated : 07/12/2021 Last updated : 08/03/2021
Welcome to what's new in Azure Active Directory external identities documentation. This article lists new docs that have been added and those that have had significant updates in the last three months. To learn what's new with the external identities service, see [What's new in Azure Active Directory](../fundamentals/whats-new.md).
+## July 2021
+
+### New articles
+
+- [Secure your API used an API connector in Azure AD External Identities self-service sign-up user flows](self-service-sign-up-secure-api-connector.md)
+
+### Updated articles
+
+- [Identity Providers for External Identities](identity-providers.md)
+- [Microsoft account (MSA) identity provider for External Identities](microsoft-account.md)
+- [Email one-time passcode authentication](one-time-passcode.md)
+- [Add a self-service sign-up user flow to an app](self-service-sign-up-user-flow.md)
+- [Properties of an Azure Active Directory B2B collaboration user](user-properties.md)
+- [Add Google as an identity provider for B2B guest users](google-federation.md)
+- [Azure Active Directory B2B collaboration invitation redemption](redemption-experience.md)
+- [Troubleshooting Azure Active Directory B2B collaboration](troubleshoot.md)
+- [Add an API connector to a user flow](self-service-sign-up-add-api-connector.md)
+- [Add a custom approval workflow to self-service sign-up](self-service-sign-up-add-approvals.md)
+- [What are External Identities in Azure Active Directory?](compare-with-b2c.md)
+- [Billing model for Azure AD External Identities](external-identities-pricing.md)
+- [Dynamic groups and Azure Active Directory B2B collaboration](use-dynamic-groups.md)
+- [What is guest user access in Azure Active Directory B2B?](what-is-b2b.md)
+- [Use API connectors to customize and extend self-service sign-up](api-connectors-overview.md)
+- [Federation with SAML/WS-Fed identity providers for guest users (preview)](direct-federation.md)
+- [The elements of the B2B collaboration invitation email - Azure Active Directory](invitation-email-elements.md)
+- [Conditional Access for B2B collaboration users](conditional-access.md)
++ ## June 2021 ### New articles
active-directory Access Panel Collections https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/access-panel-collections.md
Last updated 02/10/2020 -+
active-directory Access Panel Manage Self Service Access https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/access-panel-manage-self-service-access.md
Last updated 07/11/2017 -+ # How to use self-service application access
active-directory App Management Powershell Samples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/app-management-powershell-samples.md
Last updated 02/18/2021 -+ # Azure Active Directory PowerShell examples for Application Management
active-directory Application Management Certs Faq https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/application-management-certs-faq.md
Last updated 03/19/2021 -+ # Azure Active Directory (Azure AD) Application Management certificates frequently asked questions
active-directory Application Management Fundamentals https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/application-management-fundamentals.md
Last updated 11/13/2019
+ # Application management best practices
active-directory Application Sign In Other Problem Access Panel https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/application-sign-in-other-problem-access-panel.md
Last updated 07/11/2017 -+
active-directory Application Sign In Problem Application Error https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/application-sign-in-problem-application-error.md
Last updated 07/11/2017 -+
active-directory Application Sign In Problem First Party Microsoft https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/application-sign-in-problem-first-party-microsoft.md
Last updated 09/10/2018 -+
active-directory Application Sign In Unexpected User Consent Error https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/application-sign-in-unexpected-user-consent-error.md
Last updated 07/11/2017 -+
active-directory Application Sign In Unexpected User Consent Prompt https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/application-sign-in-unexpected-user-consent-prompt.md
Last updated 07/11/2017 -+
active-directory Application Types https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/application-types.md
Last updated 01/07/2021 + # Viewing apps using your Azure AD tenant for identity management
active-directory Assign User Or Group Access Portal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/assign-user-or-group-access-portal.md
Last updated 02/21/2020 -+ # Manage user assignment for an app in Azure Active Directory
active-directory Certificate Signing Options https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/certificate-signing-options.md
Last updated 03/25/2019 -+
active-directory Cloud App Security https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/cloud-app-security.md
Previously updated : 02/03/2020 Last updated : 07/29/2021 + # Cloud app visibility and control
active-directory Common Scenarios https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/common-scenarios.md
Last updated 03/02/2019 -+
active-directory Configure Admin Consent Workflow https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/configure-admin-consent-workflow.md
Last updated 07/08/2021 -+
active-directory Configure Authentication For Federated Users Portal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/configure-authentication-for-federated-users-portal.md
Last updated 02/12/2021
+ # Configure Azure Active Directory sign in behavior for an application by using a Home Realm Discovery policy
active-directory Configure Linked Sign On https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/configure-linked-sign-on.md
Last updated 07/30/2020 -+ # Understand linked sign-on
active-directory Configure Oidc Single Sign On https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/configure-oidc-single-sign-on.md
Title: Understand OIDC-based single sign-on (SSO) for apps in Azure Active Directory
+ Title: Understand OIDC-based single sign-on
+ description: Understand OIDC-based single sign-on (SSO) for apps in Azure Active Directory.
Previously updated : 10/19/2020 Last updated : 07/19/2021 -+
active-directory Configure Password Single Sign On Non Gallery Applications https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/configure-password-single-sign-on-non-gallery-applications.md
Last updated 07/29/2020 + # Understand password-based single sign-on
active-directory Configure Saml Single Sign On https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/configure-saml-single-sign-on.md
Previously updated : 07/28/2020 Last updated : 07/28/2021 -+ # Understand SAML-based single sign-on
active-directory Debug Saml Sso Issues https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/debug-saml-sso-issues.md
Last updated 02/18/2019-+ # Debug SAML-based single sign-on to applications in Azure Active Directory
active-directory Disable User Sign In Portal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/disable-user-sign-in-portal.md
Last updated 04/12/2019 -+
active-directory End User Experiences https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/end-user-experiences.md
Last updated 09/27/2019 -+ # End-user experiences for applications in Azure Active Directory
active-directory F5 Aad Integration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/f5-aad-integration.md
Last updated 11/12/2020 + # F5 BIG-IP Access Policy Manager and Azure Active Directory integration for secure hybrid access
active-directory F5 Aad Password Less Vpn https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/f5-aad-password-less-vpn.md
Last updated 10/12/2020 + # Tutorial for Azure Active Directory single sign-on integration with F5 BIG-IP for Password-less VPN
active-directory F5 Bigip Deployment Guide https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/f5-bigip-deployment-guide.md
Last updated 10/12/2020
+ # Tutorial to deploy F5 BIG-IP Virtual Edition VM in Azure IaaS for secure hybrid access
active-directory Get It Now Azure Marketplace https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/get-it-now-azure-marketplace.md
Last updated 07/16/2020 +
active-directory Grant Admin Consent https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/grant-admin-consent.md
Last updated 11/04/2019 -+
active-directory Hide Application From User Portal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/hide-application-from-user-portal.md
Last updated 03/25/2020 -+
active-directory Howto Saml Token Encryption https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/howto-saml-token-encryption.md
Last updated 03/13/2020 -+
active-directory Manage Application Permissions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/manage-application-permissions.md
Last updated 7/10/2020 -+
active-directory Manage Certificates For Federated Single Sign On https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/manage-certificates-for-federated-single-sign-on.md
Last updated 04/04/2019 -+
active-directory Manage Self Service Access https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/manage-self-service-access.md
Last updated 04/20/2020 + # How to configure self-service application assignment
active-directory Methods For Removing User Access https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/methods-for-removing-user-access.md
Last updated 11/02/2020 + # How to remove a user's access to an application
active-directory Migrate Adfs Application Activity https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/migrate-adfs-application-activity.md
Last updated 01/14/2019 + # Use the AD FS application activity report to migrate applications to Azure AD
active-directory Migrate Adfs Apps To Azure https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/migrate-adfs-apps-to-azure.md
Last updated 03/01/2021 -+ # Moving application authentication from Active Directory Federation Services to Azure Active Directory
active-directory Migrate Application Authentication To Azure Active Directory https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/migrate-application-authentication-to-azure-active-directory.md
Last updated 02/05/2021 -+
active-directory Migration Resources https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/migration-resources.md
Last updated 02/29/2020 -+ # Resources for migrating applications to Azure Active Directory
active-directory My Apps Deployment Plan https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/my-apps-deployment-plan.md
Last updated 07/25/2021 + # Plan Azure Active Directory My Apps configuration
Azure AD supports multiple SSO options.
### Use federated SSO if possible
-For the best user experience with the My Apps page, start with the integration of cloud applications that are available for federated SSO (OpenID Connect or SAML). Federated SSO allows users to have a consistent one-click experience across app launching surfaces and tends to be more robust in configuration control.
+For the best user experience with the My Apps page, start with the integration of cloud applications that are available for federated single sign-on (SSO), such as OpenID Connect or SAML. Federated SSO allows users to have a consistent one-click experience when signing in to applications and tends to be more robust in configuration control.
-For more information on how to configure your software as a service (SaaS) applications for SSO, see the [SaaS SSO deployment plan]../Desktop/plan-sso-deployment.md).
+For more information about configuring single sign-on for your application, see [Plan single sign-on deployment](plan-sso-deployment.md).
### Considerations for special SSO circumstances
active-directory One Click Sso Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/one-click-sso-tutorial.md
Last updated 06/11/2019 + # One-click app configuration of single sign-on
active-directory Plan An Application Integration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/plan-an-application-integration.md
Last updated 04/05/2021 -+ # Integrating Azure Active Directory with applications getting started guide
active-directory Plan Sso Deployment https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/plan-sso-deployment.md
Last updated 06/10/2020 -+ # Customer intent: As an IT admin, I need to learn about single-sign on (SSO) so I can understand the feature and help others in my organization to understand its value.
active-directory Secure Hybrid Access https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/secure-hybrid-access.md
Last updated 2/16/2021 + # Secure hybrid access: Secure legacy apps with Azure Active Directory
active-directory Sso Options https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/sso-options.md
Last updated 12/03/2019 -+ # Single sign-on options in Azure AD
active-directory Tenant Restrictions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/tenant-restrictions.md
Last updated 7/30/2021 -+
active-directory Troubleshoot Password Based Sso https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/troubleshoot-password-based-sso.md
Last updated 07/11/2017 -+ # Troubleshoot password-based single sign-on in Azure AD
active-directory Troubleshoot Saml Based Sso https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/troubleshoot-saml-based-sso.md
Last updated 07/11/2017 + # Troubleshoot SAML-based single sign-on in Azure Active Directory
active-directory Ways Users Get Assigned To Applications https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/ways-users-get-assigned-to-applications.md
Last updated 01/07/2021 + # Understand how users are assigned to apps in Azure Active Directory
active-directory What Is Access Management https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/what-is-access-management.md
Last updated 05/16/2017 + # Managing access to apps
active-directory What Is Application Management https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/what-is-application-management.md
Last updated 01/22/2021 -+ # What is application management?
active-directory What Is Single Sign On https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/what-is-single-sign-on.md
Last updated 12/03/2019 -+
active-directory Whats New Docs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/whats-new-docs.md
Title: "What's new in Azure Active Directory application management" description: "New and updated documentation for the Azure Active Directory application management." Previously updated : 07/12/2021 Last updated : 08/03/2021
+reviewer: napuri
# Azure Active Directory application management: What's new Welcome to what's new in Azure Active Directory application management documentation. This article lists new docs that have been added and those that have had significant updates in the last three months. To learn what's new with the application management service, see [What's new in Azure Active Directory](../fundamentals/whats-new.md).
+## July 2021
+
+### Updated articles
+
+- [Create collections on the My Apps portal](access-panel-collections.md)
+- [Quickstart: Assign users to an application](add-application-portal-assign-users.md)
+- [Quickstart: Configure properties for an application](add-application-portal-configure.md)
+- [Quickstart: Set up OIDC-based single sign-on for an application](add-application-portal-setup-oidc-sso.md)
+- [Quickstart: Set up SAML-based single sign-on for an application](add-application-portal-setup-sso.md)
+- [Quickstart: Add an application to your tenant](add-application-portal.md)
+- [Quickstart: Delete an application from your tenant](delete-application-portal.md)
+- [Azure Active Directory application management: What's new](whats-new-docs.md)
+- [Quickstart: View the list of applications that are using your Azure Active Directory (Azure AD) tenant for identity management](view-applications-portal.md)
+- [Configure the admin consent workflow](configure-admin-consent-workflow.md)
++ ## June 2021 ### Updated articles
active-directory Concept Privileged Access Versus Role Assignable https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/privileged-identity-management/concept-privileged-access-versus-role-assignable.md
+
+ Title: What's eth difference between Privileged Access groups and role-assignable groups - Azure AD | Microsoft Docs
+description: Learn how to tell the difference between Privileged Access groups and role-assignable groups in Azure AD Privileged Identity Management (PIM).
+
+documentationcenter: ''
+++
+ms.devlang: na
+
+ na
++ Last updated : 07/02/2021+++++
+# What's the difference between Privileged Access groups and role-assignable groups?
+
+Privileged Identity Management (PIM) supports the ability to enable privileged access on role-assignable groups. But because an available role-assignable group is a prerequisite for creating a privileged access group, this article explains the differences and how to take advantage of them.
+
+## What are Azure AD role-assignable groups?
+
+Azure AD lets you assign a cloud Azure AD security group to an Azure AD role. Global Administrators and Privileged Role Administrators must create a new security group and make the group role-assignable at creation time. Only users in the Global Administrator, Privileged Role Administrator, or the group's Owner roles can change the membership of the group. Also, no other users can reset the password of the users who are members of the group. This feature helps prevent admins from elevating to a higher privileged role without going through a request and approval procedure.
+
+## What are Privileged Access groups?
+
+Privileged Access groups enable users to elevate to the owner or member role of an Azure AD security group. This feature allows you to set up just-in-time workflows for not only Azure AD and Azure roles in batches, and also enables just-in-time scenarios for other use cases like Azure SQL, Azure Key Vault, Intune, or other application roles.
+
+Eligible members of the group also have their passwords reset by the Helpdesk Administrator role. You can also use Privileged Identity Management to manage access to the Helpdesk Administrator role can improve your security posture.
+
+## When to use each type of group
+
+You can set up just-in-time access to permissions and roles beyond Azure AD and Azure Resource. If you have other resources whose authorization can be connected to an Azure AD security group (for Azure Key Vault, Intune, Azure SQL, or other apps and services), you should enable privileged access on the group and assign users as eligible for membership in the group.
+
+If you want to assign a group to an Azure AD or Azure Resource role and require activation via PIM, there are two ways you can achieve this result:
+
+- Assign the group as eligible for a role through PIM. Everyone in the group must activate their assignment to get access to the role. This path requires a role-assignable group for the Azure AD role, and a security group for Azure resources.
+
+- Assign the group as permanently active in a role. You then grant users eligible member access to the group in PIM. Eligible users must then activate their membership to get into the group that is permanently assigned to the role. This path requires a role-assignable group to be enabled in PIM as a privileged access group for the Azure AD role.
+
+Either of these methods will work for the end-to-end scenario. We recommend that you use the first method in most cases. You should use the second method only if you are trying to:
+
+- Assign a group to multiple Azure AD or Azure resource roles and have users activate once to get access to multiple roles.
+- Maintain different activation policies for different sets of users to access an Azure AD or Azure resource role. For example, if you want some users to be approved before becoming a Global Administrator while allowing other users to be auto-approved, you can set up two privileged access groups, assign them both persistently (a "permanent" assignment in Privileged Identity Management) to the Global Administrator role and then use a different activation policy for the member role for each group.
+
+## Next steps
+
+- [Approve or deny requests for Azure AD roles](azure-ad-pim-approval-workflow.md)
+- [Approve or deny requests for Azure resource roles](pim-resource-roles-approval-workflow.md)
+- [Approve activation requests for privileged access group members and owners (preview)](groups-approval-workflow.md)
active-directory Groups Activate Roles https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/privileged-identity-management/groups-activate-roles.md
+
+ Title: Activate privileged access group roles in PIM - Azure AD | Microsoft Docs
+description: Learn how to activate your privileged access group roles in Azure AD Privileged Identity Management (PIM).
+
+documentationcenter: ''
+++
+ms.devlang: na
+
+ na
++ Last updated : 07/01/2021+++++
+# Activate my privileged access group roles in Privileged Identity Management
+
+Use Privileged Identity Management (PIM) to allow eligible role members for privileged access groups to schedule role activation for a specified date and time. They can also select a activation duration up to the maximum duration configured by administrators.
+
+This article is for eligible members who want to activate their privileged access group role in Privileged Identity Management.
+
+## Activate a role
+
+When you need to take on an privileged access group role, you can request activation by using the **My roles** navigation option in Privileged Identity Management.
+
+1. [Sign in to Azure AD portal](https://aad.portal.azure.com) with Global Administrator or group Owner permissions.
+
+1. Open [Privileged Identity Management](https://portal.azure.com/#blade/Microsoft_Azure_PIMCommon/CommonMenuBlade/quickStart).
+
+1. Select **Privileged access groups (Preview)** and then select **Activate role** to open the **My roles** page for privileged access groups.
+
+ ![Privileged access roles page in PIM](./media/groups-activate-roles/groups-select-group.png)
+
+1. On the **My roles** page, select **Activate** on the row of the eligible assignment you want to activate.
+
+ ![Activate link on the eligible role assignment row](./media/groups-activate-roles/groups-activate-link.png)
+
+1. If your role requires multi-factor authentication, select **Verify your identity before proceeding**. You only have to authenticate once per session.
+
+ ![Verify my identity with MFA before role activation](./media/groups-activate-roles/groups-my-roles-mfa.png)
+
+1. Select **Verify my identity** and follow the instructions to provide additional security verification.
+
+ ![Screen to provide security verification such as a PIN code](./media/groups-activate-roles/groups-mfa-enter-code.png)
+
+1. If necessary, specify a custom activation start time. The member or owner is to be activated only after the selected time.
+
+1. In the **Reason** box, enter the reason for the activation request.
+
+ ![Activate page with duration and justification](./media/groups-activate-roles/groups-activate-page.png)
+
+1. Select **Activate**.
+
+If the [role requires approval](pim-resource-roles-approval-workflow.md) to activate, an Azure notification appears in the upper right corner of your browser informing you the request is pending approval.
+
+## View the status of your requests
+
+You can view the status of your pending requests to activate.
+
+1. Open Azure AD Privileged Identity Management.
+
+1. Select **My requests** to see a list of your Azure AD role and privileged access group role requests.
+
+1. Scroll to the right, if needed, to view the **Request Status** column.
+
+## Cancel a pending request
+
+If you do not require activation of a role that requires approval, you can cancel a pending request at any time.
+
+1. Open Azure AD Privileged Identity Management.
+
+1. Select **My requests**.
+
+1. For the role that you want to cancel, select the **Cancel** link.
+
+ When you select **Cancel**, the request will be canceled. To activate the role again, you will have to submit a new request for activation.
+
+## Troubleshoot
+
+### Permissions are not granted after activating a role
+
+When you activate a role in Privileged Identity Management, the activation may not instantly propagate to all portals that require the privileged role. Sometimes, even if the change is propagated, web caching in a portal may result in the change not taking effect immediately. If your activation is delayed, here is what you should do.
+
+1. Sign out of the Azure portal and then sign back in.
+1. In Privileged Identity Management, verify that you are listed as the member of the role.
+
+## Next steps
+
+- [Extend or renew privileged access group roles in Privileged Identity Management](groups-renew-extend.md)
+- [Assign my privileged access group roles in Privileged Identity Management](groups-assign-member-owner.md)
active-directory Groups Features https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/privileged-identity-management/groups-features.md
Title: Managing privileged Azure AD groups in Privileged Identity Management (PIM) | Microsoft Docs
+ Title: Managing Privileged Access groups in Privileged Identity Management (PIM) | Microsoft Docs
description: How to manage members and owners of privileged access groups in Privileged Identity Management (PIM) documentationcenter: ''
#Customer intent: As a dev or IT admin, I want to manage group assignments in PIM, so that I can grant eligibility for elevation to a role assigned via group membership
-# Management capabilities for privileged access Azure AD groups (preview)
+# Management capabilities for Privileged Access groups (preview)
In Privileged Identity Management (PIM), you can now assign eligibility for membership or ownership of privileged access groups. Starting with this preview, you can assign Azure Active Directory (Azure AD) built-in roles to cloud groups and use PIM to manage group member and owner eligibility and activation. For more information about role-assignable groups in Azure AD, see [Use Azure AD groups to manage role assignments](../roles/groups-concept.md).
active-directory Pim Email Notifications https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/privileged-identity-management/pim-email-notifications.md
na
ms.devlang: na Previously updated : 04/28/2020 Last updated : 06/30/2021
The email includes:
| **Users activated** | Number of times users activated their eligible role inside the organization. | | **Users made permanent** | Number of times users with an eligible assignment is made permanent. | | **Role assignments in Privileged Identity Management** | Number of times users are assigned an eligible role inside Privileged Identity Management. |
-| **Role assignments outside of PIM** | Number of times users are assigned a permanent role outside of Privileged Identity Management (inside Azure AD). |
+| **Role assignments outside of PIM** | Number of times users are assigned a permanent role outside of Privileged Identity Management (inside Azure AD). This alert and the accompanying email can be enabled or disabled by opening the alert settings. |
The **Overview of your top roles** section lists the top five roles in your organization based on total number of permanent and eligible administrators for each role. The **Take action** link opens [Discovery & Insights](pim-security-wizard.md) where you can convert permanent administrators to eligible administrators in batches.
active-directory Pim How To Change Default Settings https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/privileged-identity-management/pim-how-to-change-default-settings.md
Previously updated : 07/14/2021 Last updated : 07/27/2021 # Configure Azure AD role settings in Privileged Identity Management
-A Privileged role administrator can customize Privileged Identity Management (PIM) in their Azure Active Directory (Azure AD) organization, including changing the experience for a user who is activating an eligible role assignment.
+A privileged role administrator can customize Privileged Identity Management (PIM) in their Azure Active Directory (Azure AD) organization, including changing the experience for a user who is activating an eligible role assignment.
## Open role settings
You can choose from two assignment duration options for each assignment type (el
You can choose one of these **eligible** assignment duration options:
-| | Description |
+| Setting | Description |
| | |
-| **Allow permanent eligible assignment** | Global admins and Privileged role admins can assign permanent eligible assignment. |
-| **Expire eligible assignment after** | Global admins and Privileged role admins can require that all eligible assignments have a specified start and end date. |
+| Allow permanent eligible assignment | Global admins and Privileged role admins can assign permanent eligible assignment. |
+| Expire eligible assignment after | Global admins and Privileged role admins can require that all eligible assignments have a specified start and end date. |
And, you can choose one of these **active** assignment duration options:
-| | Description |
+| Setting | Description |
| | |
-| **Allow permanent active assignment** | Global admins and Privileged role admins can assign permanent active assignment. |
-| **Expire active assignment after** | Global admins and Privileged role admins can require that all active assignments have a specified start and end date. |
+| Allow permanent active assignment | Global admins and Privileged role admins can assign permanent active assignment. |
+| Expire active assignment after | Global admins and Privileged role admins can require that all active assignments have a specified start and end date. |
> [!NOTE] > All assignments that have a specified end date can be renewed by Global admins and Privileged role admins. Also, users can initiate self-service requests to [extend or renew role assignments](pim-resource-roles-renew-extend.md).
active-directory Pim How To Configure Security Alerts https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/privileged-identity-management/pim-how-to-configure-security-alerts.md
Previously updated : 06/03/2021 Last updated : 06/30/2021
Severity: **High**
| | Description | | | | | **Why do I get this alert?** | Privileged role assignments made outside of Privileged Identity Management are not properly monitored and may indicate an active attack. |
-| **How to fix?** | Review the users in the list and remove them from privileged roles assigned outside of Privileged Identity Management. |
+| **How to fix?** | Review the users in the list and remove them from privileged roles assigned outside of Privileged Identity Management. You can also enable or disable both the alert and its accompanying email notification in the alert settings. |
| **Prevention** | Investigate where users are being assigned privileged roles outside of Privileged Identity Management and prohibit future assignments from there. | | **In-portal mitigation action** | Removes the user from their privileged role. |
Severity: **Low**
## Customize security alert settings
-On the **Alerts** page, select **Settings**.
+On the **Alerts** page, select **Setting**.
![Alerts page with Settings highlighted](media/pim-how-to-configure-security-alerts/alert-settings.png)
active-directory Powershell For Azure Ad Roles https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/privileged-identity-management/powershell-for-azure-ad-roles.md
ms.devlang: na
na Previously updated : 09/15/2020 Last updated : 06/30/2021
This article contains instructions for using Azure Active Directory (Azure AD) PowerShell cmdlets to manage Azure AD roles in Privileged Identity Management (PIM). It also tells you how to get set up with the Azure AD PowerShell module.
-> [!Note]
-> Our official PowerShell is supported only if you are on the new version of Azure AD Privileged Identity Management. Please go to Privileged Identity Management and make sure you have the following banner on the quick start blade.
-> [![check the version of Privileged Identity Management you have](media/pim-how-to-add-role-to-user/pim-new-version.png "Select Azure AD > Privileged Identity Management")](media/pim-how-to-add-role-to-user/pim-new-version.png#lightbox)
-> If you don't have this banner, please wait as we are currently in the process of rolling out this updated experience over the next few weeks.
-> The Privileged Identity Management PowerShell cmdlets are supported through the Azure AD Preview module. If you have been using a different module and that module is now returning an error message, please start using this new module. If you have any production systems built on top of a different module, please reach out to [pim_preview@microsoft.com](mailto:pim_preview@microsoft.com).
- ## Installation and Setup 1. Install the Azure AD Preview module
active-directory Groups Concept https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/roles/groups-concept.md
The following are known issues with role-assignable groups:
- Use the new [Exchange admin center](https://admin.exchange.microsoft.com/) for role assignments via group membership. The old Exchange admin center doesn't support this feature yet. Exchange PowerShell cmdlets will work as expected. - Azure Information Protection Portal (the classic portal) doesn't recognize role membership via group yet. You can [migrate to the unified sensitivity labeling platform](/azure/information-protection/configure-policy-migrate-labels) and then use the Office 365 Security & Compliance center to use group assignments to manage roles. - [Apps admin center](https://config.office.com/) doesn't support this feature yet. Assign users directly to Office Apps Administrator role.-- [Microsoft 365 Compliance Center](https://compliance.microsoft.com/) doesn't support this feature yet. Assign users directly to appropriate Azure AD roles to use this portal. ## License requirements
active-directory Acquireio Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/acquireio-tutorial.md
Previously updated : 10/14/2019 Last updated : 07/27/2021
In this tutorial, you'll learn how to integrate AcquireIO with Azure Active Dire
* Enable your users to be automatically signed-in to AcquireIO with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
- ## Prerequisites To get started, you need the following items:
To get started, you need the following items:
In this tutorial, you configure and test Azure AD SSO in a test environment.
-* AcquireIO supports **IDP** initiated SSO
+* AcquireIO supports **IDP** initiated SSO.
+
+> [!NOTE]
+> Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
-## Adding AcquireIO from the gallery
+## Add AcquireIO from the gallery
To configure the integration of AcquireIO into Azure AD, you need to add AcquireIO from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**. 1. In the **Add from the gallery** section, type **AcquireIO** in the search box. 1. Select **AcquireIO** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-## Configure and test Azure AD single sign-on for AcquireIO
+## Configure and test Azure AD SSO for AcquireIO
Configure and test Azure AD SSO with AcquireIO using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in AcquireIO.
-To configure and test Azure AD SSO with AcquireIO, complete the following building blocks:
+To configure and test Azure AD SSO with AcquireIO, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
- * **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
- * **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
1. **[Configure AcquireIO SSO](#configure-acquireio-sso)** - to configure the single sign-on settings on application side.
- * **[Create AcquireIO test user](#create-acquireio-test-user)** - to have a counterpart of B.Simon in AcquireIO that is linked to the Azure AD representation of user.
+ 1. **[Create AcquireIO test user](#create-acquireio-test-user)** - to have a counterpart of B.Simon in AcquireIO that is linked to the Azure AD representation of user.
1. **[Test SSO](#test-sso)** - to verify whether the configuration works. ## Configure Azure AD SSO Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **AcquireIO** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **AcquireIO** application integration page, find the **Manage** section and select **single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
-1. On the **Basic SAML Configuration** section, enter the values for the following fields:
+1. On the **Basic SAML Configuration** section, perform the following step:
In the **Reply URL** text box, type a URL using the following pattern: `https://app.acquire.io/ad/<acquire_account_uid>`
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **AcquireIO**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen. 1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen. 1. In the **Add Assignment** dialog, click the **Assign** button.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. From the left side of menu, click on **App Store**.
- ![Screenshot that highlights App Store.](./media/acquireio-tutorial/config01.png)
+ ![Screenshot that highlights App Store.](./media/acquireio-tutorial/menu.png)
1. Scroll down up to **Active Directory** and click on **Install**.
- ![Screenshot that highlights the Active Directory section and the Install button.](./media/acquireio-tutorial/config02.png)
+ ![Screenshot that highlights the Active Directory section and the Install button.](./media/acquireio-tutorial/install-button.png)
1. On the Active Directory pop-up, perform the following steps:
- ![Screnshot that shows the Active Directory screen.](./media/acquireio-tutorial/config03.png)
+ ![Screnshot that shows the Active Directory screen.](./media/acquireio-tutorial/configuration.png)
a. Click **Copy** to copy the Reply URL for your instance and paste it in **Reply URL** textbox in **Basic SAML Configuration** section on Azure portal.
To enable Azure AD users to sign in to AcquireIO, they must be provisioned into
1. From the left side of menu, click **Profiles** and navigate to **Add Profile**.
- ![Screenshot that highlights Profiles in menu on the left side of the screen as well as the Add Profile option.](./media/acquireio-tutorial/config04.png)
+ ![Screenshot that highlights Profiles in menu on the left side of the screen as well as the Add Profile option.](./media/acquireio-tutorial/profile.png)
1. On the **Add customer** pop-up, perform the following steps:
- ![AcquireIO configuration](./media/acquireio-tutorial/config05.png)
+ ![AcquireIO configuration.](./media/acquireio-tutorial/add-profile.png)
a. In **Name** text box, enter the name of user like **B.simon**.
To enable Azure AD users to sign in to AcquireIO, they must be provisioned into
## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
-
-When you click the AcquireIO tile in the Access Panel, you should be automatically signed in to the AcquireIO for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
-
-## Additional resources
+In this section, you test your Azure AD single sign-on configuration with following options.
-- [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](./tutorial-list.md)
+* Click on Test this application in Azure portal and you should be automatically signed in to the AcquireIO for which you set up the SSO.
-- [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+* You can use Microsoft My Apps. When you click the AcquireIO tile in the My Apps, you should be automatically signed in to the AcquireIO for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+## Next steps
-- [Try AcquireIO with Azure AD](https://aad.portal.azure.com/)
+Once you configure AcquireIO you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Atlassian Cloud Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/atlassian-cloud-tutorial.md
Previously updated : 07/20/2021 Last updated : 07/29/2021 # Tutorial: Integrate Atlassian Cloud with Azure Active Directory
Follow these steps to enable Azure AD SSO in the Azure portal.
![Security](./media/atlassian-cloud-tutorial/admin.png)
-1. In the **Add SAML configuration** section, fill the required fields which you have copied from the Azure portal and click **Save configuration**.
-
- ![Add SAML Configuration](./media/atlassian-cloud-tutorial/configuration.png)
- 1. In the Azure portal, on the **Atlassian Cloud** application integration page, find the **Manage** section and select **Set up single sign-on**. ![Set up sso](./media/atlassian-cloud-tutorial/set-up.png)
active-directory Banyan Command Center Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/banyan-command-center-tutorial.md
Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Zero Trust Remote Access Platform | Microsoft Docs'
-description: Learn how to configure single sign-on between Azure Active Directory and Zero Trust Remote Access Platform.
+ Title: 'Tutorial: Azure Active Directory single sign-on (SSO) integration with Banyan Security Zero Trust Remote Access Platform | Microsoft Docs'
+description: Learn how to configure single sign-on between Azure Active Directory and Banyan Security Zero Trust Remote Access Platform.
-# Tutorial: Azure Active Directory single sign-on (SSO) integration with Zero Trust Remote Access Platform
+# Tutorial: Azure Active Directory single sign-on (SSO) integration with Banyan Security Zero Trust Remote Access Platform
-In this tutorial, you'll learn how to integrate Zero Trust Remote Access Platform with Azure Active Directory (Azure AD). When you integrate Zero Trust Remote Access Platform with Azure AD, you can:
+In this tutorial, you'll learn how to integrate Banyan Security Zero Trust Remote Access Platform with Azure Active Directory (Azure AD). When you integrate Banyan Security Zero Trust Remote Access Platform with Azure AD, you can:
-* Control in Azure AD who has access to Zero Trust Remote Access Platform.
-* Enable your users to be automatically signed-in to Zero Trust Remote Access Platform with their Azure AD accounts.
+* Control in Azure AD who has access to Banyan Security Zero Trust Remote Access Platform.
+* Enable your users to be automatically signed-in to Banyan Security Zero Trust Remote Access Platform with their Azure AD accounts.
* Manage your accounts in one central location - the Azure portal. ## Prerequisites
In this tutorial, you'll learn how to integrate Zero Trust Remote Access Platfor
To get started, you need the following items: * An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
-* Zero Trust Remote Access Platform single sign-on (SSO) enabled subscription.
+* Banyan Security Zero Trust Remote Access Platform single sign-on (SSO) enabled subscription.
## Scenario description In this tutorial, you configure and test Azure AD SSO in a test environment.
-* Zero Trust Remote Access Platform supports **SP and IDP** initiated SSO.
-* Zero Trust Remote Access Platform supports **Just In Time** user provisioning.
+* Banyan Security Zero Trust Remote Access Platform supports **SP and IDP** initiated SSO.
+* Banyan Security Zero Trust Remote Access Platform supports **Just In Time** user provisioning.
-## Add Zero Trust Remote Access Platform from the gallery
+## Add Banyan Security Zero Trust Remote Access Platform from the gallery
-To configure the integration of Zero Trust Remote Access Platform into Azure AD, you need to add Zero Trust Remote Access Platform from the gallery to your list of managed SaaS apps.
+To configure the integration of Banyan Security Zero Trust Remote Access Platform into Azure AD, you need to add Banyan Security Zero Trust Remote Access Platform from the gallery to your list of managed SaaS apps.
1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account. 1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**.
-1. In the **Add from the gallery** section, type **Zero Trust Remote Access Platform** in the search box.
-1. Select **Zero Trust Remote Access Platform** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
+1. In the **Add from the gallery** section, type **Banyan Security Zero Trust Remote Access Platform** in the search box.
+1. Select **Banyan Security Zero Trust Remote Access Platform** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-## Configure and test Azure AD SSO for Zero Trust Remote Access Platform
+## Configure and test Azure AD SSO for Banyan Security Zero Trust Remote Access Platform
-Configure and test Azure AD SSO with Zero Trust Remote Access Platform using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Zero Trust Remote Access Platform.
+Configure and test Azure AD SSO with Banyan Security Zero Trust Remote Access Platform using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Banyan Security Zero Trust Remote Access Platform.
-To configure and test Azure AD SSO with Zero Trust Remote Access Platform, perform the following steps:
+To configure and test Azure AD SSO with Banyan Security Zero Trust Remote Access Platform, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature. 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon. 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
-1. **[Configure Zero Trust Remote Access Platform SSO](#configure-zero-trust-remote-access-platform-sso)** - to configure the single sign-on settings on application side.
- 1. **[Create Zero Trust Remote Access Platform test user](#create-zero-trust-remote-access-platform-test-user)** - to have a counterpart of B.Simon in Zero Trust Remote Access Platform that is linked to the Azure AD representation of user.
+1. **[Configure Banyan Security Zero Trust Remote Access Platform SSO](#configure-banyan-security-zero-trust-remote-access-platform-sso)** - to configure the single sign-on settings on application side.
+ 1. **[Create Banyan Security Zero Trust Remote Access Platform test user](#create-banyan-security-zero-trust-remote-access-platform-test-user)** - to have a counterpart of B.Simon in Banyan Security Zero Trust Remote Access Platform that is linked to the Azure AD representation of user.
1. **[Test SSO](#test-sso)** - to verify whether the configuration works. ## Configure Azure AD SSO Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the Azure portal, on the **Zero Trust Remote Access Platform** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **Banyan Security Zero Trust Remote Access Platform** application integration page, find the **Manage** section and select **single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**. 1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
Follow these steps to enable Azure AD SSO in the Azure portal.
`https://net.banyanops.com/api/v1/sso?orgname=<YOUR_ORG_NAME>` > [!NOTE]
- > These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact [Zero Trust Remote Access Platform Client support team](mailto:support@banyansecurity.io) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+ > These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact [Banyan Security Zero Trust Remote Access Platform Client support team](mailto:support@banyansecurity.io) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
1. On the **Set up single sign-on with SAML** page, In the **SAML Signing Certificate** section, click copy button to copy **App Federation Metadata Url** and save it on your computer.
In this section, you'll create a test user in the Azure portal called B.Simon.
### Assign the Azure AD test user
-In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Zero Trust Remote Access Platform.
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Banyan Security Zero Trust Remote Access Platform.
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
-1. In the applications list, select **Zero Trust Remote Access Platform**.
+1. In the applications list, select **Banyan Security Zero Trust Remote Access Platform**.
1. In the app's overview page, find the **Manage** section and select **Users and groups**. 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog. 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen. 1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected. 1. In the **Add Assignment** dialog, click the **Assign** button.
-## Configure Zero Trust Remote Access Platform SSO
+## Configure Banyan Security Zero Trust Remote Access Platform SSO
-1. Log in to your Zero Trust Remote Access Platform website as an administrator.
+1. Log in to your Banyan Security Zero Trust Remote Access Platform website as an administrator.
1. Go to **Admin Settings -> Admin Sign-on**.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
d. Click on the **Update** button.
-### Create Zero Trust Remote Access Platform test user
+### Create Banyan Security Zero Trust Remote Access Platform test user
-In this section, a user called Britta Simon is created in Zero Trust Remote Access Platform. Zero Trust Remote Access Platform supports just-in-time user provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Zero Trust Remote Access Platform, a new one is created after authentication.
+In this section, a user called Britta Simon is created in Banyan Security Zero Trust Remote Access Platform. Banyan Security Zero Trust Remote Access Platform supports just-in-time user provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in Banyan Security Zero Trust Remote Access Platform, a new one is created after authentication.
## Test SSO
In this section, you test your Azure AD single sign-on configuration with follow
#### SP initiated:
-* Click on **Test this application** in Azure portal. This will redirect to Zero Trust Remote Access Platform Sign on URL where you can initiate the login flow.
+* Click on **Test this application** in Azure portal. This will redirect to Banyan Security Zero Trust Remote Access Platform Sign on URL where you can initiate the login flow.
-* Go to Zero Trust Remote Access Platform Sign-on URL directly and initiate the login flow from there.
+* Go to Banyan Security Zero Trust Remote Access Platform Sign-on URL directly and initiate the login flow from there.
#### IDP initiated:
-* Click on **Test this application** in Azure portal and you should be automatically signed in to the Zero Trust Remote Access Platform for which you set up the SSO.
-
-You can also use Microsoft My Apps to test the application in any mode. When you click the Zero Trust Remote Access Platform tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Zero Trust Remote Access Platform for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the Banyan Security Zero Trust Remote Access Platform for which you set up the SSO.
+You can also use Microsoft My Apps to test the application in any mode. When you click the Banyan Security Zero Trust Remote Access Platform tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Banyan Security Zero Trust Remote Access Platform for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
## Next steps
-Once you configure Banyan Command Center you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
+Once you configure Banyan Security Zero Trust Remote Access Platform you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
active-directory Broadcom Dx Saas Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/broadcom-dx-saas-tutorial.md
Previously updated : 02/19/2021 Last updated : 07/30/2021
To get started, you need the following items:
* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/). * Broadcom DX SaaS single sign-on (SSO) enabled subscription.
+> [!NOTE]
+> This integration is also available to use from Azure AD US Government Cloud environment. You can find this application in the Azure AD US Government Cloud Application Gallery and configure it in the same way as you do from public cloud.
+ ## Scenario description In this tutorial, you configure and test Azure AD SSO in a test environment.
Follow these steps to enable Azure AD SSO in the Azure portal.
1. In the Azure portal, on the **Broadcom DX SaaS** application integration page, find the **Manage** section and select **single sign-on**. 1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
-1. On the **Set up single sign-on with SAML** page, enter the values for the following fields:
+1. On the **Set up single sign-on with SAML** page, perform the following steps:
- a. In the **Identifier** text box, type a URL using the following pattern:
+ a. In the **Identifier** text box, type a value using the following pattern:
`DXI_<TENANT_NAME>` b. In the **Reply URL** text box, type a URL using the following pattern:
active-directory Curricula Saml Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/curricula-saml-tutorial.md
Previously updated : 05/28/2020 Last updated : 07/27/2021
In this tutorial, you'll learn how to integrate Curricula SAML with Azure Active
* Enable your users to be automatically signed-in to Curricula SAML with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
- ## Prerequisites To get started, you need the following items:
To get started, you need the following items:
In this tutorial, you configure and test Azure AD SSO in a test environment.
-* Curricula SAML supports **SP and IDP** initiated SSO
-* Once you configure Curricula SAML you can enforce session control, which protect exfiltration and infiltration of your organizationΓÇÖs sensitive data in real-time. Session control extend from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
+* Curricula SAML supports **SP and IDP** initiated SSO.
-## Adding Curricula SAML from the gallery
+## Add Curricula SAML from the gallery
To configure the integration of Curricula SAML into Azure AD, you need to add Curricula SAML from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**. 1. In the **Add from the gallery** section, type **Curricula SAML** in the search box. 1. Select **Curricula SAML** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-## Configure and test Azure AD single sign-on for Curricula SAML
+## Configure and test Azure AD SSO for Curricula SAML
Configure and test Azure AD SSO with Curricula SAML using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Curricula SAML.
-To configure and test Azure AD SSO with Curricula SAML, complete the following building blocks:
+To configure and test Azure AD SSO with Curricula SAML, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature. 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
To configure and test Azure AD SSO with Curricula SAML, complete the following b
Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **Curricula SAML** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **Curricula SAML** application integration page, find the **Manage** section and select **single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
-1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, enter the values for the following fields:
+1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, perform the following steps:
a. In the **Identifier** text box, type a URL using the following pattern: `https://mycurricula.com/auth/saml/<UNIQUEID>`
Follow these steps to enable Azure AD SSO in the Azure portal.
1. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode:
- In the **Sign-on URL** text box, type a URL:
+ In the **Sign-on URL** text box, type the URL:
`https://mycurricula.com/` 1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section, find **Certificate (Base64)** and select **Download** to download the certificate and save it on your computer.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **Curricula SAML**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen. 1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen. 1. In the **Add Assignment** dialog, click the **Assign** button.
In this section, you create a user called Britta Simon in Curricula SAML. Work w
## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+In this section, you test your Azure AD single sign-on configuration with following options.
-When you click the Curricula SAML tile in the Access Panel, you should be automatically signed in to the Curricula SAML for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+#### SP initiated:
-## Additional resources
+* Click on **Test this application** in Azure portal. This will redirect to Curricula SAML Sign on URL where you can initiate the login flow.
-- [ List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](./tutorial-list.md)
+* Go to Curricula SAML Sign-on URL directly and initiate the login flow from there.
-- [What is application access and single sign-on with Azure Active Directory? ](../manage-apps/what-is-single-sign-on.md)
+#### IDP initiated:
-- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the Curricula SAML for which you set up the SSO.
-- [Try Curricula SAML with Azure AD](https://aad.portal.azure.com/)
+You can also use Microsoft My Apps to test the application in any mode. When you click the Curricula SAML tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Curricula SAML for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is session control in Microsoft Cloud App Security?](/cloud-app-security/proxy-intro-aad)
+## Next steps
-- [How to protect Curricula SAML with advanced visibility and controls](/cloud-app-security/proxy-intro-aad)
+Once you configure Curricula SAML you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Elium Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/elium-tutorial.md
Previously updated : 09/09/2020 Last updated : 07/27/2021
To get started, you need the following items:
In this tutorial, you configure and test Azure AD SSO in a test environment.
-* Elium supports **SP and IDP** initiated SSO
-* Elium supports **Just In Time** user provisioning
+* Elium supports **SP and IDP** initiated SSO.
+* Elium supports **Just In Time** user provisioning.
-## Adding Elium from the gallery
+## Add Elium from the gallery
To configure the integration of Elium into Azure AD, you need to add Elium from the gallery to your list of managed SaaS apps.
To configure the integration of Elium into Azure AD, you need to add Elium from
Configure and test Azure AD SSO with Elium using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Elium.
-To configure and test Azure AD SSO with Elium, complete the following building blocks:
+To configure and test Azure AD SSO with Elium, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
- * **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
- * **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
1. **[Configure Elium SSO](#configure-elium-sso)** - to configure the single sign-on settings on application side.
- * **[Create Elium test user](#create-elium-test-user)** - to have a counterpart of B.Simon in Elium that is linked to the Azure AD representation of user.
+ 1. **[Create Elium test user](#create-elium-test-user)** - to have a counterpart of B.Simon in Elium that is linked to the Azure AD representation of user.
1. **[Test SSO](#test-sso)** - to verify whether the configuration works. ## Configure Azure AD SSO
Follow these steps to enable Azure AD SSO in the Azure portal.
1. In the Azure portal, on the **Elium** application integration page, find the **Manage** section and select **single sign-on**. 1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
-1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, enter the values for the following fields:
+1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, perform the following steps:
a. In the **Identifier** text box, type a URL using the following pattern: `https://<platform-domain>.elium.com/login/saml2/metadata`
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. Click on the **User profile** from right top corner and then select **Settings**.
- ![Configure Single Sign-On Elium 01](./media/elium-tutorial/elium-01.png)
+ ![Configure Single Sign-On User profile.](./media/elium-tutorial/profile.png)
1. Select **Security** under **Advanced**.
- ![Configure Single Sign-On Elium 02](./media/elium-tutorial/elium-02.png)
+ ![Configure Single Sign-On Advanced.](./media/elium-tutorial/security.png)
1. Scroll down to the **Single sign-on (SSO)** section and perform the following steps:
- ![Configure Single Sign-On Elium 03](./media/elium-tutorial/elium-03.png)
+ ![Configure Single Sign-On.](./media/elium-tutorial/configuration.png)
a. Copy the value of **Verify that SAML2 authentication works for your account** and paste it in the **Sign-on URL** textbox on the **Basic SAML Configuration** section in the Azure portal. > [!NOTE]
- > After configuring SSO, you can always access the default remote login page at the following URL: `https://<platform_domain>/login/regular/login`
+ > After configuring SSO, you can always access the default remote login page at the following URL: `https://<platform_domain>/login/regular/login`.
b. Select **Enable SAML2 federation** checkbox.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
e. Search for the **entityID** in the **SP Metadata** file, copy the **entityID** value and paste it in the **Identifier** textbox on the **Basic SAML Configuration** section in the Azure portal.
- ![Configure Single Sign-On Elium 04](./media/elium-tutorial/elium-04.png)
+ ![Configure Single Sign-On Configuration.](./media/elium-tutorial/metadata.png)
f. Search for the **AssertionConsumerService** in the **SP Metadata** file, copy the **Location** value and paste it in the **Reply URL** textbox on the **Basic SAML Configuration** section in the Azure portal.
- ![Configure Single Sign-On Elium 05](./media/elium-tutorial/elium-05.png)
+ ![Configure Single Sign-On AssertionConsumerService.](./media/elium-tutorial/service.png)
g. Open the downloaded metadata file from Azure portal into notepad, copy the content and paste it into the **IdP Metadata** textbox.
In this section, you test your Azure AD single sign-on configuration with follow
* Click on **Test this application** in Azure portal and you should be automatically signed in to the Elium for which you set up the SSO
-You can also use Microsoft Access Panel to test the application in any mode. When you click the Elium tile in the Access Panel, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Elium for which you set up the SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+You can also use Microsoft My Apps to test the application in any mode. When you click the Elium tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Elium for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
## Next Steps
active-directory Freedcamp Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/freedcamp-tutorial.md
Previously updated : 05/20/2019 Last updated : 07/30/2021
In this tutorial, you'll learn how to integrate Freedcamp with Azure Active Dire
* Enable your users to be automatically signed-in to Freedcamp with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
- ## Prerequisites To get started, you need the following items:
To get started, you need the following items:
* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/). * Freedcamp single sign-on (SSO) enabled subscription.
+> [!NOTE]
+> This integration is also available to use from Azure AD US Government Cloud environment. You can find this application in the Azure AD US Government Cloud Application Gallery and configure it in the same way as you do from public cloud.
+ ## Scenario description
-In this tutorial, you configure and test Azure AD SSO in a test environment. Freedcamp supports **SP and IDP** initiated SSO.
+In this tutorial, you configure and test Azure AD SSO in a test environment.
-## Adding Freedcamp from the gallery
+* Freedcamp supports **SP and IDP** initiated SSO.
+
+## Add Freedcamp from the gallery
To configure the integration of Freedcamp into Azure AD, you need to add Freedcamp from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**. 1. In the **Add from the gallery** section, type **Freedcamp** in the search box. 1. Select **Freedcamp** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-## Configure and test Azure AD single sign-on
+## Configure and test Azure AD SSO for Freedcamp
Configure and test Azure AD SSO with Freedcamp using a test user called **Britta Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Freedcamp.
-To configure and test Azure AD SSO with Freedcamp, complete the following building blocks:
+To configure and test Azure AD SSO with Freedcamp, perform the following steps:
-1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** to enable your users to use this feature.
-2. **[Configure Freedcamp](#configure-freedcamp)** to configure the SSO settings on application side.
-3. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** to test Azure AD single sign-on with Britta Simon.
-4. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** to enable Britta Simon to use Azure AD single sign-on.
-5. **[Create Freedcamp test user](#create-freedcamp-test-user)** to have a counterpart of Britta Simon in Freedcamp that is linked to the Azure AD representation of user.
-6. **[Test SSO](#test-sso)** to verify whether the configuration works.
+1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure Freedcamp SSO](#configure-freedcamp-sso)** - to configure the single sign-on settings on application side.
+ 1. **[Create Freedcamp test user](#create-freedcamp-test-user)** - to have a counterpart of B.Simon in Freedcamp that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
-### Configure Azure AD SSO
+## Configure Azure AD SSO
Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **Freedcamp** application integration page, find the **Manage** section and select **Single sign-on**.
+1. In the Azure portal, on the **Freedcamp** application integration page, find the **Manage** section and select **Single sign-on**.
1. On the **Select a Single sign-on method** page, select **SAML**.
-1. On the **Set up Single Sign-On with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up Single Sign-On with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
Follow these steps to enable Azure AD SSO in the Azure portal.
![Copy configuration URLs](common/copy-configuration-urls.png)
-### Configure Freedcamp
+### Create an Azure AD test user
+
+In this section, you'll create a test user in the Azure portal called Britta Simon.
+
+1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
+1. Select **New user** at the top of the screen.
+1. In the **User** properties, follow these steps:
+ 1. In the **Name** field, enter `Britta Simon`.
+ 1. In the **User name** field, enter the username@companydomain.extension. For example, `BrittaSimon@contoso.com`.
+ 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
+ 1. Click **Create**.
+
+### Assign the Azure AD test user
+
+In this section, you'll enable Britta Simon to use Azure single sign-on by granting access to Freedcamp.
+
+1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
+1. In the applications list, select **Freedcamp**.
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **Britta Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
+1. In the **Add Assignment** dialog, click the **Assign** button.
+
+## Configure Freedcamp SSO
1. To automate the configuration within Freedcamp, you need to install **My Apps Secure Sign-in browser extension** by clicking **Install the extension**.
Follow these steps to enable Azure AD SSO in the Azure portal.
e. Click **Submit**.
-### Create an Azure AD test user
-
-In this section, you'll create a test user in the Azure portal called Britta Simon.
-
-1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
-1. Select **New user** at the top of the screen.
-1. In the **User** properties, follow these steps:
- 1. In the **Name** field, enter `Britta Simon`.
- 1. In the **User name** field, enter the username@companydomain.extension. For example, `BrittaSimon@contoso.com`.
- 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
- 1. Click **Create**.
-
-### Assign the Azure AD test user
-
-In this section, you'll enable Britta Simon to use Azure single sign-on by granting access to Freedcamp.
-
-1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
-1. In the applications list, select **Freedcamp**.
-1. In the app's overview page, find the **Manage** section and select **Users and groups**.
-
- ![The "Users and groups" link](common/users-groups-blade.png)
-
-1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
-
- ![The Add User link](common/add-assign-user.png)
-
-1. In the **Users and groups** dialog, select **Britta Simon** from the Users list, then click the **Select** button at the bottom of the screen.
-1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen.
-1. In the **Add Assignment** dialog, click the **Assign** button.
- ### Create Freedcamp test user To enable Azure AD users, sign in to Freedcamp, they must be provisioned into Freedcamp. In Freedcamp, provisioning is a manual task.
To enable Azure AD users, sign in to Freedcamp, they must be provisioned into Fr
c. Click **Add User**.
-### Test SSO
+## Test SSO
+
+In this section, you test your Azure AD single sign-on configuration with following options.
+
+#### SP initiated:
+
+* Click on **Test this application** in Azure portal. This will redirect to Freedcamp Sign on URL where you can initiate the login flow.
+
+* Go to Freedcamp Sign-on URL directly and initiate the login flow from there.
-When you select the Freedcamp tile in the Access Panel, you should be automatically signed in to the Freedcamp for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+#### IDP initiated:
-## Additional Resources
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the Freedcamp for which you set up the SSO.
-- [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](./tutorial-list.md)
+You can also use Microsoft My Apps to test the application in any mode. When you click the Freedcamp tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Freedcamp for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+## Next steps
-- [What is Conditional Access in Azure Active Directory?](../conditional-access/overview.md)
+Once you configure Freedcamp you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Getthere Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/getthere-tutorial.md
Previously updated : 08/26/2019 Last updated : 07/27/2021
In this tutorial, you'll learn how to integrate GetThere with Azure Active Direc
* Enable your users to be automatically signed-in to GetThere with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
- ## Prerequisites To get started, you need the following items:
To get started, you need the following items:
In this tutorial, you configure and test Azure AD SSO in a test environment.
-* GetThere supports **IDP** initiated SSO
+* GetThere supports **IDP** initiated SSO.
> [!NOTE] > Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
-## Adding GetThere from the gallery
+## Add GetThere from the gallery
To configure the integration of GetThere into Azure AD, you need to add GetThere from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**. 1. In the **Add from the gallery** section, type **GetThere** in the search box. 1. Select **GetThere** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-## Configure and test Azure AD single sign-on for GetThere
+## Configure and test Azure AD SSO for GetThere
Configure and test Azure AD SSO with GetThere using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in GetThere.
-To configure and test Azure AD SSO with GetThere, complete the following building blocks:
+To configure and test Azure AD SSO with GetThere, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature. 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
To configure and test Azure AD SSO with GetThere, complete the following buildin
Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **GetThere** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **GetThere** application integration page, find the **Manage** section and select **single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
-1. On the **Set up single sign-on with SAML** page, enter the values for the following fields:
+1. On the **Set up single sign-on with SAML** page, perform the following steps:
- a. In the **Identifier** text box, type a URL:
+ a. In the **Identifier** text box, type one of the following URLs:
- ```http
- getthere.com
- http://idp.getthere.com
- ```
+ | **Identifier** |
+ ||
+ | `getthere.com` |
+ | `http://idp.getthere.com` |
- b. In the **Reply URL** text box, type any one of the below URLs:
+ b. In the **Reply URL** text box, type one of the following URLs:
- ```http
- https://wx1.getthere.net/login/saml/post.act
- https://gtx2-gcte2.getthere.net/login/saml/post.act
- https://gtx2-gcte2.getthere.net/login/saml/ssoaasvalidate.act
- https://wx1.getthere.net/login/saml/ssoaavalidate.act
- ```
+ | **Reply URL** |
+ |--|
+ | `https://wx1.getthere.net/login/saml/post.act` |
+ | `https://gtx2-gcte2.getthere.net/login/saml/post.act` |
+ | `https://gtx2-gcte2.getthere.net/login/saml/ssoaasvalidate.act` |
+ | `https://wx1.getthere.net/login/saml/ssoaavalidate.act` |
1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section, find **Certificate (Base64)** and select **Download** to download the certificate and save it on your computer.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **GetThere**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen. 1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen. 1. In the **Add Assignment** dialog, click the **Assign** button.
In this section, you create a user called B.Simon in GetThere. Work with [GetTh
## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
-
-When you click the GetThere tile in the Access Panel, you should be automatically signed in to the GetThere for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
-
-## Additional resources
+In this section, you test your Azure AD single sign-on configuration with following options.
-- [ List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](./tutorial-list.md)
+* Click on Test this application in Azure portal and you should be automatically signed in to the GetThere for which you set up the SSO.
-- [What is application access and single sign-on with Azure Active Directory? ](../manage-apps/what-is-single-sign-on.md)
+* You can use Microsoft My Apps. When you click the GetThere tile in the My Apps, you should be automatically signed in to the GetThere for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+## Next steps
-- [Try GetThere with Azure AD](https://aad.portal.azure.com/)
+Once you configure GetThere you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Hrworks Single Sign On Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/hrworks-single-sign-on-tutorial.md
Previously updated : 05/26/2021 Last updated : 07/29/2021
Follow these steps to enable Azure AD SSO in the Azure portal.
`https://login.hrworks.de/?companyId=<COMPANY_ID>&directssologin=true` > [!NOTE]
- > The value is not real. Update the value with the actual Sign-On URL. Contact [HRworks Single Sign-On Client support team](mailto:nadja.sommerfeld@hrworks.de) to get the value. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+ > The value is not real. Update the value with the actual Sign-On URL. Contact [HRworks Single Sign-On Client support team](https://www.hrworks.de/dienstleistungen/support/) to get the value. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section, find **Federation Metadata XML** and select **Download** to download the certificate and save it on your computer.
active-directory Iamip Patent Platform Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/iamip-patent-platform-tutorial.md
Previously updated : 02/10/2020 Last updated : 07/28/2021
In this tutorial, you'll learn how to integrate IamIP Patent Platform with Azure
* Enable your users to be automatically signed-in to IamIP Patent Platform with their Azure AD accounts. * Manage your accounts in one central location: the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [Single sign-on to applications in Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
- ## Prerequisites To get started, you need the following items:
To get started, you need the following items:
In this tutorial, you'll configure and test Azure AD SSO in a test environment.
-IamIP Patent Platform supports SP-initiated and IDP-initiated SSO.
-
-After you configure the IamIP Patent Platform, you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session controls extend from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
-
+* IamIP Patent Platform supports SP-initiated and IDP-initiated SSO.
## Add IamIP Patent Platform from the gallery To configure the integration of IamIP Patent Platform into Azure AD, you need to add IamIP Patent Platform from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) with a work or school account or with a personal Microsoft account.
+1. Sign in to the Azure portal with a work or school account or with a personal Microsoft account.
1. In the left pane, select **Azure Active Directory**. 1. Go to **Enterprise applications** and then select **All Applications**. 1. To add new application, select **New application**.
To configure the integration of IamIP Patent Platform into Azure AD, you need to
You'll configure and test Azure AD SSO with IamIP Patent Platform by using a test user named B.Simon. For SSO to work, you need to establish a link relationship between an Azure AD user and the corresponding user in IamIP Patent Platform.
-To configure and test Azure AD SSO with IamIP Patent Platform, you'll take these high-level steps:
+To configure and test Azure AD SSO with IamIP Patent Platform, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** to enable your users to use the feature.
- * **[Create an Azure AD test user](#create-an-azure-ad-test-user)** to test Azure AD single sign-on.
- * **[Grant access to the test user](#grant-access-to-the-test-user)** to enable the user to use Azure AD single sign-on.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** to test Azure AD single sign-on.
+ 1. **[Grant access to the test user](#grant-access-to-the-test-user)** to enable the user to use Azure AD single sign-on.
1. **[Configure IamIP Patent Platform SSO](#configure-iamip-patent-platform-sso)** on the application side.
- * **[Create an IamIP Patent Platform test user](#create-iamip-patent-platform-test-user)** as a counterpart to the Azure AD representation of the user.
+ 1. **[Create IamIP Patent Platform test user](#create-iamip-patent-platform-test-user)** as a counterpart to the Azure AD representation of the user.
1. **[Test SSO](#test-sso)** to verify that the configuration works.
To configure and test Azure AD SSO with IamIP Patent Platform, you'll take these
Follow these steps to enable Azure AD SSO in the Azure portal:
-1. In the [Azure portal](https://portal.azure.com/), on the **IamIP Patent Platform** application integration page, in the **Manage** section, select **single sign-on**.
+1. In the Azure portal, on the **IamIP Patent Platform** application integration page, in the **Manage** section, select **single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**. 1. On the **Set up Single Sign-On with SAML** page, select the pencil button for **Basic SAML Configuration** to edit the settings:
Follow these steps to enable Azure AD SSO in the Azure portal:
1. In the **Basic SAML Configuration** section, if you have a Service Provider metadata file and want to configure SSO in IDP-initiated mode, take these steps:
- a. Select **Upload metadata file**:
+ a. Select **Upload metadata file**.
![Upload metadata file](common/upload-metadata.png)
- b. Select the folder button, select the metadata file, and then select **Upload**:
+ b. Select the folder button, select the metadata file, and then select **Upload**.
![Folder and Upload buttons](common/browse-upload-metadata.png)
- c. After the metadata file uploads, the **Identifier** and **Reply URL** values automatically populate in the **Basic SAML Configuration** section:
-
- ![Identifier and Reply URL values](common/idp-intiated.png)
+ c. After the metadata file uploads, the **Identifier** and **Reply URL** values automatically populate in the **Basic SAML Configuration** section.
> [!Note] > If the **Identifier** and **Reply URL** values aren't automatically populated, supply the values manually according to your requirements. 1. Select **Set additional URLs** and complete the following step if you want to configure the application in SP-initiated mode:
- In the **Sign-on URL** box, enter
- **https:\//patents.iamip.com/login-user**.
+ In the **Sign-on URL** box, type the URL:
+ `https://patents.iamip.com/login-user`.
-1. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, select the **Download** link for **Certificate (Raw)** to download the certificate and save it on your computer:
+1. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, select the **Download** link for **Certificate (Raw)** to download the certificate and save it on your computer.
![Certificate download link](common/certificateraw.png)
-1. In the **Set up IamIP Patent Platform** section, copy the appropriate URL or URLs, based on your requirements:
+1. In the **Set up IamIP Patent Platform** section, copy the appropriate URL or URLs, based on your requirements.
![Copy configuration URLs](common/idp-intiated.png))
In this section, you'll enable B.Simon to use Azure single sign-on by granting t
1. In the Azure portal, select **Enterprise applications**, and then select **All applications**. 1. In the applications list, select **IamIP Patent Platform**. 1. On the app's overview page, in the **Manage** section, select **Users and groups**:-
- ![Select Users and groups](common/users-groups-blade.png)
-
-1. Select **Add user**, and then select **Users and groups** in the **Add Assignment** dialog box:
-
- ![Select Add user](common/add-assign-user.png)
-
+1. Select **Add user**, and then select **Users and groups** in the **Add Assignment** dialog box.
1. In the **Users and groups** dialog box, select **B.Simon** in the **Users** list, and then click the **Select** button at the bottom of the screen. 1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog box, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen. 1. In the **Add Assignment** dialog box, select the **Assign** button.
Work with the [IamIP Patent Platform support team](mailto:info@iamip.com) to ad
## Test SSO
-In this section, you'll test your Azure AD SSO configuration by using Access Panel.
+In this section, you test your Azure AD single sign-on configuration with following options.
+
+#### SP initiated:
-When you select the IamIP Patent Platform tile in Access Panel, you should be automatically signed in to the IamIP Patent Platform instance for which you set up SSO. For more information about Access Panel, see [Introduction to Access Panel](../user-help/my-apps-portal-end-user-access.md).
+* Click on **Test this application** in Azure portal. This will redirect to IamIP Patent Platform Sign on URL where you can initiate the login flow.
-## Additional resources
+* Go to IamIP Patent Platform Sign-on URL directly and initiate the login flow from there.
-- [Tutorials on how to integrate SaaS apps with Azure Active Directory](./tutorial-list.md)
+#### IDP initiated:
-- [What is application access and single sign-on with Azure Active Directory? ](../manage-apps/what-is-single-sign-on.md)
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the IamIP Patent Platform for which you set up the SSO.
-- [What is Conditional Access in Azure Active Directory?](../conditional-access/overview.md)
+You can also use Microsoft My Apps to test the application in any mode. When you click the IamIP Patent Platform tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the IamIP Patent Platform for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [Try IamIP Patent Platform with Azure AD](https://aad.portal.azure.com/)
+## Next steps
-- [What is session control in Microsoft Cloud App Security?](/cloud-app-security/proxy-intro-aad)
+Once you configure IamIP Patent Platform you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Kemp Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/kemp-tutorial.md
Previously updated : 02/04/2021 Last updated : 07/30/2021
To get started, you need the following items:
* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/). * Kemp LoadMaster Azure AD integration single sign-on (SSO) enabled subscription.
+> [!NOTE]
+> This integration is also available to use from Azure AD US Government Cloud environment. You can find this application in the Azure AD US Government Cloud Application Gallery and configure it in the same way as you do from public cloud.
+ ## Scenario description In this tutorial, you configure and test Azure AD SSO in a test environment.
-* Kemp LoadMaster Azure AD integration supports **IDP** initiated SSO
+* Kemp LoadMaster Azure AD integration supports **IDP** initiated SSO.
## Add Kemp LoadMaster Azure AD integration from the gallery
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
### Import IdP certificate
-Go to Kemp LoadMaster Azure AD integration Web Console
+Go to Kemp LoadMaster Azure AD integration Web Console.
1. Click Intermediate Certificates under Certificates and Authority.
Go to Manage SSO under Virtual Services.
### Set Authentication
-On Kemp LoadMaster Azure AD integration Web Console
+On Kemp LoadMaster Azure AD integration Web Console.
1. Click on Virtual Services.
On Kemp LoadMaster Azure AD integration Web Console
### Verify the changes
-Browse to the application URL
+Browse to the application URL.
You should see your tenanted login page instead of unauthenticated access previously.
active-directory Michigan Data Hub Single Sign On Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/michigan-data-hub-single-sign-on-tutorial.md
Previously updated : 07/23/2020 Last updated : 07/30/2021
In this tutorial, you'll learn how to integrate Michigan Data Hub Single Sign-On
* Enable your users to be automatically signed-in to Michigan Data Hub Single Sign-On with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
- ## Prerequisites To get started, you need the following items:
To get started, you need the following items:
* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/). * Michigan Data Hub Single Sign-On single sign-on (SSO) enabled subscription.
+> [!NOTE]
+> This integration is also available to use from Azure AD US Government Cloud environment. You can find this application in the Azure AD US Government Cloud Application Gallery and configure it in the same way as you do from public cloud.
+ ## Scenario description In this tutorial, you configure and test Azure AD SSO in a test environment.
-* Michigan Data Hub Single Sign-On supports **SP** initiated SSO
-* Once you configure Michigan Data Hub Single Sign-On you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
+* Michigan Data Hub Single Sign-On supports **SP** initiated SSO.
+
+> [!NOTE]
+> Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
-## Adding Michigan Data Hub Single Sign-On from the gallery
+## Add Michigan Data Hub Single Sign-On from the gallery
To configure the integration of Michigan Data Hub Single Sign-On into Azure AD, you need to add Michigan Data Hub Single Sign-On from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**. 1. In the **Add from the gallery** section, type **Michigan Data Hub Single Sign-On** in the search box. 1. Select **Michigan Data Hub Single Sign-On** from results panel and then add the app. Wait a few seconds while the app is added to your tenant. - ## Configure and test Azure AD SSO for Michigan Data Hub Single Sign-On Configure and test Azure AD SSO with Michigan Data Hub Single Sign-On using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Michigan Data Hub Single Sign-On.
-To configure and test Azure AD SSO with Michigan Data Hub Single Sign-On, complete the following building blocks:
+To configure and test Azure AD SSO with Michigan Data Hub Single Sign-On, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature. 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
To configure and test Azure AD SSO with Michigan Data Hub Single Sign-On, comple
Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **Michigan Data Hub Single Sign-On** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **Michigan Data Hub Single Sign-On** application integration page, find the **Manage** section and select **single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
-1. On the **Basic SAML Configuration** section, enter the values for the following fields:
+1. On the **Basic SAML Configuration** section, perform the following step:
In the **Sign-on URL** text box, type the URL: `https://launchpad.midatahub.org`
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **Michigan Data Hub Single Sign-On**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen. 1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen. 1. In the **Add Assignment** dialog, click the **Assign** button.
In this section, you create a user called B.Simon in Michigan Data Hub Single Si
## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
-
-When you click the Michigan Data Hub Single Sign-On tile in the Access Panel, you should be automatically signed in to the Michigan Data Hub Single Sign-On for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
-
-## Additional resources
--- [ List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](./tutorial-list.md)
+In this section, you test your Azure AD single sign-on configuration with following options.
-- [What is application access and single sign-on with Azure Active Directory? ](../manage-apps/what-is-single-sign-on.md)
+* Click on **Test this application** in Azure portal. This will redirect to Michigan Data Hub Single Sign-On Sign-on URL where you can initiate the login flow.
-- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+* Go to Michigan Data Hub Single Sign-On Sign-on URL directly and initiate the login flow from there.
-- [Try Michigan Data Hub Single Sign-On with Azure AD](https://aad.portal.azure.com/)
+* You can use Microsoft My Apps. When you click the Michigan Data Hub Single Sign-On tile in the My Apps, this will redirect to Michigan Data Hub Single Sign-On Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is session control in Microsoft Cloud App Security?](/cloud-app-security/proxy-intro-aad)
+## Next steps
-- [How to protect Michigan Data Hub Single Sign-On with advanced visibility and controls](/cloud-app-security/proxy-intro-aad)
+Once you configure Michigan Data Hub Single Sign-On you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Panorays Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/panorays-tutorial.md
Previously updated : 11/03/2020 Last updated : 07/30/2021
To get started, you need the following items:
* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/). * Panorays single sign-on (SSO) enabled subscription.
+> [!NOTE]
+> This integration is also available to use from Azure AD US Government Cloud environment. You can find this application in the Azure AD US Government Cloud Application Gallery and configure it in the same way as you do from public cloud.
+ ## Scenario description In this tutorial, you configure and test Azure AD SSO in a test environment.
-* Panorays supports **SP and IDP** initiated SSO
-* Panorays supports **Just In Time** user provisioning
+* Panorays supports **SP and IDP** initiated SSO.
+* Panorays supports **Just In Time** user provisioning.
## Adding Panorays from the gallery
To configure the integration of Panorays into Azure AD, you need to add Panorays
1. In the **Add from the gallery** section, type **Panorays** in the search box. 1. Select **Panorays** from results panel and then add the app. Wait a few seconds while the app is added to your tenant. - ## Configure and test Azure AD SSO for Panorays Configure and test Azure AD SSO with Panorays using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Panorays.
Follow these steps to enable Azure AD SSO in the Azure portal.
1. In the Azure portal, on the **Panorays** application integration page, find the **Manage** section and select **single sign-on**. 1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
In this section, you test your Azure AD single sign-on configuration with follow
#### SP initiated:
-Go to [Panorays Sign-on URL](https://www.panoraysapp.com) directly and initiate the login flow from there.
+* Click on **Test this application** in Azure portal. This will redirect to Panorays Sign on URL where you can initiate the login flow.
-#### IDP initiated:
+* Go to Panorays Sign-on URL directly and initiate the login flow from there.
-* Click on **Test this application** in Azure portal and you should be automatically signed in to the Panorays for which you set up the SSO
+#### IDP initiated:
-You can also use Microsoft Access Panel to test the application in any mode. When you click the Panorays tile in the Access Panel, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Panorays for which you set up the SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the Panorays for which you set up the SSO.
+You can also use Microsoft My Apps to test the application in any mode. When you click the Panorays tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Panorays for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
## Next steps
-Once you configure Panorays you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
+Once you configure Panorays you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Prolorus Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/prolorus-tutorial.md
Previously updated : 10/28/2020 Last updated : 07/30/2021
To get started, you need the following items:
* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/). * A Prolorus single sign-on (SSO) enabled subscription.
+> [!NOTE]
+> This integration is also available to use from Azure AD US Government Cloud environment. You can find this application in the Azure AD US Government Cloud Application Gallery and configure it in the same way as you do from public cloud.
+ ## Scenario description In this tutorial, you configure and test Azure AD SSO in a test environment.
-* Prolorus supports **SP** initiated SSO
+* Prolorus supports **SP** initiated SSO.
## Adding Prolorus from the gallery
To configure the integration of Prolorus into Azure AD, you need to add Prolorus
1. In the **Add from the gallery** section, type **Prolorus** in the search box. 1. Select **Prolorus** from results panel and then add the app. Wait a few seconds while the app is added to your tenant. - ## Configure and test Azure AD SSO for Prolorus Configure and test Azure AD SSO with Prolorus using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Prolorus.
Follow these steps to enable Azure AD SSO in the Azure portal.
1. In the Azure portal, on the **Prolorus** application integration page, find the **Manage** section and select **single sign-on**. 1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
In this section, you create a user called Britta Simon in Prolorus. Work with th
In this section, you test your Azure AD single sign-on configuration with following options.
-1. Click on **Test this application** in Azure portal. This will redirect to Prolorus Sign-on URL where you can initiate the login flow.
+* Click on **Test this application** in Azure portal. This will redirect to Prolorus Sign-on URL where you can initiate the login flow.
-2. Go to Prolorus Sign-on URL directly and initiate the login flow from there.
+* Go to Prolorus Sign-on URL directly and initiate the login flow from there.
-3. You can use Microsoft Access Panel. When you click the Prolorus tile in the Access Panel, this will redirect to Prolorus Sign-on URL. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+* You can use Microsoft My Apps. When you click the Prolorus tile in the My Apps, this will redirect to Prolorus Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
## Next steps
active-directory Proxyclick Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/proxyclick-tutorial.md
Previously updated : 03/27/2019 Last updated : 07/27/2021 # Tutorial: Azure Active Directory integration with Proxyclick
-In this tutorial, you'll learn how to integrate Proxyclick with Azure Active Directory (Azure AD).
-This integration provides these benefits:
+In this tutorial, you'll learn how to integrate Proxyclick with Azure Active Directory (Azure AD). When you integrate Proxyclick with Azure AD, you can:
-* You can use Azure AD to control who has access to Proxyclick.
-* You can enable your users to be automatically signed in to Proxyclick (single sign-on) with their Azure AD accounts.
-* You can manage your accounts in one central location: the Azure portal.
-
-To learn more about SaaS app integration with Azure AD, see [Single sign-on to applications in Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
-
-If you don't have an Azure subscription, [create a free account](https://azure.microsoft.com/free/) before you begin.
+* Control in Azure AD who has access to Proxyclick.
+* Enable your users to be automatically signed-in to Proxyclick with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
## Prerequisites
-To configure Azure AD integration with Proxyclick, you need to have:
+To get started, you need the following items:
-* An Azure AD subscription. If you don't have an Azure AD environment, you can sign up for a [one-month trial](https://azure.microsoft.com/pricing/free-trial/).
-* A Proxyclick subscription that has single sign-on enabled.
+* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
+* Proxyclick single sign-on (SSO) enabled subscription.
## Scenario description
In this tutorial, you'll configure and test Azure AD single sign-on in a test en
## Add Proxyclick from the gallery
-To set up the integration of Proxyclick into Azure AD, you need to add Proxyclick from the gallery to your list of managed SaaS apps.
-
-1. In the [Azure portal](https://portal.azure.com), in the left pane, select **Azure Active Directory**:
-
- ![Select Azure Active Directory](common/select-azuread.png)
-
-2. Go to **Enterprise applications** > **All applications**:
-
- ![Enterprise applications blade](common/enterprise-applications.png)
-
-3. To add an application, select **New application** at the top of the window:
-
- ![Select New application](common/add-new-app.png)
-
-4. In the search box, enter **Proxyclick**. Select **Proxyclick** in the search results and then select **Add**.
-
- ![Search results](common/search-new-app.png)
-
-## Configure and test Azure AD single sign-on
-
-In this section, you'll configure and test Azure AD single sign-on with Proxyclick by using a test user named Britta Simon.
-To enable single sign-on, you need to establish a relationship between an Azure AD user and the corresponding user in Proxyclick.
-
-To configure and test Azure AD single sign-on with Proxyclick, you need to complete these steps:
-
-1. **[Configure Azure AD single sign-on](#configure-azure-ad-single-sign-on)** to enable the feature for your users.
-2. **[Configure Proxyclick single sign-on](#configure-proxyclick-single-sign-on)** on the application side.
-3. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** to test Azure AD single sign-on.
-4. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** to enable Azure AD single sign-on for the user.
-5. **[Create a Proxyclick test user](#create-a-proxyclick-test-user)** that's linked to the Azure AD representation of the user.
-6. **[Test single sign-on](#test-single-sign-on)** to verify that the configuration works.
+To configure the integration of Proxyclick into Azure AD, you need to add Proxyclick from the gallery to your list of managed SaaS apps.
-### Configure Azure AD single sign-on
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
+1. On the left navigation pane, select the **Azure Active Directory** service.
+1. Navigate to **Enterprise Applications** and then select **All Applications**.
+1. To add new application, select **New application**.
+1. In the **Add from the gallery** section, type **Proxyclick** in the search box.
+1. Select **Proxyclick** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-In this section, you'll enable Azure AD single sign-on in the Azure portal.
+## Configure and test Azure AD SSO for Proxyclick
-To configure Azure AD single sign-on with Proxyclick, take these steps:
+Configure and test Azure AD SSO with Proxyclick using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Proxyclick.
-1. In the [Azure portal](https://portal.azure.com/), on the Proxyclick application integration page, select **Single sign-on**:
+To configure and test Azure AD SSO with Proxyclick, perform the following steps:
- ![Select single sign-on](common/select-sso.png)
+1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure Proxyclick SSO](#configure-proxyclick-sso)** - to configure the single sign-on settings on application side.
+ 1. **[Create Proxyclick test user](#create-proxyclick-test-user)** - to have a counterpart of B.Simon in Proxyclick that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
-2. In the **Select a single sign-on method** dialog box, select **SAML/WS-Fed** mode to enable single sign-on:
+## Configure Azure AD SSO
- ![Select a single sign-on method](common/select-saml-option.png)
+Follow these steps to enable Azure AD SSO in the Azure portal.
-3. On the **Set up Single Sign-On with SAML** page, select the **Edit** icon to open the **Basic SAML Configuration** dialog box:
+1. In the Azure portal, on the **Proxyclick** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
- ![Edit icon](common/edit-urls.png)
+ ![Edit Basic SAML Configuration](common/edit-urls.png)
-4. In the **Basic SAML Configuration** dialog box, if you want to configure the application in IdP-initiated mode, take the following steps.
+4. In the **Basic SAML Configuration** dialog box, if you want to configure the application in IdP-initiated mode, perform the following steps.
+
+ a. In the **Identifier** box, type a URL using the following pattern:
+ `https://saml.proxyclick.com/init/<COMPANY_ID>`
- ![Basic SAML Configuration dialog box](common/idp-intiated.png)
+ b. In the **Reply URL** box, type a URL using the following pattern:
+ `https://saml.proxyclick.com/consume/<COMPANY_ID>`
- 1. In the **Identifier** box, enter a URL in this pattern:
+5. If you want to configure the application in SP-initiated mode, select **Set additional URLs**. In the **Sign on URL** textbox, type a URL using the following pattern:
- `https://saml.proxyclick.com/init/<companyId>`
-
- 1. In the **Reply URL** box, enter a URL in this pattern:
-
- `https://saml.proxyclick.com/consume/<companyId>`
-
-5. If you want to configure the application in SP-initiated mode, select **Set additional URLs**. In the **Sign on URL** box, enter a URL in this pattern:
-
- `https://saml.proxyclick.com/init/<companyId>`
-
- ![Proxyclick Domain and URLs single sign-on information](common/metadata-upload-additional-signon.png)
-
-
+ `https://saml.proxyclick.com/init/<COMPANY_ID>`
> [!NOTE]
- > These values are placeholders. You need to use the actual identifier, reply URL, and sign-on URL. Steps for getting these values are described later in this tutorial.
+ > These values are placeholders. You need to use the actual Identifier,Reply URL and Sign on URL. Steps for getting these values are described later in this tutorial.
6. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, select the **Download** link next to **Certificate (Base64)**, per your requirements, and save the certificate on your computer:
To configure Azure AD single sign-on with Proxyclick, take these steps:
![Copy the configuration URLs](common/copy-configuration-urls.png)
- 1. **Login URL**.
+### Create an Azure AD test user
- 1. **Azure AD Identifier**.
+In this section, you'll create a test user in the Azure portal called B.Simon.
- 1. **Logout URL**.
+1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
+1. Select **New user** at the top of the screen.
+1. In the **User** properties, follow these steps:
+ 1. In the **Name** field, enter `B.Simon`.
+ 1. In the **User name** field, enter the username@companydomain.extension. For example, `B.Simon@contoso.com`.
+ 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
+ 1. Click **Create**.
-### Configure Proxyclick single sign-on
+### Assign the Azure AD test user
+
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Proxyclick.
+
+1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
+1. In the applications list, select **Proxyclick**.
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
+1. In the **Add Assignment** dialog, click the **Assign** button.
+
+## Configure Proxyclick SSO
1. In a new web browser window, sign in to your Proxyclick company site as an admin.
-2. Select **Account & Settings**:
+2. Select **Account & Settings**.
- ![Select Account & Settings](./media/proxyclick-tutorial/configure1.png)
+ ![Select Account & Settings.](./media/proxyclick-tutorial/account.png)
-3. Scroll down to the **Integrations** section and select **SAML**:
+3. Scroll down to the **Integrations** section and select **SAML**.
- ![Select SAML](./media/proxyclick-tutorial/configure2.png)
+ ![Select SAML.](./media/proxyclick-tutorial/settings.png)
4. In the **SAML** section, take the following steps.
- ![SAML section](./media/proxyclick-tutorial/configure3.png)
+ ![SAML section](./media/proxyclick-tutorial/configuration.png)
1. Copy the **SAML Consumer URL** value and paste it into the **Reply URL** box in the **Basic SAML Configuration** dialog box in the Azure portal.
To configure Azure AD single sign-on with Proxyclick, take these steps:
1. Select **Save Changes**.
-### Create an Azure AD test user
-
-In this section, you'll create a test user named Britta Simon in the Azure portal.
-
-1. In the Azure portal, select **Azure Active Directory** in the left pane, select **Users**, and then select **All users**:
-
- ![Select All users](common/users.png)
-
-2. Select **New user** at the top of the screen:
-
- ![Select New user](common/new-user.png)
-
-3. In the **User** dialog box, take the following steps.
-
- ![User dialog box](common/user-properties.png)
-
- 1. In the **Name** box, enter **BrittaSimon**.
-
- 1. In the **User name** box, enter **BrittaSimon@\<yourcompanydomain>.\<extension>**. (For example, BrittaSimon@contoso.com.)
-
- 1. Select **Show Password**, and then write down the value that's in the **Password** box.
-
- 1. Select **Create**.
-
-### Assign the Azure AD test user
-
-In this section, you'll enable Britta Simon to use Azure single sign-on by granting her access to Proxyclick.
-
-1. In the Azure portal, select **Enterprise applications**, select **All applications**, and then select **Proxyclick**.
-
- ![Enterprise applications blade](common/enterprise-applications.png)
-
-2. In the list of applications, select **Proxyclick**.
-
- ![List of applications](common/all-applications.png)
-
-3. In the left pane, select **Users and groups**:
-
- ![Select Users and groups](common/users-groups-blade.png)
-
-4. Select **Add user**, and then select **Users and groups** in the **Add Assignment** dialog box.
-
- ![Select Add user](common/add-assign-user.png)
-
-5. In the **Users and groups** dialog box, select **Britta Simon** in the users list, and then click the **Select** button at the bottom of the window.
-
-6. If you expect a role value in the SAML assertion, in the **Select Role** dialog box, select the appropriate role for the user from the list. Click the **Select** button at the bottom of the window.
-
-7. In the **Add Assignment** dialog box, select **Assign**.
-
-### Create a Proxyclick test user
+### Create Proxyclick test user
To enable Azure AD users to sign in to Proxyclick, you need to add them to Proxyclick. You need to add them manually.
To create a user account, take these steps:
1. Sign in to your Proxyclick company site as an admin.
-1. Select **Colleagues** at the top of the window:
+1. Select **Colleagues** at the top of the window.
- ![Select Colleagues](./media/proxyclick-tutorial/user1.png)
+ ![Select Colleagues.](./media/proxyclick-tutorial/user.png)
-1. Select **Add Colleague**:
+1. Select **Add Colleague**.
- ![Select Add Colleague](./media/proxyclick-tutorial/user2.png)
+ ![Select Add Colleague.](./media/proxyclick-tutorial/add-user.png)
1. In the **Add a colleague** section, take the following steps.
- ![Add a colleague section](./media/proxyclick-tutorial/user3.png)
+ ![Add a colleague section.](./media/proxyclick-tutorial/create-user.png)
1. In the **Email** box, enter the email address of the user. In this case, **brittasimon\@contoso.com**.
To create a user account, take these steps:
1. Select **Add User**.
-### Test single sign-on
+## Test SSO
+
+In this section, you test your Azure AD single sign-on configuration with following options.
+
+#### SP initiated:
+
+* Click on **Test this application** in Azure portal. This will redirect to Proxyclick Sign on URL where you can initiate the login flow.
-Now you need to test your Azure AD single sign-on configuration by using the Access Panel.
+* Go to Proxyclick Sign-on URL directly and initiate the login flow from there.
-When you select the Proxyclick tile in the Access Panel, you should be automatically signed in to the Proxyclick instance for which you set up SSO. For more information about the Access Panel, see [Access and use apps on the My Apps portal](../user-help/my-apps-portal-end-user-access.md).
+#### IDP initiated:
-## Additional resources
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the Proxyclick for which you set up the SSO.
-- [Tutorials for integrating SaaS applications with Azure Active Directory](./tutorial-list.md)
+You can also use Microsoft My Apps to test the application in any mode. When you click the Proxyclick tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Proxyclick for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+## Next steps
-- [What is Conditional Access in Azure Active Directory?](../conditional-access/overview.md)
+Once you configure Proxyclick you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Rfpio Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/rfpio-tutorial.md
Previously updated : 04/14/2019 Last updated : 07/27/2021 # Tutorial: Azure Active Directory integration with RFPIO
-In this tutorial, you learn how to integrate RFPIO with Azure Active Directory (Azure AD).
-Integrating RFPIO with Azure AD provides you with the following benefits:
+In this tutorial, you'll learn how to integrate RFPIO with Azure Active Directory (Azure AD). When you integrate RFPIO with Azure AD, you can:
-* You can control in Azure AD who has access to RFPIO.
-* You can enable your users to be automatically signed-in to RFPIO (Single Sign-On) with their Azure AD accounts.
-* You can manage your accounts in one central location - the Azure portal.
-
-If you want to know more details about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
-If you don't have an Azure subscription, [create a free account](https://azure.microsoft.com/free/) before you begin.
+* Control in Azure AD who has access to RFPIO.
+* Enable your users to be automatically signed-in to RFPIO with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
## Prerequisites To configure Azure AD integration with RFPIO, you need the following items:
-* An Azure AD subscription. If you don't have an Azure AD environment, you can get a [free account](https://azure.microsoft.com/free/)
-* RFPIO single sign-on enabled subscription
+* An Azure AD subscription. If you don't have an Azure AD environment, you can get a [free account](https://azure.microsoft.com/free/).
+* RFPIO single sign-on enabled subscription.
## Scenario description In this tutorial, you configure and test Azure AD single sign-on in a test environment.
-* RFPIO supports **SP and IDP** initiated SSO
-
-## Adding RFPIO from the gallery
-
-To configure the integration of RFPIO into Azure AD, you need to add RFPIO from the gallery to your list of managed SaaS apps.
-
-**To add RFPIO from the gallery, perform the following steps:**
-
-1. In the **[Azure portal](https://portal.azure.com)**, on the left navigation panel, click **Azure Active Directory** icon.
-
- ![The Azure Active Directory button](common/select-azuread.png)
-
-2. Navigate to **Enterprise Applications** and then select the **All Applications** option.
-
- ![The Enterprise applications blade](common/enterprise-applications.png)
-
-3. To add new application, click **New application** button on the top of dialog.
-
- ![The New application button](common/add-new-app.png)
-
-4. In the search box, type **RFPIO**, select **RFPIO** from result panel then click **Add** button to add the application.
-
- ![RFPIO in the results list](common/search-new-app.png)
-
-## Configure and test Azure AD single sign-on
+* RFPIO supports **SP and IDP** initiated SSO.
-In this section, you configure and test Azure AD single sign-on with RFPIO based on a test user called **Britta Simon**.
-For single sign-on to work, a link relationship between an Azure AD user and the related user in RFPIO needs to be established.
+> [!NOTE]
+> Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
-To configure and test Azure AD single sign-on with RFPIO, you need to complete the following building blocks:
+## Add RFPIO from the gallery
-1. **[Configure Azure AD Single Sign-On](#configure-azure-ad-single-sign-on)** - to enable your users to use this feature.
-2. **[Configure RFPIO Single Sign-On](#configure-rfpio-single-sign-on)** - to configure the Single Sign-On settings on application side.
-3. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with Britta Simon.
-4. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
-5. **[Create RFPIO test user](#create-rfpio-test-user)** - to have a counterpart of Britta Simon in RFPIO that is linked to the Azure AD representation of user.
-6. **[Test single sign-on](#test-single-sign-on)** - to verify whether the configuration works.
-
-### Configure Azure AD single sign-on
+To configure the integration of RFPIO into Azure AD, you need to add RFPIO from the gallery to your list of managed SaaS apps.
-In this section, you enable Azure AD single sign-on in the Azure portal.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
+1. On the left navigation pane, select the **Azure Active Directory** service.
+1. Navigate to **Enterprise Applications** and then select **All Applications**.
+1. To add new application, select **New application**.
+1. In the **Add from the gallery** section, type **RFPIO** in the search box.
+1. Select **RFPIO** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-To configure Azure AD single sign-on with RFPIO, perform the following steps:
+## Configure and test Azure AD SSO for RFPIO
-1. In the [Azure portal](https://portal.azure.com/), on the **RFPIO** application integration page, select **Single sign-on**.
+Configure and test Azure AD SSO with RFPIO using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in RFPIO.
- ![Configure single sign-on link](common/select-sso.png)
+To configure and test Azure AD SSO with RFPIO, perform the following steps:
-2. On the **Select a Single sign-on method** dialog, select **SAML/WS-Fed** mode to enable single sign-on.
+1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure RFPIO SSO](#configure-rfpio-sso)** - to configure the single sign-on settings on application side.
+ 1. **[Create RFPIO test user](#create-rfpio-test-user)** - to have a counterpart of B.Simon in RFPIO that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
- ![Single sign-on select mode](common/select-saml-option.png)
+## Configure Azure AD SSO
-3. On the **Set up Single Sign-On with SAML** page, click **Edit** icon to open **Basic SAML Configuration** dialog.
+Follow these steps to enable Azure AD SSO in the Azure portal.
- ![Edit Basic SAML Configuration](common/edit-urls.png)
+1. In the Azure portal, on the **RFPIO** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
-4. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, perform the following step:
+ ![Edit Basic SAML Configuration](common/edit-urls.png)
- ![Screenshot shows the Basic SAML Configuration, where you can enter an Identifier.](common/idp-identifier.png)
+4. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, perform the following steps:
- a. In the **Identifier** text box, type a URL using the following pattern:
+ a. In the **Identifier** text box, type the URL:
`https://www.rfpio.com` b. Click **Set additional URLs**. c. In the **Relay State** textbox enter a string value. Contact [RFPIO support team](https://www.rfpio.com/contact/) to get this value.
- ![Screenshot shows Set additional U R Ls.](common/idp-preintegrated-relay.png)
- 5. Click **Set additional URLs** and perform the following step if you wish to configure the application in **SP** initiated mode:
- ![image](common/both-preintegrated-signon.png)
-
- In the **Sign-on URL** text box, type a URL using the following pattern:
+ In the **Sign-on URL** text box, type the URL:
`https://www.app.rfpio.com`
- > [!NOTE]
- > These values are not real. Update these values with the actual Identifier and Sign-on URL. Contact [RFPIO Client support team](https://www.rfpio.com/contact/) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
- 6. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, click **Download** to download the **Federation Metadata XML** from the given options as per your requirement and save it on your computer. ![The Certificate download link](common/metadataxml.png)
To configure Azure AD single sign-on with RFPIO, perform the following steps:
![Copy configuration URLs](common/copy-configuration-urls.png)
- a. Login URL
+### Create an Azure AD test user
- b. Azure AD Identifier
+In this section, you'll create a test user in the Azure portal called B.Simon.
- c. Logout URL
+1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
+1. Select **New user** at the top of the screen.
+1. In the **User** properties, follow these steps:
+ 1. In the **Name** field, enter `B.Simon`.
+ 1. In the **User name** field, enter the username@companydomain.extension. For example, `B.Simon@contoso.com`.
+ 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
+ 1. Click **Create**.
-### Configure RFPIO Single Sign-On
+### Assign the Azure AD test user
+
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to RFPIO.
+
+1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
+1. In the applications list, select **RFPIO**.
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
+1. In the **Add Assignment** dialog, click the **Assign** button.
+
+## Configure RFPIO SSO
1. In a different web browser window, sign in to the **RFPIO** website as an administrator. 1. Click on the bottom left corner dropdown.
- ![Screenshot shows the down arrow at the bottom of the pane.](./media/rfpio-tutorial/app1.png)
+ ![Screenshot shows the down arrow at the bottom of the pane.](./media/rfpio-tutorial/app.png)
1. Click on the **Organization Settings**.
- ![Screenshot shows Organization Settings selected.](./media/rfpio-tutorial/app2.png)
+ ![Screenshot shows Organization Settings selected.](./media/rfpio-tutorial/organization.png)
1. Click on the **FEATURES & INTEGRATION**.
- ![Screenshot shows Features and Integration selected from Settings.](./media/rfpio-tutorial/app4.png)
+ ![Screenshot shows Features and Integration selected from Settings.](./media/rfpio-tutorial/features.png)
1. In the **SAML SSO Configuration** Click **Edit**.
- ![Screenshot shows SAML S S O Configuration with the Edit button called out.](./media/rfpio-tutorial/app3.png)
+ ![Screenshot shows SAML S S O Configuration with the Edit button called out.](./media/rfpio-tutorial/edit-button.png)
1. In this Section perform following actions:
- ![CScreenshot shows SAML S S O Configuration with SAML enabled.](./media/rfpio-tutorial/app5.png)
+ ![Screenshot shows SAML S S O Configuration with SAML enabled.](./media/rfpio-tutorial/configuration.png)
a. Copy the content of the **Downloaded Metadata XML** and paste it into the **identity configuration** field. > [!NOTE]
- >To copy the content of downloaded **Federation Metadata XML** Use **Notepad++** or proper **XML Editor**.
+ > To copy the content of downloaded **Federation Metadata XML** Use **Notepad++** or proper **XML Editor**.
b. Click **Validate**.
To configure Azure AD single sign-on with RFPIO, perform the following steps:
d. Click **Submit**.
-### Create an Azure AD test user
-
-The objective of this section is to create a test user in the Azure portal called Britta Simon.
-
-1. In the Azure portal, in the left pane, select **Azure Active Directory**, select **Users**, and then select **All users**.
-
- ![The "Users and groups" and "All users" links](common/users.png)
-
-2. Select **New user** at the top of the screen.
-
- ![New user Button](common/new-user.png)
-
-3. In the User properties, perform the following steps.
-
- ![The User dialog box](common/user-properties.png)
-
- a. In the **Name** field enter **BrittaSimon**.
-
- b. In the **User name** field type `brittasimon@yourcompanydomain.extension`. For example, BrittaSimon@contoso.com
-
- c. Select **Show password** check box, and then write down the value that's displayed in the Password box.
-
- d. Click **Create**.
-
-### Assign the Azure AD test user
-
-In this section, you enable Britta Simon to use Azure single sign-on by granting access to RFPIO.
-
-1. In the Azure portal, select **Enterprise Applications**, select **All applications**, then select **RFPIO**.
-
- ![Enterprise applications blade](common/enterprise-applications.png)
-
-2. In the applications list, select **RFPIO**.
-
- ![The RFPIO link in the Applications list](common/all-applications.png)
-
-3. In the menu on the left, select **Users and groups**.
-
- ![The "Users and groups" link](common/users-groups-blade.png)
-
-4. Click the **Add user** button, then select **Users and groups** in the **Add Assignment** dialog.
-
- ![The Add Assignment pane](common/add-assign-user.png)
-
-5. In the **Users and groups** dialog select **Britta Simon** in the Users list, then click the **Select** button at the bottom of the screen.
-
-6. If you are expecting any role value in the SAML assertion then in the **Select Role** dialog select the appropriate role for the user from the list, then click the **Select** button at the bottom of the screen.
-
-7. In the **Add Assignment** dialog click the **Assign** button.
- ### Create RFPIO test user 1. Sign in to your RFPIO company site as an administrator. 1. Click on the bottom left corner dropdown.
- ![Screenshot shows the down arrow at the bottom of the pane.](./media/rfpio-tutorial/app1.png)
+ ![Screenshot shows the down arrow at the bottom of the pane.](./media/rfpio-tutorial/app.png)
1. Click on the **Organization Settings**.
- ![Screenshot shows Organization Settings selected.](./media/rfpio-tutorial/app2.png)
+ ![Screenshot shows Organization Settings selected.](./media/rfpio-tutorial/organization.png)
1. Click **TEAM MEMBERS**.
- ![Screenshot shows Team Members selected from Settings.](./media/rfpio-tutorial/app6.png)
+ ![Screenshot shows Team Members selected from Settings.](./media/rfpio-tutorial/members.png)
1. Click on **ADD MEMBERS**.
- ![Screenshot shows the Add Members button.](./media/rfpio-tutorial/app7.png)
+ ![Screenshot shows the Add Members button.](./media/rfpio-tutorial/add-members.png)
1. In the **Add New Members** section. Perform following actions:
- ![Screenshot shows Add New Members where you can enter the values described.](./media/rfpio-tutorial/app8.png)
+ ![Screenshot shows Add New Members where you can enter the values described.](./media/rfpio-tutorial/new-members.png)
a. Enter **Email address** in the **Enter one email per line** field.
In this section, you enable Britta Simon to use Azure single sign-on by granting
> [!NOTE] > The Azure Active Directory account holder receives an email and follows a link to confirm their account before it becomes active.
-### Test single sign-on
+## Test SSO
+
+In this section, you test your Azure AD single sign-on configuration with following options.
+
+#### SP initiated:
+
+* Click on **Test this application** in Azure portal. This will redirect to RFPIO Sign on URL where you can initiate the login flow.
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+* Go to RFPIO Sign-on URL directly and initiate the login flow from there.
-When you click the RFPIO tile in the Access Panel, you should be automatically signed in to the RFPIO for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+#### IDP initiated:
-## Additional Resources
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the RFPIO for which you set up the SSO.
-- [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](./tutorial-list.md)
+You can also use Microsoft My Apps to test the application in any mode. When you click the RFPIO tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the RFPIO for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+## Next steps
-- [What is Conditional Access in Azure Active Directory?](../conditional-access/overview.md)
+Once you configure RFPIO you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Smarteru Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/smarteru-tutorial.md
Previously updated : 03/19/2019 Last updated : 07/27/2021 # Tutorial: Azure Active Directory integration with SmarterU
> [!NOTE] > The process for integrating SmarterU with Azure Active Directory is also documented and maintained in the [SmarterU help system](https://help.smarteru.com/ID2053086).
-In this tutorial, you learn how to integrate SmarterU with Azure Active Directory (Azure AD).
-Integrating SmarterU with Azure AD provides you with the following benefits:
+In this tutorial, you'll learn how to integrate SmarterU with Azure Active Directory (Azure AD). When you integrate SmarterU with Azure AD, you can:
-* You can control in Azure AD who has access to SmarterU.
-* You can enable your users to be automatically signed-in to SmarterU (Single Sign-On) with their Azure AD accounts.
-* You can manage your accounts in one central location - the Azure portal.
-
-If you want to know more details about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
-If you don't have an Azure subscription, [create a free account](https://azure.microsoft.com/free/) before you begin.
+* Control in Azure AD who has access to SmarterU.
+* Enable your users to be automatically signed-in to SmarterU with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
## Prerequisites
-To configure Azure AD integration with SmarterU, you need the following items:
+To get started, you need the following items:
-* An Azure AD subscription. If you don't have an Azure AD environment, you can get one-month trial [here](https://azure.microsoft.com/pricing/free-trial/)
-* SmarterU single sign-on enabled subscription
+* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
+* SmarterU single sign-on (SSO) enabled subscription.
## Scenario description In this tutorial, you configure and test Azure AD single sign-on in a test environment.
-* SmarterU supports **IDP** initiated SSO
-
-## Adding SmarterU from the gallery
-
-To configure the integration of SmarterU into Azure AD, you need to add SmarterU from the gallery to your list of managed SaaS apps.
-
-**To add SmarterU from the gallery, perform the following steps:**
-
-1. In the **[Azure portal](https://portal.azure.com)**, on the left navigation panel, click **Azure Active Directory** icon.
-
- ![The Azure Active Directory button](common/select-azuread.png)
-
-2. Navigate to **Enterprise Applications** and then select the **All Applications** option.
-
- ![The Enterprise applications blade](common/enterprise-applications.png)
-
-3. To add a new application, click **New application** button on the top of dialog.
-
- ![The New application button](common/add-new-app.png)
-
-4. In the search box, type **SmarterU**, select **SmarterU** from result panel then click **Add** button to add the application.
-
- ![SmarterU in the results list](common/search-new-app.png)
+* SmarterU supports **IDP** initiated SSO.
-## Configure and test Azure AD single sign-on
-
-In this section, you configure and test Azure AD single sign-on with SmarterU based on a test user called **Britta Simon**.
-For single sign-on to work, a link relationship between an Azure AD user and the related user in SmarterU needs to be established.
-
-To configure and test Azure AD single sign-on with SmarterU, you need to complete the following building blocks:
+> [!NOTE]
+> Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
-1. **[Configure Azure AD Single Sign-On](#configure-azure-ad-single-sign-on)** - to enable your users to use this feature.
-2. **[Configure SmarterU Single Sign-On](#configure-smarteru-single-sign-on)** - to configure the Single Sign-On settings on application side.
-3. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with Britta Simon.
-4. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
-5. **[Create SmarterU test user](#create-smarteru-test-user)** - to have a counterpart of Britta Simon in SmarterU that is linked to the Azure AD representation of user.
-6. **[Test single sign-on](#test-single-sign-on)** - to verify whether the configuration works.
+## Add SmarterU from the gallery
-### Configure Azure AD single sign-on
+To configure the integration of SmarterU into Azure AD, you need to add SmarterU from the gallery to your list of managed SaaS apps.
-In this section, you enable Azure AD single sign-on in the Azure portal.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
+1. On the left navigation pane, select the **Azure Active Directory** service.
+1. Navigate to **Enterprise Applications** and then select **All Applications**.
+1. To add new application, select **New application**.
+1. In the **Add from the gallery** section, type **SmarterU** in the search box.
+1. Select **SmarterU** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-To configure Azure AD single sign-on with SmarterU, perform the following steps:
+## Configure and test Azure AD SSO for SmarterU
-1. In the [Azure portal](https://portal.azure.com/), on the **SmarterU** application integration page, select **Single sign-on**.
+Configure and test Azure AD SSO with SmarterU using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in SmarterU.
- ![Configure single sign-on link](common/select-sso.png)
+To configure and test Azure AD SSO with SmarterU, perform the following steps:
-2. On the **Select a Single sign-on method** dialog, select **SAML/WS-Fed** mode to enable single sign-on.
+1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure SmarterU SSO](#configure-smarteru-sso)** - to configure the single sign-on settings on application side.
+ 1. **[Create SmarterU test user](#create-smarteru-test-user)** - to have a counterpart of B.Simon in SmarterU that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
- ![Single sign-on select mode](common/select-saml-option.png)
+## Configure Azure AD SSO
-3. On the **Set up Single Sign-On with SAML** page, click **Edit** icon to open **Basic SAML Configuration** dialog.
+Follow these steps to enable Azure AD SSO in the Azure portal.
- ![Edit Basic SAML Configuration](common/edit-urls.png)
+1. In the Azure portal, on the **SmarterU** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
-4. On the **Basic SAML Configuration** section, perform the following steps:
+ ![Edit Basic SAML Configuration](common/edit-urls.png)
- ![SmarterU Domain and URLs single sign-on information](common/idp-identifier.png)
+4. On the **Basic SAML Configuration** section, perform the following step:
In the **Identifier** text box, type the URL: `https://www.smarteru.com/`
To configure Azure AD single sign-on with SmarterU, perform the following steps:
![Copy configuration URLs](common/copy-configuration-urls.png)
- a. Login URL
+### Create an Azure AD test user
+
+In this section, you'll create a test user in the Azure portal called B.Simon.
- b. Azure AD Identifier
+1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
+1. Select **New user** at the top of the screen.
+1. In the **User** properties, follow these steps:
+ 1. In the **Name** field, enter `B.Simon`.
+ 1. In the **User name** field, enter the username@companydomain.extension. For example, `B.Simon@contoso.com`.
+ 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
+ 1. Click **Create**.
- c. Logout URL
+### Assign the Azure AD test user
+
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to SmarterU.
+
+1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
+1. In the applications list, select **SmarterU**.
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
+1. In the **Add Assignment** dialog, click the **Assign** button.
-### Configure SmarterU Single Sign-On
+## Configure SmarterU SSO
1. In a different web browser window, sign in to your SmarterU company site as an administrator. 1. In the toolbar on the top, click **Account Settings**.
- ![Account Settings](./media/smarteru-tutorial/accountsettings.png)
+ ![Account Settings](./media/smarteru-tutorial/settings.png)
1. On the account configuration page, perform the following steps:
- ![External Authorization](./media/smarteru-tutorial/externalauthorizationconfiguration.png)
+ ![External Authorization](./media/smarteru-tutorial/configuration.png)
a. Select **Enable External Authorization**.
To configure Azure AD single sign-on with SmarterU, perform the following steps:
g. Click **Save**.
-### Create an Azure AD test user
-
-The objective of this section is to create a test user in the Azure portal called Britta Simon.
-
-1. In the Azure portal, in the left pane, select **Azure Active Directory**, select **Users**, and then select **All users**.
-
- ![The "Users and groups" and "All users" links](common/users.png)
-
-2. Select **New user** at the top of the screen.
-
- ![New user Button](common/new-user.png)
-
-3. In the User properties, perform the following steps.
-
- ![The User dialog box](common/user-properties.png)
-
- a. In the **Name** field enter **BrittaSimon**.
-
- b. In the **User name** field type **brittasimon@yourcompanydomain.extension**
- For example, BrittaSimon@contoso.com
-
- c. Select **Show password** check box, and then write down the value that's displayed in the Password box.
-
- d. Click **Create**.
-
-### Assign the Azure AD test user
-
-In this section, you enable Britta Simon to use Azure single sign-on by granting access to SmarterU.
-
-1. In the Azure portal, select **Enterprise Applications**, select **All applications**, then select **SmarterU**.
-
- ![Enterprise applications blade](common/enterprise-applications.png)
-
-2. In the applications list, select **SmarterU**.
-
- ![The SmarterU link in the Applications list](common/all-applications.png)
-
-3. In the menu on the left, select **Users and groups**.
-
- ![The "Users and groups" link](common/users-groups-blade.png)
-
-4. Click the **Add user** button, then select **Users and groups** in the **Add Assignment** dialog.
-
- ![The Add Assignment pane](common/add-assign-user.png)
-
-5. In the **Users and groups** dialog select **Britta Simon** in the Users list, then click the **Select** button at the bottom of the screen.
-
-6. If you are expecting any role value in the SAML assertion then in the **Select Role** dialog select the appropriate role for the user from the list, then click the **Select** button at the bottom of the screen.
-
-7. In the **Add Assignment** dialog click the **Assign** button.
- ### Create SmarterU test user To enable Azure AD users to sign in to SmarterU, they must be provisioned into SmarterU. In the case of SmarterU, provisioning is a manual task.
To enable Azure AD users to sign in to SmarterU, they must be provisioned into S
1. In the user section, perform the following steps:
- ![New User](./media/smarteru-tutorial/adduser.png)
+ ![New User](./media/smarteru-tutorial/add-user.png)
a. Click **+User**.
To enable Azure AD users to sign in to SmarterU, they must be provisioned into S
> [!NOTE] > You can use any other SmarterU user account creation tools or APIs provided by SmarterU to provision Azure AD user accounts.
-### Test single sign-on
-
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+## Test SSO
-When you click the SmarterU tile in the Access Panel, you should be automatically signed in to the SmarterU for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+In this section, you test your Azure AD single sign-on configuration with following options.
-## Additional Resources
+* Click on Test this application in Azure portal and you should be automatically signed in to the SmarterU for which you set up the SSO.
-- [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](./tutorial-list.md)
+* You can use Microsoft My Apps. When you click the SmarterU tile in the My Apps, you should be automatically signed in to the SmarterU for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+## Next steps
-- [What is Conditional Access in Azure Active Directory?](../conditional-access/overview.md)
+Once you configure SmarterU you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Syxsense Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/syxsense-tutorial.md
Previously updated : 02/07/2020 Last updated : 07/29/2021
In this tutorial, you'll learn how to integrate Syxsense with Azure Active Direc
* Enable your users to be automatically signed-in to Syxsense with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
- ## Prerequisites To get started, you need the following items:
To get started, you need the following items:
In this tutorial, you configure and test Azure AD SSO in a test environment.
-* Syxsense supports **SP and IDP** initiated SSO
-* Once you configure the Syxsense you can enforce session controls, which protect exfiltration and infiltration of your organizationΓÇÖs sensitive data in real-time. Session controls extend from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
+* Syxsense supports **SP and IDP** initiated SSO.
-## Adding Syxsense from the gallery
+## Add Syxsense from the gallery
To configure the integration of Syxsense into Azure AD, you need to add Syxsense from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**. 1. In the **Add from the gallery** section, type **Syxsense** in the search box. 1. Select **Syxsense** from results panel and then add the app. Wait a few seconds while the app is added to your tenant. -
-## Configure and test Azure AD single sign-on for Syxsense
+## Configure and test Azure AD SSO for Syxsense
Configure and test Azure AD SSO with Syxsense using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Syxsense.
-To configure and test Azure AD SSO with Syxsense, complete the following building blocks:
+To configure and test Azure AD SSO with Syxsense, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
- * **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
- * **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
1. **[Configure Syxsense SSO](#configure-syxsense-sso)** - to configure the single sign-on settings on application side.
- * **[Create Syxsense test user](#create-syxsense-test-user)** - to have a counterpart of B.Simon in Syxsense that is linked to the Azure AD representation of user.
+ 1. **[Create Syxsense test user](#create-syxsense-test-user)** - to have a counterpart of B.Simon in Syxsense that is linked to the Azure AD representation of user.
1. **[Test SSO](#test-sso)** - to verify whether the configuration works. ## Configure Azure AD SSO Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **Syxsense** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **Syxsense** application integration page, find the **Manage** section and select **single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
-1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, enter the values for the following fields:
+1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, perform the following steps:
a. In the **Identifier** text box, type a URL using the following pattern: `https://<SUBDOMAIN>.cloudmanagementsuite.com/Saml2`
Follow these steps to enable Azure AD SSO in the Azure portal.
`https://<SUBDOMAIN>.cloudmanagementsuite.com/Saml2/Acs` > [!NOTE]
- > These values are not real. Update these values with the actual Identifier, Reply URL and Sign-on URL. Contact [Syxsense Client support team](mailto:DevTeam@syxsense.com) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+ > These values are not real. Update these values with the actual Identifier and Reply URL. Contact [Syxsense Client support team](mailto:DevTeam@syxsense.com) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
1. Syxsense application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **Syxsense**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen. 1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen. 1. In the **Add Assignment** dialog, click the **Assign** button.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. Click on the **Settings Icon**.
- ![Screenshot shows the Settings icon.](./media/syxsense-tutorial/configure1.png)
+ ![Screenshot shows the Settings icon.](./media/syxsense-tutorial/settings.png)
1. Click on the **External Authentication** and provide the **App Federation Metadata Url** value into the **SAML2.0 Metadata** textbox and click on **Save**.
- ![Screenshot shows External Authentication page where you can enter the App Federation Metadata U R L value.](./media/syxsense-tutorial/configure2.png)
+ ![Screenshot shows External Authentication page where you can enter the App Federation Metadata U R L value.](./media/syxsense-tutorial/metadata.png)
### Create Syxsense test user
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. Click on **User Accounts** from the left navigation panel.
- ![Screenshot shows User Accounts selected from the navigation panel.](./media/syxsense-tutorial/user1.png)
+ ![Screenshot shows User Accounts selected from the navigation panel.](./media/syxsense-tutorial/user.png)
1. Click **Add**.
- ![Screenshot shows the User Accounts pane where you can select Add.](./media/syxsense-tutorial/user2.png)
+ ![Screenshot shows the User Accounts pane where you can select Add.](./media/syxsense-tutorial/add-user.png)
1. Provide the user details according to your organization requirements and click **Save**.
- ![Screenshot shows page where you can enter your information.](./media/syxsense-tutorial/user3.png)
+ ![Screenshot shows page where you can enter your information.](./media/syxsense-tutorial/user-account.png)
## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+In this section, you test your Azure AD single sign-on configuration with following options.
-When you click the Syxsense tile in the Access Panel, you should be automatically signed in to the Syxsense for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+#### SP initiated:
-## Additional resources
+* Click on **Test this application** in Azure portal. This will redirect to Syxsense Sign on URL where you can initiate the login flow.
-- [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](./tutorial-list.md)
+* Go to Syxsense Sign-on URL directly and initiate the login flow from there.
-- [What is application access and single sign-on with Azure Active Directory? ](../manage-apps/what-is-single-sign-on.md)
+#### IDP initiated:
-- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the Syxsense for which you set up the SSO.
-- [Try Syxsense with Azure AD](https://aad.portal.azure.com/)
+You can also use Microsoft My Apps to test the application in any mode. When you click the Syxsense tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Syxsense for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is session control in Microsoft Cloud App Security?](/cloud-app-security/proxy-intro-aad)
+## Next steps
-- [How to protect Syxsense with advanced visibility and controls](/cloud-app-security/proxy-intro-aad)
+Once you configure Syxsense you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Trakstar Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/trakstar-tutorial.md
Previously updated : 04/02/2019 Last updated : 07/27/2021 # Tutorial: Azure Active Directory integration with Trakstar
-In this tutorial, you learn how to integrate Trakstar with Azure Active Directory (Azure AD).
-Integrating Trakstar with Azure AD provides you with the following benefits:
+In this tutorial, you'll learn how to integrate Trakstar with Azure Active Directory (Azure AD). When you integrate Trakstar with Azure AD, you can:
-* You can control in Azure AD who has access to Trakstar.
-* You can enable your users to be automatically signed-in to Trakstar (Single Sign-On) with their Azure AD accounts.
-* You can manage your accounts in one central location - the Azure portal.
-
-If you want to know more details about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
-If you don't have an Azure subscription, [create a free account](https://azure.microsoft.com/free/) before you begin.
+* Control in Azure AD who has access to Trakstar.
+* Enable your users to be automatically signed-in to Trakstar with their Azure AD accounts.
+* Manage your accounts in one central location - the Azure portal.
## Prerequisites To configure Azure AD integration with Trakstar, you need the following items:
-* An Azure AD subscription. If you don't have an Azure AD environment, you can get a [free account](https://azure.microsoft.com/free/)
-* Trakstar single sign-on enabled subscription
-* SSO is a paid feature in Trakstar. To enable it for your organization, reach out to [Trakstar Client support team](mailto:support@trakstar.com).
-
+* An Azure AD subscription. If you don't have an Azure AD environment, you can get a [free account](https://azure.microsoft.com/free/).
+* Trakstar single sign-on enabled subscription.
+* SSO is a paid feature in Trakstar. To enable it for your organization, reach out to [Trakstar Client support team](mailto:support@trakstar.com).
## Scenario description In this tutorial, you configure and test Azure AD single sign-on in a test environment.
-* Trakstar supports **SP** initiated SSO
-
-## Adding Trakstar from the gallery
-
-To configure the integration of Trakstar into Azure AD, you need to add Trakstar from the gallery to your list of managed SaaS apps.
-
-**To add Trakstar from the gallery, perform the following steps:**
-
-1. In the **[Azure portal](https://portal.azure.com)**, on the left navigation panel, click **Azure Active Directory** icon.
-
- ![The Azure Active Directory button](common/select-azuread.png)
-
-2. Navigate to **Enterprise Applications** and then select the **All Applications** option.
-
- ![The Enterprise applications blade](common/enterprise-applications.png)
+* Trakstar supports **SP** initiated SSO.
-3. To add new application, click **New application** button on the top of dialog.
+> [!NOTE]
+> Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
- ![The New application button](common/add-new-app.png)
+## Add Trakstar from the gallery
-4. In the search box, type **Trakstar**, select **Trakstar** from result panel then click **Add** button to add the application.
-
- ![Trakstar in the results list](common/search-new-app.png)
-
-## Configure and test Azure AD single sign-on
-
-In this section, you configure and test Azure AD single sign-on with Trakstar based on a test user called **Britta Simon**.
-For single sign-on to work, a link relationship between an Azure AD user and the related user in Trakstar needs to be established.
-
-To configure and test Azure AD single sign-on with Trakstar, you need to complete the following building blocks:
-
-1. **[Configure Azure AD Single Sign-On](#configure-azure-ad-single-sign-on)** - to enable your users to use this feature.
-2. **[Configure Trakstar Single Sign-On](#configure-trakstar-single-sign-on)** - to configure the Single Sign-On settings on application side.
-3. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with Britta Simon.
-4. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
-5. **[Create Trakstar test user](#create-trakstar-test-user)** - to have a counterpart of Britta Simon in Trakstar that is linked to the Azure AD representation of user.
-6. **[Test single sign-on](#test-single-sign-on)** - to verify whether the configuration works.
+To configure the integration of Trakstar into Azure AD, you need to add Trakstar from the gallery to your list of managed SaaS apps.
-### Configure Azure AD single sign-on
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
+1. On the left navigation pane, select the **Azure Active Directory** service.
+1. Navigate to **Enterprise Applications** and then select **All Applications**.
+1. To add new application, select **New application**.
+1. In the **Add from the gallery** section, type **Trakstar** in the search box.
+1. Select **Trakstar** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
-In this section, you enable Azure AD single sign-on in the Azure portal.
+## Configure and test Azure AD SSO for Trakstar
-To configure Azure AD single sign-on with Trakstar, perform the following steps:
+Configure and test Azure AD SSO with Trakstar using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Trakstar.
-1. In the [Azure portal](https://portal.azure.com/), on the **Trakstar** application integration page, select **Single sign-on**.
+To configure and test Azure AD SSO with Trakstar, perform the following steps:
- ![Configure single sign-on link](common/select-sso.png)
+1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature.
+ 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
+ 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
+1. **[Configure Trakstar SSO](#configure-trakstar-sso)** - to configure the single sign-on settings on application side.
+ 1. **[Create Trakstar test user](#create-trakstar-test-user)** - to have a counterpart of B.Simon in Trakstar that is linked to the Azure AD representation of user.
+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
-2. On the **Select a Single sign-on method** dialog, select **SAML/WS-Fed** mode to enable single sign-on.
+## Configure Azure AD SSO
- ![Single sign-on select mode](common/select-saml-option.png)
+Follow these steps to enable Azure AD SSO in the Azure portal.
-3. On the **Set up Single Sign-On with SAML** page, click **Edit** icon to open **Basic SAML Configuration** dialog.
+1. In the Azure portal, on the **Trakstar** application integration page, find the **Manage** section and select **single sign-on**.
+1. On the **Select a single sign-on method** page, select **SAML**.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
- ![Edit Basic SAML Configuration](common/edit-urls.png)
+ ![Edit Basic SAML Configuration](common/edit-urls.png)
4. On the **Basic SAML Configuration** section, perform the following steps:
- ![Trakstar Domain and URLs single sign-on information](common/sp-identifier.png)
-
- a. In the **Sign-on URL** textbox, copy the value found in the **ACS (Consumer) URL** within Trakstar (Settings > Authentication & SSO) in the format: `https://app.trakstar.com/auth/saml/callback?namespace=<YOUR_NAMESPACE>`
+ a. In the **Sign on URL** textbox, copy the value found in the **ACS (Consumer) URL** within Trakstar (Settings > Authentication & SSO) in the format: `https://app.trakstar.com/auth/saml/callback?namespace=<YOUR_NAMESPACE>`
b. In the **Identifier (Entity ID)** text box, leave the default: `https://app.trakstar.com` > [!NOTE]
- > These values are not real. Update these values with the actual Sign-On URL and Identifier. Sign into Trakstar as an Administrator to get these values.
+ > These values are not real. Update these values with the actual Sign On URL. Sign into Trakstar as an Administrator to get these values.
> If you don't see the "Authentication & SSO" tab within Settings, you might not have the feature. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal. 5. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, click **Download** to download the **Certificate (Base64)** from the given options as per your requirement and save it on your computer.
To configure Azure AD single sign-on with Trakstar, perform the following steps:
![Copy configuration URLs](common/copy-configuration-urls.png)
- a. Login URL
-
- b. Azure AD Identifier
-
- c. Logout URL
-
-### Configure Trakstar Single Sign-On
-
-To configure single sign-on on **Trakstar** side, you need to sign in as an Administrator and enter the content of downloaded **Certificate (Base64)** and appropriate copied URLs from Azure portal. They set this setting to have the SAML SSO connection set properly on both sides.
- ### Create an Azure AD test user
-The objective of this section is to create a test user in the Azure portal called Britta Simon.
-
-1. In the Azure portal, in the left pane, select **Azure Active Directory**, select **Users**, and then select **All users**.
-
- ![The "Users and groups" and "All users" links](common/users.png)
-
-2. Select **New user** at the top of the screen.
-
- ![New user Button](common/new-user.png)
-
-3. In the User properties, perform the following steps.
-
- ![The User dialog box](common/user-properties.png)
-
- a. In the **Name** field enter **BrittaSimon**.
-
- b. In the **User name** field type brittasimon@yourcompanydomain.extension. For example, BrittaSimon@contoso.com
+In this section, you'll create a test user in the Azure portal called B.Simon.
- c. Select **Show password** check box, and then write down the value that's displayed in the Password box.
-
- d. Click **Create**.
+1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
+1. Select **New user** at the top of the screen.
+1. In the **User** properties, follow these steps:
+ 1. In the **Name** field, enter `B.Simon`.
+ 1. In the **User name** field, enter the username@companydomain.extension. For example, `B.Simon@contoso.com`.
+ 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
+ 1. Click **Create**.
### Assign the Azure AD test user
-In this section, you enable Britta Simon to use Azure single sign-on by granting access to Trakstar.
-
-1. In the Azure portal, select **Enterprise Applications**, select **All applications**, then select **Trakstar**.
-
- ![Enterprise applications blade](common/enterprise-applications.png)
-
-2. In the applications list, select **Trakstar**.
-
- ![The Trakstar link in the Applications list](common/all-applications.png)
+In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Trakstar.
-3. In the menu on the left, select **Users and groups**.
+1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
+1. In the applications list, select **Trakstar**.
+1. In the app's overview page, find the **Manage** section and select **Users and groups**.
+1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
+1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
+1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
+1. In the **Add Assignment** dialog, click the **Assign** button.
- ![The "Users and groups" link](common/users-groups-blade.png)
+## Configure Trakstar SSO
-4. Click the **Add user** button, then select **Users and groups** in the **Add Assignment** dialog.
-
- ![The Add Assignment pane](common/add-assign-user.png)
-
-5. In the **Users and groups** dialog select **Britta Simon** in the Users list, then click the **Select** button at the bottom of the screen.
-
-6. If you are expecting any role value in the SAML assertion then in the **Select Role** dialog select the appropriate role for the user from the list, then click the **Select** button at the bottom of the screen.
-
-7. In the **Add Assignment** dialog click the **Assign** button.
+To configure single sign-on on **Trakstar** side, you need to sign in as an Administrator and enter the content of downloaded **Certificate (Base64)** and appropriate copied URLs from Azure portal. They set this setting to have the SAML SSO connection set properly on both sides.
### Create Trakstar test user In this section, you create a user called Britta Simon in Trakstar. Work with Trakstar Administrator to add the users in the Trakstar platform. Users must be created and activated before you use single sign-on.
-### Test single sign-on
+## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+In this section, you test your Azure AD single sign-on configuration with following options.
-When you click the Trakstar tile in the Access Panel, you should be automatically signed in to the Trakstar for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+* Click on **Test this application** in Azure portal. This will redirect to Trakstar Sign-on URL where you can initiate the login flow.
-## Additional Resources
+* Go to Trakstar Sign-on URL directly and initiate the login flow from there.
-- [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](./tutorial-list.md)
+* You can use Microsoft My Apps. When you click the Trakstar tile in the My Apps, this will redirect to Trakstar Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
+## Next steps
-- [What is Conditional Access in Azure Active Directory?](../conditional-access/overview.md)
+Once you configure Trakstar you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Web Cargo Air Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/web-cargo-air-tutorial.md
Previously updated : 09/24/2020 Last updated : 07/29/2021
To get started, you need the following items:
In this tutorial, you configure and test Azure AD SSO in a test environment.
-* Web Cargo Air supports **SP** initiated SSO
+* Web Cargo Air supports **SP** initiated SSO.
-
-## Adding Web Cargo Air from the gallery
+## Add Web Cargo Air from the gallery
To configure the integration of Web Cargo Air into Azure AD, you need to add Web Cargo Air from the gallery to your list of managed SaaS apps.
To configure the integration of Web Cargo Air into Azure AD, you need to add Web
1. In the **Add from the gallery** section, type **Web Cargo Air** in the search box. 1. Select **Web Cargo Air** from results panel and then add the app. Wait a few seconds while the app is added to your tenant. - ## Configure and test Azure AD SSO for Web Cargo Air Configure and test Azure AD SSO with Web Cargo Air using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Web Cargo Air.
Follow these steps to enable Azure AD SSO in the Azure portal.
1. In the Azure portal, on the **Web Cargo Air** application integration page, find the **Manage** section and select **single sign-on**. 1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
-1. On the **Basic SAML Configuration** section, enter the values for the following fields:
-
- a. In the **Sign on URL** text box, type a URL using the following pattern:
- `https://<SUBDOMAIN>.webcargonet.com`
+1. On the **Basic SAML Configuration** section, perform the following steps:
- b. In the **Identifier (Entity ID)** text box, type a URL using the following pattern:
+ a. In the **Identifier (Entity ID)** text box, type a URL using the following pattern:
`https://<SUBDOMAIN>.webcargonet.com`
- c. In the **Reply URL** text box, type a URL using the following pattern:
+ b. In the **Reply URL** text box, type a URL using the following pattern:
`https://<SUBDOMAIN>.webcargonet.com/saml-sso`
+ c. In the **Sign on URL** text box, type a URL using the following pattern:
+ `https://<SUBDOMAIN>.webcargonet.com`
+ > [!NOTE]
- > These values are not real. Update these values with the actual Sign on URL, Identifier and Reply URL. Contact [Web Cargo Air Client support team](mailto:support@webcargonet.com) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+ > These values are not real. Update these values with the actual Identifier,Reply URL and Sign on URL. Contact [Web Cargo Air Client support team](mailto:support@webcargonet.com) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
1. On the **Set-up single sign-on with SAML** page, in the **SAML Signing Certificate** section, find **Certificate (Base64)** and select **Download** to download the certificate and save it on your computer.
In this section, you create a user called Britta Simon in Web Cargo Air. Work wi
In this section, you test your Azure AD single sign-on configuration with following options.
-1. Click on **Test this application** in Azure portal. This will redirect to Web Cargo Air Sign-on URL where you can initiate the login flow.
+* Click on **Test this application** in Azure portal. This will redirect to Web Cargo Air Sign-on URL where you can initiate the login flow.
-2. Go to Web Cargo Air Sign-on URL directly and initiate the login flow from there.
+* Go to Web Cargo Air Sign-on URL directly and initiate the login flow from there.
-3. You can use Microsoft Access Panel. When you click the Web Cargo Air tile in the Access Panel, this will redirect to Web Cargo Air Sign-on URL. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+* You can use Microsoft My Apps. When you click the Web Cargo Air tile in the My Apps, this will redirect to Web Cargo Air Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
## Next steps
-Once you configure Web Cargo Air you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
+Once you configure Web Cargo Air you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
active-directory Wirewheel Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/wirewheel-tutorial.md
Previously updated : 08/04/2020 Last updated : 07/29/2021
In this tutorial, you'll learn how to integrate WireWheel with Azure Active Dire
* Enable your users to be automatically signed-in to WireWheel with their Azure AD accounts. * Manage your accounts in one central location - the Azure portal.
-To learn more about SaaS app integration with Azure AD, see [What is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md).
- ## Prerequisites To get started, you need the following items:
To get started, you need the following items:
In this tutorial, you configure and test Azure AD SSO in a test environment.
-* WireWheel supports **SP and IDP** initiated SSO
-* WireWheel supports **Just In Time** user provisioning
-* Once you configure WireWheel you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
+* WireWheel supports **SP and IDP** initiated SSO.
+* WireWheel supports **Just In Time** user provisioning.
-## Adding WireWheel from the gallery
+## Add WireWheel from the gallery
To configure the integration of WireWheel into Azure AD, you need to add WireWheel from the gallery to your list of managed SaaS apps.
-1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account, or a personal Microsoft account.
+1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
1. On the left navigation pane, select the **Azure Active Directory** service. 1. Navigate to **Enterprise Applications** and then select **All Applications**. 1. To add new application, select **New application**. 1. In the **Add from the gallery** section, type **WireWheel** in the search box. 1. Select **WireWheel** from results panel and then add the app. Wait a few seconds while the app is added to your tenant. - ## Configure and test Azure AD SSO for WireWheel Configure and test Azure AD SSO with WireWheel using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in WireWheel.
-To configure and test Azure AD SSO with WireWheel, complete the following building blocks:
+To configure and test Azure AD SSO with WireWheel, perform the following steps:
1. **[Configure Azure AD SSO](#configure-azure-ad-sso)** - to enable your users to use this feature. 1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
To configure and test Azure AD SSO with WireWheel, complete the following buildi
Follow these steps to enable Azure AD SSO in the Azure portal.
-1. In the [Azure portal](https://portal.azure.com/), on the **WireWheel** application integration page, find the **Manage** section and select **single sign-on**.
+1. In the Azure portal, on the **WireWheel** application integration page, find the **Manage** section and select **single sign-on**.
1. On the **Select a single sign-on method** page, select **SAML**.
-1. On the **Set up single sign-on with SAML** page, click the edit/pen icon for **Basic SAML Configuration** to edit the settings.
+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.
![Edit Basic SAML Configuration](common/edit-urls.png)
-1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, enter the values for the following fields:
+1. On the **Basic SAML Configuration** section, if you wish to configure the application in **IDP** initiated mode, perform the following steps:
a. In the **Identifier** text box, type a URL using the following pattern: `https://<ENVIRONMENT_NAME>.wirewheel.io/sso/<CUSTOM_IDENTIFIER>`
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**. 1. In the applications list, select **WireWheel**. 1. In the app's overview page, find the **Manage** section and select **Users and groups**.-
- ![The "Users and groups" link](common/users-groups-blade.png)
- 1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.-
- ![The Add User link](common/add-assign-user.png)
- 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen. 1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog, select the appropriate role for the user from the list and then click the **Select** button at the bottom of the screen. 1. In the **Add Assignment** dialog, click the **Assign** button.
In this section, a user called Britta Simon is created in WireWheel. WireWheel s
## Test SSO
-In this section, you test your Azure AD single sign-on configuration using the Access Panel.
+In this section, you test your Azure AD single sign-on configuration with following options.
-When you click the WireWheel tile in the Access Panel, you should be automatically signed in to the WireWheel for which you set up SSO. For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/my-apps-portal-end-user-access.md).
+#### SP initiated:
-## Additional resources
+* Click on **Test this application** in Azure portal. This will redirect to WireWheel Sign on URL where you can initiate the login flow.
-- [ List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory ](./tutorial-list.md)
+* Go to WireWheel Sign-on URL directly and initiate the login flow from there.
-- [What is application access and single sign-on with Azure Active Directory? ](../manage-apps/what-is-single-sign-on.md)
+#### IDP initiated:
-- [What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the WireWheel for which you set up the SSO.
-- [Try WireWheel with Azure AD](https://aad.portal.azure.com/)
+You can also use Microsoft My Apps to test the application in any mode. When you click the WireWheel tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the WireWheel for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
-- [What is session control in Microsoft Cloud App Security?](/cloud-app-security/proxy-intro-aad)
+## Next steps
-- [How to protect WireWheel with advanced visibility and controls](/cloud-app-security/proxy-intro-aad)
+Once you configure WireWheel you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).
api-management Api Management Configuration Repository Git https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/api-management/api-management-configuration-repository-git.md
To view and configure your Git configuration settings, you can click the **Deplo
> >
-For information on enabling or disabling Git access using the REST API, see [Enable or disable Git access using the REST API](/rest/api/apimanagement/2019-12-01/tenantaccess?EnableGit).
+For information on enabling or disabling Git access using the REST API, see [Enable or disable Git access using the REST API](/rest/api/apimanagement/2020-12-01/tenant-access?EnableGit).
## To save the service configuration to the Git repository
After a few moments the configuration is saved, and the configuration status of
Once the configuration is saved to the repository, it can be cloned.
-For information on performing this operation using the REST API, see [Commit configuration snapshot using the REST API](/rest/api/apimanagement/2019-12-01/tenantaccess?CommitSnapshot).
+For information on performing this operation using the REST API, see [Commit configuration snapshot using the REST API](/rest/api/apimanagement/2020-12-01/tenant-access?CommitSnapshot).
## To clone the repository to your local machine
git push
Once your local changes are committed and pushed to the server repository, you can deploy them to your API Management service instance.
-For information on performing this operation using the REST API, see [Deploy Git changes to configuration database using the REST API](/rest/api/apimanagement/2019-12-01/tenantconfiguration).
+For information on performing this operation using the REST API, see [Deploy Git changes to configuration database using the REST API](/rest/api/apimanagement/2020-12-01/tenant-configuration).
## File and folder structure reference of local Git repository
These files can be created, deleted, edited, and managed on your local file syst
> [!NOTE] > The following entities are not contained in the Git repository and cannot be configured using Git. >
-> * [Users](/rest/api/apimanagement/2019-12-01/user)
-> * [Subscriptions](/rest/api/apimanagement/2019-12-01/subscription)
+> * [Users](/rest/api/apimanagement/2020-12-01/user)
+> * [Subscriptions](/rest/api/apimanagement/2020-12-01/subscription)
> * Named Values > * Developer portal entities other than styles >
The final setting, `$ref-policy`, maps to the global policy statements file for
### apis folder The `apis` folder contains a folder for each API in the service instance, which contains the following items.
-* `apis\<api name>\configuration.json` - this is the configuration for the API and contains information about the backend service URL and the operations. This is the same information that would be returned if you were to call [Get a specific API](/rest/api/apimanagement/2019-12-01/apis/get) with `export=true` in `application/json` format.
+* `apis\<api name>\configuration.json` - this is the configuration for the API and contains information about the backend service URL and the operations. This is the same information that would be returned if you were to call [Get a specific API](/rest/api/apimanagement/2020-12-01/apis/get) with `export=true` in `application/json` format.
* `apis\<api name>\api.description.html` - this is the description of the API and corresponds to the `description` property of the [API entity](/java/api/com.microsoft.azure.storage.table.entityproperty). * `apis\<api name>\operations\` - this folder contains `<operation name>.description.html` files that map to the operations in the API. Each file contains the description of a single operation in the API, which maps to the `description` property of the [operation entity](/rest/api/visualstudio/operations/list#operationproperties) in the REST API. ### groups folder The `groups` folder contains a folder for each group defined in the service instance.
-* `groups\<group name>\configuration.json` - this is the configuration for the group. This is the same information that would be returned if you were to call the [Get a specific group](/rest/api/apimanagement/2019-12-01/group/get) operation.
+* `groups\<group name>\configuration.json` - this is the configuration for the group. This is the same information that would be returned if you were to call the [Get a specific group](/rest/api/apimanagement/2020-12-01/group/get) operation.
* `groups\<group name>\description.html` - this is the description of the group and corresponds to the `description` property of the [group entity](/rest/api/apimanagement/apimanagementrest/azure-api-management-rest-api-group-entity). ### policies folder
The `portalStyles` folder contains configuration and style sheets for developer
### products folder The `products` folder contains a folder for each product defined in the service instance.
-* `products\<product name>\configuration.json` - this is the configuration for the product. This is the same information that would be returned if you were to call the [Get a specific product](/rest/api/apimanagement/2019-12-01/product/get) operation.
+* `products\<product name>\configuration.json` - this is the configuration for the product. This is the same information that would be returned if you were to call the [Get a specific product](/rest/api/apimanagement/2020-12-01/product/get) operation.
* `products\<product name>\product.description.html` - this is the description of the product and corresponds to the `description` property of the [product entity](/rest/api/apimanagement/apimanagementrest/azure-api-management-rest-api-product-entity) in the REST API. ### templates
api-management Api Management Howto Configure Notifications https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/api-management/api-management-howto-configure-notifications.md
Each email template has a subject in plain text, and a body definition in HTML f
The **Parameters** list contains a list of parameters, which when inserted into the subject or body, will be replaced the designated value when the email is sent. To insert a parameter, place the cursor where you wish the parameter to go, and click the arrow to the left of the parameter name.
-> [!NOTE]
-> The parameters are not replaced with actual values when previewing or sending a test.
- To save the changes to the email template, click **Save**, or to cancel the changes click **Discard**. [api-management-management-console]: ./media/api-management-howto-configure-notifications/api-management-management-console.png
api-management Api Management Howto Create Or Invite Developers https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/api-management/api-management-howto-create-or-invite-developers.md
# How to manage user accounts in Azure API Management
-In API Management, developers are the users of the APIs that you expose using API Management. This guide shows how to create and invite developers to use the APIs and products that you make available to them with your API Management instance. For information on managing user accounts programmatically, see the [User entity](/rest/api/apimanagement/2019-12-01/user) documentation in the [API Management REST](/rest/api/apimanagement/) reference.
+In API Management, developers are the users of the APIs that you expose using API Management. This guide shows how to create and invite developers to use the APIs and products that you make available to them with your API Management instance. For information on managing user accounts programmatically, see the [User entity](/rest/api/apimanagement/2020-12-01/user) documentation in the [API Management REST](/rest/api/apimanagement/) reference.
[!INCLUDE [premium-dev-standard-basic.md](../../includes/api-management-availability-premium-dev-standard-basic.md)]
api-management Api Management Howto Disaster Recovery Backup Restore https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/api-management/api-management-howto-disaster-recovery-backup-restore.md
where:
- `subscriptionId` - ID of the subscription that holds the API Management service you're trying to back up - `resourceGroupName` - name of the resource group of your Azure API Management service - `serviceName` - the name of the API Management service you're making a backup of specified at the time of its creation-- `api-version` - replace with `2019-12-01`
+- `api-version` - replace with `2020-12-01`
In the body of the request, specify the target Azure storage account name, access key, blob container name, and backup name:
where:
- `subscriptionId` - ID of the subscription that holds the API Management service you're restoring a backup into - `resourceGroupName` - name of the resource group that holds the Azure API Management service you're restoring a backup into - `serviceName` - the name of the API Management service being restored into specified at its creation time-- `api-version` - replace with `api-version=2019-12-01`
+- `api-version` - replace with `api-version=2020-12-01`
In the body of the request, specify the backup file location. That is, add the Azure storage account name, access key, blob container name, and backup name:
api-management Api Management Howto Log Event Hubs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/api-management/api-management-howto-log-event-hubs.md
This article is a companion to the [Integrate Azure API Management with Event Hu
For detailed steps on how to create an event hub and get connection strings that you need to send and receive events to and from the Event Hub, see [Create an Event Hubs namespace and an event hub using the Azure portal](../event-hubs/event-hubs-create.md). ## Create an API Management logger
-Now that you have an Event Hub, the next step is to configure a [Logger](/rest/api/apimanagement/2019-12-01/logger) in your API Management service so that it can log events to the Event Hub.
+Now that you have an Event Hub, the next step is to configure a [Logger](/rest/api/apimanagement/2020-12-01/logger) in your API Management service so that it can log events to the Event Hub.
-API Management loggers are configured using the [API Management REST API](/rest/api/apimanagement/ApiManagementREST/API-Management-REST). For detailed request examples, see [how to create Loggers](/rest/api/apimanagement/2019-12-01/logger/createorupdate).
+API Management loggers are configured using the [API Management REST API](/rest/api/apimanagement/ApiManagementREST/API-Management-REST). For detailed request examples, see [how to create Loggers](/rest/api/apimanagement/2020-12-01/logger/create-or-update).
## Configure log-to-eventhub policies
You can preview the log in Event Hubs by using [Azure Stream Analytics queries](
* [Receive messages with EventProcessorHost](../event-hubs/event-hubs-dotnet-standard-getstarted-send.md) * [Event Hubs programming guide](../event-hubs/event-hubs-programming-guide.md) * Learn more about API Management and Event Hubs integration
- * [Logger entity reference](/rest/api/apimanagement/2019-12-01/logger)
+ * [Logger entity reference](/rest/api/apimanagement/2020-12-01/logger)
* [log-to-eventhub policy reference](./api-management-advanced-policies.md#log-to-eventhub) * [Monitor your APIs with Azure API Management, Event Hubs, and Moesif](api-management-log-to-eventhub-sample.md) * Learn more about [integration with Azure Application Insights](api-management-howto-app-insights.md)
You can preview the log in Event Hubs by using [Azure Stream Analytics queries](
[receiving-policy]: ./media/api-management-howto-log-event-hubs/receiving-policy.png [sending-policy]: ./media/api-management-howto-log-event-hubs/sending-policy.png [event-hub-policy]: ./media/api-management-howto-log-event-hubs/event-hub-policy.png
-[add-policy]: ./media/api-management-howto-log-event-hubs/add-policy.png
+[add-policy]: ./media/api-management-howto-log-event-hubs/add-policy.png
api-management Api Management Howto Mutual Certificates For Clients https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/api-management/api-management-howto-mutual-certificates-for-clients.md
For more information, see [API Management access restriction policies](api-manag
You can also create policy expressions with the [`context` variable](api-management-policy-expressions.md#ContextVariables) to check client certificates. Examples in the following sections show expressions using the `context.Request.Certificate` property and other `context` properties. > [!IMPORTANT]
-> Starting May 2021, the `context.Request.Certificate` property only requests the certificate when the API Management instance's [`hostnameConfiguration`](/rest/api/apimanagement/2019-12-01/apimanagementservice/createorupdate#hostnameconfiguration) sets the `negotiateClientCertificate` property to True. By default, `negotiateClientCertificate` is set to False.
+> Starting May 2021, the `context.Request.Certificate` property only requests the certificate when the API Management instance's [`hostnameConfiguration`](/rest/api/apimanagement/2020-12-01/api-management-service/create-or-update#hostnameconfiguration) sets the `negotiateClientCertificate` property to True. By default, `negotiateClientCertificate` is set to False.
### Checking the issuer and subject
api-management Api Management Howto Setup Delegation https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/api-management/api-management-howto-setup-delegation.md
For more information on delegation, see the following video:
[Delegating developer sign in and sign up]: #delegate-signin-up [Delegating product subscription]: #delegate-product-subscription
-[Request a shared access token]: /rest/api/apimanagement/2019-12-01/user/getsharedaccesstoken
-[create a user]: /rest/api/apimanagement/2019-12-01/user/createorupdate
-[calling the REST API for subscriptions]: /rest/api/apimanagement/2019-12-01/subscription/createorupdate
+[Request a shared access token]: /rest/api/apimanagement/2020-12-01/user/get-shared-access-token
+[create a user]: /rest/api/apimanagement/2020-12-01/user/create-or-update
+[calling the REST API for subscriptions]: /rest/api/apimanagement/2020-12-01/subscription/create-or-update
[Next steps]: #next-steps [example code provided below]: #delegate-example-code
api-management Api Management Howto Use Managed Service Identity https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/api-management/api-management-howto-use-managed-service-identity.md
For example, a complete Azure Resource Manager template might look like the foll
"$schema": "https://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#", "contentVersion": "0.9.0.0", "resources": [{
- "apiVersion": "2019-01-01",
+ "apiVersion": "2020-01-01",
"name": "contoso", "type": "Microsoft.ApiManagement/service", "location": "[resourceGroup().location]",
The following example shows an Azure Resource Manager template that contains the
"apimServiceIdentityResourceId": "[concat(resourceId('Microsoft.ApiManagement/service', variables('apiManagementServiceName')),'/providers/Microsoft.ManagedIdentity/Identities/default')]" }, "resources": [{
- "apiVersion": "2019-01-01",
+ "apiVersion": "2020-01-01",
"name": "[variables('apiManagementServiceName')]", "type": "Microsoft.ApiManagement/service", "location": "[resourceGroup().location]",
For example, a complete Azure Resource Manager template might look like the foll
"$schema": "https://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#", "contentVersion": "0.9.0.0", "resources": [{
- "apiVersion": "2019-12-01",
+ "apiVersion": "2020-12-01",
"name": "contoso", "type": "Microsoft.ApiManagement/service", "location": "[resourceGroup().location]",
api-management Api Management Using With Vnet https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/api-management/api-management-using-with-vnet.md
When an API Management service instance is hosted in a VNET, the ports in the fo
To address connectivity issues, review [Common network configuration issues](#network-configuration-issues) and fix required network settings. * **Incremental Updates:**
- When making changes to your network, refer to [NetworkStatus API](/rest/api/apimanagement/2019-12-01/networkstatus) to verify that the API Management service has not lost access to critical resources. The connectivity status should be updated every 15 minutes.
+ When making changes to your network, refer to [NetworkStatus API](/rest/api/apimanagement/2020-12-01/network-status) to verify that the API Management service has not lost access to critical resources. The connectivity status should be updated every 15 minutes.
* **Resource Navigation Links:** When deploying into a Resource Manager VNET subnet with API version 2020-12-01 and earlier, API Management reserves the subnet by creating a resource navigation link. If the subnet already contains a resource from a different provider, deployment will **fail**. Similarly, when you delete an API Management service, or move it to a different subnet, the resource navigation link will be removed.
app-service App Service Key Vault References https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/app-service-key-vault-references.md
An example pseudo-template for a function app might look like the following:
``` > [!NOTE]
-> In this example, the source control deployment depends on the application settings. This is normally unsafe behavior, as the app setting update behaves asynchronously. However, because we have included the `WEBSITE_ENABLE_SYNC_UPDATE_SITE` application setting, the update is synchronous. This means that the source control deployment will only begin once the application settings have been fully updated.
+> In this example, the source control deployment depends on the application settings. This is normally unsafe behavior, as the app setting update behaves asynchronously. However, because we have included the `WEBSITE_ENABLE_SYNC_UPDATE_SITE` application setting, the update is synchronous. This means that the source control deployment will only begin once the application settings have been fully updated. For more app settings, see [Environment variables and app settings in Azure App Service](reference-app-settings.md).
## Troubleshooting Key Vault References
app-service App Service Web Tutorial Connect Msi https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/app-service-web-tutorial-connect-msi.md
services.AddDbContext<MyDatabaseContext>(options =>
SqlAuthenticationProvider.SetProvider( SqlAuthenticationMethod.ActiveDirectoryDeviceCodeFlow, new CustomAzureSQLAuthProvider());
- var sqlConnection = new SqlConnection(Configuration.GetConnectionString("MyDatabaseContext"));
+ var sqlConnection = new SqlConnection(Configuration.GetConnectionString("MyDbConnection"));
options.UseSqlServer(sqlConnection); }); ```
app-service Configure Authentication Customize Sign In Out https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/configure-authentication-customize-sign-in-out.md
The identity provider may provide certain turn-key authorization. For example:
If either of the other levels don't provide the authorization you need, or if your platform or identity provider isn't supported, you must write custom code to authorize users based on the [user claims](configure-authentication-user-identities.md).
-## Next steps
+## More resources
-> [!div class="nextstepaction"]
-> [Tutorial: Authenticate and authorize users end-to-end](tutorial-auth-aad.md)
+- [Tutorial: Authenticate and authorize users end-to-end](tutorial-auth-aad.md)
+- [Environment variables and app settings for authentication](reference-app-settings.md#authentication--authorization)
app-service Configure Authentication File Based https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/configure-authentication-file-based.md
The following exhausts possible configuration options within the file:
} ```
-## Next steps
+## More resources
-> [!div class="nextstepaction"]
-> [Tutorial: Authenticate and authorize users end-to-end](tutorial-auth-aad.md)
+- [Tutorial: Authenticate and authorize users end-to-end](tutorial-auth-aad.md)
+- [Environment variables and app settings for authentication](reference-app-settings.md#authentication--authorization)
app-service Configure Common https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/configure-common.md
See [Configure a custom Linux container for Azure App Service](configure-custom-
## Next steps
+- [Environment variables and app settings reference](reference-app-settings.md)
- [Configure a custom domain name in Azure App Service] - [Set up staging environments in Azure App Service] - [Secure a custom DNS name with a TLS/SSL binding in Azure App Service](configure-ssl-bindings.md)
app-service Configure Custom Container https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/configure-custom-container.md
The following lists show supported and unsupported Docker Compose configuration
Or, see additional resources:
-[Load certificate in Windows/Linux containers](configure-ssl-certificate-in-code.md#load-certificate-in-linuxwindows-containers)
+- [Environment variables and app settings reference](reference-app-settings.md)
+- [Load certificate in Windows/Linux containers](configure-ssl-certificate-in-code.md#load-certificate-in-linuxwindows-containers)
app-service Configure Language Dotnet Framework https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/configure-language-dotnet-framework.md
Trace.TraceInformation("GET /Home/Index"); // Information trace
[!INCLUDE [Access diagnostic logs](../../includes/app-service-web-logs-access-no-h.md)]
-## Next steps
+## More resources
-> [!div class="nextstepaction"]
-> [Tutorial: Build an ASP.NET app in Azure with SQL Database](app-service-web-tutorial-dotnet-sqldatabase.md)
+- [Tutorial: Build an ASP.NET app in Azure with SQL Database](app-service-web-tutorial-dotnet-sqldatabase.md)
+- [Environment variables and app settings reference](reference-app-settings.md)
app-service Configure Language Dotnetcore https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/configure-language-dotnetcore.md
For more information, see [Configure ASP.NET Core to work with proxy servers and
> [App Service Linux FAQ](faq-app-service-linux.yml) ::: zone-end+
+Or, see additional resources:
+
+[Environment variables and app settings reference](reference-app-settings.md)
app-service Configure Language Java https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/configure-language-java.md
All Java runtimes on App Service using the Azul JVMs come with the Zulu Flight R
#### Timed Recording
-To take a timed recording you will need the PID (Process ID) of the Java application. To find the PID, open a browser to your web app's SCM site at https://<your-site-name>.scm.azurewebsites.net/ProcessExplorer/. This page shows the running processes in your web app. Find the process named "java" in the table and copy the corresponding PID (Process ID).
+To take a timed recording you will need the PID (Process ID) of the Java application. To find the PID, open a browser to your web app's SCM site at `https://<your-site-name>.scm.azurewebsites.net/ProcessExplorer/`. This page shows the running processes in your web app. Find the process named "java" in the table and copy the corresponding PID (Process ID).
Next, open the **Debug Console** in the top toolbar of the SCM site and run the following command. Replace `<pid>` with the process ID you copied earlier. This command will start a 30 second profiler recording of your Java application and generate a file named `timed_recording_example.jfr` in the `D:\home` directory.
Product support for the [Azure-supported Azul Zulu JDK](https://www.azul.com/dow
Visit the [Azure for Java Developers](/java/azure/) center to find Azure quickstarts, tutorials, and Java reference documentation.
-General questions about using App Service for Linux that aren't specific to the Java development are answered in the [App Service Linux FAQ](faq-app-service-linux.yml).
+- [App Service Linux FAQ](faq-app-service-linux.yml)
+- [Environment variables and app settings reference](reference-app-settings.md)
app-service Configure Language Php https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/configure-language-php.md
When a working PHP app behaves differently in App Service or has errors, try the
> [App Service Linux FAQ](faq-app-service-linux.yml) ::: zone-end+
+Or, see additional resources:
+
+[Environment variables and app settings reference](reference-app-settings.md)
app-service Configure Language Python https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/configure-language-python.md
If you're encountering this error with the sample in [Tutorial: Deploy a Django
- **You see the message, "Fatal SSL Connection is Required"**: Check any usernames and passwords used to access resources (such as databases) from within the app.
-## Next steps
+## More resources:
-> [!div class="nextstepaction"]
-> [Tutorial: Python app with PostgreSQL](tutorial-python-postgresql-app.md)
-
-> [!div class="nextstepaction"]
-> [Tutorial: Deploy from private container repository](tutorial-custom-container.md?pivots=container-linux)
-
-> [!div class="nextstepaction"]
-> [App Service Linux FAQ](faq-app-service-linux.yml)
+- [Tutorial: Python app with PostgreSQL](tutorial-python-postgresql-app.md)
+- [Tutorial: Deploy from private container repository](tutorial-custom-container.md?pivots=container-linux)
+- [App Service Linux FAQ](faq-app-service-linux.yml)
+- [Environment variables and app settings reference](reference-app-settings.md)
app-service Configure Language Ruby https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/configure-language-ruby.md
az webapp config appsettings set --name <app-name> --resource-group <resource-gr
[!INCLUDE [robots933456](../../includes/app-service-web-configure-robots933456.md)]
-## Next steps
+## More resources
-> [!div class="nextstepaction"]
-> [Tutorial: Rails app with PostgreSQL](tutorial-ruby-postgres-app.md)
-
-> [!div class="nextstepaction"]
-> [App Service Linux FAQ](faq-app-service-linux.yml)
+- [Tutorial: Rails app with PostgreSQL](tutorial-ruby-postgres-app.md)
+- [App Service Linux FAQ](faq-app-service-linux.yml)
+- [Environment variables and app settings reference](reference-app-settings.md)
app-service Configure Ssl Certificate In Code https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/configure-ssl-certificate-in-code.md
To see how to load a TLS/SSL certificate from a file in Node.js, PHP, Python, Ja
* [Enforce HTTPS](configure-ssl-bindings.md#enforce-https) * [Enforce TLS 1.1/1.2](configure-ssl-bindings.md#enforce-tls-versions) * [FAQ : App Service Certificates](./faq-configuration-and-management.yml)
+* [Environment variables and app settings reference](reference-app-settings.md)
app-service Deploy Best Practices https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/deploy-best-practices.md
For more information on best practices, visit [App Service Diagnostics](./overvi
- Choose **Best Practices** homepage tile. - Click **Best Practices for Availability & Performance** or **Best Practices for Optimal Configuration** to view the current state of your app in regards to these best practices.
-You can also use this link to directly open App Service Diagnostics for your resource: `https://ms.portal.azure.com/?websitesextension_ext=asd.featurePath%3Ddetectors%2FParentAvailabilityAndPerformance#@microsoft.onmicrosoft.com/resource/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{siteName}/troubleshoot`.
+You can also use this link to directly open App Service Diagnostics for your resource: `https://ms.portal.azure.com/?websitesextension_ext=asd.featurePath%3Ddetectors%2FParentAvailabilityAndPerformance#@microsoft.onmicrosoft.com/resource/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{siteName}/troubleshoot`.
+
+## More resources
+
+[Environment variables and app settings reference](reference-app-settings.md)
app-service Deploy Zip https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/deploy-zip.md
enables version control, package restore, MSBuild, and more.
## More resources * [Kudu: Deploying from a zip file](https://github.com/projectkudu/kudu/wiki/Deploying-from-a-zip-file)
-* [Azure App Service Deployment Credentials](deploy-ftp.md)
+* [Azure App Service Deployment Credentials](deploy-ftp.md)
+* [Environment variables and app settings reference](reference-app-settings.md)
app-service Networking https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/environment/networking.md
If you want to use your own DNS server, you need to add the following records:
To configure DNS in Azure DNS Private zones:
-1. create an Azure DNS private zone named <ASE name>.appserviceenvironment.net
+1. create an Azure DNS private zone named `<ASE-name>.appserviceenvironment.net`
1. create an A record in that zone that points * to the inbound IP address 1. create an A record in that zone that points @ to the inbound IP address 1. create an A record in that zone that points *.scm to the inbound IP address
While the ASE does deploy into a customer VNet, there are a few networking featu
* send SMTP traffic. You can still have email triggered alerts but your app can't send outbound traffic on port 25 * Use of Network Watcher or NSG Flow to monitor outbound traffic
+## More resources
+
+- [Environment variables and app settings reference](../reference-app-settings.md)
app-service Monitor Instances Health Check https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/monitor-instances-health-check.md
In the scenario where all instances of your application are unhealthy, App Servi
## Next steps - [Create an Activity Log Alert to monitor all Autoscale engine operations on your subscription](https://github.com/Azure/azure-quickstart-templates/tree/master/demos/monitor-autoscale-alert) - [Create an Activity Log Alert to monitor all failed Autoscale scale-in/scale-out operations on your subscription](https://github.com/Azure/azure-quickstart-templates/tree/master/demos/monitor-autoscale-failed-alert)
+- [Environment variables and app settings reference](reference-app-settings.md)
[1]: ./media/app-service-monitor-instances-health-check/health-check-diagram.png [2]: ./media/app-service-monitor-instances-health-check/health-check-multi-app-diagram.png
app-service App Gateway With Service Endpoints https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/networking/app-gateway-with-service-endpoints.md
Title: Application Gateway integration with service endpoints - Azure App Service | Microsoft Docs
-description: Describes how Application Gateway integrates with Azure App Service secured with service endpoints.
+ Title: Application Gateway integration - Azure App Service | Microsoft Docs
+description: Describes how Application Gateway integrates with Azure App Service.
documentationcenter: ''
na Previously updated : 12/09/2019 Last updated : 08/04/2021
-# Application Gateway integration with service endpoints
-There are three variations of App Service that require slightly different configuration of the integration with Azure Application Gateway. The variations include regular App Service - also known as multi-tenant, Internal Load Balancer (ILB) App Service Environment (ASE) and External ASE. This article will walk through how to configure it with App Service (multi-tenant) and discuss considerations about ILB, and External ASE.
+# Application Gateway integration
+There are three variations of App Service that require slightly different configuration of the integration with Azure Application Gateway. The variations include regular App Service - also known as multi-tenant, Internal Load Balancer (ILB) App Service Environment (ASE) and External ASE. This article will walk through how to configure it with App Service (multi-tenant) using service endpoint to secure traffic. The article will also discuss considerations around using private endpoint and integrating with ILB, and External ASE. Finally the article has considerations on scm/kudu site.
## Integration with App Service (multi-tenant) App Service (multi-tenant) has a public internet facing endpoint. Using [service endpoints](../../virtual-network/virtual-network-service-endpoints-overview.md) you can allow traffic only from a specific subnet within an Azure Virtual Network and block everything else. In the following scenario, we'll use this functionality to ensure that an App Service instance can only receive traffic from a specific Application Gateway instance.
With Azure portal, you follow four steps to provision and configure the setup. I
You can now access the App Service through Application Gateway, but if you try to access the App Service directly, you should receive a 403 HTTP error indicating that the web site is stopped.
-![Screenshot shows the text of an Error 403 - Forbidden.](./media/app-gateway-with-service-endpoints/website-403-forbidden.png)
## Using Azure Resource Manager template The [Resource Manager deployment template][template-app-gateway-app-service-complete] will provision a complete scenario. The scenario consists of an App Service instance locked down with service endpoints and access restriction to only receive traffic from Application Gateway. The template includes many Smart Defaults and unique postfixes added to the resource names for it to be simple. To override them, you'll have to clone the repo or download the template and edit it.
az webapp config access-restriction add --resource-group myRG --name myWebApp --
In the default configuration, the command will ensure both setup of the service endpoint configuration in the subnet and the access restriction in the App Service.
+## Considerations when using private endpoint
+
+As an alternative to service endpoint, you can use private endpoint to secure traffic between Application Gateway and App Service (multi-tenant). You will need to ensure that Application Gateway can DNS resolve the private IP of the App Service apps or alternatively that you use the private IP in the backend pool and override the host name in the http settings.
++ ## Considerations for ILB ASE ILB ASE isn't exposed to the internet and traffic between the instance and an Application Gateway is therefore already isolated to the Virtual Network. The following [how-to guide](../environment/integrate-with-application-gateway.md) configures an ILB ASE and integrates it with an Application Gateway using Azure portal.
app-service Nat Gateway Integration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/networking/nat-gateway-integration.md
+
+ Title: NAT gateway integration - Azure App Service | Microsoft Docs
+description: Describes how NAT gateway integrates with Azure App Service.
+++
+ms.assetid: 0a84734e-b5c1-4264-8d1f-77e781b28426
+++ Last updated : 08/04/2021+++++
+# Virtual Network NAT gateway integration
+
+NAT gateway is a fully managed, highly resilient service, which can be associated with one or more subnets and ensures that all outbound Internet-facing traffic will be routed through the gateway. With App Service, there are two important scenarios that you can use NAT gateway for.
+
+The NAT gateway gives you a static predictable public IP for outbound Internet-facing traffic. It also significantly increases the available [SNAT ports](/azure/app-service/troubleshoot-intermittent-outbound-connection-errors) in scenarios where you have a high number of concurrent connections to the same public address/port combination.
+
+For more information and pricing. Go to the [NAT gateway overview](/azure/virtual-network/nat-gateway/nat-overview).
++
+> [!Note]
+> Using NAT gateway with App Service is dependent on regional VNet Integration, and therefore **Standard**, **Premium**, **PremiumV2** or **PremiumV3** App Service plan is required.
+
+## Configuring NAT gateway integration
+
+To configure NAT gateway integration with App Service, you need to complete the following steps:
+
+* Configure regional VNet Integration with your app as described in [Integrate your app with an Azure virtual network](/azure/app-service/web-sites-integrate-with-vnet)
+* Ensure [Route All](/azure/app-service/web-sites-integrate-with-vnet#routes) is enabled for your VNet Integration so the Internet bound traffic will be affected by routes in your VNet.
+* Provision a NAT gateway with a public IP and associate it with the VNet Integration subnet.
+
+Set up NAT gateway through the portal:
+
+1. Go to the **Networking** UI in the App Service portal and select VNet Integration in the Outbound Traffic section. Ensure that your app is integrated with a subnet and **Route All** has been enabled.
+1. On the Azure portal menu or from the **Home** page, select **Create a resource**. The **New** window appears.
+1. Search for "NAT gateway" and select it from the list of results.
+1. Fill in the **Basics** information and pick the region where your app is located.
+1. In the **Outbound IP** tab, create a new or select an existing public IP.
+1. In the **Subnet** tab, select the subnet used for VNet Integration.
+1. Fill in tags if needed and **Create** the NAT gateway. After the NAT gateway is provisioned, click on the **Go to resource group** and select the new NAT gateway. You can to see the public IP that your app will use for outbound Internet-facing traffic in the Outbound IP blade.
+
+If you prefer using CLI to configure your environment, these are the important commands. As a prerequisite, you should create a Web App with VNet Integration configured.
+
+Ensure **Route All** is configured for your VNet Integration (*Note*: minimum `az version` required is 2.27):
+
+```azurecli-interactive
+az webapp config set --resource-group [myResourceGroup] --name [myWebApp] --vnet-route-all-enabled
+```
+
+Create Public IP and NAT gateway:
+
+```azurecli-interactive
+az network public-ip create --resource-group [myResourceGroup] --name myPublicIP --sku standard --allocation static
+
+az network nat gateway create --resource-group [myResourceGroup] --name myNATgateway --public-ip-addresses myPublicIP --idle-timeout 10
+```
+
+Associate the NAT gateway with the VNet Integration subnet:
+
+```azurecli-interactive
+az network vnet subnet update --resource-group [myResourceGroup] --vnet-name [myVnet] --name [myIntegrationSubnet] --nat-gateway myNATgateway
+```
+
+## Scaling NAT gateway
+
+The same NAT gateway can be used across multiple subnets in the same Virtual Network allowing a NAT gateway to be used across multiple apps and App Service plans.
+
+NAT gateway supports both public IP addresses and public IP prefixes. A NAT gateway can support up to 16 IP addresses across individual IP addresses and prefixes. Each IP address allocates 64,000 ports (SNAT ports) allowing up to 1M available ports. Learn more in the [Scaling section](/azure/virtual-network/nat-gateway/nat-gateway-resource#scaling) of NAT gateway.
+
+## Next steps
+For more information on the NAT gateway, see [NAT gateway documentation](/azure/virtual-network/nat-gateway/nat-overview).
+
+For more information on VNet Integration, see [VNet Integration documentation](/azure/app-service/web-sites-integrate-with-vnet).
app-service Overview Inbound Outbound Ips https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/overview-inbound-outbound-ips.md
The set of outbound IP addresses for your app changes when you perform one of th
- Delete an app and recreate it in a different resource group (deployment unit may change). - Delete the last app in a resource group _and_ region combination and recreate it (deployment unit may change).-- Scale your app between the lower tiers (**Basic**, **Standard**, and **Premium**) and the **Premium V2** tier (IP addresses may be added to or subtracted from the set).
+- Scale your app between the lower tiers (**Basic**, **Standard**, and **Premium**), the **PremiumV2**, and the **PremiumV3** tier (IP addresses may be added to or subtracted from the set).
You can find the set of all possible outbound IP addresses your app can use, regardless of pricing tiers, by looking for the `possibleOutboundIpAddresses` property or in the **Additional Outbound IP Addresses** field in the **Properties** blade in the Azure portal. See [Find outbound IPs](#find-outbound-ips).
az webapp show --resource-group <group_name> --name <app_name> --query possibleO
(Get-AzWebApp -ResourceGroup <group_name> -name <app_name>).PossibleOutboundIpAddresses ```
+## Get a static outbound IP
+You can control the IP address of outbound traffic from your app by using regional VNet integration together with a virtual network NAT gateway to direct traffic through a static public IP address. [Regional VNet integration](/azure/app-service/web-sites-integration-with-vnet) is available on **Standard**, **Premium**, **PremiumV2** and **PremiumV3** App Service plans. To learn more about this setup, see [NAT gateway integration](/azure/app-service/networking/nat-gateway-integration).
+ ## Next steps Learn how to restrict inbound traffic by source IP addresses.
app-service Overview Local Cache https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/overview-local-cache.md
As part of the step that copies the storage content, any folder that is named re
### How to flush the local cache logs after a site management operation? To flush the local cache logs, stop and restart the app. This action clears the old cache. +
+## More resources
+
+[Environment variables and app settings reference](reference-app-settings.md)
app-service Cli Connect To Documentdb https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/scripts/cli-connect-to-documentdb.md
This script uses the following commands to create a resource group, App Service
| [`az webapp create`](/cli/azure/webapp#az_webapp_create) | Creates an App Service app. | | [`az cosmosdb create`](/cli/azure/cosmosdb#az_cosmosdb_create) | Creates a Cosmos DB account. | | [`az cosmosdb list-connection-strings`](/cli/azure/cosmosdb#az_cosmosdb_list_connection_strings) | Lists connection strings for the specified Cosmos DB account. |
-| [`az webapp config appsettings set`](/cli/azure/webapp/config/appsettings#az_webapp_config_appsettings_set) | Creates or updates an app setting for an App Service app. App settings are exposed as environment variables for your app. |
+| [`az webapp config appsettings set`](/cli/azure/webapp/config/appsettings#az_webapp_config_appsettings_set) | Creates or updates an app setting for an App Service app. App settings are exposed as environment variables for your app (see [Environment variables and app settings reference](../reference-app-settings.md)). |
## Next steps
app-service Troubleshoot Diagnostic Logs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/troubleshoot-diagnostic-logs.md
To save the error page or failed request tracing for Windows apps in the [Azure
Under **Detailed Error Logging** or **Failed Request Tracing**, select **On**, then select **Save**.
-Both types of logs are stored in the App Service file system. Up to 50 errors (files/folders) are retained. When the number of HTML files exceed 50, the oldest 26 errors are automatically deleted.
+Both types of logs are stored in the App Service file system. Up to 50 errors (files/folders) are retained. When the number of HTML files exceeds 50, the oldest error files are automatically deleted.
+
+The Failed Request Tracing feature by default captures a log of requests that failed with HTTP status codes between 400 and 600. To specify custom rules, you can override the `<traceFailedRequests>` section in the *web.config* file.
## Add log messages in code
app-service Troubleshoot Intermittent Outbound Connection Errors https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/troubleshoot-intermittent-outbound-connection-errors.md
There are a few solutions that let you avoid SNAT port limitations. They include
* connection pools: By pooling your connections, you avoid opening new network connections for calls to the same address and port. * service endpoints: You don't have a SNAT port restriction to the services secured with service endpoints. * private endpoints: You don't have a SNAT port restriction to services secured with private endpoints.
-* NAT Gateway: With a NAT Gateway, you have 64k outbound SNAT ports that are usable by the resources sending traffic through it.
+* NAT gateway: With a NAT gateway, you have 64k outbound SNAT ports that are usable by the resources sending traffic through it.
Avoiding the SNAT port problem means avoiding the creation of new connections repetitively to the same host and port. Connection pools are one of the more obvious ways to solve that problem. If your destination is an Azure service that supports service endpoints, you can avoid SNAT port exhaustion issues by using [regional VNet Integration](./web-sites-integrate-with-vnet.md) and service endpoints or private endpoints. When you use regional VNet Integration and place service endpoints on the integration subnet, your app outbound traffic to those services will not have outbound SNAT port restrictions. Likewise, if you use regional VNet Integration and private endpoints, you will not have any outbound SNAT port issues to that destination.
-If your destination is an external endpoint outside of Azure, using a NAT Gateway gives you 64k outbound SNAT ports. It also gives you a dedicated outbound address that you don't share with anybody.
+If your destination is an external endpoint outside of Azure, [using a NAT gateway](/azure/app-service/networking/nat-gateway-integration) gives you 64k outbound SNAT ports. It also gives you a dedicated outbound address that you don't share with anybody.
-If possible, improve your code to use connection pools and avoid the entire situation. It isn't always possible to change code fast enough to mitigate this situation. For the cases where you can't change your code in time, take advantage of the other solutions. The best solution to the problem is to combine all of the solutions as best you can. Try to use service endpoints and private endpoints to Azure services and the NAT Gateway for the rest.
+If possible, improve your code to use connection pools and avoid the entire situation. It isn't always possible to change code fast enough to mitigate this situation. For the cases where you can't change your code in time, take advantage of the other solutions. The best solution to the problem is to combine all of the solutions as best you can. Try to use service endpoints and private endpoints to Azure services and the NAT gateway for the rest.
General strategies for mitigating SNAT port exhaustion are discussed in the [Problem-solving section](../load-balancer/load-balancer-outbound-connections.md) of the **Outbound connections of Azure** documentation. Of these strategies, the following are applicable to apps and functions hosted on Azure App service.
app-service Tutorial Custom Container https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/tutorial-custom-container.md
To deploy a container to Azure App Service, you first create a web app on App Se
1. Configure your app to use the managed identity to pull from Azure Container Registry. ```azurecli-interactive
- az resource update --ids /subscriptions/<subscription-id>/resourceGroups/myResourceGroup/providers/Microsoft.Web/sites/<registry-name>/config/web --set properties.acrUseManagedIdentityCreds=True
+ az resource update --ids /subscriptions/<subscription-id>/resourceGroups/myResourceGroup/providers/Microsoft.Web/sites/<app-name>/config/web --set properties.acrUseManagedIdentityCreds=True
``` Replace the following values: - `<subscription-id>` with the subscription ID retrieved from the `az account show` command.
- - `<registry-name>` with the name of your container registry.
+ - `<app-name>` with the name of your web app.
> [!TIP] > If your app uses a [user-assigned managed identity](overview-managed-identity.md#add-a-user-assigned-identity), set an additional `AcrUserManagedIdentityID` property to specify its client ID:
app-service Tutorial Multi Container App https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/tutorial-multi-container-app.md
Advance to the next tutorial to learn how to map a custom DNS name to your app.
Or, check out other resources:
-> [!div class="nextstepaction"]
-> [Configure custom container](configure-custom-container.md)
+- [Configure custom container](configure-custom-container.md)
+- [Environment variables and app settings reference](reference-app-settings.md)
<!--Image references--> [1]: ./media/tutorial-multi-container-app/azure-multi-container-wordpress-install.png
app-service Tutorial Nodejs Mongodb App https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/tutorial-nodejs-mongodb-app.md
Advance to the next tutorial to learn how to map a custom DNS name to the app.
Or, check out other resources:
-> [!div class="nextstepaction"]
-> [Configure Node.js app](configure-language-nodejs.md)
+- [Configure Node.js app](configure-language-nodejs.md)
+- [Environment variables and app settings reference](reference-app-settings.md)
app-service Tutorial Send Email https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/tutorial-send-email.md
If you're testing this code on the sample app for [Build a Ruby and Postgres app
[Tutorial: Host a RESTful API with CORS in Azure App Service](app-service-web-tutorial-rest-api.md) [HTTP request/response reference for Logic Apps](../connectors/connectors-native-reqres.md) [Quickstart: Create your first workflow by using Azure Logic Apps - Azure portal](../logic-apps/quickstart-create-first-logic-app-workflow.md)
+- [Environment variables and app settings reference](reference-app-settings.md)
attestation Quickstart Portal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/attestation/quickstart-portal.md
Follow the steps in this section to view, add, and delete policy signer certific
1. Go to the Azure portal menu or the home page and select **All resources**. 1. In the filter box, enter the attestation provider name. 1. Select the attestation provider and go to the overview page.
-1. Select **Policy signer certificates** on the resource menu on the left side of the window or on the lower pane. If you see a prompt to select certificate for authentication, please click cancel/ choose a valid certificate to proceed.
+1. Select **Policy signer certificates** on the resource menu on the left side of the window or on the lower pane. If you see a prompt to select certificate for authentication, please click cancel to proceed.
1. Select **Download policy signer certificates**. The button will be disabled for attestation providers created without the policy signing requirement. 1. The downloaded text file will have all certificates in a JWS format. 1. Verify the certificate count and the downloaded certificates.
Follow the steps in this section to view, add, and delete policy signer certific
1. Go to the Azure portal menu or the home page and select **All resources**. 1. In the filter box, enter the attestation provider name. 1. Select the attestation provider and go to the overview page.
-1. Select **Policy signer certificates** on the resource menu on the left side of the window or on the lower pane. If you see a prompt to select certificate for authentication, please click cancel/ choose a valid certificate to proceed.
+1. Select **Policy signer certificates** on the resource menu on the left side of the window or on the lower pane. If you see a prompt to select certificate for authentication, please click cancel to proceed.
1. Select **Add** on the upper menu. The button will be disabled for attestation providers created without the policy signing requirement. 1. Upload the policy signer certificate file and select **Add**. [See examples of policy signer certificates](./policy-signer-examples.md).
Follow the steps in this section to view, add, and delete policy signer certific
1. Go to the Azure portal menu or the home page and select **All resources**. 1. In the filter box, enter the attestation provider name. 1. Select the attestation provider and go to the overview page.
-1. Select **Policy signer certificates** on the resource menu on the left side of the window or on the lower pane. If you see a prompt to select certificate for authentication, please click cancel/ choose a valid certificate to proceed.
+1. Select **Policy signer certificates** on the resource menu on the left side of the window or on the lower pane. If you see a prompt to select certificate for authentication, please click cancel to proceed.
1. Select **Delete** on the upper menu. The button will be disabled for attestation providers created without the policy signing requirement. 1. Upload the policy signer certificate file and select **Delete**. [See examples of policy signer certificates](./policy-signer-examples.md).
This section describes how to view an attestation policy and how to configure po
1. Go to the Azure portal menu or the home page and select **All resources**. 1. In the filter box, enter the attestation provider name. 1. Select the attestation provider and go to the overview page.
-1. Select **Policy** on the resource menu on the left side of the window or on the lower pane. If you see a prompt to select certificate for authentication, please click cancel/ choose a valid certificate to proceed.
+1. Select **Policy** on the resource menu on the left side of the window or on the lower pane. If you see a prompt to select certificate for authentication, please click cancel to proceed.
1. Select the preferred **Attestation Type** and view the **Current policy**. ### Configure an attestation policy
Follow these steps to upload a policy in JWT or text format if the attestation p
1. Go to the Azure portal menu or the home page and select **All resources**. 1. In the filter box, enter the attestation provider name. 1. Select the attestation provider and go to the overview page.
-1. Select **Policy** on the resource menu on the left side of the window or on the lower pane. If you see a prompt to select certificate for authentication, please click cancel/ choose a valid certificate to proceed.
+1. Select **Policy** on the resource menu on the left side of the window or on the lower pane. If you see a prompt to select certificate for authentication, please click cancel to proceed.
1. Select **Configure** on the upper menu. 1. Select **Policy Format** as **JWT** or as **Text**.
automation Automation Hrw Run Runbooks https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/automation/automation-hrw-run-runbooks.md
Title: Run Azure Automation runbooks on a Hybrid Runbook Worker
description: This article describes how to run runbooks on machines in your local datacenter or other cloud provider with the Hybrid Runbook Worker. Previously updated : 05/24/2021 Last updated : 07/27/2021
Runbooks that run on a [Hybrid Runbook Worker](automation-hybrid-runbook-worker.
When you author a runbook to run on a Hybrid Runbook Worker, you should edit and test the runbook on the machine that hosts the worker. The host machine has all the PowerShell modules and network access required to manage the local resources. Once you test the runbook on the Hybrid Runbook Worker machine, you can then upload it to the Azure Automation environment, where it can be run on the worker.
+## Plan for Azure services protected by firewall
+
+Enabling the Azure Firewall on [Azure Storage](../storage/common/storage-network-security.md), [Azure Key Vault](../key-vault/general/network-security.md), or [Azure SQL](../azure-sql/database/firewall-configure.md) blocks access from Azure Automation runbooks for those services. Access will be blocked even when the firewall exception to allow trusted Microsoft services is enabled, as Automation is not a part of the trusted services list. With an enabled firewall, access can only be made by using a Hybrid Runbook Worker and a [virtual network service endpoint](../virtual-network/virtual-network-service-endpoints-overview.md).
+ ## Plan runbook job behavior Azure Automation handles jobs on Hybrid Runbook Workers differently from jobs run in Azure sandboxes. If you have a long-running runbook, make sure that it's resilient to possible restart. For details of the job behavior, see [Hybrid Runbook Worker jobs](automation-hybrid-runbook-worker.md#hybrid-runbook-worker-jobs).
automation Automation Runbook Execution https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/automation/automation-runbook-execution.md
Title: Runbook execution in Azure Automation
description: This article provides an overview of the processing of runbooks in Azure Automation. Previously updated : 04/28/2021 Last updated : 07/27/2021
Runbooks in Azure Automation can run on either an Azure sandbox or a [Hybrid Run
When runbooks are designed to authenticate and run against resources in Azure, they run in an Azure sandbox, which is a shared environment that multiple jobs can use. Jobs using the same sandbox are bound by the resource limitations of the sandbox. The Azure sandbox environment does not support interactive operations. It prevents access to all out-of-process COM servers, and it does not support making [WMI calls](/windows/win32/wmisdk/wmi-architecture) to the Win32 provider in your runbook.  These scenarios are only supported by running the runbook on a Windows Hybrid Runbook Worker. - You can also use a [Hybrid Runbook Worker](automation-hybrid-runbook-worker.md) to run runbooks directly on the computer that hosts the role and against local resources in the environment. Azure Automation stores and manages runbooks and then delivers them to one or more assigned computers.
+Enabling the Azure Firewall on [Azure Storage](../storage/common/storage-network-security.md), [Azure Key Vault](../key-vault/general/network-security.md), or [Azure SQL](../azure-sql/database/firewall-configure.md) blocks access from Azure Automation runbooks for those services. Access will be blocked even when the firewall exception to allow trusted Microsoft services is enabled, as Automation is not a part of the trusted services list. With an enabled firewall, access can only be made by using a Hybrid Runbook Worker and a [virtual network service endpoint](../virtual-network/virtual-network-service-endpoints-overview.md).
+ >[!NOTE] >To run on a Linux Hybrid Runbook Worker, your scripts must be signed and the worker configured accordingly. Alternatively, [signature validation must be turned off](automation-linux-hrw-install.md#turn-off-signature-validation).
automation Automation Secure Asset Encryption https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/automation/automation-secure-asset-encryption.md
Previously updated : 06/25/2021 Last updated : 07/27/2021
Each secure asset is encrypted and stored in Azure Automation using a unique key
You can manage encryption of secure assets for your Automation account with your own keys. When you specify a customer-managed key at the level of the Automation account, that key is used to protect and control access to the account encryption key for the Automation account. This in turn is used to encrypt and decrypt all the secure assets. Customer-managed keys offer greater flexibility to create, rotate, disable, and revoke access controls. You can also audit the encryption keys used to protect your secure assets.
-Use Azure Key Vault to store customer-managed keys. You can either create your own keys and store them in a key vault, or you can use the Azure Key Vault APIs to generate keys. For more information about Azure Key Vault, see [What is Azure Key Vault?](../key-vault/general/overview.md)
+Use Azure Key Vault to store customer-managed keys. You can either create your own keys and store them in a key vault, or you can use the Azure Key Vault APIs to generate keys.
+
+Enabling the Azure Firewall on [Azure Key Vault](../key-vault/general/network-security.md) blocks access from Azure Automation runbooks for that service. Access will be blocked even when the firewall exception to allow trusted Microsoft services is enabled, as Automation is not a part of the trusted services list. With an enabled firewall, access can only be made by using a Hybrid Runbook Worker and a [virtual network service endpoint](../key-vault/general/overview-vnet-service-endpoints.md).
+
+For more information about Azure Key Vault, see [What is Azure Key Vault?](../key-vault/general/overview.md)
## Use of customer-managed keys for an Automation account
automation Runbooks https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/automation/troubleshoot/runbooks.md
Title: Troubleshoot Azure Automation runbook issues description: This article tells how to troubleshoot and resolve issues with Azure Automation runbooks. Previously updated : 02/11/2021 Last updated : 07/27/2021
When you receive errors during runbook execution in Azure Automation, you can us
If you're running your runbooks on a Hybrid Runbook Worker instead of in Azure Automation, you might need to [troubleshoot the hybrid worker itself](hybrid-runbook-worker.md).
+## Scenario: Access blocked to Azure Storage, or Azure Key Vault, or Azure SQL
+
+This scenario uses [Azure Storage](../../storage/common/storage-network-security.md) as an example; however, the information is equally applicable to [Azure Key Vault](../../key-vault/general/network-security.md) and [Azure SQL](../../azure-sql/database/firewall-configure.md).
+
+### Issue
+
+Attempting to access Azure Storage from a Runbook results in an error similar to the following message: `The remote server returned an error: (403) Forbidden. HTTP Status Code: 403 - HTTP Error Message: This request is not authorized to perform this operation.`
+
+### Cause
+
+The Azure Firewall on Azure Storage is enabled.
+
+### Resolution
+
+Enabling the Azure Firewall on [Azure Storage](../../storage/common/storage-network-security.md), [Azure Key Vault](../../key-vault/general/network-security.md), or [Azure SQL](../../azure-sql/database/firewall-configure.md) blocks access from Azure Automation runbooks for those services. Access will be blocked even when the firewall exception to allow trusted Microsoft services is enabled, as Automation is not a part of the trusted services list. With an enabled firewall, access can only be made by using a Hybrid Runbook Worker and a [virtual network service endpoint](../../virtual-network/virtual-network-service-endpoints-overview.md).
+ ## <a name="runbook-fails-no-permission"></a>Scenario: Runbook fails with a No permission or Forbidden 403 error ### Issue
azure-arc Install Arcdata Extension https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-arc/data/install-arcdata-extension.md
Title: Install `arcdata` extension
-description: Install the `arcdata` extension for Azure (az) cli
+description: Install the `arcdata` extension for Azure (az) CLI
To get the latest Azure CLI, see [Install the Azure CLI](/cli/azure/install-azure-cli).
-## Add the `arcdata` extension
+## Add `arcdata` extension
To add the extension, run the following command:
az extension add --name arcdata
[Learn more about Azure CLI extensions](/cli/azure/azure-cli-extensions-overview).
+## Update `arcdata` extension
+
+If you already have the extension, you can update it with the following command:
+
+```azurecli
+az extension update --name arcdata
+```
+ ## Next steps [Create the Azure Arc data controller](create-data-controller.md)
azure-arc Install Client Tools https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-arc/data/install-client-tools.md
# Install client tools for deploying and managing Azure Arc-enabled data services
-> [!IMPORTANT]
-> If you are updating to a new release, please be sure to also update to the latest version of Azure Data Studio, the [!INCLUDE [azure-data-cli-azdata](../../../includes/azure-data-cli-azdata.md)] tool, the Azure CLI and Azure Arc extensions for Azure Data Studio.
-
+This article points you to resources to install the tools to manage Arc-enabled data services.
> [!IMPORTANT]
-> The Arc enabled data services command groups in the Azure Data CLI (azdata) are deprecated and will be removed in the next release. Please move to using the [`arcdata` extension for Azure CLI instead](reference/reference-az-arcdata-dc.md).
-
-This document walks you through the steps for installing the [!INCLUDE [azure-data-cli-azdata](../../../includes/azure-data-cli-azdata.md)], Azure Data Studio, Azure CLI (az), and the Kubernetes CLI tool (kubectl) on your client machine.
+> If you are updating to a new release, update to the latest version of Azure Data Studio, the Azure Arc extension for Azure Data Studio, Azure (`az`) command line interface (CLI), and the [!INCLUDE [azure-data-cli-azdata](../../../includes/azure-data-cli-azdata.md)].
+>
+> [!INCLUDE [use-insider-azure-data-studio](includes/use-insider-azure-data-studio.md)]
+The [`arcdata` extension for Azure CLI (`az`)](reference/reference-az-arcdata-dc.md) replaces `azdata` for Arc-enabled data services.
## Tools for creating and managing Azure Arc-enabled data services
The following table lists common tools required for creating and managing Azure
| Tool | Required | Description | Installation | |||||
-| Azure CLI (az)<sup>1</sup> | Yes | Modern command-line interface for managing Azure services. Used to manage Azure services in general and also specifically Arc-enabled data services using the CLI or in scripts for both indirectly connected mode (available now) and directly connected mode (available soon). ([More info](/cli/azure/)). | [Install](/cli/azure/install-azure-cli) |
-| Azure (az) CLI extension for Azure Arc-enabled data services | Yes | Command-line tool for managing Arc enabled data services as an extension to the Azure CLI (az) | [Install](install-arcdata-extension.md). |
+| Azure CLI (`az`)<sup>1</sup> | Yes | Modern command-line interface for managing Azure services. Used to manage Azure services in general and also specifically Arc-enabled data services using the CLI or in scripts for both indirectly connected mode (available now) and directly connected mode (available soon). ([More info](/cli/azure/)). | [Install](/cli/azure/install-azure-cli) |
+| `arcdata` extension for Azure (`az`) CLI | Yes | Command-line tool for managing Arc enabled data services as an extension to the Azure CLI (`az`) | [Install](install-arcdata-extension.md) |
| Azure Data Studio | Yes | Rich experience tool for connecting to and querying a variety of databases including Azure SQL, SQL Server, PostrgreSQL, and MySQL. Extensions to Azure Data Studio provide an administration experience for Azure Arc-enabled data services. | [Install](/sql/azure-data-studio/download-azure-data-studio) | | Azure Arc extension for Azure Data Studio | Yes | Extension for Azure Data Studio that provides a management experience for Azure Arc-enabled data services.| Install from the extensions gallery in Azure Data Studio.| | PostgreSQL extension in Azure Data Studio | No | PostgreSQL extension for Azure Data Studio that provides management capabilities for PostgreSQL. | <!--{need link} [Install](../azure-data-studio/data-virtualization-extension.md) --> Install from extensions gallery in Azure Data Studio.|
azure-arc Release Notes https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-arc/data/release-notes.md
This article highlights capabilities, features, and enhancements recently releas
This release is published July 30, 2021.
-The current release announces general availability for the following
-- Azure Arc-enabled SQL Managed Instance general purpose service tier.
+This release announces general availability for Azure Arc-enabled SQL Managed Instance [general purpose service tier](service-tiers.md) in indirectly connected mode.
> [!NOTE]
- > The services above are generally available in indirectly connected mode.
- >
- > These services are also available in directly connected mode, for preview.
- >
- > Azure SQL Managed Instance business critical service tier continues to be available in preview.
- >
- > Azure Arc-enabled PostgreSQL Hyperscale continues to be available in preview.
+ > In addition, this release provides the following Azure Arc-enabled services in preview:
+ > - SQL Managed Instance in directly connected mode
+ > - SQL Managed Instance [business critical service tier](service-tiers.md)
+ > - PostgreSQL Hyperscale
### Breaking changes
+#### Tools
+
+Use the following tools:
+- [Insiders build of Azure Data Studio](https://github.com/microsoft/azuredatastudio#try-out-the-latest-insiders-build-from-main).
+- [`arcdata` extension for Azure (`az`) CLI](install-arcdata-extension.md).
++ #### Data controller - `az arcdata dc create` parameter named `--azure-subscription` has been changed to use the standard `--subscription` parameter.
The current release announces general availability for the following
- You can create a data controller, SQL managed instance, or PostgreSQL Hyperscale server group on a directly connected mode cluster with the Azure portal. Directly connected mode deployment is not supported with other Azure Arc-enabled data services tools. Specifically, you can't deploy a data controller in directly connect mode with any of the following tools during this release. - Azure Data Studio-
- [!INCLUDE [use-insider-azure-data-studio](includes/use-insider-azure-data-studio.md)]
- - Kubernetes native tools (`kubectl`) - The `arcdata` extension for the Azure CLI (`az`)
The current release announces general availability for the following
#### Azure Arc-enabled SQL Managed Instance
-##### - Can't see resources in portal
+##### Can't see resources in portal
- Portal does not show Azure Arc-enabled SQL Managed Instance resources created in the June release. Delete the SQL Managed Instance resources from the resource group list view. You may need to delete the custom location resource first.
azure-functions Durable Functions Bindings https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-functions/durable/durable-functions-bindings.md
Title: Bindings for Durable Functions - Azure description: How to use triggers and bindings for the Durable Functions extension for Azure Functions. Previously updated : 05/07/2021 Last updated : 08/03/2021
Entity triggers allow you to author [entity functions](durable-functions-entitie
Internally, this trigger binding polls the configured durable store for new entity operations that need to be executed.
+If you're authoring functions in .NET, the entity trigger is configured using the [EntityTriggerAttribute](/dotnet/api/microsoft.azure.webjobs.extensions.durabletask.entitytriggerattribute) .NET attribute.
+
+If you're using JavaScript, Python, or PowerShell, the entity trigger is defined by the following JSON object in the `bindings` array of *function.json*:
+
+```json
+{
+ "name": "<Name of input parameter in function signature>",
+ "entityName": "<Optional - name of the entity>",
+ "type": "entityTrigger",
+ "direction": "in"
+}
+```
+
+By default, the name of an entity is the name of the function.
+ ### Trigger behavior Here are some notes about the entity trigger:
azure-functions Functions Bindings Storage Queue Trigger https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-functions/functions-bindings-storage-queue-trigger.md
The queue trigger provides several [metadata properties](./functions-bindings-ex
## Poison messages
-When a queue trigger function fails, Azure Functions retries the function up to five times for a given queue message, including the first try. If all five attempts fail, the functions runtime adds a message to a queue named *&lt;originalqueuename>-poison*. You can write a function to process messages from the poison queue by logging them or sending a notification that manual attention is needed.
+When a queue trigger function fails, Azure Functions retries the function up to five times for a given queue message, including the first try. If all five attempts fail, the functions runtime adds a message to a queue named *&lt;originalqueuename&gt;-poison*. You can write a function to process messages from the poison queue by logging them or sending a notification that manual attention is needed.
To handle poison messages manually, check the [dequeueCount](#message-metadata) of the queue message. +
+## Peek lock
+The peek-lock pattern happens automatically for queue triggers. As messages are dequeued, they are marked as invisible and associated with a timeout managed by the Storage service.
+
+When the function starts, it starts processing a message under the following conditions.
+
+- If the function is successful, then the function execution completes and the message is deleted.
+- If the function fails, then the message visibility is reset. After being reset, the message is reprocessed the next time the function requests a new message.
+- If the function never completes due to a crash, the message visibility expires and the message re-appears in the queue.
+
+All of the visibility mechanics are handled by the Storage service, not the Functions runtime.
+ ## Polling algorithm The queue trigger implements a random exponential back-off algorithm to reduce the effect of idle-queue polling on storage transaction costs.
azure-government Compare Azure Government Global Azure https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-government/compare-azure-government-global-azure.md
Commonly used services in bot applications that are not currently available in A
For more information, see [How do I create a bot that uses US Government data center](/azure/bot-service/bot-service-resources-faq-ecosystem#how-do-i-create-a-bot-that-uses-the-us-government-data-center).
-### [Azure Machine Learning](../machine-learning/overview-what-is-azure-ml.md)
+### [Azure Machine Learning](../machine-learning/overview-what-is-azure-machine-learning.md)
For feature variations and limitations, see [Azure Machine Learning sovereign cloud parity](../machine-learning/reference-machine-learning-cloud-parity.md).
azure-government Documentation Government Impact Level 5 https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-government/documentation-government-impact-level-5.md
For Databases services availability in Azure Government, see [Products available
### [Azure API for FHIR](https://azure.microsoft.com/services/azure-api-for-fhir/) -- Configure encryption at rest of content in Azure API for FHIR [using customer-managed keys in Azure Key Vault](../healthcare-apis/fhir/customer-managed-key.md).
+Azure API for FHIR supports Impact Level 5 workloads in Azure Government with this configuration:
+
+- Configure encryption at rest of content in Azure API for FHIR [using customer-managed keys in Azure Key Vault](../healthcare-apis/azure-api-for-fhir/customer-managed-key.md)
+
+### [Azure Cache for Redis](https://azure.microsoft.com/services/cache/)
+
+Azure Cache for Redis supports Impact Level 5 workloads in Azure Government with no extra configuration required.
### [Azure Cosmos DB](https://azure.microsoft.com/services/cosmos-db/)
azure-monitor Asp Net Core https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/asp-net-core.md
It's important to note that the following doesn't cause the ApplicationInsights
} ```
-For more information, see [ILogger configuration](ilogger.md#control-logging-level).
+For more information, see [ILogger configuration](ilogger.md#logging-level).
### Some Visual Studio templates used the UseApplicationInsights() extension method on IWebHostBuilder to enable Application Insights. Is this usage still valid?
azure-monitor Asp Net https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/asp-net.md
Title: Configure monitoring for ASP.NET with Azure Application Insights | Microsoft Docs
-description: Configure performance, availability, and user behavior analytics tools for your ASP.NET website, hosted on-premises or in Azure.
+description: Configure performance, availability, and user behavior analytics tools for your ASP.NET website hosted on-premises or in Azure.
Last updated 09/30/2020
# Configure Application Insights for your ASP.NET website
-This procedure configures your ASP.NET web app to send telemetry to the [Azure Application Insights](./app-insights-overview.md) service. It works for ASP.NET apps that are hosted either in your own IIS servers on-premises or in the Cloud.
+This procedure configures your ASP.NET web app to send telemetry to the [Application Insights](./app-insights-overview.md) feature of the Azure Monitor service. It works for ASP.NET apps that are hosted either in your own IIS servers on-premises or in the cloud.
## Prerequisites To add Application Insights to your ASP.NET website, you need to: - Install the latest version of [Visual Studio 2019 for Windows](https://www.visualstudio.com/downloads/) with the following workloads:
- - ASP.NET and web development.
+ - ASP.NET and web development
- Azure development
-If you don't have an Azure subscription, create a [free](https://azure.microsoft.com/free/) account before you begin.
+- Create a [free Azure account](https://azure.microsoft.com/free/) if you don't already have an Azure subscription.
- Create an [Application Insights workspace-based resource](create-workspace-resource.md). > [!IMPORTANT]
-> [Connection Strings](./sdk-connection-string.md?tabs=net) are recommended over instrumentation keys. New Azure regions **require** the use of connection strings instead of instrumentation keys. Connection string identifies the resource that you want to associate your telemetry data with. It also allows you to modify the endpoints your resource will use as a destination for your telemetry. You will need to copy the connection string and add it to your application's code or to an environment variable.
+> We recommend [connection strings](./sdk-connection-string.md?tabs=net) over instrumentation keys. New Azure regions *require* the use of connection strings instead of instrumentation keys.
+>
+> A connection string identifies the resource that you want to associate with your telemetry data. It also allows you to modify the endpoints that your resource will use as a destination for your telemetry. You'll need to copy the connection string and add it to your application's code or to an environment variable.
## Create a basic ASP.NET web app
-1. Launch Visual Studio 2019.
+1. Open Visual Studio 2019.
2. Select **File** > **New** > **Project**. 3. Select **ASP.NET Web Application(.NET Framework) C#**.
-4. Enter a project name > **Select Create**.
+4. Enter a project name, and then select **Create**.
5. Select **MVC** > **Create**. ## Add Application Insights automatically
If you don't have an Azure subscription, create a [free](https://azure.microsoft
This section will guide you through automatically adding Application Insights to a template-based ASP.NET web app. From within your ASP.NET web app project in Visual Studio: 1. Select **Add Application Insights Telemetry** > **Application Insights Sdk (local)** > **Next** > **Finish** > **Close**.
-2. Open the `ApplicationInsights.config` file.
-3. Before the closing `</ApplicationInsights>` tag add a line containing the instrumentation key for your Application Insights resource. Your instrumentation key can be found on the overview pane of your newly created Application Insights resource that you created as part of the prerequisites for this article.
+2. Open the *ApplicationInsights.config* file.
+3. Before the closing `</ApplicationInsights>` tag, add a line that contains the instrumentation key for your Application Insights resource. You can find your instrumentation key on the overview pane of the newly created Application Insights resource that you created as part of the prerequisites for this article.
```xml <InstrumentationKey>your-instrumentation-key-goes-here</InstrumentationKey> ```
-4. Select **Project** > **Manage NuGet Packages** > **Updates** > Update each `Microsoft.ApplicationInsights` NuGet package to the latest stable release.
-5. Run your application by selecting **IIS Express**. A basic ASP.NET app will launch. As you navigate the pages on the site telemetry will be sent to Application Insights.
+4. Select **Project** > **Manage NuGet Packages** > **Updates**. Then update each `Microsoft.ApplicationInsights` NuGet package to the latest stable release.
+5. Run your application by selecting **IIS Express**. A basic ASP.NET app opens. As you browse through the pages on the site, telemetry will be sent to Application Insights.
## Add Application Insights manually
-This section will guide you through manually adding Application Insights to a template-based ASP.NET web app. This section assumes you are using a web app based on the standard ASP.NET Framework MVC web app template.
+This section will guide you through manually adding Application Insights to a template-based ASP.NET web app. This section assumes that you're using a web app based on the standard MVC web app template for the ASP.NET Framework.
1. Add the following NuGet packages and their dependencies to your project:
This section will guide you through manually adding Application Insights to a te
- [`Microsoft.ApplicationInsights.Web`](https://www.nuget.org/packages/Microsoft.ApplicationInsights.Web) - [`Microsoft.AspNet.TelemetryCorrelation`](https://www.nuget.org/packages/Microsoft.AspNet.TelemetryCorrelation)
-2. In some cases, the `ApplicationInsights.config` file will be created for you automatically. If the file is already present, skip to step #4. If it is not created automatically, then you will need to create it yourself. At the same level in your project as the `Global.asax` file, create a new file called `ApplicationInsights.config`
+2. In some cases, the *ApplicationInsights.config* file is created for you automatically. If the file is already present, skip to step 4.
+
+ If it's not created automatically, you'll need to create it yourself. At the same level in your project as the *Global.asax* file, create a new file called *ApplicationInsights.config*.
3. Copy the following XML configuration into your newly created file:
This section will guide you through manually adding Application Insights to a te
</ApplicationInsights> ```
-4. Before the closing `</ApplicationInsights>` tag, add your instrumentation key for your Application Insights resource. Your instrumentation key can be found on the overview pane of your newly created Application Insights resource that you created as part of the prerequisites for this article.
+4. Before the closing `</ApplicationInsights>` tag, add your instrumentation key for your Application Insights resource. You can find your instrumentation key on the overview pane of the newly created Application Insights resource that you created as part of the prerequisites for this article.
```xml <InstrumentationKey>your-instrumentation-key-goes-here</InstrumentationKey> ```
-5. At the same level of your project as the `ApplicationInsights.config` file, create a folder called `ErrorHandler` with a new C# file called `AiHandleErrorAttribute.cs`. The contents of the file will look as follows:
+5. At the same level of your project as the *ApplicationInsights.config* file, create a folder called *ErrorHandler* with a new C# file called *AiHandleErrorAttribute.cs*. The contents of the file will look like this:
```csharp using System;
This section will guide you through manually adding Application Insights to a te
```
-6. In the `App_Start` folder, open the `FilterConfig.cs` file and change it to match the sample:
+6. In the *App_Start* folder, open the *FilterConfig.cs* file and change it to match the sample:
```csharp using System.Web;
This section will guide you through manually adding Application Insights to a te
} ```
-7. If Web.config is already updated, skip this step. Otherwise, update the file as follows:
+7. If *Web.config* is already updated, skip this step. Otherwise, update the file as follows:
```xml <?xml version="1.0" encoding="utf-8"?>
This section will guide you through manually adding Application Insights to a te
<system.web> <compilation debug="true" targetFramework="4.7.2" /> <httpRuntime targetFramework="4.7.2" />
- <!-- Code added for App Insights start -->
+ <!-- Code added for Application Insights start -->
<httpModules> <add name="TelemetryCorrelationHttpModule" type="Microsoft.AspNet.TelemetryCorrelation.TelemetryCorrelationHttpModule, Microsoft.AspNet.TelemetryCorrelation" /> <add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web" /> </httpModules>
- <!-- Code added for App Insights end -->
+ <!-- Code added for Application Insights end -->
</system.web> <runtime> <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
This section will guide you through manually adding Application Insights to a te
<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="1.0.0.0-5.2.7.0" newVersion="5.2.7.0" /> </dependentAssembly>
- <!-- Code added for App Insights start -->
+ <!-- Code added for Application Insights start -->
<dependentAssembly> <assemblyIdentity name="System.Memory" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" /> <bindingRedirect oldVersion="0.0.0.0-4.0.1.1" newVersion="4.0.1.1" /> </dependentAssembly>
- <!-- Code added for App Insights end -->
+ <!-- Code added for Application Insights end -->
</assemblyBinding> </runtime> <system.codedom>
This section will guide you through manually adding Application Insights to a te
</system.codedom> <system.webServer> <validation validateIntegratedModeConfiguration="false" />
- <!-- Code added for App Insights start -->
+ <!-- Code added for Application Insights start -->
<modules> <remove name="TelemetryCorrelationHttpModule" /> <add name="TelemetryCorrelationHttpModule" type="Microsoft.AspNet.TelemetryCorrelation.TelemetryCorrelationHttpModule, Microsoft.AspNet.TelemetryCorrelation" preCondition="managedHandler" /> <remove name="ApplicationInsightsWebTracking" /> <add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web" preCondition="managedHandler" /> </modules>
- <!-- Code added for App Insights end -->
+ <!-- Code added for Application Insights end -->
</system.webServer> </configuration> ```
-You have now successfully configured server-side application monitoring. If you run your web app, you will be able to see telemetry begin to appear within Application Insights.
+You have now successfully configured server-side application monitoring. If you run your web app, you'll see telemetry begin to appear in Application Insights.
## Add client-side monitoring
-The previous sections provided guidance on methods to automatically and manually configure server-side monitoring. To add client-side monitoring, you will need to use our [client-side JavaScript SDK](javascript.md). You can monitor any web page's client-side transactions by adding a [JavaScript snippet](javascript.md#snippet-based-setup) before the closing `</head>` tag of the page's HTML.
+The previous sections provided guidance on methods to automatically and manually configure server-side monitoring. To add client-side monitoring, use the [client-side JavaScript SDK](javascript.md). You can monitor any web page's client-side transactions by adding a [JavaScript snippet](javascript.md#snippet-based-setup) before the closing `</head>` tag of the page's HTML.
-While is possible to manually add the snippet to the header of each HTML page, it is recommended to instead add the snippet to a primary page, which will inject the snippet into all pages of a site. For the template-based ASP.NET MVC app from this article, the file you need to edit is called `_Layout.cshtml` and it is found under **Views** > **Shared**.
+Although it's possible to manually add the snippet to the header of each HTML page, we recommend that you instead add the snippet to a primary page. That action will inject the snippet into all pages of a site.
-To add client-side monitoring, open the `_Layout.cshtml` file and follow the [snippet-based setup instructions](javascript.md#snippet-based-setup) from the client-side JavaScript SDK configuration article.
+For the template-based ASP.NET MVC app from this article, the file that you need to edit is *_Layout.cshtml*. You can find it under **Views** > **Shared**. To add client-side monitoring, open *_Layout.cshtml* and follow the [snippet-based setup instructions](javascript.md#snippet-based-setup) from the article about client-side JavaScript SDK configuration.
## Troubleshooting
-There is a known issue in the current version of Visual Studio 2019 that when storing the instrumentation key in a User Secret is broken for .NET Framework-based apps and the key ultimately has to be hardcoded into the applicationinsights.config file to work around this bug. This article is designed to avoid this issue entirely, by not using User Secrets.
+There's a known issue in the current version of Visual Studio 2019: storing the instrumentation key in a user secret is broken for .NET Framework-based apps. The key ultimately has to be hardcoded into the *applicationinsights.config* file to work around this bug. This article is designed to avoid this issue entirely, by not using user secrets.
## Open-source SDK
-* [Read and contribute to the code](https://github.com/microsoft/ApplicationInsights-dotnet).
+[Read and contribute to the code](https://github.com/microsoft/ApplicationInsights-dotnet).
-For the latest updates and bug fixes [consult the release notes](./release-notes.md).
+For the latest updates and bug fixes, [consult the release notes](./release-notes.md).
## Next steps * Add synthetic transactions to test that your website is available from all over the world with [availability monitoring](monitor-web-app-availability.md).
-* [Configure sampling](sampling.md) to help reduce telemetry traffic, and data storage costs.
+* [Configure sampling](sampling.md) to help reduce telemetry traffic and data storage costs.
azure-monitor Availability Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/availability-overview.md
Title: Application Insights availability overview
+ Title: Application Insights availability tests
description: Set up recurring web tests to monitor availability and responsiveness of your app or website. Last updated 07/13/2021
-# Availability tests overview
+# Application Insights availability tests
-After you've deployed your web app/website, you can set up recurring tests to monitor availability and responsiveness. [Application Insights](./app-insights-overview.md) sends web requests to your application at regular intervals from points around the world. It can alert you if your application isn't responding, or if it responds too slowly.
+After you've deployed your web app or website, you can set up recurring tests to monitor availability and responsiveness. [Application Insights](./app-insights-overview.md) sends web requests to your application at regular intervals from points around the world. It can alert you if your application isn't responding or responds too slowly.
-You can set up availability tests for any HTTP or HTTPS endpoint that is accessible from the public internet. You don't have to make any changes to the website you're testing. In fact, it doesn't even have to be a site you own. You can test the availability of a REST API that your service depends on.
+You can set up availability tests for any HTTP or HTTPS endpoint that's accessible from the public internet. You don't have to make any changes to the website you're testing. In fact, it doesn't even have to be a site that you own. You can test the availability of a REST API that your service depends on.
-## Types of availability tests
+## Types of tests
There are four types of availability tests:
-* [URL ping tests (classic)](monitor-web-app-availability.md): A simple test you can create through the portal to validate whether an endpoint is responding and measure performance associated with that response. You may also set custom success criteria coupled with more advanced features like parsing dependent requests, and allowing for retries.
-* [Standard tests (Preview)](availability-standard-tests.md): A single request test that is similar to the URL ping test but includes SSL certificate validity, proactive lifetime check, HTTP request verb (for example `GET`,`HEAD`,`POST`, etc.), custom headers, and custom data associated with your HTTP request.
-* [Multi-step web test (classic)](availability-multistep.md): A recording of a sequence of web requests, which can be played back to test more complex scenarios. Multi-step web tests are created in Visual Studio Enterprise and uploaded to the portal for execution.
-* [Custom Track Availability Tests](availability-azure-functions.md): If you decide to create a custom application to run availability tests, the [TrackAvailability()](/dotnet/api/microsoft.applicationinsights.telemetryclient.trackavailability) method can be used to send the results to Application Insights.
+* [URL ping test (classic)](monitor-web-app-availability.md): You can create this simple test through the portal to validate whether an endpoint is responding and measure performance associated with that response. You can also set custom success criteria coupled with more advanced features, like parsing dependent requests and allowing for retries.
+* [Standard test (Preview)](availability-standard-tests.md): This single request test is similar to the URL ping test. It includes SSL certificate validity, proactive lifetime check, HTTP request verb (for example `GET`, `HEAD`, or `POST`), custom headers, and custom data associated with your HTTP request.
+* [Multi-step web test (classic)](availability-multistep.md): You can play back this recording of a sequence of web requests to test more complex scenarios. Multi-step web tests are created in Visual Studio Enterprise and uploaded to the portal, where you can run them.
+* [Custom TrackAvailability test](availability-azure-functions.md): If you decide to create a custom application to run availability tests, you can use the [TrackAvailability()](/dotnet/api/microsoft.applicationinsights.telemetryclient.trackavailability) method to send the results to Application Insights.
> [!IMPORTANT]
-> Both, [URL ping test](monitor-web-app-availability.md) and [multi-step web test](availability-multistep.md) rely on the public internet DNS infrastructure to resolve the domain names of the tested endpoints. This means that if you are using Private DNS, you must either ensure that every domain name of your test is also resolvable by the public domain name servers or, when it is not possible, you can use [custom track availability tests](/dotnet/api/microsoft.applicationinsights.telemetryclient.trackavailability) instead.
+> Both the [URL ping test](monitor-web-app-availability.md) and the [multi-step web test](availability-multistep.md) rely on the DNS infrastructure of the public internet to resolve the domain names of the tested endpoints. If you're using private DNS, you must ensure that the public domain name servers can remove every domain name of your test. When that's not possible, you can use [custom TrackAvailability tests](/dotnet/api/microsoft.applicationinsights.telemetryclient.trackavailability) instead.
-**You can create up to 100 availability tests per Application Insights resource.**
+You can create up to 100 availability tests per Application Insights resource.
## Troubleshooting
-Dedicated [troubleshooting article](troubleshoot-availability.md).
+See the dedicated [troubleshooting article](troubleshoot-availability.md).
-## Next step
+## Next steps
-* [Availability Alerts](availability-alerts.md)
+* [Availability alerts](availability-alerts.md)
* [Multi-step web tests](availability-multistep.md) * [URL tests](monitor-web-app-availability.md)
-* [Create and run custom availability tests using Azure Functions.](availability-azure-functions.md)
+* [Create and run custom availability tests using Azure Functions](availability-azure-functions.md)
* [Web Tests Azure Resource Manager template](/azure/templates/microsoft.insights/webtests?tabs=json)
azure-monitor Azure Ad Authentication https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/azure-ad-authentication.md
Title: Azure AD authentication for Application Insights (Preview) description: Learn how to enable Azure Active Directory (Azure AD) authentication to ensure that only authenticated telemetry is ingested in your Application Insights resources. Previously updated : 06/21/2021 Last updated : 08/02/2021 # Azure AD authentication for Application Insights (Preview)
This section provides distinct troubleshooting scenarios and steps that users ca
The ingestion service will return specific errors, regardless of the SDK language. Network traffic can be collected using a tool such as Fiddler. You should filter traffic to the IngestionEndpoint set in the Connection String.
-#### HTTP/1.1 400 Incorrect API was used - v2 API does not support authentication
+#### HTTP/1.1 400 Authentication not support
This indicates that the Application Insights resource has been configured for Azure AD only, but the SDK hasn't been correctly configured and is sending to the incorrect API.
This indicates that the Application Insights resource has been configured for Az
Next steps should be to review the SDK configuration.
-#### HTTP/1.1 401 Unauthorized - please provide the valid authorization token
+#### HTTP/1.1 401 Authorization required
This indicates that the SDK has been correctly configured, but was unable to acquire a valid token. This may indicate an issue with Azure Active Directory. Next steps should be to identify exceptions in the SDK logs or network errors from Azure Identity.
-#### HTTP/1.1 403 Forbidden - provided credentials do not grant the access to ingest the telemetry into the component
+#### HTTP/1.1 403 Unauthorized
This indicates that the SDK has been configured with credentials that haven't been given permission to the Application Insights resource or subscription.
azure-monitor Ilogger https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/ilogger.md
# Application Insights logging with .NET
-In this article you'll learn how to capture logs with Application Insights in .NET apps using several NuGet packages:
+In this article, you'll learn how to capture logs with Application Insights in .NET apps by using several NuGet packages:
- **Core package:** - [`Microsoft.Extensions.Logging.ApplicationInsights`][nuget-ai]
In this article you'll learn how to capture logs with Application Insights in .N
> [!TIP] > The [`Microsoft.ApplicationInsights.WorkerService`][nuget-ai-ws] NuGet package is beyond the scope of this article. It can be used to enable Application Insights for background services. For more information, see [Application Insights for Worker Service apps](./worker-service.md).
-Depending on the Application Insights logging package you use, there will be various ways to register the `ApplicationInsightsLoggerProvider`. The `ApplicationInsightsLoggerProvider` is an implementation of <xref:Microsoft.Extensions.Logging.ILoggerProvider>, which is responsible for providing <xref:Microsoft.Extensions.Logging.ILogger> and <xref:Microsoft.Extensions.Logging.ILogger%601> implementations.
+Depending on the Application Insights logging package that you use, there will be various ways to register `ApplicationInsightsLoggerProvider`. `ApplicationInsightsLoggerProvider` is an implementation of <xref:Microsoft.Extensions.Logging.ILoggerProvider>, which is responsible for providing <xref:Microsoft.Extensions.Logging.ILogger> and <xref:Microsoft.Extensions.Logging.ILogger%601> implementations.
## ASP.NET Core applications
-To add Application Insights telemetry to ASP.NET Core applications, use the `Microsoft.ApplicationInsights.AspNetCore` NuGet package. This can be configured through [Visual Studio as a Connected service](/visualstudio/azure/azure-app-insights-add-connected-service), or manually.
+To add Application Insights telemetry to ASP.NET Core applications, use the `Microsoft.ApplicationInsights.AspNetCore` NuGet package. You can configure this through [Visual Studio as a connected service](/visualstudio/azure/azure-app-insights-add-connected-service), or manually.
-By default, ASP.NET Core applications have Application Insights logging provider registered when configured using the [Code](./asp-net-core.md) or [Code-less](./azure-web-apps.md?tabs=netcore#enable-agent-based-monitoring) approach. The registered provider is configured to automatically capture log events with a severity of <xref:Microsoft.Extensions.Logging.LogLevel.Warning?displayProperty=nameWithType> or greater. Severity and categories may be customized. For more information, see [Control logging level](#control-logging-level).
+By default, ASP.NET Core applications have an Application Insights logging provider registered when they're configured through the [code](./asp-net-core.md) or [codeless](./azure-web-apps.md?tabs=netcore#enable-agent-based-monitoring) approach. The registered provider is configured to automatically capture log events with a severity of <xref:Microsoft.Extensions.Logging.LogLevel.Warning?displayProperty=nameWithType> or greater. You can customize severity and categories. For more information, see [Logging level](#logging-level).
1. Ensure that the NuGet package is installed:
By default, ASP.NET Core applications have Application Insights logging provider
} ```
-With the NuGet package installed, and the provider being registered with dependency injection, the app is ready to log. With constructor injection, either <xref:Microsoft.Extensions.Logging.ILogger> or the generic-type alternative <xref:Microsoft.Extensions.Logging.ILogger%601> is required. When these implementations are resolved, the `ApplicationInsightsLoggerProvider` will be providing them. Messages or exceptions logged will be sent to Application Insights. Consider the following example controller:
+With the NuGet package installed, and the provider being registered with dependency injection, the app is ready to log. With constructor injection, either <xref:Microsoft.Extensions.Logging.ILogger> or the generic-type alternative <xref:Microsoft.Extensions.Logging.ILogger%601> is required. When these implementations are resolved, `ApplicationInsightsLoggerProvider` will provide them. Logged messages or exceptions will be sent to Application Insights.
+
+Consider the following example controller:
```csharp public class ValuesController : ControllerBase
For more information, see [Logging in ASP.NET Core](/aspnet/core/fundamentals/lo
### Capture logs within ASP.NET Core startup code
-Some scenarios require capturing logs as part of the app startup routine, prior to the request-response pipeline being ready to accept requests. However, `ILogger` implementations aren't easily available from dependency injection in *Program.cs* and *Startup.cs*. For more information, see [Logging in .NET: Create logs in `Main`](/dotnet/core/extensions/logging?tabs=command-line#create-logs-in-main).
+Some scenarios require capturing logs as part of the app startup routine, before the request-response pipeline is ready to accept requests. However, `ILogger` implementations aren't easily available from dependency injection in *Program.cs* and *Startup.cs*. For more information, see [Logging in .NET: Create logs in Main](/dotnet/core/extensions/logging?tabs=command-line#create-logs-in-main).
-There are several applicable limitations when logging from *Program.cs* and *Startup.cs*:
+There are several limitations when you're logging from *Program.cs* and *Startup.cs*:
-* Telemetry is sent using the [InMemoryChannel](./telemetry-channels.md) telemetry channel.
+* Telemetry is sent through the [InMemoryChannel](./telemetry-channels.md) telemetry channel.
* No [sampling](./sampling.md) is applied to telemetry. * Standard [telemetry initializers or processors](./api-filtering-sampling.md) are not available.
-The following examples demonstrate this by explicitly instantiating and configuring *Program.cs* and *Startup.cs*:
+The following examples demonstrate this by explicitly instantiating and configuring *Program.cs* and *Startup.cs*.
#### Example Program.cs
namespace WebApplication
{ // Providing an instrumentation key is required if you're using the // standalone Microsoft.Extensions.Logging.ApplicationInsights package,
- // or when you need to capture logs during application startup, for example
- // in the Program.cs or Startup.cs itself.
+ // or when you need to capture logs during application startup, such as
+ // in Program.cs or Startup.cs itself.
builder.AddApplicationInsights( context.Configuration["APPINSIGHTS_CONNECTIONSTRING"]);
namespace WebApplication
} ```
-In the preceding code, the `ApplicationInsightsLoggerProvider` is configured with your `"APPINSIGHTS_CONNECTIONSTRING"` connection string, and filters are applied, setting the log level to <xref:Microsoft.Extensions.Logging.LogLevel.Trace?displayProperty=nameWithType>.
+In the preceding code, `ApplicationInsightsLoggerProvider` is configured with your `"APPINSIGHTS_CONNECTIONSTRING"` connection string. Filters are applied, setting the log level to <xref:Microsoft.Extensions.Logging.LogLevel.Trace?displayProperty=nameWithType>.
> [!IMPORTANT]
-> [Connection Strings](./sdk-connection-string.md?tabs=net) are recommended over instrumentation keys. New Azure regions **require** the use of connection strings instead of instrumentation keys. Connection string identifies the resource that you want to associate your telemetry data with. It also allows you to modify the endpoints your resource will use as a destination for your telemetry. You will need to copy the connection string and add it to your application's code or to an environment variable.
+> We recommend [connection strings](./sdk-connection-string.md?tabs=net) over instrumentation keys. New Azure regions *require* the use of connection strings instead of instrumentation keys.
+>
+> A connection string identifies the resource that you want to associate with your telemetry data. It also allows you to modify the endpoints that your resource will use as a destination for your telemetry. You'll need to copy the connection string and add it to your application's code or to an environment variable.
#### Example Startup.cs
namespace WebApplication
## Console application
-Packages installed:
+Here are the installed packages:
```xml <ItemGroup>
namespace ConsoleApp
} finally {
- // Explicitly call Flush() followed by delay is required in Console Apps.
- // This is to ensure that even if application terminates, telemetry is sent to the back-end.
+ // Explicitly call Flush() followed by Delay, as required in console apps.
+ // This ensures that even if the application terminates, telemetry is sent to the back end.
channel.Flush(); await Task.Delay(TimeSpan.FromMilliseconds(1000));
namespace ConsoleApp
```
-In the preceding example, the `Microsoft.Extensions.Logging.ApplicationInsights` package is used. By default, this configuration uses the "bare minimum" `TelemetryConfiguration` for sending data to Application Insights. Bare minimum means that `InMemoryChannel` is the channel that's used. There's no sampling and no standard `TelemetryInitializer`. This behavior can be overridden for a console application, as the following example shows.
+The preceding example uses the `Microsoft.Extensions.Logging.ApplicationInsights` package. By default, this configuration uses the "bare minimum" `TelemetryConfiguration` setup for sending data to Application Insights: the `InMemoryChannel` channel. There's no sampling and no standard `TelemetryInitializer` instance. You can override this behavior for a console application, as the following example shows.
Install this additional package:
Install this additional package:
<PackageReference Include="Microsoft.ApplicationInsights.WindowsServer.TelemetryChannel" Version="2.17.0" /> ```
-The following section shows how to override the default `TelemetryConfiguration` by using the <xref:Microsoft.Extensions.Options.ConfigureOptions%601.Configure(%600)> method. This example sets up `ServerTelemetryChannel` and sampling. It adds a custom ITelemetryInitializer to the TelemetryConfiguration.
+The following section shows how to override the default `TelemetryConfiguration` setup by using the <xref:Microsoft.Extensions.Options.ConfigureOptions%601.Configure(%600)> method. This example sets up `ServerTelemetryChannel` and sampling. It adds a custom `TelemetryInitializer` instance to `TelemetryConfiguration`.
```csharp using Microsoft.ApplicationInsights.Extensibility;
namespace ConsoleApp
{ config.TelemetryChannel = channel;
- // Optional: implement your own TelemetryInitializer and configure it here
+ // Optional: implement your own TelemetryInitializer instance and configure it here
// config.TelemetryInitializers.Add(new MyTelemetryInitializer()); config.DefaultTelemetrySink.TelemetryProcessorChainBuilder.UseSampling(5);
namespace ConsoleApp
} finally {
- // Explicitly call Flush() followed by delay is required in Console Apps.
- // This is to ensure that even if application terminates, telemetry is sent to the back-end.
+ // Explicitly call Flush() followed by Delay, as required in console apps.
+ // This ensures that even if the application terminates, telemetry is sent to the back end.
channel.Flush(); await Task.Delay(TimeSpan.FromMilliseconds(1000));
namespace ConsoleApp
} ```
-## Control logging level
+## Logging level
-`ILogger` implementations have a built-in mechanism to apply [log filtering](/dotnet/core/extensions/logging#how-filtering-rules-are-applied). This lets you control the logs that are sent to each registered provider, including the Application Insights provider. The filtering can be done either in configuration, for example using an *appsettings.json* file, or in code.
+`ILogger` implementations have a built-in mechanism to apply [log filtering](/dotnet/core/extensions/logging#how-filtering-rules-are-applied). This filtering lets you control the logs that are sent to each registered provider, including the Application Insights provider. You can use the filtering either in configuration (for example, by using an *appsettings.json* file) or in code.
The following examples show how to apply filter rules to `ApplicationInsightsLoggerProvider`. ### Create filter rules in configuration with appsettings.json
-The `ApplicationInsightsLoggerProvider` is aliased as "ApplicationInsights". The following section of *appsettings.json* overrides the default <xref:Microsoft.Extensions.Logging.LogLevel.Warning?displayProperty=nameWithType> log level of Application Insights to log categories that start with "Microsoft" at level <xref:Microsoft.Extensions.Logging.LogLevel.Error?displayProperty=nameWithType> and above.
+`ApplicationInsightsLoggerProvider` is aliased as "ApplicationInsights." The following section of *appsettings.json* overrides the default <xref:Microsoft.Extensions.Logging.LogLevel.Warning?displayProperty=nameWithType> log level of Application Insights to log categories that start with "Microsoft" at level <xref:Microsoft.Extensions.Logging.LogLevel.Error?displayProperty=nameWithType> and higher.
```json {
The `ApplicationInsightsLoggerProvider` is aliased as "ApplicationInsights". The
### Create filter rules in code
-The following code snippet configures logs to <xref:Microsoft.Extensions.Logging.LogLevel.Warning?displayProperty=nameWithType> and above from all categories and for <xref:Microsoft.Extensions.Logging.LogLevel.Error?displayProperty=nameWithType> and above from categories that start with "Microsoft" to be sent to `ApplicationInsightsLoggerProvider`.
+The following code snippet configures logs to be sent to `ApplicationInsightsLoggerProvider` for these items:
+
+- <xref:Microsoft.Extensions.Logging.LogLevel.Warning?displayProperty=nameWithType> and higher from all categories
+- <xref:Microsoft.Extensions.Logging.LogLevel.Error?displayProperty=nameWithType> and higher from categories that start with "Microsoft"
```csharp Host.CreateDefaultBuilder(args)
This preceding code is functionally equivalent to the previous section in *appse
## Logging scopes
-The `ApplicationInsightsLoggingProvider` supports [Log scopes](/dotnet/core/extensions/logging#log-scopes), and scopes are enabled by default. If the scope is of type `IReadOnlyCollection<KeyValuePair<string,object>>`, then each key-value pair in the collection is added to the Application Insights telemetry as custom properties. In the example below, logs will be captured as `TraceTelemetry` and will have `("MyKey", "MyValue")` in properties.
+`ApplicationInsightsLoggingProvider` supports [log scopes](/dotnet/core/extensions/logging#log-scopes). Scopes are enabled by default.
+
+If the scope is of type `IReadOnlyCollection<KeyValuePair<string,object>>`, then each key/value pair in the collection is added to the Application Insights telemetry as custom properties. In the following example, logs will be captured as `TraceTelemetry` and will have `("MyKey", "MyValue")` in properties.
```csharp using (_logger.BeginScope(new Dictionary<string, object> { ["MyKey"] = "MyValue" }))
using (_logger.BeginScope(new Dictionary<string, object> { ["MyKey"] = "MyValue"
} ```
-If any other type is used as Scope, then they will be stored under the property "Scope" in application insights telemetry. In the example below, the `TraceTelemetry` will have a property called "Scope" containing the scope.
+If any other type is used as a scope, it will be stored under the property `Scope` in Application Insights telemetry. In the following example, `TraceTelemetry` will have a property called `Scope` that contains the scope.
```csharp using (_logger.BeginScope("hello scope"))
If any other type is used as Scope, then they will be stored under the property
### What are the old and new versions of ApplicationInsightsLoggerProvider?
-[Microsoft.ApplicationInsights.AspNet SDK](https://www.nuget.org/packages/Microsoft.ApplicationInsights.AspNetCore) included a built-in ApplicationInsightsLoggerProvider (Microsoft.ApplicationInsights.AspNetCore.Logging.ApplicationInsightsLoggerProvider), which was enabled through **ILoggerFactory** extension methods. This provider is marked obsolete from version 2.7.1. It will be removed completely in the next major version change. The [Microsoft.ApplicationInsights.AspNetCore 2.6.1](https://www.nuget.org/packages/Microsoft.ApplicationInsights.AspNetCore) package itself isn't obsolete. It's required to enable monitoring of requests, dependencies, and so on.
+The [Microsoft.ApplicationInsights.AspNet SDK](https://www.nuget.org/packages/Microsoft.ApplicationInsights.AspNetCore) included a built-in `ApplicationInsightsLoggerProvider` (`Microsoft.ApplicationInsights.AspNetCore.Logging.ApplicationInsightsLoggerProvider`) instance, which was enabled through `ILoggerFactory` extension methods. This provider is marked obsolete from version 2.7.1. It's slated to be removed completely in the next major version change.
-The suggested alternative is the new standalone package [Microsoft.Extensions.Logging.ApplicationInsights](https://www.nuget.org/packages/Microsoft.Extensions.Logging.ApplicationInsights), which contains an improved ApplicationInsightsLoggerProvider (Microsoft.Extensions.Logging.ApplicationInsights.ApplicationInsightsLoggerProvider) and extension methods on ILoggerBuilder for enabling it.
+The [Microsoft.ApplicationInsights.AspNetCore 2.6.1](https://www.nuget.org/packages/Microsoft.ApplicationInsights.AspNetCore) package itself isn't obsolete. It's required to enable monitoring of items like requests and dependencies.
-[Microsoft.ApplicationInsights.AspNet SDK](https://www.nuget.org/packages/Microsoft.ApplicationInsights.AspNetCore) version 2.7.1 takes a dependency on the new package and enables ILogger capture automatically.
+The suggested alternative is the new standalone package [Microsoft.Extensions.Logging.ApplicationInsights](https://www.nuget.org/packages/Microsoft.Extensions.Logging.ApplicationInsights), which contains an improved `ApplicationInsightsLoggerProvider` instance (`Microsoft.Extensions.Logging.ApplicationInsights.ApplicationInsightsLoggerProvider`) and extension methods on `ILoggerBuilder` for enabling it.
+
+[Microsoft.ApplicationInsights.AspNet SDK](https://www.nuget.org/packages/Microsoft.ApplicationInsights.AspNetCore) version 2.7.1 takes a dependency on the new package and enables `ILogger` capture automatically.
### Why are some ILogger logs shown twice in Application Insights?
-Duplication can occur if you have the older (now obsolete) version of ApplicationInsightsLoggerProvider enabled by calling `AddApplicationInsights` on `ILoggerFactory`. Check if your **Configure** method has
- the following, and remove it:
+Duplication can occur if you have the older (now obsolete) version of `ApplicationInsightsLoggerProvider` enabled by calling `AddApplicationInsights` on `ILoggerFactory`. Check if your `Configure` method has the following code, and remove it:
```csharp public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
Duplication can occur if you have the older (now obsolete) version of Applicatio
} ```
-If you experience double logging when you debug from Visual Studio, set `EnableDebugLogger` to `false` in the code that enables Application Insights, as follows. This duplication and fix is only relevant when you're debugging the application.
+If you experience double logging when you debug from Visual Studio, set `EnableDebugLogger` to `false` in the code that enables Application Insights, as follows. This duplication and fix are relevant only when you're debugging the application.
```csharp public void ConfigureServices(IServiceCollection services)
public void ConfigureServices(IServiceCollection services)
} ```
-### I updated to [Microsoft.ApplicationInsights.AspNet SDK](https://www.nuget.org/packages/Microsoft.ApplicationInsights.AspNetCore) version 2.7.1, and logs from ILogger are captured automatically. How do I turn off this feature completely?
-
-See the [Control logging level](#control-logging-level) section to see how to filter logs in general. To turn-off ApplicationInsightsLoggerProvider, use `LogLevel.None`:
+### I updated to Microsoft.ApplicationInsights.AspNet SDK version 2.7.1, and logs from ILogger are captured automatically. How do I turn off this feature completely?
-In your configure logging call, where `builder` is an <xref:Microsoft.Extensions.Logging.ILoggingBuilder>:
+See the [Logging level](#logging-level) section to see how to filter logs in general. To turn off `ApplicationInsightsLoggerProvider`, use `LogLevel.None` in your call for configuring logging. In the following command, `builder` is <xref:Microsoft.Extensions.Logging.ILoggingBuilder>.
```csharp builder.AddFilter<ApplicationInsightsLoggerProvider>("", LogLevel.None); ```
-From the *appsettings.json* file:
+Here's the change in the *appsettings.json* file:
```json {
From the *appsettings.json* file:
### Why do some ILogger logs not have the same properties as others?
-Application Insights captures and sends ILogger logs by using the same TelemetryConfiguration that's used for every other telemetry. But there's an exception. By default, TelemetryConfiguration is not fully set up when you log from *Program.cs* or *Startup.cs*. Logs from these places won't have the default configuration, so they won't be running all TelemetryInitializers and TelemetryProcessors.
+Application Insights captures and sends `ILogger` logs by using the same `TelemetryConfiguration` information that's used for every other telemetry. But there's an exception. By default, `TelemetryConfiguration` is not fully set up when you log from *Program.cs* or *Startup.cs*. Logs from these places won't have the default configuration, so they won't be running all `TelemetryInitializer` instances and `TelemetryProcessor` instances.
### I'm using the standalone package Microsoft.Extensions.Logging.ApplicationInsights, and I want to log some additional custom telemetry manually. How should I do that?
-When you use the standalone package, `TelemetryClient` is not injected to the DI container, so you need to create a new instance of `TelemetryClient` and use the same configuration as the logger provider uses, as the following code shows. This ensures that the same configuration is used for all custom telemetry as well as telemetry from ILogger.
+When you use the standalone package, `TelemetryClient` is not injected to the dependency injection (DI) container. You need to create a new instance of `TelemetryClient` and use the same configuration that the logger provider uses, as the following code shows. This ensures that the same configuration is used for all custom telemetry and telemetry from `ILogger`.
```csharp public class MyController : ApiController {
- // This TelemetryClient can be used to track additional telemetry using TrackXXX() api.
+ // This TelemetryClient instance can be used to track additional telemetry through the TrackXXX() API.
private readonly TelemetryClient _telemetryClient; private readonly ILogger _logger;
public class MyController : ApiController
> [!NOTE] > If you use the `Microsoft.ApplicationInsights.AspNetCore` package to enable Application Insights, modify this code to get `TelemetryClient` directly in the constructor. For an example, see [this FAQ](./asp-net-core.md#frequently-asked-questions).
-### What Application Insights telemetry type is produced from ILogger logs? Or where can I see ILogger logs in Application Insights?
+### What Application Insights telemetry type is produced from ILogger logs? Where can I see ILogger logs in Application Insights?
+
+`ApplicationInsightsLoggerProvider` captures `ILogger` logs and creates `TraceTelemetry` from them. If an `Exception` object is passed to the `Log` method on `ILogger`, `ExceptionTelemetry` is created instead of `TraceTelemetry`.
-ApplicationInsightsLoggerProvider captures ILogger logs and creates TraceTelemetry from them. If an Exception object is passed to the `Log` method on `ILogger`, *ExceptionTelemetry* is created instead of TraceTelemetry. These telemetry items can be found in same places as any other TraceTelemetry or ExceptionTelemetry for Application Insights, including portal, analytics, or Visual Studio local debugger.
+These telemetry items can be found in the same places as any other `TraceTelemetry` or `ExceptionTelemetry` items for Application Insights, including the Azure portal, analytics, or the Visual Studio local debugger.
If you prefer to always send `TraceTelemetry`, use this snippet:
azure-monitor Ip Collection https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/ip-collection.md
Title: Azure Application Insights IP address collection | Microsoft Docs
-description: Understanding how IP addresses and geolocation are handled with Azure Application Insights
+description: Understand how Application Insights handles IP addresses and geolocation.
Last updated 09/23/2020
# Geolocation and IP address handling
-This article explains how geolocation lookup and IP address handling work in Application Insights along with how to modify the default behavior.
+This article explains how geolocation lookup and IP address handling work in Application Insights, along with how to modify the default behavior.
## Default behavior
-By default IP addresses are temporarily collected, but not stored in Application Insights. The basic process is as follows:
+By default, IP addresses are temporarily collected but not stored in Application Insights. The basic process is as follows:
-When telemetry is sent to Azure, the IP address is used to do a geolocation lookup using [GeoLite2 from MaxMind](https://dev.maxmind.com/geoip/geoip2/geolite2/). The results of this lookup are used to populate the fields `client_City`, `client_StateOrProvince`, and `client_CountryOrRegion`. The address is then discarded and `0.0.0.0` is written to the `client_IP` field.
+When telemetry is sent to Azure, Application Insights uses the IP address to do a geolocation lookup by using [GeoLite2 from MaxMind](https://dev.maxmind.com/geoip/geoip2/geolite2/). Application Insights uses the results of this lookup to populate the fields `client_City`, `client_StateOrProvince`, and `client_CountryOrRegion`. The address is then discarded, and `0.0.0.0` is written to the `client_IP` field.
-* Browser telemetry: We temporarily collect the sender's IP address. IP address is calculated by the ingestion endpoint.
-* Server telemetry: The Application Insights telemetry module temporarily collects the client IP address. IP address isn't collected locally when the `X-Forwarded-For` header is set. When the incoming list of IPs has more than one IP address, the last IP is used to populate geolocation fields.
+The telemetry types are:
-This behavior is by design to help avoid unnecessary collection of personal data. Whenever possible, we recommend avoiding the collection of personal data.
+* Browser telemetry: Application Insights collects the sender's IP address. The ingestion endpoint calculates the IP address.
+* Server telemetry: The Application Insights telemetry module temporarily collects the client IP address. The IP address isn't collected locally when the `X-Forwarded-For` header is set. When the incoming list of IP address has more than one item, the last IP address is used to populate geolocation fields.
-## Overriding default behavior
+This behavior is by design to help avoid unnecessary collection of personal data. Whenever possible, we recommend avoiding the collection of personal data.
-While the default is to not collect IP addresses, we still offer the flexibility to override this behavior. However, we recommend verifying that collection doesn't break any compliance requirements or local regulations.
+> [!NOTE]
+> Although the default is to not collect IP addresses, you can override this behavior. We recommend verifying that the collection doesn't break any compliance requirements or local regulations.
+>
+> To learn more about handling personal data in Application Insights, consult the [guidance for personal data](../logs/personal-data-mgmt.md).
-To learn more about personal data handling in Application Insights, consult the [guidance for personal data](../logs/personal-data-mgmt.md).
-## Storing IP address data
+## Storage of IP address data
-To enable IP collection and storage, the `DisableIpMasking` property of the Application Insights component must be set to `true`. This property can be set through Azure Resource Manager templates or by calling the REST API.
+To enable IP collection and storage, the `DisableIpMasking` property of the Application Insights component must be set to `true`. You can set this property through Azure Resource Manager templates or by calling the REST API.
-### Azure Resource Manager Template
+### Azure Resource Manager template
```json {
To enable IP collection and storage, the `DisableIpMasking` property of the Appl
If you only need to modify the behavior for a single Application Insights resource, use the Azure portal.
-1. Go your Application Insights resource > **Automation** > **Export Template**
+1. Go your Application Insights resource, and then select **Automation** > **Export Template**.
-2. Select **Deploy**
+2. Select **Deploy**.
- ![Button with word "Deploy" highlighted in red](media/ip-collection/deploy.png)
+ ![Screenshot that shows the Deploy button highlighted in red.](media/ip-collection/deploy.png)
3. Select **Edit Template**.
- ![Button with word "Edit" highlighted in red](media/ip-collection/edit-template.png)
+ ![Screenshot that shows the Edit button highlighted in red, along with a warning about the resource group.](media/ip-collection/edit-template.png)
-4. Make the following changes to the json for your resource and then select **Save**:
+ > [!NOTE]
+ > If you experience the following error (as shown in the screenshot), you can resolve it: "The resource group is in a location that is not supported by one or more resources in the template. Please choose a different resource group." Temporarily select a different resource group from the dropdown list and then re-select your original resource group.
- ![Screenshot adds a comma after "IbizaAIExtension" and add a new line below with "DisableIpMasking": true](media/ip-collection/save.png)
+4. In the JSON template locate `properties` inside `resources`, add a comma to the last JSON field, and then add the following new line: `"DisableIpMasking": true`. Then select **Save**.
- > [!WARNING]
- > If you experience an error that says: **_The resource group is in a location that is not supported by one or more resources in the template. Please choose a different resource group._** Temporarily select a different resource group from the dropdown and then re-select your original resource group to resolve the error.
+ ![Screenshot that shows the addition of a comma and a new line after the property for request source.](media/ip-collection/save.png)
5. Select **Review + create** > **Create**. > [!NOTE]
- > If you see "Your deployment failed", look through your deployment details for the one with type "microsoft.insights/components" and check the status. If that one succeeds then the changes made to DisableIpMasking were deployed.
+ > If you see "Your deployment failed," look through your deployment details for the one with the type `microsoft.insights/components` and check the status. If that one succeeds, the changes made to `DisableIpMasking` were deployed.
-6. Once the deployment is complete, new telemetry data will be recorded.
+6. After the deployment is complete, new telemetry data will be recorded.
- If you select and edit the template again, you'll only see the default template without the newly added property. If you aren't seeing IP address data and want to confirm that `"DisableIpMasking": true` is set, run the following PowerShell:
+ If you select and edit the template again, you'll see only the default template without the newly added property. If you aren't seeing IP address data and want to confirm that `"DisableIpMasking": true` is set, run the following PowerShell commands:
```powershell # Replace `Fabrikam-dev` with the appropriate resource and resource group name.
- # If you aren't using the cloud shell you will need to connect to your Azure account
+ # If you aren't using Azure Cloud Shell, you need to connect to your Azure account
# Connect-AzAccount $AppInsights = Get-AzResource -Name 'Fabrikam-dev' -ResourceType 'microsoft.insights/components' -ResourceGroupName 'Fabrikam-dev' $AppInsights.Properties ```
- A list of properties will be returned as a result. One of the properties should read `DisableIpMasking: true`. If you run the PowerShell before deploying the new property with Azure Resource Manager, the property won't exist.
+ A list of properties is returned as a result. One of the properties should read `DisableIpMasking: true`. If you run the PowerShell commands before deploying the new property with Azure Resource Manager, the property won't exist.
### Rest API
Content-Length: 54
## Telemetry initializer
-If you need a more flexible alternative than `DisableIpMasking`, you can use a [telemetry initializer](./api-filtering-sampling.md#addmodify-properties-itelemetryinitializer) to copy all or part the IP address to a custom field.
+If you need a more flexible alternative than `DisableIpMasking`, you can use a [telemetry initializer](./api-filtering-sampling.md#addmodify-properties-itelemetryinitializer) to copy all or part of the IP address to a custom field.
# [.NET](#tab/net)
-### ASP.NET / ASP.NET Core
+### ASP.NET or ASP.NET Core
```csharp using Microsoft.ApplicationInsights.Channel;
namespace MyWebApp
``` > [!NOTE]
-> If you are unable to access `ISupportProperties`, check and make sure you are running the latest stable release of the Application Insights SDK. `ISupportProperties` are intended for high cardinality values, whereas `GlobalProperties` are more appropriate for low cardinality values like region name, environment name, etc.
+> If you can't access `ISupportProperties`, make sure you're running the latest stable release of the Application Insights SDK. `ISupportProperties` is intended for high cardinality values. `GlobalProperties` is more appropriate for low cardinality values like region name and environment name.
-### Enable telemetry initializer for ASP.NET
+### Enable the telemetry initializer for ASP.NET
```csharp using Microsoft.ApplicationInsights.Extensibility;
namespace MyWebApp
```
-### Enable telemetry initializer for ASP.NET Core
+### Enable the telemetry initializer for ASP.NET Core
-You can create your telemetry initializer the same way for ASP.NET Core as ASP.NET but to enable the initializer, use the following example for reference:
+You can create your telemetry initializer the same way for ASP.NET Core as for ASP.NET. To enable the initializer, use the following example for reference:
```csharp using Microsoft.ApplicationInsights.Extensibility;
appInsights.defaultClient.addTelemetryProcessor((envelope) => {
### Client-side JavaScript
-Unlike the server-side SDKs, the client-side JavaScript SDK doesn't calculate IP address. By default IP address calculation for client-side telemetry occurs at the ingestion endpoint in Azure.
+Unlike the server-side SDKs, the client-side JavaScript SDK doesn't calculate an IP address. By default, IP address calculation for client-side telemetry occurs at the ingestion endpoint in Azure.
-If you want to calculate IP address directly on the client-side, you would need to add your own custom logic and use the result to set the `ai.location.ip` tag. When `ai.location.ip` is set, IP address calculation is not performed by the ingestion endpoint, and the provided IP address is used for the geolocation lookup. In this scenario, IP address will still be zeroed out by default.
+If you want to calculate the IP address directly on the client side, you need to add your own custom logic and use the result to set the `ai.location.ip` tag. When `ai.location.ip` is set, the ingestion endpoint doesn't perform IP address calculation, and the provided IP address is used for the geolocation lookup. In this scenario, the IP address is still zeroed out by default.
-To keep the entire IP address calculated from your custom logic, you could use a telemetry initializer that would copy the IP address data you provided in `ai.location.ip` to a separate custom field. But again unlike the server-side SDKs, without relying on third-party libraries or your own custom collection logic the client-side SDK won't calculate the address for you.
+To keep the entire IP address calculated from your custom logic, you could use a telemetry initializer that would copy the IP address data that you provided in `ai.location.ip` to a separate custom field. But again, unlike the server-side SDKs, the client-side SDK won't calculate the address for you if it can't rely on third-party libraries or your own custom logic.
```javascript
appInsights.addTelemetryInitializer((item) => {
```
-If client-side data traverses a proxy before forwarding to the ingestion endpoint, IP address calculation could show the IP address of the proxy and not the client.
+If client-side data traverses a proxy before forwarding to the ingestion endpoint, IP address calculation might show the IP address of the proxy and not the client.
### View the results of your telemetry initializer
-If you send new traffic to your site, and wait a few minutes. You can then run a query to confirm collection is working:
+If you send new traffic to your site and wait a few minutes, you can then run a query to confirm that the collection is working:
```kusto requests
requests
| project appName, operation_Name, url, resultCode, client_IP, customDimensions.["client-ip"] ```
-Newly collected IP addresses will appear in the `customDimensions_client-ip` column. The default `client-ip` column will still have all four octets either zeroed out.
+Newly collected IP addresses will appear in the `customDimensions_client-ip` column. The default `client-ip` column will still have all four octets zeroed out.
-If testing from localhost, and the value for `customDimensions_client-ip` is `::1`, this value is expected behavior. `::1` represents the loopback address in IPv6. It's equivalent to `127.0.0.1` in IPv4.
+If you're testing from localhost, and the value for `customDimensions_client-ip` is `::1`, this value is expected behavior. The `::1` value represents the loopback address in IPv6. It's equivalent to `127.0.0.1` in IPv4.
-## Next Steps
+## Next steps
* Learn more about [personal data collection](../logs/personal-data-mgmt.md) in Application Insights.
-* Learn more about how [IP address collection](https://apmtips.com/posts/2016-07-05-client-ip-address/) in Application Insights works. (This article an older external blog post written by one of our engineers. It predates the current default behavior where IP address is recorded as `0.0.0.0`, but it goes into greater depth on the mechanics of the built-in `ClientIpHeaderTelemetryInitializer`.)
+* Learn more about how [IP address collection](https://apmtips.com/posts/2016-07-05-client-ip-address/) in Application Insights works. This article an older external blog post written by one of our engineers. It predates the current default behavior where the IP address is recorded as `0.0.0.0`, but it goes into greater depth on the mechanics of the built-in telemetry initializer.
azure-monitor Monitor Web App Availability https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/monitor-web-app-availability.md
Title: Monitor availability with URL ping tests- Azure Monitor
+ Title: Monitor availability with URL ping tests - Azure Monitor
description: Set up ping tests in Application Insights. Get alerts if a website becomes unavailable or responds slowly. Last updated 07/13/2021
# Monitor availability with URL ping tests
-The name "URL ping test" is a bit of a misnomer. To be clear, these tests are not making any use of ICMP (Internet Control Message Protocol) to check your site's availability. Instead they use more advanced HTTP request functionality to validate whether an endpoint is responding. They also measure the performance associated with that response, and adds the ability to set custom success criteria coupled with more advanced features like parsing dependent requests, and allowing for retries.
+The name *URL ping test* is a bit of a misnomer. These tests don't use Internet Control Message Protocol (IMCP) to check your site's availability. Instead, they use more advanced HTTP request functionality to validate whether an endpoint is responding. They measure the performance associated with that response. They also add the ability to set custom success criteria, coupled with more advanced features like parsing dependent requests and allowing for retries.
-In order to create an availability test, you need use an existing Application Insights resource or [create an Application Insights resource](create-new-resource.md).
+To create an availability test, you need use an existing Application Insights resource or [create an Application Insights resource](create-new-resource.md).
> [!NOTE]
-> URL ping tests are categorized as classic tests and can be found under **Add Classic Test** in the Availability pane. For more advanced features, see [Standard tests (preview)](availability-standard-tests.md)
+> URL ping tests are categorized as classic tests. You can find them under **Add Classic Test** on the **Availability** pane. For more advanced features, see [Standard tests (preview)](availability-standard-tests.md).
## Create a test To create your first availability request:
-1. In your Application Insights resource open the Availability pane and selectΓÇ» **Add Classic Test**.
+1. In your Application Insights resource, open the **Availability** pane and selectΓÇ» **Add Classic Test**.
- :::image type="content" source="./media/monitor-web-app-availability/create-test.png" alt-text="Screenshot of create of create a test." lightbox ="./media/monitor-web-app-availability/create-test.png":::
-1. Name your test and select "URL ping " as the *SKU*.
-1. Enter the URL you wish to test.
-1. Adjust the settings to your needs ( explanation below) and select **Create**.
+ :::image type="content" source="./media/monitor-web-app-availability/create-test.png" alt-text="Screenshot that shows the Availability pane and the button for adding a classic test." lightbox ="./media/monitor-web-app-availability/create-test.png":::
+1. Name your test and select **URL ping** for **SKU**.
+1. Enter the URL that you want to test.
+1. Adjust the settings (described in the following table) to your needs and select **Create**.
-|Setting| Explanation |
-|-|-|
-|**URL** | The URL can be any web page you want to test, but it must be visible from the public internet. The URL can include a query string. So, for example, you can exercise your database a little. If the URL resolves to a redirect, we follow it up to 10 redirects.|
-|**Parse dependent requests**| Test requests images, scripts, style files, and other files that are part of the web page under test. The recorded response time includes the time taken to get these files. The test fails if any of these resources cannot be successfully downloaded within the timeout for the whole test. If the option is not checked, the test only requests the file at the URL you specified. Enabling this option results in a stricter check. The test could fail for cases, which may not be noticeable when manually browsing the site.
-|**Enable retries**|when the test fails, it is retried after a short interval. A failure is reported only if three successive attempts fail. Subsequent tests are then performed at the usual test frequency. Retry is temporarily suspended until the next success. This rule is applied independently at each test location. **We recommend this option**. On average, about 80% of failures disappear on retry.|
-|**Test frequency**| Sets how often the test is run from each test location. With a default frequency of five minutes and five test locations, your site is tested on average every minute.|
-|**Test locations**| Are the places from where our servers send web requests to your URL. **Our minimum number of recommended test locations is five** in order to insure that you can distinguish problems in your website from network issues. You can select up to 16 locations.
+ |Setting| Explanation |
+ |-|-|
+ |**URL** | The URL can be any webpage that you want to test, but it must be visible from the public internet. The URL can include a query string. For example, you can exercise your database a little. If the URL resolves to a redirect, you can follow it up to 10 redirects.|
+ |**Parse dependent requests**| The test requests images, scripts, style files, and other files that are part of the webpage under test. The recorded response time includes the time taken to get these files. The test fails if any of these resources can't be successfully downloaded within the timeout for the whole test. If the option is not enabled, the test only requests the file at the URL that you specified. Enabling this option results in a stricter check. The test might fail for cases that aren't noticeable from manually browsing through the site.
+ |**Enable retries**|When the test fails, it's retried after a short interval. A failure is reported only if three successive attempts fail. Subsequent tests are then performed at the usual test frequency. Retry is temporarily suspended until the next success. This rule is applied independently at each test location. *We recommend this option*. On average, about 80 percent of failures disappear on retry.|
+ |**Test frequency**| This setting determines how often the test is run from each test location. With a default frequency of five minutes and five test locations, your site is tested every minute on average.|
+ |**Test locations**| The values for this setting are the places from which servers send web requests to your URL. *We recommend a minimum of five test locations*, to ensure that you can distinguish problems in your website from network issues. You can select up to 16 locations.
-**If your URL is not visible from the public internet, you can choose to selectively open up your firewall to allow only the test transactions through**. To learn more about the firewall exceptions for our availability test agents, consult the [IP address guide](./ip-addresses.md#availability-tests).
+If your URL isn't visible from the public internet, you can choose to selectively open your firewall to allow only the test transactions through. To learn more about the firewall exceptions for availability test agents, consult the [IP address guide](./ip-addresses.md#availability-tests).
> [!NOTE]
-> We strongly recommend testing from multiple locations with **a minimum of five locations**. This is to prevent false alarms that may result from transient issues with a specific location. In addition we have found that the optimal configuration is to have the **number of test locations be equal to the alert location threshold + 2**.
+> We strongly recommend testing from multiple locations with a minimum of five locations. This approach helps prevent false alarms that can result from transient issues with a specific location. We've also found that the optimal configuration is to have the *number of test locations be equal to the alert location threshold + 2*.
## Success criteria |Setting| Explanation | |-|-| | **Test timeout** |Decrease this value to be alerted about slow responses. The test is counted as a failure if the responses from your site have not been received within this period. If you selected **Parse dependent requests**, then all the images, style files, scripts, and other dependent resources must have been received within this period.|
-| **HTTP response** | The returned status code that is counted as a success. 200 is the code that indicates that a normal web page has been returned.|
-| **Content match** | A string, like "Welcome!" We test that an exact case-sensitive match occurs in every response. It must be a plain string, without wildcards. Don't forget that if your page content changes you might have to update it. **Only English characters are supported with content match** |
+| **HTTP response** | The returned status code that's counted as a success. The code that indicates that a normal webpage has been returned is 200.|
+| **Content match** | We test that an exact case-sensitive match for a string occurs in every response. It must be a plain string, without wildcards (like "Welcome!"). Don't forget that if your page content changes, you might have to update it. *Content match supports only English characters.* |
## Alerts |Setting| Explanation | |-|-|
-|**Near-realtime (Preview)** | We recommend using Near-realtime alerts. Configuring this type of alert is done after your availability test is created. |
-|**Alert location threshold**|We recommend a minimum of 3/5 locations. The optimal relationship between alert location threshold and the number of test locations is **alert location threshold** = **number of test locations - 2, with a minimum of five test locations.**|
+|**Near-realtime (Preview)** | We recommend using alerts that work in near real time. You configure this type of alert after you create your availability test. |
+|**Alert location threshold**| The optimal relationship between alert location threshold and the number of test locations is *alert location threshold = number of test locations - 2*, with a minimum of five test locations.|
## Location population tags
-The following population tags can be used for the geo-location attribute when deploying an availability URL ping test using Azure Resource Manager.
+You can use the following population tags for the geolocation attribute when you're deploying an availability URL ping test by using Azure Resource Manager.
-### Azure gov
+### Azure Government
-| Display Name | Population Name |
+| Display name | Population name |
|-|| | USGov Virginia | usgov-va-azr | | USGov Arizona | usgov-phx-azr |
The following population tags can be used for the geo-location attribute when de
### Azure China
-| Display Name | Population Name |
+| Display name | Population name |
|-|| | China East | mc-cne-azr | | China East 2 | mc-cne2-azr | | China North | mc-cnn-azr | | China North 2 | mc-cnn2-azr |
-#### Azure
+### Azure
-| Display Name | Population Name |
+| Display name | Population name |
|-|-| | Australia East | emea-au-syd-edge | | Brazil South | latam-br-gru-edge |
The following population tags can be used for the geo-location attribute when de
## See your availability test results
-Availability test results can be visualized with both line and scatter plot views.
+You can visualize availability test results with both line and scatterplot views.
After a few minutes, select **Refresh** to see your test results.
-The scatterplot view shows samples of the test results that have diagnostic test-step detail in them. The test engine stores diagnostic detail for tests that have failures. For successful tests, diagnostic details are stored for a subset of the executions. Hover over any of the green/red dots to see the test, test name, and location.
+The scatterplot view shows samples of the test results that have diagnostic test-step details in them. The test engine stores diagnostic details for tests that have failures. For successful tests, diagnostic details are stored for a subset of the executions. Hover over any of the green or red dots to see the test name and location.
-Select a particular test, location, or reduce the time period to see more results around the time period of interest. Use Search Explorer to see results from all executions, or use Analytics queries to run custom reports on this data.
+Select a particular test or location, or reduce the time period to see more results around the period of interest. Use Search Explorer to see results from all executions, or use analytics queries to run custom reports on this data.
## Inspect and edit tests
-To edit, temporarily disable, or delete a test select the ellipses next to a test name. It may take up to 20 minutes for configuration changes to propagate to all test agents after a change is made.
+To edit, temporarily disable, or delete a test, select the ellipsis (**...**) next to a test name. Configuration changes might take up to 20 minutes to propagate to all test agents after a change is made.
-You might want to disable availability tests or the alert rules associated with them while you are performing maintenance on your service.
+You might want to disable availability tests or the alert rules associated with them while you're performing maintenance on your service.
-## If you see failures
+## Actions if you see failures
Select a red dot.
-From an availability test result, you can see the transaction details across all components. Here you can:
+From an availability test result, you can see the transaction details across all components. You can then:
-* Review the troubleshooting report to determine what may have caused your test to fail but your application is still available.
+* Review the troubleshooting report to determine what might have caused your test to fail while your application is still available.
* Inspect the response received from your server.
-* Diagnose failure with correlated server-side telemetry collected while processing the failed availability test.
+* Diagnose a failure with correlated server-side telemetry collected while processing the failed availability test.
* Log an issue or work item in Git or Azure Boards to track the problem. The bug will contain a link to this event. * Open the web test result in Visual Studio.
-To learn more about the end to end transaction diagnostics experience, visit the [transaction diagnostics documentation](./transaction-diagnostics.md).
+To learn more about end-to-end transaction diagnostics, see the [transaction diagnostics documentation](./transaction-diagnostics.md).
-Select on the exception row to see the details of the server-side exception that caused the synthetic availability test to fail. You can also get the [debug snapshot](./snapshot-debugger.md) for richer code level diagnostics.
+Select the exception row to see the details of the server-side exception that caused the synthetic availability test to fail. You can also get the [debug snapshot](./snapshot-debugger.md) for richer code-level diagnostics.
-In addition to the raw results, you can also view two key Availability metrics in [Metrics Explorer](../essentials/metrics-getting-started.md):
+In addition to the raw results, you can view two key availability metrics in [Metrics Explorer](../essentials/metrics-getting-started.md):
-1. Availability: Percentage of the tests that were successful, across all test executions.
-2. Test Duration: Average test duration across all test executions.
+- **Availability**: Percentage of the tests that were successful across all test executions.
+- **Test Duration**: Average test duration across all test executions.
## Automation * [Use PowerShell scripts to set up an availability test](./powershell.md#add-an-availability-test) automatically.
-* Set up a [webhook](../alerts/alerts-webhooks.md) that is called when an alert is raised.
+* Set up a [webhook](../alerts/alerts-webhooks.md) that's called when an alert is raised.
## Next steps
-* [Availability Alerts](availability-alerts.md)
+* [Availability alerts](availability-alerts.md)
* [Multi-step web tests](availability-multistep.md) * [Troubleshooting](troubleshoot-availability.md)
-* [Web Tests Azure Resource Manager template](/azure/templates/microsoft.insights/webtests?tabs=json)
+* [Web Tests Azure Resource Manager template](/azure/templates/microsoft.insights/webtests?tabs=json)
azure-monitor Worker Service https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/worker-service.md
The following lists the full telemetry automatically collected by Application In
### ILogger logs
-Logs emitted via `ILogger` of severity `Warning` or greater are automatically captured. Follow [ILogger docs](ilogger.md#control-logging-level) to customize which log levels are captured by Application Insights.
+Logs emitted via `ILogger` of severity `Warning` or greater are automatically captured. Follow [ILogger docs](ilogger.md#logging-level) to customize which log levels are captured by Application Insights.
### Dependencies
azure-monitor Collect Sccm https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/logs/collect-sccm.md
description: This article shows the steps to connect Configuration Manager to wo
Previously updated : 11/30/2020 Last updated : 08/02/2021 # Connect Configuration Manager to Azure Monitor You can connect your Microsoft Endpoint Configuration Manager environment to Azure Monitor to sync device collection data and reference these collections in Azure Monitor and Azure Automation. > [!IMPORTANT]
-> Starting in Configuration Manager version 2010, this feature is deprecated.<!-- 8269855 --> For more information, see [Removed and deprecated features for Configuration Manager](/mem/configmgr/core/plan-design/changes/deprecated/removed-and-deprecated-cmfeatures).
+> Starting in Configuration Manager version 2010, this feature is deprecated.<!-- 8269855 --> Starting in version 2107, it's removed from Configuration Manager.<!-- 9649296 --> For more information, see [Removed and deprecated features for Configuration Manager](/mem/configmgr/core/plan-design/changes/deprecated/removed-and-deprecated-cmfeatures).
## Prerequisites
When you click either one, log query editor opens displaying either all of the i
## Next steps
-Use [Log Search](./log-query-overview.md) to view detailed information about your Configuration Manager data.
+Use [Log Search](./log-query-overview.md) to view detailed information about your Configuration Manager data.
azure-sql Connectivity Settings https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/connectivity-settings.md
Previously updated : 07/06/2020 Last updated : 08/03/2021
This article introduces settings that control connectivity to the server for Azu
The connectivity settings are accessible from the **Firewalls and virtual networks** screen as shown in the following screenshot:
- ![Screenshot of the connectivity settings window.][1]
> [!NOTE] > These settings take effect immediately after they're applied. Your customers might experience connection loss if they don't meet the requirements for each setting.
Error 47072
Login failed with invalid TLS version ```
+## Set the minimal TLS version in Azure portal
+
+In the [Azure portal](https://portal.azure.com), go to your **SQL server** resource. Under the **Security** settings, select **Firewalls and virtual networks**. Select the **Minimum TLS Version** desired for all SQL Databases associated with the server, and select **Save**.
+ ## Set the minimal TLS version via PowerShell > [!IMPORTANT]
az resource update --ids %sqlserverid% --set properties.connectionType=Proxy
- For information on how to change the connection policy for a server, see [conn-policy](/cli/azure/sql/server/conn-policy). <!--Image references-->
-[1]: media/single-database-create-quickstart/manage-connectivity-settings.png
[2]: media/single-database-create-quickstart/manage-connectivity-flowchart.png
azure-video-analyzer Create Pipeline Vs Code Extension https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-video-analyzer/video-analyzer-docs/create-pipeline-vs-code-extension.md
Along the left, you will now see your connected device with the underlying modul
Pipeline topologies are the basic building block which Video Analyzer uses to define how work happens. You can learn more about [pipeline topologies here](./pipeline.md). In this section you will deploy a pipeline topology which is a template and then create an instance of the topology, or live pipeline. The live pipeline is connected to the actual video stream.
-1. On the left under `Modules`, right click on `Pipeline topologies` and select `Create pipeline topology``.
+1. On the left under `Modules`, right click on `Pipeline topologies` and select `Create pipeline topology`.
1. Along the top, under `Try sample topologies`, under `Motion Detection`, select `Publish motion events to IoT Hub`. When prompted, click `Proceed`. 1. Click `Save` in the top right.
azure-video-analyzer Get Started Detect Motion Emit Events https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-video-analyzer/video-analyzer-docs/get-started-detect-motion-emit-events.md
You can now analyze live video streams by invoking direct methods exposed by the
This step enumerates all the [pipeline topologies](pipeline.md) in the module. 1. Right-click on "avaedge" module and select **Invoke Module Direct Method** from the context menu.
-1. You will see an edit box pop in the top-middle of Visual Studio Code window. Enter "pipelineTopologyList" in the edit box and press enter.
+1. You will see an edit box pop in the top-middle of Visual Studio Code window. Enter `pipelineTopologyList` in the edit box and press enter.
1. Next, copy, and paste the below JSON payload in the edit box and press enter. ```json
azure-video-analyzer Use Line Crossing https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-video-analyzer/video-analyzer-docs/use-line-crossing.md
This diagram shows how the signals flow in this tutorial. An [edge module](https
The HTTP extension node plays the role of a proxy. It converts every 10th video frame to the specified image type. Then it relays the image over HTTP to another edge module that runs an AI model behind a HTTP endpoint. In this example, that edge module is built by using the [YOLOv3](https://github.com/Azure/video-analyzer/tree/main/edge-modules/extensions/yolo/yolov3) model, which can detect many types of objects. The HTTP extension processor node gathers the detection results and sends these results and all the video frames (not just the 10th frame) to the object tracker node. The object tracker node uses optical flow techniques to track the object in the 9 frames that did not have the AI model applied to them. The tracker node publishes its results to the IoT Hub message sink node. This [IoT Hub message sink](pipeline.md#iot-hub-message-sink) node then sends those events to [IoT Edge Hub](../../iot-fundamentals/iot-glossary.md?view=iotedge-2020-11&preserve-view=true#iot-edge-hub).
-The line crossing node will receive the results from the upstream object tracker node. The output of the object tracker node contains the coordinates of the detected objects. These coordinates are evaluated by the line crossing node against the line coordinates. When objects cross the line the line crossing node will emit an event. The events are sent to the IoT Edge Hub message sink.
+The line crossing node will receive the results from the upstream object tracker node. The output of the object tracker node contains the coordinates of the detected objects. These coordinates are evaluated by the line crossing node against the line coordinates. When objects cross the line, the line crossing node will emit an event. The events are sent to the IoT Edge Hub message sink.
In this tutorial, you will:
azure-video-analyzer Video Indexer Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-video-analyzer/video-analyzer-for-media-docs/video-indexer-overview.md
The following list shows the insights you can retrieve from your videos using Vi
### Audio insights
-* **Audio transcription**: Converts speech to text in 12 languages and allows extensions. Supported languages include English, Spanish, French, German, Italian, Mandarin Chinese, Japanese, Arabic, Russian, Portuguese, Hindi, and Korean.
+* **Audio transcription**: Converts speech to text over 50 languages and allows extensions. Supported languages include English US, English United Kingdom, English Australia, Spanish, Spanish(Mexico), French, French(Canada), German, Italian, Mandarin Chinese, Chinese (Cantonese, Traditional), Chinese (Simplified), Japanese, Russian, Portuguese, Hindi, Czech, Dutch, Polish, Danish, Norwegian, Finish, Swedish, Thai, Turkish, Korean, Arabic(Egypt), Arabic(Syrian Arab Republic), Arabic(Israel), Arabic(Iraq), Arabic(Jordan), Arabic(Kuwait), Arabic(Lebanon), Arabic(Oman), Arabic(Qatar), Arabic(Saudi Arabia), Arabic(United Arab Emirates), Arabic(Palestinian Authority) and Arabic Modern Standard (Bahrain) .
* **Automatic language detection**: Automatically identifies the dominant spoken language. Supported languages include English, Spanish, French, German, Italian, Mandarin Chinese, Japanese, Russian, and Portuguese. If the language can't be identified with confidence, Video Analyzer for Media assumes the spoken language is English. For more information, see [Language identification model](language-identification-model.md). * **Multi-language speech identification and transcription**: Automatically identifies the spoken language in different segments from audio. It sends each segment of the media file to be transcribed and then combines the transcription back to one unified transcription. For more information, see [Automatically identify and transcribe multi-language content](multi-language-identification-transcription.md). * **Closed captioning**: Creates closed captioning in three formats: VTT, TTML, SRT.
azure-vmware Attach Disk Pools To Azure Vmware Solution Hosts https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/attach-disk-pools-to-azure-vmware-solution-hosts.md
You can only connect the disk pool to an Azure VMware Solution private cloud in
- Scalability and performance requirements of your workloads are identified. For details, see [Planning for Azure disk pools](../virtual-machines/disks-pools-planning.md). -- [Azure VMware Solution private cloud](deploy-azure-vmware-solution.md) deployed with a [virtual network configured](deploy-azure-vmware-solution.md#step-3-connect-to-azure-virtual-network-with-expressroute). For more information, see [Network planning checklist](tutorial-network-checklist.md) and [Configure networking for your VMware private cloud](tutorial-configure-networking.md).
+- [Azure VMware Solution private cloud](deploy-azure-vmware-solution.md) deployed with a [virtual network configured](deploy-azure-vmware-solution.md#connect-to-azure-virtual-network-with-expressroute). For more information, see [Network planning checklist](tutorial-network-checklist.md) and [Configure networking for your VMware private cloud](tutorial-configure-networking.md).
- If you select ultra disks, use Ultra Performance for the Azure VMware Solution private cloud and then [enable ExpressRoute FastPath](../expressroute/expressroute-howto-linkvnet-arm.md#configure-expressroute-fastpath).
azure-vmware Azure Vmware Solution Horizon https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/azure-vmware-solution-horizon.md
Last updated 09/29/2020
>[!NOTE] >This document focuses on the VMware Horizon product, formerly known as Horizon 7. Horizon is a different solution than Horizon Cloud on Azure, although there are some shared components. Key advantages of the Azure VMware Solution include both a more straightforward sizing method and the integration of VMware Cloud Foundation management into the Azure portal.
-[VMware Horizon](https://www.vmware.com/products/horizon.html)®, a virtual desktop and applications platform, run in the data center and provides simple and centralized management. It delivers virtual desktops and applications on any device, anywhere. Horizon lets you create and broker connections to Windows and Linux virtual desktops, Remote Desktop Server (RDS) hosted applications, desktops, and physical machines.
+[VMware Horizon](https://www.vmware.com/products/horizon.html)®, a virtual desktop and applications platform, runs in the datacenter and provides simple and centralized management. It delivers virtual desktops and applications on any device, anywhere. Horizon lets you create and broker connections to Windows and Linux virtual desktops, Remote Desktop Server (RDS) hosted applications, desktops, and physical machines.
Here, we focus specifically on deploying Horizon on Azure VMware Solution. For general information on VMware Horizon, refer to the Horizon production documentation:
With Horizon's introduction on Azure VMware Solution, there are now two Virtual
:::image type="content" source="media/vmware-horizon/difference-horizon-azure-vmware-solution-horizon-cloud-azure.png" alt-text="Diagram showing the differences between Horizon on Azure VMware Solution and Horizon Cloud on Azure." border="false":::
-Horizon 2006 and later versions on the Horizon 8 release line supports both on-premises deployment and Azure VMware Solution deployment. There are a few Horizon features that are supported on-premises but not on Azure VMware Solution. Other products in the Horizon ecosystem are also supported. For for information, see [feature parity and interoperability](https://kb.vmware.com/s/article/80850).
+Horizon 2006 and later versions on the Horizon 8 release line supports both on-premises deployment and Azure VMware Solution deployment. There are a few Horizon features that are supported on-premises but not on Azure VMware Solution. Other products in the Horizon ecosystem are also supported. For more information, see [feature parity and interoperability](https://kb.vmware.com/s/article/80850).
## Deploy Horizon in a hybrid cloud
You can deploy Horizon in a hybrid cloud environment when you use Horizon Cloud
>[!IMPORTANT] >CPA is not a stretched deployment; each Horizon pod is distinct, and all Connection Servers that belong to each of the individual pods are required to be located in a single location and run on the same broadcast domain from a network perspective.
-Like on-premises or private data center, Horizon can be deployed in an Azure VMware Solution private cloud. We'll discuss key differences in deploying Horizon on-premises and on Azure VMware Solution in the following sections.
+Like on-premises or private datacenter, Horizon can be deployed in an Azure VMware Solution private cloud. We'll discuss key differences in deploying Horizon on-premises and on Azure VMware Solution in the following sections.
-The Azure private cloud is conceptually the same as the VMware SDDC, a term typically used in Horizon documentation. The rest of this document uses the terms Azure private cloud and VMware SDDC interchangeable.
+The Azure private cloud is conceptually the same as the VMware SDDC, a term typically used in Horizon documentation. The rest of this document uses the terms Azure private cloud and VMware SDDC interchangeably.
The Horizon Cloud Connector is required for Horizon on Azure VMware Solution to manage subscription licenses. Cloud Connector can be deployed in Azure Virtual Network alongside Horizon Connection Servers.
Key assumptions for this basic deployment example include that:
* You don't have an on-premises Horizon pod that you want to connect to this new pod using Cloud Pod Architecture (CPA).
-* End users connect to their virtual desktops through the internet (vs. connecting via an on-premises data center).
+* End users connect to their virtual desktops through the internet (vs. connecting via an on-premises datacenter).
You connect your AD domain controller in Azure Virtual Network with your on-premises AD through VPN or ExpressRoute circuit.
azure-vmware Concepts Identity https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/concepts-identity.md
Use the *admin* account to access NSX-T Manager. It has full privileges and lets
Now that you've covered Azure VMware Solution access and identity concepts, you may want to learn about: -- [How to enable Azure VMware Solution resource](deploy-azure-vmware-solution.md#step-1-register-the-microsoftavs-resource-provider)
+- [How to enable Azure VMware Solution resource](deploy-azure-vmware-solution.md#register-the-microsoftavs-resource-provider)
- [Details of each privilege](https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-ED56F3C4-77D0-49E3-88B6-B99B8B437B62.html) - [How Azure VMware Solution monitors and repairs private clouds](./concepts-private-clouds-clusters.md#host-monitoring-and-remediation)
azure-vmware Concepts Networking https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/concepts-networking.md
Now that you've covered Azure VMware Solution network and interconnectivity conc
- [Azure VMware Solution storage concepts](concepts-storage.md) - [Azure VMware Solution identity concepts](concepts-identity.md)-- [How to enable Azure VMware Solution resource](deploy-azure-vmware-solution.md#step-1-register-the-microsoftavs-resource-provider)
+- [How to enable Azure VMware Solution resource](deploy-azure-vmware-solution.md#register-the-microsoftavs-resource-provider)
<!-- LINKS - external --> [enable Global Reach]: ../expressroute/expressroute-howto-set-global-reach.md
azure-vmware Concepts Private Clouds Clusters https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/concepts-private-clouds-clusters.md
Now that you've covered Azure VMware Solution private cloud concepts, you may wa
- [Azure VMware Solution networking and interconnectivity concepts](concepts-networking.md) - [Azure VMware Solution storage concepts](concepts-storage.md)-- [How to enable Azure VMware Solution resource](deploy-azure-vmware-solution.md#step-1-register-the-microsoftavs-resource-provider)
+- [How to enable Azure VMware Solution resource](deploy-azure-vmware-solution.md#register-the-microsoftavs-resource-provider)
<!-- LINKS - internal --> [concepts-networking]: ./concepts-networking.md
azure-vmware Configure Dhcp Azure Vmware Solution https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/configure-dhcp-azure-vmware-solution.md
In this how-to article, you'll use NSX-T Manager to configure DHCP for Azure VMw
- [Third-party external DHCP server](#use-a-third-party-external-dhcp-server) >[!TIP]
->If you want to configure DHCP using a simplified view of NSX-T operations, see [Create a DHCP server or DHCP relay using the Azure portal](configure-nsx-network-components-azure-portal.md#create-a-dhcp-server-or-dhcp-relay-using-the-azure-portal).
+>If you want to configure DHCP using a simplified view of NSX-T operations, see [Configure DHCP for Azure VMware Solution](configure-dhcp-azure-vmware-solution.md).
>[!IMPORTANT]
azure-vmware Configure Vmware Hcx https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/configure-vmware-hcx.md
+
+ Title: Configure VMware HCX in Azure VMware Solution
+description: Configure the on-premises VMware HCX Connector for your Azure VMware Solution private cloud.
+ Last updated : 07/30/2021++
+# Configure on-premises VMware HCX Connector
+
+Once you've [installed the VMware HCX add-on](install-vmware-hcx.md), you're ready to configure the on-premises VMware HCX Connector for your Azure VMware Solution private cloud.
+
+In this how-to, you'll:
+
+* Pair your on-premises VMware HCX Connector with your Azure VMware Solution HCX Cloud Manager
+* Configure the network profile, compute profile, and service mesh
+* Check the appliance status and validate that migration is possible
+
+After you complete these steps, you'll have a production-ready environment for creating virtual machines (VMs) and migration.
+
+## Prerequisites
+
+- [VMware HCX Connector](install-vmware-hcx.md) has been installed.
+
+- If you plan to use VMware HCX Enterprise, make sure you've enabled the [VMware HCX Enterprise](https://cloud.vmware.com/community/2019/08/08/introducing-hcx-enterprise/) add-on through a [support request](https://portal.azure.com/#create/Microsoft.Support).
+
+- [Software version requirements](https://docs.vmware.com/en/VMware-HCX/4.1/hcx-user-guide/GUID-54E5293B-8707-4D29-BFE8-EE63539CC49B.html)
+
+- Your on-premises vSphere environment (source environment) meets the [minimum requirements](https://docs.vmware.com/en/VMware-HCX/services/user-guide/GUID-54E5293B-8707-4D29-BFE8-EE63539CC49B.html).
+
+- [Azure ExpressRoute Global Reach](tutorial-expressroute-global-reach-private-cloud.md) is configured between on-premises and Azure VMware Solution private cloud ExpressRoute circuits.
+
+- [All required ports](https://ports.vmware.com/home/VMware-HCX) are open for communication between on-premises components and Azure VMware Solution private.
+
+- [Define VMware HCX network segments](plan-private-cloud-deployment.md#define-vmware-hcx-network-segments). The primary use cases for VMware HCX are workload migrations and disaster recovery.
+
+- Review the [VMware HCX Documentation](https://docs.vmware.com/en/VMware-HCX/4.1/hcx-user-guide/GUID-BFD7E194-CFE5-4259-B74B-991B26A51758.html) for information on using HCX.
+
+## Add a site pairing
+
+You can connect or pair the VMware HCX Cloud Manager in Azure VMware Solution with the VMware HCX Connector in your datacenter.
+
+> [!IMPORTANT]
+> Although the VMware Configuration Maximum tool describes site pairs maximum to be 25 between the on-premises HCX Connector and HCX Cloud Manager, licensing limits this to three for HCX Advanced and 10 for HCX Enterprise Edition.
+
+1. Sign in to your on-premises vCenter, and under **Home**, select **HCX**.
+
+1. Under **Infrastructure**, select **Site Pairing**, and then select the **Connect To Remote Site** option (in the middle of the screen).
+
+1. Enter the Azure VMware Solution HCX Cloud Manager URL or IP address that you noted earlier `https://x.x.x.9`, the Azure VMware Solution cloudadmin\@vsphere.local username, and the password. Then select **Connect**.
+
+ > [!NOTE]
+ > To successfully establish a site pair:
+ > * Your VMware HCX Connector must be able to route to your HCX Cloud Manager IP over port 443.
+ >
+ > * Use the same password that you used to sign in to vCenter. You defined this password on the initial deployment screen.
+
+ You'll see a screen showing that your VMware HCX Cloud Manager in Azure VMware Solution and your on-premises VMware HCX Connector are connected (paired).
+
+ :::image type="content" source="media/tutorial-vmware-hcx/site-pairing-complete.png" alt-text="Screenshot showing the site pairing of the HCX Manager in Azure VMware Solution and the VMware HCX Connector.":::
+
+For an end-to-end overview of this procedure, view the [Azure VMware Solution: HCX Site Pairing](https://www.youtube.com/embed/jXOmYUnbWZY?rel=0&amp;vq=hd720) video.
+
+## Create network profiles
+
+VMware HCX Connector deploys a subset of virtual appliances (automated) that require multiple IP segments. When you create your network profiles, you use the IP segments you identified during the [planning phase](plan-private-cloud-deployment.md#define-vmware-hcx-network-segments). You'll create four network profiles:
+
+ - Management
+ - vMotion
+ - Replication
+ - Uplink
+
+1. Under **Infrastructure**, select **Interconnect** > **Multi-Site Service Mesh** > **Network Profiles** > **Create Network Profile**.
+
+ :::image type="content" source="media/tutorial-vmware-hcx/network-profile-start.png" alt-text="Screenshot showing where to create a network profile in the vSphere Client." lightbox="media/tutorial-vmware-hcx/network-profile-start.png":::
+
+1. For each network profile, select the network and port group, provide a name, and create the segment's IP pool. Then select **Create**.
+
+ :::image type="content" source="media/tutorial-vmware-hcx/example-configurations-network-profile.png" alt-text="Screenshot showing the details for a new network profile." lightbox="media/tutorial-vmware-hcx/example-configurations-network-profile.png":::
+
+For an end-to-end overview of this procedure, view the [Azure VMware Solution: HCX Network Profile](https://www.youtube.com/embed/O0rU4jtXUxc) video.
+
+## Create a compute profile
+
+1. Under **Infrastructure**, select **Interconnect** > **Compute Profiles** > **Create Compute Profile**.
+
+ :::image type="content" source="media/tutorial-vmware-hcx/compute-profile-create.png" alt-text="Screenshot that shows the selections for starting to create a compute profile." lightbox="media/tutorial-vmware-hcx/compute-profile-create.png":::
+
+1. Enter a name for the profile and select **Continue**.
+
+ :::image type="content" source="media/tutorial-vmware-hcx/name-compute-profile.png" alt-text="Screenshot that shows the entry of a compute profile name and the Continue button." lightbox="media/tutorial-vmware-hcx/name-compute-profile.png":::
+
+1. Select the services to enable, such as migration, network extension, or disaster recovery, and then select **Continue**.
+
+ > [!NOTE]
+ > Generally, nothing changes here.
+
+1. In **Select Service Resources**, select one or more service resources (clusters) to enable the selected VMware HCX services.
+
+1. When you see the clusters in your on-premises datacenter, select **Continue**.
+
+ :::image type="content" source="media/tutorial-vmware-hcx/select-service-resource.png" alt-text="Screenshot that shows selected service resources and the Continue button." lightbox="media/tutorial-vmware-hcx/select-service-resource.png":::
+
+1. From **Select Datastore**, select the datastore storage resource for deploying the VMware HCX Interconnect appliances. Then select **Continue**.
+
+ When multiple resources are selected, VMware HCX uses the first resource selected until its capacity is exhausted.
+
+ :::image type="content" source="media/tutorial-vmware-hcx/deployment-resources-and-reservations.png" alt-text="Screenshot that shows a selected data storage resource and the Continue button." lightbox="media/tutorial-vmware-hcx/deployment-resources-and-reservations.png":::
+
+1. From **Select Management Network Profile**, select the management network profile that you created in previous steps. Then select **Continue**.
+
+ :::image type="content" source="media/tutorial-vmware-hcx/select-management-network-profile.png" alt-text="Screenshot that shows the selection of a management network profile and the Continue button." lightbox="media/tutorial-vmware-hcx/select-management-network-profile.png":::
+
+1. From **Select Uplink Network Profile**, select the uplink network profile you created in the previous procedure. Then select **Continue**.
+
+ :::image type="content" source="media/tutorial-vmware-hcx/select-uplink-network-profile.png" alt-text="Screenshot that shows the selection of an uplink network profile and the Continue button." lightbox="media/tutorial-vmware-hcx/select-uplink-network-profile.png":::
+
+1. From **Select vMotion Network Profile**, select the vMotion network profile that you created in prior steps. Then select **Continue**.
+
+ :::image type="content" source="media/tutorial-vmware-hcx/select-vmotion-network-profile.png" alt-text="Screenshot that shows the selection of a vMotion network profile and the Continue button." lightbox="media/tutorial-vmware-hcx/select-vmotion-network-profile.png":::
+
+1. From **Select vSphere Replication Network Profile**, select the replication network profile that you created in prior steps. Then select **Continue**.
+
+ :::image type="content" source="media/tutorial-vmware-hcx/select-replication-network-profile.png" alt-text="Screenshot that shows the selection of a replication network profile and the Continue button." lightbox="media/tutorial-vmware-hcx/select-replication-network-profile.png":::
+
+1. From **Select Distributed Switches for Network Extensions**, select the switches that contain the virtual machines to be migrated to Azure VMware Solution on a layer-2 extended network. Then select **Continue**.
+
+ > [!NOTE]
+ > If you are not migrating virtual machines on layer-2 (L2) extended networks, you can skip this step.
+
+ :::image type="content" source="media/tutorial-vmware-hcx/select-layer-2-distributed-virtual-switch.png" alt-text="Screenshot that shows the selection of distributed virtual switches and the Continue button." lightbox="media/tutorial-vmware-hcx/select-layer-2-distributed-virtual-switch.png":::
+
+1. Review the connection rules and select **Continue**.
+
+ :::image type="content" source="media/tutorial-vmware-hcx/review-connection-rules.png" alt-text="Screenshot that shows the connection rules and the Continue button." lightbox="media/tutorial-vmware-hcx/review-connection-rules.png":::
+
+1. Select **Finish** to create the compute profile.
+
+ :::image type="content" source="media/tutorial-vmware-hcx/compute-profile-done.png" alt-text="Screenshot that shows compute profile information." lightbox="media/tutorial-vmware-hcx/compute-profile-done.png":::
+
+For an end-to-end overview of this procedure, view the [Azure VMware Solution: Compute Profile](https://www.youtube.com/embed/e02hsChI3b8) video.
+
+## Create a service mesh
+
+>[!IMPORTANT]
+>Make sure ports UDP 500/4500 are open between your on-premises VMware HCX Connector 'uplink' network profile addresses and the Azure VMware Solution HCX Cloud 'uplink' network profile addresses.
++
+1. Under **Infrastructure**, select **Interconnect** > **Service Mesh** > **Create Service Mesh**.
+
+ :::image type="content" source="media/tutorial-vmware-hcx/create-service-mesh.png" alt-text="Screenshot of selections to start creating a service mesh." lightbox="media/tutorial-vmware-hcx/create-service-mesh.png":::
+
+1. Review the sites that are pre-populated, and then select **Continue**.
+
+ > [!NOTE]
+ > If this is your first service mesh configuration, you won't need to modify this screen.
+
+1. Select the source and remote compute profiles from the drop-down lists, and then select **Continue**.
+
+ The selections define the resources where VMs can consume VMware HCX services.
+
+ :::image type="content" source="media/tutorial-vmware-hcx/select-compute-profile-source.png" alt-text="Screenshot that shows selecting the source compute profile." lightbox="media/tutorial-vmware-hcx/select-compute-profile-source.png":::
+
+ :::image type="content" source="media/tutorial-vmware-hcx/select-compute-profile-remote.png" alt-text="Screenshot that shows selecting the remote compute profile." lightbox="media/tutorial-vmware-hcx/select-compute-profile-remote.png":::
+
+1. Review services that will be enabled, and then select **Continue**.
+
+1. In **Advanced Configuration - Override Uplink Network profiles**, select **Continue**.
+
+ Uplink network profiles connect to the network through which the remote site's interconnect appliances can be reached.
+
+1. In **Advanced Configuration - Network Extension Appliance Scale Out**, review and select **Continue**.
+
+ You can have up to eight VLANs per appliance, but you can deploy another appliance to add another eight VLANs. You must also have IP space to account for the more appliances, and it's one IP per appliance. For more information, see [VMware HCX Configuration Limits](https://configmax.vmware.com/guest?vmwareproduct=VMware%20HCX&release=VMware%20HCX&categories=41-0,42-0,43-0,44-0,45-0).
+
+ :::image type="content" source="media/tutorial-vmware-hcx/extend-networks-increase-vlan.png" alt-text="Screenshot that shows where to increase the VLAN count." lightbox="media/tutorial-vmware-hcx/extend-networks-increase-vlan.png":::
+
+1. In **Advanced Configuration - Traffic Engineering**, review and make any modifications that you feel are necessary, and then select **Continue**.
+
+1. Review the topology preview and select **Continue**.
+
+1. Enter a user-friendly name for this service mesh and select **Finish** to complete.
+
+1. Select **View Tasks** to monitor the deployment.
+
+ :::image type="content" source="media/tutorial-vmware-hcx/monitor-service-mesh.png" alt-text="Screenshot that shows the button for viewing tasks.":::
+
+ When the service mesh deployment finishes successfully, you'll see the services as green.
+
+ :::image type="content" source="media/tutorial-vmware-hcx/service-mesh-green.png" alt-text="Screenshot that shows green indicators on services." lightbox="media/tutorial-vmware-hcx/service-mesh-green.png":::
+
+1. Verify the service mesh's health by checking the appliance status.
+
+1. Select **Interconnect** > **Appliances**.
+
+ :::image type="content" source="media/tutorial-vmware-hcx/interconnect-appliance-state.png" alt-text="Screenshot that shows selections for checking the status of the appliance." lightbox="media/tutorial-vmware-hcx/interconnect-appliance-state.png":::
+
+For an end-to-end overview of this procedure, view the [Azure VMware Solution: Service Mesh](https://www.youtube.com/embed/COY3oIws108) video.
+
+## Create a network extension
+
+This is an optional step to extend any networks from your on-premises environment to Azure VMware Solution.
+
+1. Under **Services**, select **Network Extension** > **Create a Network Extension**.
+
+ :::image type="content" source="media/tutorial-vmware-hcx/create-network-extension.png" alt-text="Screenshot that shows selections for starting to create a network extension." lightbox="media/tutorial-vmware-hcx/create-network-extension.png":::
+
+1. Select each of the networks you want to extend to Azure VMware Solution, and then select **Next**.
+
+ :::image type="content" source="media/tutorial-vmware-hcx/select-extend-networks.png" alt-text="Screenshot that shows the selection of a network.":::
+
+1. Enter the on-premises gateway IP for each of the networks you're extending, and then select **Submit**.
+
+ :::image type="content" source="media/tutorial-vmware-hcx/extend-networks-gateway.png" alt-text="Screenshot that shows the entry of a gateway IP address.":::
+
+ It takes a few minutes for the network extension to finish. When it does, you see the status change to **Extension complete**.
+
+ :::image type="content" source="media/tutorial-vmware-hcx/extension-complete.png" alt-text="Screenshot that shows the status of Extension complete.":::
+
+For an end-to-end overview of this procedure, view the [Azure VMware Solution: Network Extension](https://www.youtube.com/embed/gYR0nftKui0) video.
+
+## Next steps
+
+If the HCX interconnect tunnel status is **UP** and green, you're ready to migrate and protect Azure VMware Solution VMs using VMware HCX. Azure VMware Solution supports workload migrations (with or without a network extension). You can still migrate workloads in your vSphere environment, along with on-premises creation of networks and deployment of VMs onto those networks. For more information, see the [VMware HCX Documentation](https://docs.vmware.com/en/VMware-HCX/https://docsupdatetracker.net/index.html).
++
azure-vmware Deploy Azure Vmware Solution https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/deploy-azure-vmware-solution.md
Title: Deploy and configure Azure VMware Solution
description: Learn how to use the information gathered in the planning stage to deploy and configure the Azure VMware Solution private cloud. Previously updated : 07/09/2021 Last updated : 07/28/2021 # Deploy and configure Azure VMware Solution
-In this article, you'll use the information from the [planning section](production-ready-deployment-steps.md) to deploy and configure Azure VMware Solution.
+Once you've [planned your deployment](plan-private-cloud-deployment.md), you'll deploy and configure your Azure VMware Solution private cloud.
The diagram shows the deployment workflow of Azure VMware Solution.
-## Step 1. Register the **Microsoft.AVS** resource provider
+In this how-to, you'll':
+
+> [!div class="checklist"]
+> * Register the resource provider and create a private cloud
+> * Connect to a new or existing ExpressRoute virtual network gateway
+> * Validate the network connect
+
+After you're finished, follow the recommended next steps at the end to continue with the steps of this getting started guide.
+
+## Register the **Microsoft.AVS** resource provider
[!INCLUDE [register-resource-provider-steps](includes/register-resource-provider-steps.md)]
-## Step 2. Create an Azure VMware Solution private cloud
+## Create an Azure VMware Solution private cloud
[!INCLUDE [create-private-cloud-azure-portal-steps](includes/create-private-cloud-azure-portal-steps.md)]
The diagram shows the deployment workflow of Azure VMware Solution.
>For an end-to-end overview of this step, view the [Azure VMware Solution: Deployment](https://www.youtube.com/embed/gng7JjxgayI) video.
-## Step 3. Connect to Azure Virtual Network with ExpressRoute
+## Connect to Azure Virtual Network with ExpressRoute
In the planning phase, you defined whether to use an *existing* or *new* ExpressRoute virtual network gateway.
In the planning phase, you defined whether to use an *existing* or *new* Express
[!INCLUDE [connect-expressroute-to-vnet](includes/connect-expressroute-vnet.md)]
-## Step 4. Validate the connection
+## Validate the connection
You should have connectivity between the Azure Virtual Network where the ExpressRoute terminates and the Azure VMware Solution private cloud.
-1. Use a [virtual machine](../virtual-machines/windows/quick-create-portal.md#create-virtual-machine) within the Azure Virtual Network where the Azure VMware Solution ExpressRoute terminates (see [Step 3. Connect to Azure Virtual Network with ExpressRoute](#step-3-connect-to-azure-virtual-network-with-expressroute)).
+1. Use a [virtual machine](../virtual-machines/windows/quick-create-portal.md#create-virtual-machine) within the Azure Virtual Network where the Azure VMware Solution ExpressRoute terminates. For more information, see [Connect to Azure Virtual Network with ExpressRoute](#connect-to-azure-virtual-network-with-expressroute).
1. Log into the Azure [portal](https://portal.azure.com).
You should have connectivity between the Azure Virtual Network where the Express
## Next steps
-In the next section, you'll connect Azure VMware Solution to your on-premises network through ExpressRoute.
+In the next tutorial, you'll connect Azure VMware Solution to your on-premises network through ExpressRoute.
> [!div class="nextstepaction"] > [Connect to your on-premises environment](tutorial-expressroute-global-reach-private-cloud.md)
azure-vmware Deploy Vm Content Library https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/deploy-vm-content-library.md
Now that the content library has been created, you can add an ISO image to deplo
Now that you've created a content library to deploy VMs in Azure VMware Solution, you may want to learn about: -- [Migrating VM workloads to your private cloud](tutorial-deploy-vmware-hcx.md)
+- [Migrating VM workloads to your private cloud](configure-vmware-hcx.md)
- [Integrating Azure native services in Azure VMware Solution](integrate-azure-native-services.md) <!-- LINKS - external-->
azure-vmware Install Vmware Hcx https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/install-vmware-hcx.md
+
+ Title: Install VMware HCX in Azure VMware Solution
+description: Install VMware HCX in your Azure VMware Solution private cloud.
+ Last updated : 07/30/2021++
+# Install and activate VMware HCX in Azure VMware Solution
+
+VMware HCX Advanced and its associated Cloud Manager are no longer pre-deployed in Azure VMware Solution. Instead, you'll need to install it through the Azure portal as an add-on. The default is HCX Advanced, after which you can still request VMware HCX Enterprise Edition through support if you need the features in the Enterprise edition. You'll still download the HCX Connector OVA and deploy the virtual appliance on your on-premises vCenter.
+
+HCX Advanced supports up to three site connections (on-premises to cloud or cloud to cloud). If you need more than three site connections, use HCX Enterprise Edition. To activate HCX Enterprise Edition, which is currently in public preview on Azure VMware Solution, open a support request to have it enabled. Once the service is generally available, you'll have 30 days to decide on your next steps. You can also turn off or opt out of the HCX Enterprise Edition service but keep HCX Advanced as it's part of the node cost.
+
+Downgrading from HCX Enterprise Edition to HCX Advanced is possible without redeploying. First, make sure youΓÇÖve reverted to an HCX Advanced configuration state and not using the Enterprise features. If you plan to downgrade, ensure that no migrations are scheduled, features like RAV and MON aren't in use, and site pairings are three or less.
+
+>[!TIP]
+>You can also [uninstall HCX Advanced](#uninstall-hcx-advanced) through the portal. When you uninstall HCX Advanced, make sure you don't have any active migrations in progress. Removing HCX Advanced returns the resources to your private cloud occupied by the HCX virtual appliances.
+
+In this how-to, you'll:
+
+* Install HCX Advanced through the Azure portal
+* Download and deploy the VMware HCX Connector OVA
+* Activate HCX Advanced with a license key
+* Uninstall HCX Advanced
+
+After you're finished, follow the recommended next steps at the end to continue with the steps of this getting started guide.
+
+## Prerequisites
+
+- [Prepare for HCX installations](https://docs.vmware.com/en/VMware-HCX/4.1/hcx-user-guide/GUID-A631101E-8564-4173-8442-1D294B731CEB.html)
+
+- [VMware blog series - cloud migration](https://blogs.vmware.com/vsphere/2019/10/cloud-migration-series-part-2.html)
++
+## Install VMware HCX Advanced
+
+1. In your Azure VMware Solution private cloud, select **Manage** > **Add-ons**.
+
+1. Select **Get started** for **HCX Workload Mobility**.
+
+ :::image type="content" source="media/tutorial-vmware-hcx/deployed-hcx-migration-get-started.png" alt-text="Screenshot showing the Get started button for HCX Workload Mobility.":::
+
+1. Select the **I agree with terms and conditions** checkbox and then select **Install**.
+
+ It will take around 35 minutes to install HCX Advanced and configure the Cloud Manager. Once installed, the HCX Manager URL and the HCX keys needed for the HCX on-premises connector site pairing displays on the **Migration using HCX** tab.
+
+ :::image type="content" source="media/tutorial-vmware-hcx/deployed-hcx-migration-using-hcx-tab.png" alt-text="Screenshot showing the Migration using HCX tab under Connectivity.":::
++
+## Download and deploy the VMware HCX Connector OVA
+
+In this step, you'll download the VMware HCX Connector OVA file and then you'll deploy the VMware HCX Connector to your on-premises vCenter.
+
+1. Open a browser window, sign in to the Azure VMware Solution HCX Manager on `https://x.x.x.9` port 443 with the **cloudadmin\@vsphere.local** user credentials
+
+1. Under **Administration** > **System Updates** select **Request Download Link**. If the box is greyed, wait a few seconds for it to generate a link.
+
+1. Either download or receive a link for the VMware HCX Connector OVA file which you deploy on your local vCenter.
+
+1. In your on-premises vCenter, select an [OVF template](https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.vm_admin.doc/GUID-17BEDA21-43F6-41F4-8FB2-E01D275FE9B4.html) to deploy the VMware HCX Connector to your on-premises vCenter.
+
+1. Navigate to and select the OVA file that you downloaded and then select **Open**.
+
+ :::image type="content" source="media/tutorial-vmware-hcx/select-ovf-template.png" alt-text="Screenshot of browsing to an OVF template." lightbox="media/tutorial-vmware-hcx/select-ovf-template.png":::
+
+1. Select a name and location, and select a resource or cluster where you're deploying the VMware HCX Connector. Then review the details and required resources and select **Next**.
+
+1. Review license terms, select the required storage and network, and then select **Next**.
+
+1. Select the [VMware HCX management network segment](plan-private-cloud-deployment.md#define-vmware-hcx-network-segments) that you defined during the planning state. Then select **Next**.
+
+1. In **Customize template**, enter all required information and then select **Next**.
+
+ :::image type="content" source="media/tutorial-vmware-hcx/customize-template.png" alt-text="Screenshot of the boxes for customizing a template." lightbox="media/tutorial-vmware-hcx/customize-template.png":::
+
+1. Verify and then select **Finish** to deploy the VMware HCX Connector OVA.
+
+ >[!IMPORTANT]
+ >You will need to turn on the virtual appliance manually. After powering on, wait 10-15 minutes before proceeding to the next step.
++
+## Activate VMware HCX
+
+After you deploy the VMware HCX Connector OVA on-premises and start the appliance, you're ready to activate it. First, you'll need to get a license key from the Azure VMware Solution portal and then you'll activate it in VMware HCX Manager. You will need a key for each on premises HCX connector that is deployed.
+
+1. In the Azure VMware Solution portal, go to **Manage** > **Connectivity**, select the **HCX** tab, and then select **Add**.
+
+1. Use the **admin** credentials to sign in to the on-premises VMware HCX Manager at `https://HCXManagerIP:9443`. Make sure to include the `9443` port number with the VMware HCX Manager IP address.
+
+ >[!TIP]
+ >You defined the **admin** user password during the VMware HCX Manager OVA file deployment.
+
+1. In **Licensing**, enter your key for **HCX Advanced Key** and select **Activate**.
+
+ >[!IMPORTANT]
+ >VMware HCX Manager must have open internet access or a proxy configured.
+
+1. In **Datacenter Location**, provide the nearest location for installing the VMware HCX Manager on-premises. Then select **Continue**.
+
+1. In **System Name**, modify the name or accept the default and select **Continue**.
+
+1. Select **Yes, Continue**.
+
+1. In **Connect your vCenter**, provide the FQDN or IP address of your vCenter server and the appropriate credentials, and then select **Continue**.
+
+ >[!TIP]
+ >The vCenter server is where you deployed the VMware HCX Connector in your datacenter.
+
+1. In **Configure SSO/PSC**, provide the FQDN or IP address of your Platform Services Controller, and then select **Continue**.
+
+ >[!NOTE]
+ >Typically, it's the same as your vCenter FQDN or IP address.
+
+1. Verify that the information entered is correct and select **Restart**.
+
+ >[!NOTE]
+ >You'll experience a delay after restarting before being prompted for the next step.
+
+After the services restart, you'll see vCenter showing as green on the screen that appears. Both vCenter and SSO must have the appropriate configuration parameters, which should be the same as the previous screen.
+++
+## Uninstall HCX Advanced
+
+You can uninstall HCX Advanced through the portal, which will remove the existing pairing and software.
+
+>[!NOTE]
+>It could take approximately 30 minutes to return the resources to your private cloud occupied by the HCX virtual appliances.
+
+1. Make sure you don't have any active migrations in progress.
+
+1. Ensure that L2 extensions are no longer needed or the networks have been "unstretched" to the destination.
+
+1. For workloads using MON, ensure that the default gateways have been removed. Otherwise, it may result in workloads not being able to communicate or function.
+
+1. In your Azure VMware Solution private cloud, select **Manage** > **Add-ons** > **Uninstall**.
+
+
+1. Enter **yes** to confirm the uninstall.
+
+At this point, HCX Advanced will no longer have the vCenter plugin, and if needed, it can be reinstalled at any time.
++
+## Next steps
+
+Continue to the next tutorial to configure the VMware HCX Connector. After you've configured the VMware HCX Connector, you'll have a production-ready environment for creating virtual machines (VMs) and migration.
++
+>[!div class="nextstepaction"]
+>[Configure VMware HCX in Azure VMware Solution](configure-vmware-hcx.md)
azure-vmware Move Azure Vmware Solution Across Regions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/move-azure-vmware-solution-across-regions.md
The following steps show how to prepare your Azure VMware Solution private cloud
### Deploy the target environment
-Before you can move the source configuration, you'll need to [deploy the target environment](production-ready-deployment-steps.md).
+Before you can move the source configuration, you'll need to [deploy the target environment](plan-private-cloud-deployment.md).
### Back up the source configuration
azure-vmware Plan Private Cloud Deployment https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/plan-private-cloud-deployment.md
+
+ Title: Plan the Azure VMware Solution deployment
+description: Learn how to plan your Azure VMware Solution deployment.
++ Last updated : 07/07/2021++
+# Plan the Azure VMware Solution deployment
+
+Planning your Azure VMware Solution deployment is critical for a successful production-ready environment for creating virtual machines (VMs) and migration. During the planning process, you'll identify and gather what's needed for your deployment. As you plan, make sure to document the information you gather for easy reference during the deployment. A successful deployment results in a production-ready environment for creating virtual machines (VMs) and migration.
+
+In this how-to, you'll':
+
+> [!div class="checklist"]
+> * Identify the Azure subscription, resource group, region, and resource name
+> * Identify the size hosts and determin the number of clusters and hosts
+> * Request a host quota for eligible Azure plan
+> * Identify the /22 CIDR IP segment for private cloud management
+> * Identify a single network segment
+> * Define the virtual network gateway
+> * Define VMware HCX network segments
+
+After you're finished, follow the recommended next steps at the end to continue with the steps of this getting started guide.
++
+## Identify the subscription
+
+Identify the subscription you plan to use to deploy Azure VMware Solution. You can create a new subscription or use an existing one.
+
+>[!NOTE]
+>The subscription must be associated with a Microsoft Enterprise Agreement (EA) or a Cloud Solution Provider (CSP) Azure plan. For more information, see [Eligibility criteria](request-host-quota-azure-vmware-solution.md#eligibility-criteria).
+
+## Identify the resource group
+
+Identify the resource group you want to use for your Azure VMware Solution. Generally, a resource group is created specifically for Azure VMware Solution, but you can use an existing resource group.
+
+## Identify the region or location
+
+Identify the [region](https://azure.microsoft.com/global-infrastructure/services/?products=azure-vmware) you want Azure VMware Solution deployed.
+
+## Define the resource name
+
+The resource name is a friendly and descriptive name in which you title your Azure VMware Solution private cloud, for example, **MyPrivateCloud**.
+
+>[!IMPORTANT]
+>The name must not exceed 40 characters. If the name exceeds this limit, you won't be able to create public IP addresses for use with the private cloud.
+
+## Identify the size hosts
+
+Identify the size hosts that you want to use when deploying Azure VMware Solution.
++
+## Determine the number of clusters and hosts
+
+The first Azure VMware Solution deployment you do consists of a private cloud containing a single cluster. You'll need to define the number of hosts you want to deploy to the first cluster for your deployment.
+++
+## Request a host quota
+
+It's important to request a host quota early, so after you've finished the planning process, you're ready to deploy your Azure VMware Solution private cloud.
+
+Before you request a host quota, make sure you've identified the Azure subscription, resource group, and region. Also make sure you've identified the size hosts and determine the number of clusters and hosts you'll need. After the support team receives your request for a host quota, it takes up to five business days to confirm your request and allocate your hosts.
+
+- [EA customers](request-host-quota-azure-vmware-solution.md#request-host-quota-for-ea-customers)
+- [CSP customers](request-host-quota-azure-vmware-solution.md#request-host-quota-for-csp-customers)
++
+## Define the IP address segment for private cloud management
+
+Azure VMware Solution requires a /22 CIDR network, for example, `10.0.0.0/22`. This address space is carved into smaller network segments (subnets) and used for Azure VMware Solution management segments, including vCenter, VMware HCX, NSX-T, and vMotion functionality. The diagram highlights Azure VMware Solution management IP address segments.
++
+>[!IMPORTANT]
+>The /22 CIDR network address block shouldn't overlap with any existing network segment you already have on-premises or in Azure. For details of how the /22 CIDR network is broken down per private cloud, see [Routing and subnet considerations](tutorial-network-checklist.md#routing-and-subnet-considerations).
+++
+## Define the IP address segment for VM workloads
+
+Like with any VMware environment, the VMs must connect to a network segment. As the production deployment of Azure VMware Solution expands, there is often a combination of L2 extended segments from on-premises and local NSX-T network segments.
+
+For the initial deployment, identify a single network segment (IP network), for example, `10.0.4.0/24`. This network segment is used primarily for testing purposes during the initial deployment. The address block shouldn't overlap with any network segments on-premises or within Azure and shouldn't be within the /22 network segment already defined.
+
++
+## Define the virtual network gateway
+
+Azure VMware Solution requires an Azure Virtual Network and an ExpressRoute circuit. Define whether you want to use an *existing* OR *new* ExpressRoute virtual network gateway. If you decide to use a *new* virtual network gateway, you'll create it after you create your private cloud. It's acceptable to use an existing ExpressRoute virtual network gateway, and for planning purposes, make note of which ExpressRoute virtual network gateway you'll use.
++
+>[!IMPORTANT]
+>You can connect to a virtual network gateway in an Azure Virtual WAN, but it is out of scope for this quick start.
+
+## Define VMware HCX network segments
+
+VMware HCX is an application mobility platform designed for simplifying application migration, workload rebalancing, and business continuity across data centers and clouds. You can migrate your VMware workloads to Azure VMware Solution and other connected sites through various migration types.
+
+VMware HCX Connector deploys a subset of virtual appliances (automated) that require multiple IP segments. When you create your network profiles, you use the IP segments. Identify the following for the VMware HCX deployment, which supports a pilot or small product use case. Depending on the needs of your migration, modify as necessary.
+
+- **Management network:** When deploying VMware HCX on-premises, you'll need to identify a management network for VMware HCX. Typically, it's the same management network used by your on-premises VMware cluster. At a minimum, identify **two** IPs on this network segment for VMware HCX. You might need larger numbers, depending on the scale of your deployment beyond the pilot or small use case.
+
+ >[!NOTE]
+ >Preparing for large environments, instead of using the management network used for the on-premises VMware cluster, create a new /26 network and present that network as a port group to your on-premises VMware cluster. You can then create up to 10 service meshes and 60 network extenders (-1 per service mesh). You can stretch **eight** networks per network extender by using Azure VMware Solution private clouds.
+
+- **Uplink network:** When deploying VMware HCX on-premises, you'll need to identify a Uplink network for VMware HCX. Use the same network which you will be using for the Management network.
+
+- **vMotion network:** When deploying VMware HCX on-premises, you'll need to identify a vMotion network for VMware HCX. Typically, it's the same network used for vMotion by your on-premises VMware cluster. At a minimum, identify **two** IPs on this network segment for VMware HCX. You might need larger numbers, depending on the scale of your deployment beyond the pilot or small use case.
+
+ The vMotion network must be exposed on a distributed virtual switch or vSwitch0. If it's not, modify the environment to accommodate.
+
+ >[!NOTE]
+ >Many VMware environments use non-routed network segments for vMotion, which poses no problems.
+
+- **Replication network:** When deploying VMware HCX on-premises, you'll need to define a replication network. Use the same network as you are using for your Management and Uplink networks. If the on-premises cluster hosts use a dedicated Replication VMkernel network, reserve **two** IP addresses in this network segment and use the Replication VMkernel network for the replication network.
++
+## Determine whether to extend your networks
+
+Optionally, you can extend network segments from on-premises to Azure VMware Solution. If you do extend network segments, identify those networks now following these guidelines:
+
+- Networks must connect to a [vSphere Distributed Switch (vDS)](https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.networking.doc/GUID-B15C6A13-797E-4BCB-B9D9-5CBC5A60C3A6.html) in your on-premises VMware environment.
+- Networks that are on a [vSphere Standard Switch](https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.networking.doc/GUID-350344DE-483A-42ED-B0E2-C811EE927D59.html) can't be extended.
+
+>[!IMPORTANT]
+>These networks are extended as a final step of the configuration, not during deployment.
++
+## Next steps
+Now that you've gathered and documented the information needed, continue to the next tutorial to create your Azure VMware Solution private cloud.
+
+> [!div class="nextstepaction"]
+> [Deploy Azure VMware Solution](deploy-azure-vmware-solution.md)
azure-vmware Production Ready Deployment Steps https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/production-ready-deployment-steps.md
- Title: Plan the Azure VMware Solution deployment
-description: This article outlines an Azure VMware Solution deployment workflow. The final result is an environment ready for virtual machine (VM) creation and migration.
-- Previously updated : 06/21/2021--
-# Plan the Azure VMware Solution deployment
-
-This quick start provides you with the planning process to identify and collect the information you'll need for your deployment. As you plan your deployment, make sure to document the information you gather for easy reference during the deployment.
-
-The steps outlined give you a production-ready environment for creating virtual machines (VMs) and migration.
-
->[!TIP]
->To track the data you'll be collecting, use the [VMware HCX planning checklist](https://www.virtualworkloads.com/2021/04/hcx-planning-checklist/).
--
-## Request a host quota
-
-It's important to request a host quota early, so when the planning process is finished, you're ready to deploy your Azure VMware Solution private cloud.
--- [EA customers](request-host-quota-azure-vmware-solution.md#request-host-quota-for-ea-customers)-- [CSP customers](request-host-quota-azure-vmware-solution.md#request-host-quota-for-csp-customers)-
-After the support team receives your request for a host quota, it takes up to five business days to confirm your request and allocate your hosts.
--
-## Identify the subscription
-
-Identify the subscription you plan to use to deploy Azure VMware Solution. You can either create a new subscription or reuse an existing one.
-
->[!NOTE]
->The subscription must be associated with a Microsoft Enterprise Agreement or a Cloud Solution Provider Azure plan. For more information, see [Eligibility criteria](request-host-quota-azure-vmware-solution.md#eligibility-criteria).
-
-## Identify the resource group
-
-Identify the resource group you want to use for your Azure VMware Solution. Generally, a resource group is created specifically for Azure VMware Solution, but you can use an existing resource group.
-
-## Identify the region or location
-
-Identify the region you want Azure VMware Solution deployed. For more information, see the [Azure Products Available By Region Guide](https://azure.microsoft.com/en-us/global-infrastructure/services/?products=azure-vmware).
-
-## Identify the resource name
-
-Define the resource name you'll use during deployment. The resource name is a friendly and descriptive name in which you title your Azure VMware Solution private cloud.
-
->[!IMPORTANT]
->The name must not exceed 40 characters. If the name exceeds this limit, you won't be able to create public IP addresses for use with the private cloud.
-
-## Identify the size hosts
-
-Identify the size hosts that you want to use when deploying Azure VMware Solution.
--
-## Determine the number of clusters and hosts
-
-The first Azure VMware Solution deployment you do consists of a private cloud containing a single cluster. For your deployment, you'll need to define the number of hosts you want to deploy to the first cluster.
--
-## Define the IP address segment for private cloud management
-
-The first step in planning the deployment is to plan out the IP segmentation. Azure VMware Solution requires a /22 CIDR network. This address space is carved up into smaller network segments (subnets) and used for Azure VMware Solution management segments, including vCenter, VMware HCX, NSX-T, and vMotion functionality. The visualization below highlights where this segment will be used.
-
-This /22 CIDR network address block shouldn't overlap with any existing network segment you already have on-premises or in Azure.
-
-**Example:** 10.0.0.0/22
-
-For a detailed breakdown of how the /22 CIDR network is broken down per private cloud [Network planning checklist](tutorial-network-checklist.md#routing-and-subnet-considerations).
--
-## Define the IP address segment for VM workloads
-
-Like with any VMware environment, the VMs must connect to a network segment. In Azure VMware Solution, there are two types of segments, L2 extended segments (discussed later) and NSX-T network segments. As the production deployment of Azure VMware Solution expands, there is often a combination of L2 extended segments from on-premises and local NSX-T network segments. To plan the initial deployment, In Azure VMware Solution, identify a single network segment (IP network). This network must not overlap with any network segments on-premises or within the rest of Azure and must not be within the /22 network segment defined earlier.
-
-This network segment is used primarily for testing purposes during the initial deployment.
-
->[!NOTE]
->This network or networks will not be needed during the deployment. They get created as a post-deployment step.
-
-**Example:** 10.0.4.0/24
--
-## Define the virtual network gateway
-
-An Azure VMware Solution private cloud requires an Azure Virtual Network and an ExpressRoute circuit.
-
->[!IMPORTANT]
->[!INCLUDE [disk-pool-planning-note](includes/disk-pool-planning-note.md)] You can connect to a virtual network gateway in an Azure Virtual WAN, but it is out of scope for this quick start.
-
-Define whether you want to use an *existing* OR *new* ExpressRoute virtual network gateway. If you decide to use a *new* virtual network gateway, you'll create it after you create your private cloud. It's acceptable to use an existing ExpressRoute virtual network gateway, and for planning purposes, make note of which ExpressRoute virtual network gateway you'll use.
----
-## Define VMware HCX network segments
-
-VMware HCX is a technology that's bundled with Azure VMware Solution. The primary use cases for VMware HCX are workload migrations and disaster recovery. If you plan to do either, it's best to plan out the networking now. Otherwise, you can skip and continue to the next step.
--
-## Determine whether to extend your networks
-
-Optionally, you can extend network segments from on-premises to Azure VMware Solution.
-
-If you do extend network segments, identify those networks now following these guidelines:
--- Networks must connect to a [vSphere Distributed Switch (vDS)](https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.networking.doc/GUID-B15C6A13-797E-4BCB-B9D9-5CBC5A60C3A6.html) in your on-premises VMware environment. -- Networks that are on a [vSphere Standard Switch](https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.networking.doc/GUID-350344DE-483A-42ED-B0E2-C811EE927D59.html) can't be extended.-
->[!IMPORTANT]
->These networks are extended as a final step of the configuration, not during deployment.
--
-## Next steps
-Now that you've gathered and documented the needed information continue to the next section to create your Azure VMware Solution private cloud.
-
-> [!div class="nextstepaction"]
-> [Deploy Azure VMware Solution](deploy-azure-vmware-solution.md)>
azure-vmware Request Host Quota Azure Vmware Solution https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/request-host-quota-azure-vmware-solution.md
Title: Request host quota for Azure VMware Solution
description: Learn how to request host quota/capacity for Azure VMware Solution. You can also request more hosts in an existing Azure VMware Solution private cloud. Previously updated : 05/13/2021 Last updated : 07/07/2021+
+#Customer intent: As an Azure service admin, I want to request hosts for either a new private cloud deployment or I want to have more hosts allocated in an existing private cloud.
+ # Request host quota for Azure VMware Solution
-In this how-to, you'll request host quot). You'll submit a support ticket to have your hosts allocated. If you have an existing Azure VMware Solution private cloud and want more hosts allocated, you'll follow the same process.
+In this how-to, you'll request host quot). You'll submit a support ticket to have your hosts allocated whether it's for a new deployment or an existing private cloud.
+
+If you have an existing Azure VMware Solution private cloud and want more hosts allocated, you'll follow the same process.
>[!IMPORTANT]
->It can take a few days to allocate the hosts, depending on the number requested. So request what is needed for provisioning, so you don't need to request a quota increase as often.
+>It can take up to five business days to allocate the hosts, depending on the number requested. So request what is needed for provisioning, so you don't need to request a quota increase as often.
## Eligibility criteria
Access the Azure portal using the **Admin On Behalf Of** (AOBO) procedure from P
## Next steps
-Before you can deploy Azure VMware Solution, you must first [register the resource provider](deploy-azure-vmware-solution.md#step-1-register-the-microsoftavs-resource-provider) with your subscription to enable the service.
-
+Before you can deploy Azure VMware Solution, you must first [register the resource provider](deploy-azure-vmware-solution.md#register-the-microsoftavs-resource-provider) with your subscription to enable the service.
azure-vmware Rotate Cloudadmin Credentials https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/rotate-cloudadmin-credentials.md
In this step, you'll update HCX Connector with the updated credentials.
Now that you've covered resetting vCenter Server and NSX-T Manager credentials for Azure VMware Solution, you may want to learn about: -- [Configuring NSX network components in Azure VMware Solution](configure-nsx-network-components-azure-portal.md) - [Integrating Azure native services in Azure VMware Solution](integrate-azure-native-services.md) - [Deploying disaster recovery for Azure VMware Solution workloads using VMware HCX](deploy-disaster-recovery-using-vmware-hcx.md)
azure-vmware Tutorial Create Private Cloud https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/tutorial-create-private-cloud.md
In this tutorial, you'll learn how to:
## Prerequisites - Appropriate administrative rights and permission to create a private cloud. You must be at minimum contributor level in the subscription.-- Follow the information you gathered in the [planning](production-ready-deployment-steps.md) article to deploy Azure VMware Solution.
+- Follow the information you gathered in the [planning](plan-private-cloud-deployment.md) tutorial to deploy Azure VMware Solution.
- Ensure you have the appropriate networking configured as described in [Network planning checklist](tutorial-network-checklist.md).-- Hosts have been provisioned and the Microsoft.AVS [resource provider has been registered](deploy-azure-vmware-solution.md#step-1-register-the-microsoftavs-resource-provider).
+- Hosts have been provisioned and the Microsoft.AVS [resource provider has been registered](deploy-azure-vmware-solution.md#register-the-microsoftavs-resource-provider).
## Create a private cloud
azure-vmware Tutorial Expressroute Global Reach Private Cloud https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/tutorial-expressroute-global-reach-private-cloud.md
Title: Peer on-premises environments to Azure VMware Solution description: Learn how to create ExpressRoute Global Reach peering to a private cloud in Azure VMware Solution. - Previously updated : 06/21/2021+ Last updated : 07/28/2021 # Peer on-premises environments to Azure VMware Solution
-In this step of the quick start, you'll connect Azure VMware Solution to your on-premises environment. ExpressRoute Global Reach connects your on-premises environment to your Azure VMware Solution private cloud. The ExpressRoute Global Reach connection is established between the private cloud ExpressRoute circuit and an existing ExpressRoute connection to your on-premises environments.
+After you deploy your Azure VMware Solution private cloud, you'll connect it to your on-premises environment. ExpressRoute Global Reach connects your on-premises environment to your Azure VMware Solution private cloud. The ExpressRoute Global Reach connection is established between the private cloud ExpressRoute circuit and an existing ExpressRoute connection to your on-premises environments.
:::image type="content" source="media/pre-deployment/azure-vmware-solution-on-premises-diagram.png" alt-text="Diagram showing ExpressRoute Global Reach on-premises network connectivity." lightbox="media/pre-deployment/azure-vmware-solution-on-premises-diagram.png" border="false"::: >[!NOTE] >You can connect through VPN, but that's out of scope for this quick start guide.
+In this article, you'll:
+
+> [!div class="checklist"]
+> * Create an ExpressRoute auth key in the on-premises ExpressRoute circuit
+> * Peer the private cloud with your on-premises ExpressRoute circuit
+> * Verify on-premises network connectivity
+
+After you're finished, follow the recommended next steps at the end to continue with the steps of this getting started guide.
## Prerequisites - Review the documentation on how to [enable connectivity in different Azure subscriptions](../expressroute/expressroute-howto-set-global-reach-cli.md#enable-connectivity-between-expressroute-circuits-in-different-azure-subscriptions). + - A separate, functioning ExpressRoute circuit used to connect on-premises environments to Azure, which is _circuit 1_ for peering.+ - Ensure that all gateways, including the ExpressRoute provider's service, supports 4-byte Autonomous System Number (ASN). Azure VMware Solution uses 4-byte public ASNs for advertising routes. >[!NOTE]
-> If advertising a default route to Azure (0.0.0.0/0), ensure a more specific route containing your on-premises networks is advertised in addition to the default route to enable management access to AVS. A single 0.0.0.0/0 route will be discarded by Azure VMware Solution's management network to ensure successful operation of the service.
+>If advertising a default route to Azure (0.0.0.0/0), ensure a more specific route containing your on-premises networks is advertised in addition to the default route to enable management access to Azure VMware Solution. A single 0.0.0.0/0 route will be discarded by Azure VMware Solution's management network to ensure successful operation of the service.
## Create an ExpressRoute auth key in the on-premises ExpressRoute circuit
You should now see in your **on-premises edge router** where the ExpressRoute co
>Everyone has a different environment, and some will need to allow these routes to propagate back into the on-premises network. ## Next steps
-Continue to the next tutorial to learn how to deploy and configure VMware HCX solution for your Azure VMware Solution private cloud.
+Continue to the next tutorial to install VMware HCX add-on in your Azure VMware Solution private cloud.
> [!div class="nextstepaction"]
-> [Deploy and configure VMware HCX](tutorial-deploy-vmware-hcx.md)
+> [Install VMware HCX](install-vmware-hcx.md)
<!-- LINKS - external-->
azure-vmware Tutorial Scale Private Cloud https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/tutorial-scale-private-cloud.md
Title: Tutorial - Expand or shrink clusters in a private cloud description: In this tutorial, you use the Azure portal to scale an Azure VMware Solution private cloud. Previously updated : 03/13/2021 Last updated : 08/03/2021 #Customer intent: As a VMware administrator, I want to learn how to scale an Azure VMware Solution private cloud in the Azure portal.
You'll need an existing private cloud to complete this tutorial. If you haven't
## Add a new cluster
-1. On the overview page of an existing private cloud, under **Manage**, select **Scale private cloud**. Next, select **+ Add a cluster**.
+1. On the overview page of an existing private cloud, under Manage, select **Clusters** > **Add a cluster**.
- :::image type="content" source="./media/tutorial-scale-private-cloud/ss2-select-add-cluster.png" alt-text="Screenshot showing how to add a cluster to an Azure VMware Solution private cloud." border="true":::
+ :::image type="content" source="media/tutorial-scale-private-cloud/ss2-select-add-cluster.png" alt-text="Screenshot showing how to add a cluster to an Azure VMware Solution private cloud." border="true":::
-1. In the **Add cluster** page, use the slider to select the number of hosts. Select **Save**.
+1. Use the slider to select the number of hosts and the select **Save**.
- :::image type="content" source="./media/tutorial-scale-private-cloud/ss3-configure-new-cluster.png" alt-text="Screenshot showing how to configure a new cluster." border="true":::
+ :::image type="content" source="media/tutorial-scale-private-cloud/ss3-configure-new-cluster.png" alt-text="Screenshot showing how to configure a new cluster." border="true":::
- The deployment of the new cluster will begin.
+ The deployment of the new cluster begins.
## Scale a cluster
-1. On the overview page of an existing private cloud, select **Scale private cloud** and select the pencil icon to edit the cluster.
+1. On the overview page of an existing private cloud, under Manage, select **Clusters**.
- :::image type="content" source="./media/tutorial-scale-private-cloud/ss4-select-scale-private-cloud-2.png" alt-text="Screenshot showing where to edit an existing cluster." border="true":::
+1. Select the cluster you want to scale, select **More** (...) and then select **Edit**.
-1. In the **Edit Cluster** page, use the slider to select the number of hosts. Select **Save**.
+ :::image type="content" source="media/tutorial-scale-private-cloud/ss4-select-scale-private-cloud-2.png" alt-text="Screenshot showing where to edit an existing cluster." border="true":::
+
+1. Use the slider to select the number of hosts and then select **Save**.
The addition of hosts to the cluster begins.
backup Archive Tier Support https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/backup/archive-tier-support.md
Supported clients:
``` >[!NOTE]
- >The span of the start date and the end date should not be more than 30 days.<br><br>To view recovery points for a different time range, modify the start and the end date accordingly.
+ >To view recovery points for a different time range, modify the start and the end date accordingly.
## Use PowerShell ### Check archivable recovery points
backup Backup Azure Arm Restore Vms https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/backup/backup-azure-arm-restore-vms.md
Title: Restore VMs by using the Azure portal
description: Restore an Azure virtual machine from a recovery point by using the Azure portal, including the Cross Region Restore feature. Previously updated : 07/27/2021 Last updated : 08/03/2021 # How to restore Azure VM data in Azure portal
There are many common scenarios in which you might need to restore VMs.
For more information, see [Back up and restore Active Directory domain controllers](active-directory-backup-restore.md).
+## Restore VMs with managed identities
+
+Managed identities eliminate the need for the user to maintain the credentials. Managed identities provide an identity for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication.
+
+Azure Backup offers the flexibility to restore the managed Azure VM with [Managed identities](/azure/active-directory/managed-identities-azure-resources/overview). You can choose to select [system-managed identities](/azure/active-directory/managed-identities-azure-resources/overview#managed-identity-types) or user-managed identities as shown in the figure below. This is introduced as one of the input parameters in the [**Restore configuration** blade](/azure/backup/backup-azure-arm-restore-vms#create-a-vm) of Azure VM. Managed identities used as one of the input parameter is only used for accessing the storage accounts, which is used as staging location during restore and not for any other Azure resource controlling. These Managed identities have to be associated to the vault.
++
+If you choose to select system-assigned or User-assigned Managed identities, check for the below actions for Managed Identity on the target staging Storage Account.
+
+```json
+"permissions": [
+ {
+ "actions": [
+ "Microsoft.Authorization/*/read",
+ "Microsoft.Storage/storageAccounts/blobServices/containers/delete",
+ "Microsoft.Storage/storageAccounts/blobServices/containers/read",
+ "Microsoft.Storage/storageAccounts/blobServices/containers/write"
+ ],
+ "notActions": [],
+ "dataActions": [
+ "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
+ "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
+ "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write",
+ "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action"
+ ],
+ "notDataActions": []
+ }
+```
+
+Or, add the role assignment on the staging location (Storage Account) to have [Storage account Backup Contributor](/azure/backup/blob-backup-configure-manage#grant-permissions-to-the-backup-vault-on-storage-accounts) and [Storage Blob data Contributor](/azure/role-based-access-control/built-in-roles#storage-blob-data-contributor) for the successful restore operation.
++
+You can also select the [user-managed identity](/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-portal) by providing the input as their MSI Resource ID as provided in the figure below.
++
+>[!Note]
+>The support is available for only managed VMs, and not supported for classic VMs and unmanaged VMs. For the [storage accounts that are restricted with firewalls](/azure/storage/common/storage-network-security?tabs=azure-portal), system MSI is only supported.
+ ## Track the restore operation After you trigger the restore operation, the backup service creates a job for tracking. Azure Backup displays notifications about the job in the portal. If they aren't visible, select the **Notifications** symbol, and then select **More events in the activity log** to see the Restore Process Status.
There are a few things to note after restoring a VM:
## Next steps - If you experience difficulties during the restore process, [review](backup-azure-vms-troubleshoot.md#restore) common issues and errors.-- After the VM is restored, learn about [managing virtual machines](backup-azure-manage-vms.md)
+- After the VM is restored, learn about [managing virtual machines](backup-azure-manage-vms.md)
backup Backup Azure Backup Sharepoint Mabs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/backup/backup-azure-backup-sharepoint-mabs.md
Title: Back up a SharePoint farm to Azure with MABS description: Use Azure Backup Server to back up and restore your SharePoint data. This article provides the information to configure your SharePoint farm so that desired data can be stored in Azure. You can restore protected SharePoint data from disk or from Azure. Previously updated : 04/26/2020 Last updated : 07/30/2021 # Back up a SharePoint farm to Azure with MABS
The following procedure uses the example of a server farm with two front-end Web
1. If you performed step 6, you can now remove the volume from the protection group.
+## Remove a database from a SharePoint farm
+
+When a database is removed from a SharePoint farm, MABS will skip the backup of that database, continue to back up other databases in the SharePoint farm, and alert the backup administrator.
+
+### MABS Alert - Farm Configuration Changed
+
+This is a warning alert that is generated in Microsoft Azure Backup Server (MABS) when automatic protection of a SharePoint database fails. See the alert **Details** pane for more information about the cause of this alert.
+
+To resolve this alert, follow these steps:
+
+1. Verify with the SharePoint administrator if the database has actually been removed from the farm. If the database has been removed from the farm, then it must be removed from active protection in MABS.
+1. To remove the database from active protection:
+ 1. In **MABS Administrator Console**, click **Protection** on the navigation bar.
+ 1. In the **Display** pane, right-click the protection group for the SharePoint farm, and then click **Stop Protection of member**.
+ 1. In the **Stop Protection** dialog box, click **Retain Protected Data**.
+ 1. Click **Stop Protection**.
+
+You can add the SharePoint farm back for protection by using the **Modify Protection Group** wizard. During re-protection, select the SharePoint front-end server and click **Refresh** to update the SharePoint database cache, then select the SharePoint farm and proceed.
+ ## Next steps See the [Back up Exchange server](backup-azure-exchange-mabs.md) article.
backup Backup Azure Vms Troubleshoot https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/backup/backup-azure-vms-troubleshoot.md
This section covers backup operation failure of Azure Virtual machine.
![Windows Server Backup failing](media/backup-azure-vms-troubleshoot/windows-server-backup-failing.png) * If Azure Backup is failing, then look for the corresponding Error Code in the section Common VM backup errors in this article. * If you see Azure Backup option greyed out on an Azure VM, hover over the disabled menu to find the reason. The reasons could be "Not available with EphemeralDisk" or "Not available with Ultra Disk".
- ![Reasons for the disablement of Azure Backup option](media/backup-azure-vms-troubleshoot/azure-backup-disable-reasons.png)
+ ![Reasons for the disablement of Azure Backup option](media/backup-azure-vms-troubleshoot/azure-backup-disable-reasons.png)
## Common issues
backup Backup Support Matrix Iaas https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/backup/backup-support-matrix-iaas.md
Title: Support matrix for Azure VM backup description: Provides a summary of support settings and limitations when backing up Azure VMs with the Azure Backup service. Previously updated : 06/16/2021 Last updated : 08/03/2021
Backup of Azure VMs with locks | Unsupported for unmanaged VMs. <br><br> Support
[Azure Dedicated Host](../virtual-machines/dedicated-hosts.md) | Supported<br></br>While restoring an Azure VM through the [Create New](backup-azure-arm-restore-vms.md#create-a-vm) option, though the restore gets successful, Azure VM can't be restored in the dedicated host. To achieve this, we recommend you to restore as disks. While [restoring as disks](backup-azure-arm-restore-vms.md#restore-disks) with the template, create a VM in dedicated host, and then attach the disks.<br></br>This is not applicable in secondary region, while performing [Cross Region Restore](backup-azure-arm-restore-vms.md#cross-region-restore). Windows Storage Spaces configuration of standalone Azure VMs | Supported [Azure VM Scale Sets](../virtual-machine-scale-sets/virtual-machine-scale-sets-orchestration-modes.md#scale-sets-with-flexible-orchestration) | Supported for flexible orchestration model to back up and restore Single Azure VM.
+Restore with Managed identities | Yes, supported for managed Azure VMs, and not supported for classic and unmanaged Azure VMs. [Learn more](backup-azure-arm-restore-vms.md#restore-vms-with-managed-identities)
## VM storage support
batch Batch Pool Vm Sizes https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/batch/batch-pool-vm-sizes.md
Batch pools in the Virtual Machine configuration support almost all [VM sizes](.
| Dv4, Dsv4 | Not supported | | Ev3, Esv3 | All sizes, except for E64is_v3 | | Eav4, Easv4 | All sizes |
-| Edv4, Edsv4 | All sizes |
+| Edv4, Edsv4 | All sizes |
| Ev4, Esv4 | Not supported | | F, Fs | All sizes | | Fsv2 | All sizes |
+| FX | All sizes |
| G, Gs | All sizes | | H | All sizes | | HB | All sizes |
batch Private Connectivity https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/batch/private-connectivity.md
Title: Use private endpoints with Azure Batch accounts description: Learn how to connect privately to an Azure Batch account by using private endpoints. Previously updated : 09/28/2020 Last updated : 08/03/2021
By using [Azure Private Link](../private-link/private-link-overview.md), you can
Private Link allows users to access an Azure Batch account from within the virtual network or from any peered virtual network. Resources mapped to Private Link are also accessible on-premises over private peering through VPN or [Azure ExpressRoute](../expressroute/expressroute-introduction.md). You can connect to an Azure Batch account configured with Private Link by using the [automatic or manual approval method](../private-link/private-endpoint-overview.md#access-to-a-private-link-resource-using-approval-workflow). > [!IMPORTANT]
-> Support for private connectivity in Azure Batch is currently available for all regions except Germany Central, Germany Northeast, China East, China East 2, China North, and China North 2.
+> Support for private connectivity in Azure Batch is currently available for all regions except Germany Central and Germany Northeast.
This article describes the steps to create a private Batch account and access it using a private endpoint.
communication-services Concepts https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/communication-services/concepts/chat/concepts.md
Title: Chat concepts in Azure Communication Services description: Learn about Communication Services Chat concepts. -+
communication-services Sdk Features https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/communication-services/concepts/chat/sdk-features.md
Title: Chat SDK overview for Azure Communication Services description: Learn about the Azure Communication Services Chat SDK. -+
communication-services Call Recording https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/communication-services/concepts/voice-video-calling/call-recording.md
[!INCLUDE [Public Preview](../../includes/public-preview-include-document.md)] > [!NOTE]
-> Call Recording is currently only available for Communication Services resources created in the US region.
+> Call Recording is available for Communication Services resources created in the US, UK, Europe, Asia and Australia regions.
Call Recording provides a set of APIs to start, stop, pause and resume recording. These APIs can be accessed from server-side business logic or via events triggered by user actions. Recorded media output is in MP4 Audio+Video format, which is the same format that Teams uses to record media. Notifications related to media and metadata are emitted via Event Grid. Recordings are stored for 48 hours on built-in temporary storage for retrieval and movement to a long-term storage solution of choice.
communication-services Calling Sdk Features https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/communication-services/concepts/voice-video-calling/calling-sdk-features.md
The Communication Services Calling SDK supports the following streaming configur
| **# of outgoing streams that can be sent simultaneously** | 1 video or 1 screen sharing | 1 video + 1 screen sharing | | **# of incoming streams that can be rendered simultaneously** | 1 video or 1 screen sharing | 6 video + 1 screen sharing |
+While the Calling SDK won't enforce these limits, your users may experience performance degradation if they're exceeded.
+ ## Calling SDK timeouts The following timeouts apply to the Communication Services Calling SDKs:
cosmos-db Access Data Spring Data App https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/cassandra/access-data-spring-data-app.md
+
+ Title: How to use Spring Data Apache Cassandra API with Azure Cosmos DB
+description: Learn how to use Spring Data Apache Cassandra API with Azure Cosmos DB.
++++
+ms.devlang: java
+ Last updated : 07/17/2021++
+# How to use Spring Data Apache Cassandra API with Azure Cosmos DB
+
+This article demonstrates creating a sample application that uses [Spring Data] to store and retrieve information using the [Azure Cosmos DB Cassandra API](/azure/cosmos-db/cassandra-introduction).
+
+## Prerequisites
+
+The following prerequisites are required in order to complete the steps in this article:
+
+* An Azure subscription; if you don't already have an Azure subscription, you can activate your [MSDN subscriber benefits] or sign up for a [free Azure account].
+* A supported Java Development Kit (JDK). For more information about the JDKs available for use when developing on Azure, see [Java support on Azure and Azure Stack](/azure/developer/java/fundamentals/java-support-on-azure).
+* [Apache Maven](http://maven.apache.org/), version 3.0 or later.
+* [Curl](https://curl.haxx.se/) or similar HTTP utility to test functionality.
+* A [Git](https://git-scm.com/downloads) client.
+
+> [!NOTE]
+> The samples mentioned below implement custom extensions for a better experience when using Azure Cosmos DB Cassandra API. They include custom retry and load balancing policies, as well as implementing recommended connection settings. For a more extensive exploration of how the custom policies are used, see Java samples for [version 3](https://github.com/Azure-Samples/azure-cosmos-cassandra-extensions-java-sample) and [version 4](https://github.com/Azure-Samples/azure-cosmos-cassandra-extensions-java-sample-v4).
+
+## Create a Cosmos DB Cassandra API account
++
+## Configure the sample application
+
+The following procedure configures the test application.
+
+1. Open a command shell and clone either of the following examples:
+
+ For Java [version 3 driver](https://github.com/datastax/java-driver/tree/3.x) and corresponding Spring version:
+
+ ```shell
+ git clone https://github.com/Azure-Samples/spring-data-cassandra-on-azure-extension-v3.git
+ ```
+
+ For Java [version 4 driver](https://github.com/datastax/java-driver/tree/4.x) and corresponding Spring version:
+
+ ```shell
+ git clone https://github.com/Azure-Samples/spring-data-cassandra-on-azure-extension-v4.git
+ ```
+
+ > [!NOTE]
+ > Although the usage described below is identical for both Java version 3 and version 4 samples above, the way in which they have been implemented in order to include custom retry and load balancing policies is different. We recommend reviewing the code to understand how to implement custom policies if you are making changes to an existing spring java application.
+
+1. Locate the *application.properties* file in the *resources* directory of the sample project, or create the file if it does not already exist.
+
+1. Open the *application.properties* file in a text editor, and add or configure the following lines in the file, and replace the sample values with the appropriate values from earlier:
+
+ ```yaml
+ spring.data.cassandra.contact-points=<Account Name>.cassandra.cosmos.azure.com
+ spring.data.cassandra.port=10350
+ spring.data.cassandra.username=<Account Name>
+ spring.data.cassandra.password=********
+ ```
+
+ Where:
+
+ | Parameter | Description |
+ |||
+ | `spring.data.cassandra.contact-points` | Specifies the **Contact Point** from earlier in this article. |
+ | `spring.data.cassandra.port` | Specifies the **Port** from earlier in this article. |
+ | `spring.data.cassandra.username` | Specifies your **Username** from earlier in this article. |
+ | `spring.data.cassandra.password` | Specifies your **Primary Password** from earlier in this article. |
+
+1. Save and close the *application.properties* file.
+
+## Package and test the sample application
+
+Browse to the directory that contains the .pom file to build and test the application.
+
+1. Build the sample application with Maven; for example:
+
+ ```shell
+ mvn clean package
+ ```
+
+1. Start the sample application; for example:
+
+ ```shell
+ java -jar target/spring-data-cassandra-on-azure-0.1.0-SNAPSHOT.jar
+ ```
+
+1. Create new records using `curl` from a command prompt like the following examples:
+
+ ```shell
+ curl -s -d "{\"name\":\"dog\",\"species\":\"canine\"}" -H "Content-Type: application/json" -X POST http://localhost:8080/pets
+
+ curl -s -d "{\"name\":\"cat\",\"species\":\"feline\"}" -H "Content-Type: application/json" -X POST http://localhost:8080/pets
+ ```
+
+ Your application should return values like the following:
+
+ ```shell
+ Added Pet{id=60fa8cb0-0423-11e9-9a70-39311962166b, name='dog', species='canine'}.
+
+ Added Pet{id=72c1c9e0-0423-11e9-9a70-39311962166b, name='cat', species='feline'}.
+ ```
+
+1. Retrieve all of the existing records using `curl` from a command prompt like the following examples:
+
+ ```shell
+ curl -s http://localhost:8080/pets
+ ```
+
+ Your application should return values like the following:
+
+ ```json
+ [{"id":"60fa8cb0-0423-11e9-9a70-39311962166b","name":"dog","species":"canine"},{"id":"72c1c9e0-0423-11e9-9a70-39311962166b","name":"cat","species":"feline"}]
+ ```
+
+## Clean up resources
++
+## Next steps
+
+To learn more about Spring and Azure, continue to the Spring on Azure documentation center.
+
+> [!div class="nextstepaction"]
+> [Spring on Azure](../../index.yml)
+
+### Additional Resources
+
+For more information about using Azure with Java, see the [Azure for Java Developers] and the [Working with Azure DevOps and Java].
+
+<!-- URL List -->
+
+[Azure for Java Developers]: ../index.yml
+[free Azure account]: https://azure.microsoft.com/pricing/free-trial/
+[Working with Azure DevOps and Java]: /azure/devops/
+[MSDN subscriber benefits]: https://azure.microsoft.com/pricing/member-offers/msdn-benefits-details/
+[Spring Boot]: http://projects.spring.io/spring-boot/
+[Spring Data]: https://spring.io/projects/spring-data
+[Spring Initializr]: https://start.spring.io/
+[Spring Framework]: https://spring.io/
+
+<!-- IMG List -->
+
+[COSMOSDB01]: media/access-data-spring-data-app/create-cosmos-db-01.png
+[COSMOSDB02]: media/access-data-spring-data-app/create-cosmos-db-02.png
+[COSMOSDB03]: media/access-data-spring-data-app/create-cosmos-db-03.png
+[COSMOSDB04]: media/access-data-spring-data-app/create-cosmos-db-04.png
+[COSMOSDB05]: media/access-data-spring-data-app/create-cosmos-db-05.png
+[COSMOSDB05-1]: media/access-data-spring-data-app/create-cosmos-db-05-1.png
+[COSMOSDB06]: media/access-data-spring-data-app/create-cosmos-db-06.png
cosmos-db Apache Cassandra Consistency Mapping https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/cassandra/apache-cassandra-consistency-mapping.md
+
+ Title: Apache Cassandra and Azure Cosmos DB consistency levels
+description: Apache Cassandra and Azure Cosmos DB consistency levels.
+++++ Last updated : 10/12/2020++++
+# Apache Cassandra and Azure Cosmos DB Cassandra API consistency levels
+
+Unlike Azure Cosmos DB, Apache Cassandra does not natively provide precisely defined consistency guarantees. Instead, Apache Cassandra provides a write consistency level and a read consistency level, to enable the high availability, consistency, and latency tradeoffs. When using Azure Cosmos DBΓÇÖs Cassandra API:
+
+* The write consistency level of Apache Cassandra is mapped to the default consistency level configured on your Azure Cosmos account. Consistency for a write operation (CL) can't be changed on a per-request basis.
+
+* Azure Cosmos DB will dynamically map the read consistency level specified by the Cassandra client driver to one of the Azure Cosmos DB consistency levels configured dynamically on a read request.
+
+## Multi-region writes vs Single-region writes
+
+Apache Cassandra database is a multi-master system by default, and does not provide an out-of-box option for single-region writes with multi-region replication for reads. However, Azure Cosmos DB provides turnkey ability to have either single region, or [multi-region](../how-to-multi-master.md) write configurations. One of the advantages of being able to choose a single region write configuration across multiple regions is the avoidance of cross-region conflict scenarios, and the option of maintaining strong consistency across multiple regions.
+
+With single-region writes, you can maintain strong consistency, while still maintaining a level of high availability across regions with [automatic failover](../high-availability.md#multi-region-accounts-with-a-single-write-region-write-region-outage). In this configuration, you can still exploit data locality to reduce read latency by downgrading to eventual consistency on a per request basis. In addition to these capabilities, the Azure Cosmos DB platform also provides the ability to enable [zone redundancy](../high-availability.md#availability-zone-support) when selecting a region. Thus, unlike native Apache Cassandra, Azure Cosmos DB allows you to navigate the CAP Theorem [trade-off spectrum](../consistency-levels.md#rto) with more granularity.
+
+## Mapping consistency levels
+
+The Azure Cosmos DB platform provides a set of five well-defined, business use-case oriented consistency settings with respect to replication and the tradeoffs defined by the [CAP theorem](https://en.wikipedia.org/wiki/CAP_theorem) and [PACLC theorem](https://en.wikipedia.org/wiki/PACELC_theorem). As this approach differs significantly from Apache Cassandra, we would recommend that you take time to review and understand Azure Cosmos DB consistency settings in our [documentation](../consistency-levels.md), or watch this short [video](https://www.youtube.com/watch?v=t1--kZjrG-o) guide to understanding consistency settings in the Azure Cosmos DB platform.
+
+The following table illustrates the possible mappings between Apache Cassandra and Azure Cosmos DB consistency levels when using Cassandra API. This shows configurations for single region, multi-region reads with single-region writes, and multi-region writes.
+
+> [!NOTE]
+> These are not exact mappings. Rather, we have provided the closest analogues to Apache Cassandra, and disambiguated any qualitative differences in the rightmost column. As mentioned above, we recommend reviewing Azure Cosmos DB's [consistency settings](../consistency-levels.md).
+++
+If your Azure Cosmos account is configured with a consistency level other than the strong consistency, you can find out the probability that your clients may get strong and consistent reads for your workloads by looking at the *Probabilistically Bounded Staleness* (PBS) metric. This metric is exposed in the Azure portal, to learn more, see [Monitor Probabilistically Bounded Staleness (PBS) metric](../how-to-manage-consistency.md#monitor-probabilistically-bounded-staleness-pbs-metric).
+
+Probabilistic bounded staleness shows how eventual is your eventual consistency. This metric provides an insight into how often you can get a stronger consistency than the consistency level that you have currently configured on your Azure Cosmos account. In other words, you can see the probability (measured in milliseconds) of getting strongly consistent reads for a combination of write and read regions.
+
+## Next steps
+
+Learn more about global distribution and consistency levels for Azure Cosmos DB:
+
+* [Global distribution overview](../distribute-data-globally.md)
+* [Consistency Level overview](../consistency-levels.md)
+* [High availability](../high-availability.md)
cosmos-db Cassandra Change Feed https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/cassandra/cassandra-change-feed.md
+
+ Title: Change feed in the Azure Cosmos DB API for Cassandra
+description: Learn how to use change feed in the Azure Cosmos DB API for Cassandra to get the changes made to your data.
+++ Last updated : 11/25/2019++++
+# Change feed in the Azure Cosmos DB API for Cassandra
+
+[Change feed](../change-feed.md) support in the Azure Cosmos DB API for Cassandra is available through the query predicates in the Cassandra Query Language (CQL). Using these predicate conditions, you can query the change feed API. Applications can get the changes made to a table using the primary key (also known as the partition key) as is required in CQL. You can then take further actions based on the results. Changes to the rows in the table are captured in the order of their modification time and the sort order per partition key.
+
+The following example shows how to get a change feed on all the rows in a Cassandra API Keyspace table using .NET. The predicate COSMOS_CHANGEFEED_START_TIME() is used directly within CQL to query items in the change feed from a specified start time (in this case current datetime). You can download the full sample, for C# [here](/samples/azure-samples/azure-cosmos-db-cassandra-change-feed/cassandra-change-feed/) and for Java [here](https://github.com/Azure-Samples/cosmos-changefeed-cassandra-java).
+
+In each iteration, the query resumes at the last point changes were read, using paging state. We can see a continuous stream of new changes to the table in the Keyspace. We will see changes to rows that are inserted, or updated. Watching for delete operations using change feed in Cassandra API is currently not supported.
+
+# [Java](#tab/java)
+
+```java
+ Session cassandraSession = utils.getSession();
+
+ try {
+ DateTimeFormatter dtf = DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss");
+ LocalDateTime now = LocalDateTime.now().minusHours(6).minusMinutes(30);
+ String query="SELECT * FROM uprofile.user where COSMOS_CHANGEFEED_START_TIME()='"
+ + dtf.format(now)+ "'";
+
+ byte[] token=null;
+ System.out.println(query);
+ while(true)
+ {
+ SimpleStatement st=new SimpleStatement(query);
+ st.setFetchSize(100);
+ if(token!=null)
+ st.setPagingStateUnsafe(token);
+
+ ResultSet result=cassandraSession.execute(st) ;
+ token=result.getExecutionInfo().getPagingState().toBytes();
+
+ for(Row row:result)
+ {
+ System.out.println(row.getString("user_name"));
+ }
+ }
+ } finally {
+ utils.close();
+ LOGGER.info("Please delete your table after verifying the presence of the data in portal or from CQL");
+ }
+```
+
+# [C#](#tab/csharp)
+
+```C#
+ //set initial start time for pulling the change feed
+ DateTime timeBegin = DateTime.UtcNow;
+
+ //initialise variable to store the continuation token
+ byte[] pageState = null;
+ while (true)
+ {
+ try
+ {
+
+ //Return the latest change for all rows in 'user' table
+ IStatement changeFeedQueryStatement = new SimpleStatement(
+ $"SELECT * FROM uprofile.user where COSMOS_CHANGEFEED_START_TIME() = '{timeBegin.ToString("yyyy-MM-ddTHH:mm:ss.fffZ", CultureInfo.InvariantCulture)}'");
+ if (pageState != null)
+ {
+ changeFeedQueryStatement = changeFeedQueryStatement.SetPagingState(pageState);
+ }
+ Console.WriteLine("getting records from change feed at last page state....");
+ RowSet rowSet = session.Execute(changeFeedQueryStatement);
+
+ //store the continuation token here
+ pageState = rowSet.PagingState;
+
+ List<Row> rowList = rowSet.ToList();
+ if (rowList.Count != 0)
+ {
+ for (int i = 0; i < rowList.Count; i++)
+ {
+ string value = rowList[i].GetValue<string>("user_name");
+ int key = rowList[i].GetValue<int>("user_id");
+ // do something with the data - e.g. compute, forward to another event, function, etc.
+ // here, we just print the user name field
+ Console.WriteLine("user_name: " + value);
+ }
+ }
+ else
+ {
+ Console.WriteLine("zero documents read");
+ }
+ }
+ catch (Exception e)
+ {
+ Console.WriteLine("Exception " + e);
+ }
+ }
+
+```
++
+In order to get the changes to a single row by primary key, you can add the primary key in the query. The following example shows how to track changes for the row where "user_id = 1"
+
+# [C#](#tab/csharp)
+
+```C#
+ //Return the latest change for all row in 'user' table where user_id = 1
+ IStatement changeFeedQueryStatement = new SimpleStatement(
+ $"SELECT * FROM uprofile.user where user_id = 1 AND COSMOS_CHANGEFEED_START_TIME() = '{timeBegin.ToString("yyyy-MM-ddTHH:mm:ss.fffZ", CultureInfo.InvariantCulture)}'");
+
+```
+
+# [Java](#tab/java)
+
+```java
+ String query="SELECT * FROM uprofile.user where user_id=1 and COSMOS_CHANGEFEED_START_TIME()='"
+ + dtf.format(now)+ "'";
+ SimpleStatement st=new SimpleStatement(query);
+```
+
+## Current limitations
+
+The following limitations are applicable when using change feed with Cassandra API:
+
+* Inserts and updates are currently supported. Delete operation is not yet supported. As a workaround, you can add a soft marker on rows that are being deleted. For example, add a field in the row called "deleted" and set it to "true".
+* Last update is persisted as in core SQL API and intermediate updates to the entity are not available.
++
+## Error handling
+
+The following error codes and messages are supported when using change feed in Cassandra API:
+
+* **HTTP error code 429** - When the change feed is rate limited, it returns an empty page.
+
+## Next steps
+
+* [Manage Azure Cosmos DB Cassandra API resources using Azure Resource Manager templates](templates-samples.md)
cosmos-db Cassandra Introduction https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/cassandra/cassandra-introduction.md
+
+ Title: Introduction to the Azure Cosmos DB Cassandra API
+description: Learn how you can use Azure Cosmos DB to "lift-and-shift" existing applications and build new applications by using the Cassandra drivers and CQL
++++++ Last updated : 11/25/2020++
+# Introduction to the Azure Cosmos DB Cassandra API
+
+Azure Cosmos DB Cassandra API can be used as the data store for apps written for [Apache Cassandra](https://cassandra.apache.org). This means that by using existing [Apache drivers](https://cassandra.apache.org/doc/latest/getting_started/drivers.html?highlight=driver) compliant with CQLv4, your existing Cassandra application can now communicate with the Azure Cosmos DB Cassandra API. In many cases, you can switch from using Apache Cassandra to using Azure Cosmos DB's Cassandra API, by just changing a connection string.
+
+The Cassandra API enables you to interact with data stored in Azure Cosmos DB using the Cassandra Query Language (CQL) , Cassandra-based tools (like cqlsh) and Cassandra client drivers that you're already familiar with.
+
+> [!NOTE]
+> The [serverless capacity mode](../serverless.md) is now available on Azure Cosmos DB's Cassandra API.
+
+## What is the benefit of using Apache Cassandra API for Azure Cosmos DB?
+
+**No operations management**: As a fully managed cloud service, Azure Cosmos DB Cassandra API removes the overhead of managing and monitoring a myriad of settings across OS, JVM, and yaml files and their interactions. Azure Cosmos DB provides monitoring of throughput, latency, storage, availability, and configurable alerts.
+
+**Open source standard**: Despite being a fully managed service, Cassandra API still supports a large surface area of the native [Apache Cassandra wire protocol](cassandra-support.md), allowing you to build applications on a widely used and cloud agnostic open source standard.
+
+**Performance management**: Azure Cosmos DB provides guaranteed low latency reads and writes at the 99th percentile, backed up by the SLAs. Users do not have to worry about operational overhead to ensure high performance and low latency reads and writes. This means that users do not need to deal with scheduling compaction, managing tombstones, setting up bloom filters and replicas manually. Azure Cosmos DB removes the overhead to manage these issues and lets you focus on the application logic.
+
+**Ability to use existing code and tools**: Azure Cosmos DB provides wire protocol level compatibility with existing Cassandra SDKs and tools. This compatibility ensures you can use your existing codebase with Azure Cosmos DB Cassandra API with trivial changes.
+
+**Throughput and storage elasticity**: Azure Cosmos DB provides throughput across all regions and can scale the provisioned throughput with Azure portal, PowerShell, or CLI operations. You can [elastically scale](scale-account-throughput.md) storage and throughput for your tables as needed with predictable performance.
+
+**Global distribution and availability**: Azure Cosmos DB provides the ability to globally distribute data across all Azure regions and serve the data locally while ensuring low latency data access and high availability. Azure Cosmos DB provides 99.99% high availability within a region and 99.999% read and write availability across multiple regions with no operations overhead. Learn more in [Distribute data globally](../distribute-data-globally.md) article.
+
+**Choice of consistency**: Azure Cosmos DB provides the choice of five well-defined consistency levels to achieve optimal tradeoffs between consistency and performance. These consistency levels are strong, bounded-staleness, session, consistent prefix and eventual. These well-defined, practical, and intuitive consistency levels allow developers to make precise trade-offs between consistency, availability, and latency. Learn more in [consistency levels](../consistency-levels.md) article.
+
+**Enterprise grade**: Azure cosmos DB provides [compliance certifications](https://www.microsoft.com/trustcenter) to ensure users can use the platform securely. Azure Cosmos DB also provides encryption at rest and in motion, IP firewall, and audit logs for control plane activities.
+
+**Event Sourcing**: Cassandra API provides access to a persistent change log, the [Change Feed](cassandra-change-feed.md), which can facilitate event sourcing directly from the database. In Apache Cassandra, the only equivalent is change data capture (CDC), which is merely a mechanism to flag specific tables for archival as well as rejecting writes to those tables once a configurable size-on-disk for the CDC log is reached (these capabilities are redundant in Cosmos DB as the relevant aspects are automatically governed).
+
+## Next steps
+
+* You can quickly get started with building the following language-specific apps to create and manage Cassandra API data:
+ - [Node.js app](manage-data-nodejs.md)
+ - [.NET app](manage-data-dotnet.md)
+ - [Python app](manage-data-python.md)
+
+* Get started with [creating a Cassandra API account, database, and a table](create-account-java.md) by using a Java application.
+
+* [Load sample data to the Cassandra API table](load-data-table.md) by using a Java application.
+
+* [Query data from the Cassandra API account](query-data.md) by using a Java application.
+
+* To learn about Apache Cassandra features supported by Azure Cosmos DB Cassandra API, see [Cassandra support](cassandra-support.md) article.
+
+* Read the [Frequently Asked Questions](cassandra-faq.yml).
cosmos-db Cassandra Partitioning https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/cassandra/cassandra-partitioning.md
+
+ Title: Partitioning in Azure Cosmos DB Cassandra API
+description: Learn about partitioning in Azure Cosmos DB Cassandra API
+++++ Last updated : 05/20/2020+++
+# Partitioning in Azure Cosmos DB Cassandra API
+
+This article describes how partitioning works in Azure Cosmos DB Cassandra API.
+
+Cassandra API uses partitioning to scale the individual tables in a keyspace to meet the performance needs of your application. Partitions are formed based on the value of a partition key that is associated with each record in a table. All the records in a partition have the same partition key value. Azure Cosmos DB transparently and automatically manages the placement of partitions across the physical resources to efficiently satisfy the scalability and performance needs of the table. As the throughput and storage requirements of an application increase, Azure Cosmos DB moves and balances the data across a greater number of physical machines.
+
+From the developer perspective, partitioning behaves in the same way for Azure Cosmos DB Cassandra API as it does in native [Apache Cassandra](https://cassandra.apache.org/). However, there are some differences behind the scenes.
++
+## Differences between Apache Cassandra and Azure Cosmos DB
+
+In Azure Cosmos DB, each machine on which partitions are stored is itself referred to as a [physical partition](../partitioning-overview.md#physical-partitions). The physical partition is akin to a Virtual Machine; a dedicated compute unit, or set of physical resources. Each partition stored on this compute unit is referred to as a [logical partition](../partitioning-overview.md#logical-partitions) in Azure Cosmos DB. If you are already familiar with Apache Cassandra, you can think of logical partitions in the same way that you think of regular partitions in Cassandra.
+
+Apache Cassandra recommends a 100-MB limit on the size of a data that can be stored in a partition. The Cassandra API for Azure Cosmos DB allows up to 20 GB per logical partition, and up to 30GB of data per physical partition. In Azure Cosmos DB, unlike Apache Cassandra, compute capacity available in the physical partition is expressed using a single metric called [request units](../request-units.md), which allows you to think of your workload in terms of requests (reads or writes) per second, rather than cores, memory, or IOPS. This can make capacity planning more straight forward, once you understand the cost of each request. Each physical partition can have up to 10000 RUs of compute available to it. You can learn more about scalability options by reading our article on [elastic scale](scale-account-throughput.md) in Cassandra API.
+
+In Azure Cosmos DB, each physical partition consists of a set of replicas, also known as replica sets, with at least 4 replicas per partition. This is in contrast to Apache Cassandra, where setting a replication factor of 1 is possible. However, this leads to low availability if the only node with the data goes down. In Cassandra API there is always a replication factor of 4 (quorum of 3). Azure Cosmos DB automatically manages replica sets, while these need to be maintained using various tools in Apache Cassandra.
+
+Apache Cassandra has a concept of tokens, which are hashes of partition keys. The tokens are based on a murmur3 64 byte hash, with values ranging from -2^63 to -2^63 - 1. This range is commonly referred to as the "token ring" in Apache Cassandra. The token ring is distributed into token ranges, and these ranges are divided amongst the nodes present in a native Apache Cassandra cluster. Partitioning for Azure Cosmos DB is implemented in a similar way, except it uses a different hash algorithm, and has a larger internal token ring. However, externally we expose the same token range as Apache Cassandra, i.e., -2^63 to -2^63 - 1.
++
+## Primary key
+
+All tables in Cassandra API must have a `primary key` defined. The syntax for a primary key is shown below:
+
+```shell
+column_name cql_type_definition PRIMARY KEY
+```
+
+Suppose we want to create a user table, which stores messages for different users:
+
+```shell
+CREATE TABLE uprofile.user (
+ id UUID PRIMARY KEY,
+ user text,
+ message text);
+```
+
+In this design, we have defined the `id` field as the primary key. The primary key functions as the identifier for the record in the table and it is also used as the partition key in Azure Cosmos DB. If the primary key is defined in the previously described way, there will only be a single record in each partition. This will result in a perfectly horizontal and scalable distribution when writing data to the database, and is ideal for key-value lookup use cases. The application should provide the primary key whenever reading data from the table, to maximize read performance.
+++
+## Compound primary key
+
+Apache Cassandra also has a concept of `compound keys`. A compound `primary key` consists of more than one column; the first column is the `partition key`, and any additional columns are the `clustering keys`. The syntax for a `compound primary key` is shown below:
+
+```shell
+PRIMARY KEY (partition_key_column_name, clustering_column_name [, ...])
+```
+
+Suppose we want to change the above design and make it possible to efficiently retrieve messages for a given user:
+
+```shell
+CREATE TABLE uprofile.user (
+ user text,
+ id int,
+ message text,
+ PRIMARY KEY (user, id));
+```
+
+In this design, we are now defining `user` as the partition key, and `id` as the clustering key. You can define as many clustering keys as you wish, but each value (or a combination of values) for the clustering key must be unique in order to result in multiple records being added to the same partition, for example:
+
+```shell
+insert into uprofile.user (user, id, message) values ('theo', 1, 'hello');
+insert into uprofile.user (user, id, message) values ('theo', 2, 'hello again');
+```
+
+When data is returned, it is sorted by the clustering key, as expected in Apache Cassandra:
++
+With data modeled in this way, multiple records can be assigned to each partition, grouped by user. We can thus issue a query that is efficiently routed by the `partition key` (in this case, `user`) to get all the messages for a given user.
+++
+## Composite partition key
+
+Composite partition keys work essentially the same way as compound keys, except that you can specify multiple columns as a composite partition key. The syntax of composite partition keys is shown below:
+
+```shell
+PRIMARY KEY (
+ (partition_key_column_name[, ...]),
+ clustering_column_name [, ...]);
+```
+For example, you can have the following, where the unique combination of `firstname` and `lastname` would form the partition key, and `id` is the clustering key:
+
+```shell
+CREATE TABLE uprofile.user (
+ firstname text,
+ lastname text,
+ id int,
+ message text,
+ PRIMARY KEY ((firstname, lastname), id) );
+```
+
+## Next steps
+
+* Learn about [partitioning and horizontal scaling in Azure Cosmos DB](../partitioning-overview.md).
+* Learn about [provisioned throughput in Azure Cosmos DB](../request-units.md).
+* Learn about [global distribution in Azure Cosmos DB](../distribute-data-globally.md).
cosmos-db Cassandra Support https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/cassandra/cassandra-support.md
+
+ Title: Apache Cassandra features supported by Azure Cosmos DB Cassandra API
+description: Learn about the Apache Cassandra feature support in Azure Cosmos DB Cassandra API
++++++ Last updated : 09/14/2020++
+# Apache Cassandra features supported by Azure Cosmos DB Cassandra API
+
+Azure Cosmos DB is Microsoft's globally distributed multi-model database service. You can communicate with the Azure Cosmos DB Cassandra API through the CQL Binary Protocol v4 [wire protocol](https://github.com/apache/cassandra/blob/trunk/doc/native_protocol_v4.spec) compliant open-source Cassandra client [drivers](https://cassandra.apache.org/doc/latest/getting_started/drivers.html?highlight=driver).
+
+By using the Azure Cosmos DB Cassandra API, you can enjoy the benefits of the Apache Cassandra APIs as well as the enterprise capabilities that Azure Cosmos DB provides. The enterprise capabilities include [global distribution](../distribute-data-globally.md), [automatic scale out partitioning](cassandra-partitioning.md), availability and latency guarantees, encryption at rest, backups, and much more.
+
+## Cassandra protocol
+
+The Azure Cosmos DB Cassandra API is compatible with Cassandra Query Language (CQL) v3.11 API (backward-compatible with version 2.x). The supported CQL commands, tools, limitations, and exceptions are listed below. Any client driver that understands these protocols should be able to connect to Azure Cosmos DB Cassandra API.
+
+## Cassandra driver
+
+The following versions of Cassandra drivers are supported by Azure Cosmos DB Cassandra API:
+
+* [Java 3.5+](https://github.com/datastax/java-driver)
+* [C# 3.5+](https://github.com/datastax/csharp-driver)
+* [Nodejs 3.5+](https://github.com/datastax/nodejs-driver)
+* [Python 3.15+](https://github.com/datastax/python-driver)
+* [C++ 2.9](https://github.com/datastax/cpp-driver)
+* [PHP 1.3](https://github.com/datastax/php-driver)
+* [Gocql](https://github.com/gocql/gocql)
+
+
+## CQL data types
+
+Azure Cosmos DB Cassandra API supports the following CQL data types:
+
+|Type |Supported |
+|||
+| ascii | Yes |
+| bigint | Yes |
+| blob | Yes |
+| boolean | Yes |
+| counter | Yes |
+| date | Yes |
+| decimal | Yes |
+| double | Yes |
+| float | Yes |
+| frozen | Yes |
+| inet | Yes |
+| int | Yes |
+| list | Yes |
+| set | Yes |
+| smallint | Yes |
+| text | Yes |
+| time | Yes |
+| timestamp | Yes |
+| timeuuid | Yes |
+| tinyint | Yes |
+| tuple | Yes |
+| uuid | Yes |
+| varchar | Yes |
+| varint | Yes |
+| tuples | Yes |
+| udts | Yes |
+| map | Yes |
+
+Static is supported for data type declaration.
+
+## CQL functions
+
+Azure Cosmos DB Cassandra API supports the following CQL functions:
+
+|Command |Supported |
+|||
+| Token * | Yes |
+| ttl *** | Yes |
+| writetime *** | Yes |
+| cast ** | Yes |
+
+> [!NOTE]
+> \* Cassandra API supports token as a projection/selector, and only allows token(pk) on the left-hand side of a where clause. For example, `WHERE token(pk) > 1024` is supported, but `WHERE token(pk) > token(100)` is **not** supported.
+> \*\* The `cast()` function is not nestable in Cassandra API. For example, `SELECT cast(count as double) FROM myTable` is supported, but `SELECT avg(cast(count as double)) FROM myTable` is **not** supported.
+> \*\*\* Custom timestamps and TTL specified with the `USING` option are applied at a row level (and not per cell).
+++
+Aggregate functions:
+
+|Command |Supported |
+|||
+| avg | Yes |
+| count | Yes |
+| min | Yes |
+| max | Yes |
+| sum | Yes |
+
+> [!NOTE]
+> Aggregate functions work on regular columns, but aggregates on clustering columns are **not** supported.
++
+Blob conversion functions:
+
+|Command |Supported |
+|||
+| typeAsBlob(value) | Yes |
+| blobAsType(value) | Yes |
++
+UUID and timeuuid functions:
+
+|Command |Supported |
+|||
+| dateOf() | Yes |
+| now() | Yes |
+| minTimeuuid() | Yes |
+| unixTimestampOf() | Yes |
+| toDate(timeuuid) | Yes |
+| toTimestamp(timeuuid) | Yes |
+| toUnixTimestamp(timeuuid) | Yes |
+| toDate(timestamp) | Yes |
+| toUnixTimestamp(timestamp) | Yes |
+| toTimestamp(date) | Yes |
+| toUnixTimestamp(date) | Yes |
++
+
+## CQL commands
+
+Azure Cosmos DB supports the following database commands on Cassandra API accounts.
+
+|Command |Supported |
+|||
+| ALLOW FILTERING | Yes |
+| ALTER KEYSPACE | N/A (PaaS service, replication managed internally)|
+| ALTER MATERIALIZED VIEW | No |
+| ALTER ROLE | No |
+| ALTER TABLE | Yes |
+| ALTER TYPE | No |
+| ALTER USER | No |
+| BATCH | Yes (unlogged batch only)|
+| COMPACT STORAGE | N/A (PaaS service) |
+| CREATE AGGREGATE | No |
+| CREATE CUSTOM INDEX (SASI) | No |
+| CREATE INDEX | Yes (without [specifying index name](secondary-indexing.md), and indexes on clustering keys or full FROZEN collection not supported) |
+| CREATE FUNCTION | No |
+| CREATE KEYSPACE (replication settings ignored) | Yes |
+| CREATE MATERIALIZED VIEW | No |
+| CREATE TABLE | Yes |
+| CREATE TRIGGER | No |
+| CREATE TYPE | Yes |
+| CREATE ROLE | No |
+| CREATE USER (Deprecated in native Apache Cassandra) | No |
+| DELETE | Yes |
+| DISTINCT | No |
+| DROP AGGREGATE | No |
+| DROP FUNCTION | No |
+| DROP INDEX | Yes |
+| DROP KEYSPACE | Yes |
+| DROP MATERIALIZED VIEW | No |
+| DROP ROLE | No |
+| DROP TABLE | Yes |
+| DROP TRIGGER | No |
+| DROP TYPE | Yes |
+| DROP USER (Deprecated in native Apache Cassandra) | No |
+| GRANT | No |
+| INSERT | Yes |
+| LIST PERMISSIONS | No |
+| LIST ROLES | No |
+| LIST USERS (Deprecated in native Apache Cassandra) | No |
+| REVOKE | No |
+| SELECT | Yes |
+| UPDATE | Yes |
+| TRUNCATE | No |
+| USE | Yes |
+
+## Lightweight Transactions (LWT)
+
+| Component |Supported |
+|||
+| DELETE IF EXISTS | Yes |
+| DELETE conditions | No |
+| INSERT IF NOT EXISTS | Yes |
+| UPDATE IF EXISTS | Yes |
+| UPDATE IF NOT EXISTS | Yes |
+| UPDATE conditions | No |
+
+## CQL Shell commands
+
+Azure Cosmos DB supports the following database commands on Cassandra API accounts.
+
+|Command |Supported |
+|||
+| CAPTURE | Yes |
+| CLEAR | Yes |
+| CONSISTENCY * | N/A |
+| COPY | No |
+| DESCRIBE | Yes |
+| cqlshExpand | No |
+| EXIT | Yes |
+| LOGIN | N/A (CQL function `USER` is not supported, hence `LOGIN` is redundant) |
+| PAGING | Yes |
+| SERIAL CONSISTENCY * | N/A |
+| SHOW | Yes |
+| SOURCE | Yes |
+| TRACING | N/A (Cassandra API is backed by Azure Cosmos DB - use [diagnostic logging](../cosmosdb-monitor-resource-logs.md) for troubleshooting) |
+
+> [!NOTE]
+> Consistency works differently in Azure Cosmos DB, see [here](apache-cassandra-consistency-mapping.md) for more information.
++
+## JSON Support
+|Command |Supported |
+|||
+| SELECT JSON | Yes |
+| INSERT JSON | Yes |
+| fromJson() | No |
+| toJson() | No |
++
+## Cassandra API limits
+
+Azure Cosmos DB Cassandra API does not have any limits on the size of data stored in a table. Hundreds of terabytes or Petabytes of data can be stored while ensuring partition key limits are honored. Similarly, every entity or row equivalent does not have any limits on the number of columns. However, the total size of the entity should not exceed 2 MB. The data per partition key cannot exceed 20 GB as in all other APIs.
+
+## Tools
+
+Azure Cosmos DB Cassandra API is a managed service platform. It does not require any management overhead or utilities such as Garbage Collector, Java Virtual Machine(JVM), and nodetool to manage the cluster. It supports tools such as cqlsh that utilizes Binary CQLv4 compatibility.
+
+* Azure portal's data explorer, metrics, log diagnostics, PowerShell, and CLI are other supported mechanisms to manage the account.
+
+## Hosted CQL shell (preview)
+
+You can open a hosted native Cassandra shell (CQLSH v5.0.1) directly from the Data Explorer in the [Azure portal](../data-explorer.md) or the [Azure Cosmos DB Explorer](https://cosmos.azure.com/). Before enabling the CQL shell, you must [enable the Notebooks](../enable-notebooks.md) feature in your account (if not already enabled, you will be prompted when clicking on `Open Cassandra Shell`). See the article [Enable notebooks for Azure Cosmos DB accounts](../enable-notebooks.md#supported-regions) for supported Azure Regions.
++
+You can also connect to the Cassandra API in Azure Cosmos DB by using the CQLSH installed on a local machine. It comes with Apache Cassandra 3.1.1 and works out of the box by setting the environment variables. The following sections include the instructions to install, configure, and connect to Cassandra API in Azure Cosmos DB, on Windows or Linux using CQLSH.
+
+> [!NOTE]
+> Connections to Azure Cosmos DB Cassandra API will not work with DataStax Enterprise (DSE) versions of CQLSH. Please ensure you use only the open source Apache Cassandra versions of CQLSH when connecting to Cassandra API.
+
+**Windows:**
+
+If using windows, we recommend you enable the [Windows filesystem for Linux](/windows/wsl/install-win10#install-the-windows-subsystem-for-linux). You can then follow the linux commands below.
+
+**Unix/Linux/Mac:**
+
+```bash
+# Install default-jre and default-jdk
+sudo apt install default-jre
+sudo apt-get update
+sudo apt install default-jdk
+
+# Import the Baltimore CyberTrust root certificate:
+curl https://cacert.omniroot.com/bc2025.crt > bc2025.crt
+keytool -importcert -alias bc2025ca -file bc2025.crt
+
+# Install the Cassandra libraries in order to get CQLSH:
+echo "deb http://www.apache.org/dist/cassandra/debian 311x main" | sudo tee -a /etc/apt/sources.list.d/cassandra.sources.list
+curl https://downloads.apache.org/cassandra/KEYS | sudo apt-key add -
+sudo apt-get update
+sudo apt-get install cassandra
+
+# Export the SSL variables:
+export SSL_VERSION=TLSv1_2
+export SSL_VALIDATE=false
+
+# Connect to Azure Cosmos DB API for Cassandra:
+cqlsh <YOUR_ACCOUNT_NAME>.cassandra.cosmosdb.azure.com 10350 -u <YOUR_ACCOUNT_NAME> -p <YOUR_ACCOUNT_PASSWORD> --ssl
+
+```
+
+All CRUD operations that are executed through a CQL v4 compatible SDK will return extra information about error and request units consumed. The DELETE and UPDATE commands should be handled with resource governance taken into consideration, to ensure the most efficient use of the provisioned throughput.
+
+* Note gc_grace_seconds value must be zero if specified.
+
+```csharp
+var tableInsertStatement = table.Insert(sampleEntity);
+var insertResult = await tableInsertStatement.ExecuteAsync();
+
+foreach (string key in insertResult.Info.IncomingPayload)
+ {
+ byte[] valueInBytes = customPayload[key];
+ double value = Encoding.UTF8.GetString(valueInBytes);
+ Console.WriteLine($"CustomPayload: {key}: {value}");
+ }
+```
+
+## Consistency mapping
+
+Azure Cosmos DB Cassandra API provides choice of consistency for read operations. The consistency mapping is detailed [here](apache-cassandra-consistency-mapping.md#mapping-consistency-levels).
+
+## Permission and role management
+
+Azure Cosmos DB supports Azure role-based access control (Azure RBAC) for provisioning, rotating keys, viewing metrics and read-write and read-only passwords/keys that can be obtained through the [Azure portal](https://portal.azure.com). Azure Cosmos DB does not support roles for CRUD activities.
+
+## Keyspace and Table options
+
+The options for region name, class, replication_factor, and datacenter in the "Create Keyspace" command are ignored currently. The system uses the underlying Azure Cosmos DB's [global distribution](../global-dist-under-the-hood.md) replication method to add the regions. If you need the cross-region presence of data, you can enable it at the account level with PowerShell, CLI, or portal, to learn more, see the [how to add regions](../how-to-manage-database-account.md#addremove-regions-from-your-database-account) article. Durable_writes can't be disabled because Azure Cosmos DB ensures every write is durable. In every region, Azure Cosmos DB replicates the data across the replica set that is made up of four replicas and this replica set [configuration](../global-dist-under-the-hood.md) can't be modified.
+
+All the options are ignored when creating the table, except gc_grace_seconds, which should be set to zero.
+The Keyspace and table have an extra option named "cosmosdb_provisioned_throughput" with a minimum value of 400 RU/s. The Keyspace throughput allows sharing throughput across multiple tables and it is useful for scenarios when all tables are not utilizing the provisioned throughput. Alter Table command allows changing the provisioned throughput across the regions.
+
+```
+CREATE KEYSPACE sampleks WITH REPLICATION = { 'class' : 'SimpleStrategy'} AND cosmosdb_provisioned_throughput=2000;
+
+CREATE TABLE sampleks.t1(user_id int PRIMARY KEY, lastname text) WITH cosmosdb_provisioned_throughput=2000;
+
+ALTER TABLE gks1.t1 WITH cosmosdb_provisioned_throughput=10000 ;
+
+```
+## Secondary Index
+Cassandra API supports secondary indexes on all data types except frozen collection types, decimal and variant types.
+
+## Usage of Cassandra retry connection policy
+
+Azure Cosmos DB is a resource governed system. This means you can do a certain number of operations in a given second based on the request units consumed by the operations. If an application exceeds that limit in a given second, requests are rate-limited and exceptions will be thrown. The Cassandra API in Azure Cosmos DB translates these exceptions to overloaded errors on the Cassandra native protocol. To ensure that your application can intercept and retry requests in case of rate limitation, the [spark](https://mvnrepository.com/artifact/com.microsoft.azure.cosmosdb/azure-cosmos-cassandra-spark-helper) and the [Java](https://github.com/Azure/azure-cosmos-cassandra-extensions) extensions are provided. See also Java code samples for [version 3](https://github.com/Azure-Samples/azure-cosmos-cassandra-java-retry-sample) and [version 4](https://github.com/Azure-Samples/azure-cosmos-cassandra-java-retry-sample-v4) Datastax drivers, when connecting to Cassandra API in Azure Cosmos DB. If you use other SDKs to access Cassandra API in Azure Cosmos DB, create a connection policy to retry on these exceptions.
+
+## Next steps
+
+- Get started with [creating a Cassandra API account, database, and a table](create-account-java.md) by using a Java application
cosmos-db Cli Samples https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/cassandra/cli-samples.md
+
+ Title: Azure CLI Samples for Azure Cosmos DB Cassandra API
+description: Azure CLI Samples for Azure Cosmos DB Cassandra API
++++ Last updated : 10/13/2020++++
+# Azure CLI samples for Azure Cosmos DB Cassandra API
+
+The following table includes links to sample Azure CLI scripts for Azure Cosmos DB. Use the links on the right to navigate to API specific samples. Common samples are the same across all APIs. Reference pages for all Azure Cosmos DB CLI commands are available in the [Azure CLI Reference](/cli/azure/cosmosdb). Azure Cosmos DB CLI script samples can also be found in the [Azure Cosmos DB CLI GitHub Repository](https://github.com/Azure-Samples/azure-cli-samples/tree/master/cosmosdb).
+
+These samples require Azure CLI version 2.12.1 or later. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI](/cli/azure/install-azure-cli)
+
+## Common Samples
+
+These samples apply to all Azure Cosmos DB APIs
+
+|Task | Description |
+|||
+| [Add or failover regions](../scripts/cli/common/regions.md?toc=%2fcli%2fazure%2ftoc.json) | Add a region, change failover priority, trigger a manual failover.|
+| [Account keys and connection strings](../scripts/cli/common/keys.md?toc=%2fcli%2fazure%2ftoc.json) | List account keys, read-only keys, regenerate keys and list connection strings.|
+| [Secure with IP firewall](../scripts/cli/common/ipfirewall.md?toc=%2fcli%2fazure%2ftoc.json)| Create a Cosmos account with IP firewall configured.|
+| [Secure new account with service endpoints](../scripts/cli/common/service-endpoints.md?toc=%2fcli%2fazure%2ftoc.json)| Create a Cosmos account and secure with service-endpoints.|
+| [Secure existing account with service endpoints](../scripts/cli/common/service-endpoints-ignore-missing-vnet.md?toc=%2fcli%2fazure%2ftoc.json)| Update a Cosmos account to secure with service-endpoints when the subnet is eventually configured.|
+|||
+
+## Cassandra API Samples
+
+|Task | Description |
+|||
+| [Create an Azure Cosmos account, keyspace and table](../scripts/cli/cassandr?toc=%2fcli%2fazure%2ftoc.json)| Creates an Azure Cosmos DB account, keyspace, and table for Cassandra API. |
+| [Create an Azure Cosmos account, keyspace and table with autoscale](../scripts/cli/cassandr?toc=%2fcli%2fazure%2ftoc.json)| Creates an Azure Cosmos DB account, keyspace, and table with autoscale for Cassandra API. |
+| [Throughput operations](../scripts/cli/cassandr?toc=%2fcli%2fazure%2ftoc.json) | Read, update and migrate between autoscale and standard throughput on a keyspace and table.|
+| [Lock resources from deletion](../scripts/cli/cassandr?toc=%2fcli%2fazure%2ftoc.json)| Prevent resources from being deleted with resource locks.|
+|||
cosmos-db Connect Spark Configuration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/cassandra/connect-spark-configuration.md
+
+ Title: Working with Azure Cosmos DB Cassandra API from Spark
+description: This article is the main page for Cosmos DB Cassandra API integration from Spark.
++++++ Last updated : 09/01/2019+++
+# Connect to Azure Cosmos DB Cassandra API from Spark
+
+This article is one among a series of articles on Azure Cosmos DB Cassandra API integration from Spark. The articles cover connectivity, Data Definition Language(DDL) operations, basic Data Manipulation Language(DML) operations, and advanced Azure Cosmos DB Cassandra API integration from Spark.
+
+## Prerequisites
+* [Provision an Azure Cosmos DB Cassandra API account.](manage-data-dotnet.md#create-a-database-account)
+
+* Provision your choice of Spark environment [[Azure Databricks](/azure/databricks/scenarios/quickstart-create-databricks-workspace-portal) | [Azure HDInsight-Spark](../../hdinsight/spark/apache-spark-jupyter-spark-sql.md) | Others].
+
+## Dependencies for connectivity
+* **Spark connector for Cassandra:**
+ Spark connector is used to connect to Azure Cosmos DB Cassandra API. Identify and use the version of the connector located in [Maven central]( https://mvnrepository.com/artifact/com.datastax.spark/spark-cassandra-connector) that is compatible with the Spark and Scala versions of your Spark environment. We recommend an environment which supports Spark 3.0 or higher, and the spark connector available at maven coordinates `com.datastax.spark:spark-cassandra-connector-assembly_2.12:3.0.0`. If using Spark 2.x, we recommend an environment with Spark version 2.4.5, using spark connector at maven coordinates `com.datastax.spark:spark-cassandra-connector_2.11:2.4.3`.
++
+* **Azure Cosmos DB helper library for Cassandra API:**
+ If you are using a version Spark 2.x then in addition to the Spark connector, you need another library called [azure-cosmos-cassandra-spark-helper]( https://search.maven.org/artifact/com.microsoft.azure.cosmosdb/azure-cosmos-cassandra-spark-helper/1.2.0/jar) with maven coordinates `com.microsoft.azure.cosmosdb:azure-cosmos-cassandra-spark-helper:1.2.0` from Azure Cosmos DB in order to handle [rate limiting](./scale-account-throughput.md#handling-rate-limiting-429-errors). This library contains custom connection factory and retry policy classes.
+
+ The retry policy in Azure Cosmos DB is configured to handle HTTP status code 429("Request Rate Large") exceptions. The Azure Cosmos DB Cassandra API translates these exceptions into overloaded errors on the Cassandra native protocol, and you can retry with back-offs. Because Azure Cosmos DB uses provisioned throughput model, request rate limiting exceptions occur when the ingress/egress rates increase. The retry policy protects your spark jobs against data spikes that momentarily exceed the throughput allocated for your container. If using the Spark 3.x connector, implementing this library is not required.
+
+ > [!NOTE]
+ > The retry policy can protect your spark jobs against momentary spikes only. If you have not configured enough RUs required to run your workload, then the retry policy is not applicable and the retry policy class rethrows the exception.
+
+* **Azure Cosmos DB account connection details:** Your Azure Cassandra API account name, account endpoint, and key.
+
+## Optimizing Spark connector throughput configuration
+
+Listed in the next section are all the relevant parameters for controlling throughput using the Spark Connector for Cassandra. In order to optimize parameters to maximize throughput for spark jobs, the `spark.cassandra.output.concurrent.writes`, `spark.cassandra.concurrent.reads`, and `spark.cassandra.input.reads_per_sec` configs needs to be correctly configured, in order to avoid too much throttling and back-off (which in turn can lead to lower throughput).
+
+The optimal value of these configurations depends on 4 factors:
+
+- The amount of throughput (Request Units) configured for the table that data is being ingested into.
+- The number of workers in your Spark cluster.
+- The number of executors configured for your spark job (which can be controlled using `spark.cassandra.connection.connections_per_executor_max` or `spark.cassandra.connection.remoteConnectionsPerExecutor` depending on Spark version)
+- The average latency of each request to cosmos DB, if you are collocated in the same Data Center. Assume this value to be 10 ms for writes and 3 ms for reads.
+
+As an example, if we have 5 workers and a value of `spark.cassandra.output.concurrent.writes`= 1, and a value of `spark.cassandra.connection.remoteConnectionsPerExecutor` = 1, then we have 5 workers that are concurrently writing into the table, each with 1 thread. If it takes 10 ms to perform a single write, then we can send 100 requests (1000 milliseconds divided by 10) per second, per thread. With 5 workers, this would be 500 writes per second. At an average cost of 5 request units (RUs) per write, the target table would need a minimum 2500 request units provisioned (5 RUs x 500 writes per second).
+
+Increasing the number of executors can increase the number of threads in a given job, which can in turn increase throughput. However, the exact impact of this can be variable depending on the job, while controlling throughput with number of workers is more deterministic. You can also determine the exact cost of a given request by profiling it to get the Request Unit (RU) charge. This will help you to be more accurate when provisioning throughput for your table or keyspace. Have a look at our article [here](./find-request-unit-charge-cassandra.md) to understand how to get request unit charges at a per request level.
+
+### Scaling throughput in the database
+
+The Cassandra Spark connector will saturate throughput in Azure Cosmos DB very efficiently. As a result, even with effective retries, you will need to ensure you have sufficient throughput (RUs) provisioned at the table or keyspace level to prevent rate limiting related errors. The minimum setting of 400 RUs in a given table or keyspace will not be sufficient. Even at minimum throughput configuration settings, the Spark connector can write at a rate corresponding to around **6000 request units** or more.
+
+If the RU setting required for data movement using Spark is higher than what is required for your steady state workload, you can easily scale throughput up and down systematically in Azure Cosmos DB to meet the needs of your workload for a given time period. Read our article on [elastic scale in Cassandra API](scale-account-throughput.md) to understand the different options for scaling programmatically and dynamically.
+
+> [!NOTE]
+> The guidance above assumes a reasonably uniform distribution of data. If you have a significant skew in the data (that is, an inordinately large number of reads/writes to the same partition key value), then you might still experience bottlenecks, even if you have a large number of [request units](../request-units.md) provisioned in your table. Request units are divided equally among physical partitions, and heavy data skew can cause a bottleneck of requests to a single partition.
+
+## Spark connector throughput configuration parameters
+
+The following table lists Azure Cosmos DB Cassandra API-specific throughput configuration parameters provided by the connector. For a detailed list of all configuration parameters, see [configuration reference](https://github.com/datastax/spark-cassandra-connector/blob/master/doc/reference.md) page of the Spark Cassandra Connector GitHub repository.
+
+| **Property Name** | **Default value** | **Description** |
+||||
+| spark.cassandra.output.batch.size.rows | 1 |Number of rows per single batch. Set this parameter to 1. This parameter is used to achieve higher throughput for heavy workloads. |
+| spark.cassandra.connection.connections_per_executor_max (Spark 2.x) spark.cassandra.connection.remoteConnectionsPerExecutor (Spark 3.x) | None | Maximum number of connections per node per executor. 10*n is equivalent to 10 connections per node in an n-node Cassandra cluster. So, if you require 5 connections per node per executor for a 5 node Cassandra cluster, then you should set this configuration to 25. Modify this value based on the degree of parallelism or the number of executors that your spark jobs are configured for. |
+| spark.cassandra.output.concurrent.writes | 100 | Defines the number of parallel writes that can occur per executor. Because you set "batch.size.rows" to 1, make sure to scale up this value accordingly. Modify this value based on the degree of parallelism or the throughput that you want to achieve for your workload. |
+| spark.cassandra.concurrent.reads | 512 | Defines the number of parallel reads that can occur per executor. Modify this value based on the degree of parallelism or the throughput that you want to achieve for your workload |
+| spark.cassandra.output.throughput_mb_per_sec | None | Defines the total write throughput per executor. This parameter can be used as an upper limit for your spark job throughput, and base it on the provisioned throughput of your Cosmos container. |
+| spark.cassandra.input.reads_per_sec| None | Defines the total read throughput per executor. This parameter can be used as an upper limit for your spark job throughput, and base it on the provisioned throughput of your Cosmos container. |
+| spark.cassandra.output.batch.grouping.buffer.size | 1000 | Defines the number of batches per single spark task that can be stored in memory before sending to Cassandra API |
+| spark.cassandra.connection.keep_alive_ms | 60000 | Defines the period of time until which unused connections are available. |
+
+Adjust the throughput and degree of parallelism of these parameters based on the workload you expect for your spark jobs, and the throughput you have provisioned for your Cosmos DB account.
++
+## Connecting to Azure Cosmos DB Cassandra API from Spark
+
+### cqlsh
+The following commands detail how to connect to Azure CosmosDB Cassandra API from cqlsh. This is useful for validation as you run through the samples in Spark.<br>
+**From Linux/Unix/Mac:**
+
+```bash
+export SSL_VERSION=TLSv1_2
+export SSL_VALIDATE=false
+cqlsh.py YOUR-COSMOSDB-ACCOUNT-NAME.cassandra.cosmosdb.azure.com 10350 -u YOUR-COSMOSDB-ACCOUNT-NAME -p YOUR-COSMOSDB-ACCOUNT-KEY --ssl
+```
+
+### 1. Azure Databricks
+The article below covers Azure Databricks cluster provisioning, cluster configuration for connecting to Azure Cosmos DB Cassandra API, and several sample notebooks that cover DDL operations, DML operations and more.<BR>
+[Work with Azure Cosmos DB Cassandra API from Azure Databricks](spark-databricks.md)<BR>
+
+### 2. Azure HDInsight-Spark
+The article below covers HDinsight-Spark service, provisioning, cluster configuration for connecting to Azure Cosmos DB Cassandra API, and several sample notebooks that cover DDL operations, DML operations and more.<BR>
+[Work with Azure Cosmos DB Cassandra API from Azure HDInsight-Spark](spark-hdinsight.md)
+
+### 3. Spark environment in general
+While the sections above were specific to Azure Spark-based PaaS services, this section covers any general Spark environment. Connector dependencies, imports, and Spark session configuration are detailed below. The "Next steps" section covers code samples for DDL operations, DML operations and more.
+
+#### Connector dependencies:
+
+1. Add the maven coordinates to get the [Cassandra connector for Spark](connect-spark-configuration.md#dependencies-for-connectivity)
+2. Add the maven coordinates for the [Azure Cosmos DB helper library](connect-spark-configuration.md#dependencies-for-connectivity) for Cassandra API
+
+#### Imports:
+
+```scala
+import org.apache.spark.sql.cassandra._
+//Spark connector
+import com.datastax.spark.connector._
+import com.datastax.spark.connector.cql.CassandraConnector
+
+//CosmosDB library for multiple retry
+import com.microsoft.azure.cosmosdb.cassandra
+```
+
+#### Spark session configuration:
+
+```scala
+//Connection-related
+spark.conf.set("spark.cassandra.connection.host","YOUR_ACCOUNT_NAME.cassandra.cosmosdb.azure.com")
+spark.conf.set("spark.cassandra.connection.port","10350")
+spark.conf.set("spark.cassandra.connection.ssl.enabled","true")
+spark.conf.set("spark.cassandra.auth.username","YOUR_ACCOUNT_NAME")
+spark.conf.set("spark.cassandra.auth.password","YOUR_ACCOUNT_KEY")
+spark.conf.set("spark.cassandra.connection.factory", "com.microsoft.azure.cosmosdb.cassandra.CosmosDbConnectionFactory")
+
+//Throughput-related. You can adjust the values as needed
+spark.conf.set("spark.cassandra.output.batch.size.rows", "1")
+//spark.conf.set("spark.cassandra.connection.connections_per_executor_max", "10") // Spark 2.x
+spark.conf.set("spark.cassandra.connection.remoteConnectionsPerExecutor", "10") // Spark 3.x
+spark.conf.set("spark.cassandra.output.concurrent.writes", "1000")
+spark.conf.set("spark.cassandra.concurrent.reads", "512")
+spark.conf.set("spark.cassandra.output.batch.grouping.buffer.size", "1000")
+spark.conf.set("spark.cassandra.connection.keep_alive_ms", "600000000")
+```
+
+## Next steps
+
+The following articles demonstrate Spark integration with Azure Cosmos DB Cassandra API.
+
+* [DDL operations](spark-ddl-operations.md)
+* [Create/insert operations](spark-create-operations.md)
+* [Read operations](spark-read-operation.md)
+* [Upsert operations](spark-upsert-operations.md)
+* [Delete operations](spark-delete-operation.md)
+* [Aggregation operations](spark-aggregation-operations.md)
+* [Table copy operations](spark-table-copy-operations.md)
cosmos-db Create Account Java https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/cassandra/create-account-java.md
+
+ Title: 'Tutorial: Build Java app to create Azure Cosmos DB Cassandra API account'
+description: This tutorial shows how to create a Cassandra API account, add a database (also called a keyspace), and add a table to that account by using a Java application.
++++++ Last updated : 12/06/2018+
+#Customer intent: As a developer, I want to build a Java application to access and manage Azure Cosmos DB resources so that customers can store key/value data and utilize the global distribution, elastic scaling, multi-region writes, and other capabilities offered by Azure Cosmos DB.
++
+# Tutorial: Create a Cassandra API account in Azure Cosmos DB by using a Java application to store key/value data
+
+As a developer, you might have applications that use key/value pairs. You can use a Cassandra API account in Azure Cosmos DB to store the key/value data. This tutorial describes how to use a Java application to create a Cassandra API account in Azure Cosmos DB, add a database (also called a keyspace), and add a table. The Java application uses the [Java driver](https://github.com/datastax/java-driver) to create a user database that contains details such as user ID, user name, and user city.
+
+This tutorial covers the following tasks:
+
+> [!div class="checklist"]
+> * Create a Cassandra database account
+> * Get the account connection string
+> * Create a Maven project and dependencies
+> * Add a database and a table
+> * Run the app
+
+## Prerequisites
+
+* If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?ref=microsoft.com&utm_source=microsoft.com&utm_medium=docs&utm_campaign=visualstudio) before you begin.
+
+* Get the latest version of [Java Development Kit (JDK)](/java/azure/jdk/).
+
+* [Download](https://maven.apache.org/download.cgi) and [install](https://maven.apache.org/install.html) the [Maven](https://maven.apache.org/) binary archive.
+ - On Ubuntu, you can run `apt-get install maven` to install Maven.
+
+## Create a database account
++
+## Get the connection details of your account
+
+Get the connection string information from the Azure portal, and copy it into the Java configuration file. The connection string enables your app to communicate with your hosted database.
+
+1. From the [Azure portal](https://portal.azure.com/), go to your Azure Cosmos account.
+
+2. Open the **Connection String** pane.
+
+3. Copy the **CONTACT POINT**, **PORT**, **USERNAME**, and **PRIMARY PASSWORD** values to use in the next steps.
+
+## Create the project and the dependencies
+
+The Java sample project that you use in this article is hosted in GitHub. You can run the steps in this doc or download the sample from the [azure-cosmos-db-cassandra-java-getting-started](https://github.com/Azure-Samples/azure-cosmos-db-cassandra-java-getting-started) repository.
+
+After you download the files, update the connection string information within the `java-examples\src\main\resources\config.properties` file and run it.
+
+```java
+cassandra_host=<FILLME_with_CONTACT POINT>
+cassandra_port = 10350
+cassandra_username=<FILLME_with_USERNAME>
+cassandra_password=<FILLME_with_PRIMARY PASSWORD>
+```
+
+Use the following steps to build the sample from scratch:
+
+1. From the terminal or command prompt, create a new Maven project called Cassandra-demo.
+
+ ```bash
+ mvn archetype:generate -DgroupId=com.azure.cosmosdb.cassandra -DartifactId=cassandra-demo -DarchetypeArtifactId=maven-archetype-quickstart -DinteractiveMode=false
+ ```
+
+2. Locate the `cassandra-demo` folder. Using a text editor, open the `pom.xml` file that was generated.
+
+ Add the Cassandra dependencies and build plugins required by your project, as shown in the [pom.xml](https://github.com/Azure-Samples/azure-cosmos-db-cassandra-java-getting-started/blob/main/pom.xml) file.
+
+3. Under the `cassandra-demo\src\main` folder, create a new folder named `resources`. Under the resources folder, add the config.properties and log4j.properties files:
+
+ - The [config.properties](https://github.com/Azure-Samples/azure-cosmos-db-cassandra-java-getting-started/blob/main/src/main/resources/config.properties) file stores the connection endpoint and key values of the Cassandra API account.
+
+ - The [log4j.properties](https://github.com/Azure-Samples/azure-cosmos-db-cassandra-java-getting-started/blob/main/src/main/resources/log4j.properties) file defines the level of logging required for interacting with the Cassandra API.
+
+4. Browse to the `src/main/java/com/azure/cosmosdb/cassandra/` folder. Within the cassandra folder, create another folder named `utils`. The new folder stores the utility classes required to connect to the Cassandra API account.
+
+ Add the [CassandraUtils](https://github.com/Azure-Samples/azure-cosmos-db-cassandra-java-getting-started/blob/main/src/main/java/com/azure/cosmosdb/cassandra/util/CassandraUtils.java) class to create the cluster and to open and close Cassandra sessions. The cluster connects to the Cassandra API account in Azure Cosmos DB and returns a session to access. Use the [Configurations](https://github.com/Azure-Samples/azure-cosmos-db-cassandra-java-getting-started/blob/main/src/main/java/com/azure/cosmosdb/cassandra/util/Configurations.java) class to read connection string information from the config.properties file.
+
+5. The Java sample creates a database with user information such as user name, user ID, and user city. You need to define get and set methods to access user details in the main function.
+
+ Create a [User.java](https://github.com/Azure-Samples/azure-cosmos-db-cassandra-java-getting-started/blob/main/src/main/java/com/azure/cosmosdb/cassandra/examples/UserProfile.java) class under the `src/main/java/com/azure/cosmosdb/cassandra/` folder with get and set methods.
+
+## Add a database and a table
+
+This section describes how to add a database (keyspace) and a table, by using CQL.
+
+1. Under the `src\main\java\com\azure\cosmosdb\cassandra` folder, create a new folder named `repository`.
+
+2. Create the `UserRepository` Java class and add the following code to it:
+
+ ```java
+ package com.azure.cosmosdb.cassandra.repository;
+ import java.util.List;
+ import com.datastax.driver.core.BoundStatement;
+ import com.datastax.driver.core.PreparedStatement;
+ import com.datastax.driver.core.Row;
+ import com.datastax.driver.core.Session;
+ import org.slf4j.Logger;
+ import org.slf4j.LoggerFactory;
+
+ /**
+ * Create a Cassandra session
+ */
+ public class UserRepository {
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(UserRepository.class);
+ private Session session;
+ public UserRepository(Session session) {
+ this.session = session;
+ }
+
+ /**
+ * Create keyspace uprofile in cassandra DB
+ */
+
+ public void createKeyspace() {
+ final String query = "CREATE KEYSPACE IF NOT EXISTS uprofile WITH REPLICATION = { 'class' : 'NetworkTopologyStrategy', 'datacenter1' : 1 }";
+ session.execute(query);
+ LOGGER.info("Created keyspace 'uprofile'");
+ }
+
+ /**
+ * Create user table in cassandra DB
+ */
+
+ public void createTable() {
+ final String query = "CREATE TABLE IF NOT EXISTS uprofile.user (user_id int PRIMARY KEY, user_name text, user_bcity text)";
+ session.execute(query);
+ LOGGER.info("Created table 'user'");
+ }
+ }
+ ```
+
+3. Locate the `src\main\java\com\azure\cosmosdb\cassandra` folder, and create a new subfolder named `examples`.
+
+4. Create the `UserProfile` Java class. This class contains the main method that calls the createKeyspace and createTable methods you defined earlier:
+
+ ```java
+ package com.azure.cosmosdb.cassandra.examples;
+ import java.io.IOException;
+ import com.azure.cosmosdb.cassandra.repository.UserRepository;
+ import com.azure.cosmosdb.cassandra.util.CassandraUtils;
+ import com.datastax.driver.core.PreparedStatement;
+ import com.datastax.driver.core.Session;
+ import org.slf4j.Logger;
+ import org.slf4j.LoggerFactory;
+
+ /**
+ * Example class which will demonstrate following operations on Cassandra Database on CosmosDB
+ * - Create Keyspace
+ * - Create Table
+ * - Insert Rows
+ * - Select all data from a table
+ * - Select a row from a table
+ */
+
+ public class UserProfile {
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(UserProfile.class);
+ public static void main(String[] s) throws Exception {
+ CassandraUtils utils = new CassandraUtils();
+ Session cassandraSession = utils.getSession();
+
+ try {
+ UserRepository repository = new UserRepository(cassandraSession);
+ //Create keyspace in cassandra database
+ repository.createKeyspace();
+ //Create table in cassandra database
+ repository.createTable();
+
+ } finally {
+ utils.close();
+ LOGGER.info("Please delete your table after verifying the presence of the data in portal or from CQL");
+ }
+ }
+ }
+ ```
+
+## Run the app
+
+1. Open a command prompt or terminal window. Paste the following code block.
+
+ This code changes the directory (cd) to the folder path where you created the project. Then, it runs the `mvn clean install` command to generate the `cosmosdb-cassandra-examples.jar` file within the target folder. Finally, it runs the Java application.
+
+ ```bash
+ cd cassandra-demo
+
+ mvn clean install
+
+ java -cp target/cosmosdb-cassandra-examples.jar com.azure.cosmosdb.cassandra.examples.UserProfile
+ ```
+
+ The terminal window displays notifications that the keyspace and table are created.
+
+2. Now, in the Azure portal, open **Data Explorer** to confirm that the keyspace and table were created.
+
+## Next steps
+
+In this tutorial, you've learned how to create a Cassandra API account in Azure Cosmos DB, a database, and a table by using a Java application. You can now proceed to the next article:
+
+> [!div class="nextstepaction"]
+> [load sample data to the Cassandra API table](load-data-table.md).
cosmos-db Diagnostic Queries Cassandra https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/cassandra/diagnostic-queries-cassandra.md
+
+ Title: Troubleshoot issues with advanced diagnostics queries for Cassandra API
+
+description: Learn how to query diagnostics logs for troubleshooting data stored in Azure Cosmos DB for Cassandra API
++++ Last updated : 06/12/2021+++
+# Troubleshoot issues with advanced diagnostics queries for Cassandra API
++
+> [!div class="op_single_selector"]
+> * [SQL (Core) API](../cosmos-db-advanced-queries.md)
+> * [MongoDB API](../queries-mongo.md)
+> * [Cassandra API](diagnostic-queries-cassandra.md)
+> * [Gremlin API](../queries-gremlin.md)
++
+In this article, we'll cover how to write more advanced queries to help troubleshoot issues with your Azure Cosmos DB account using diagnostics logs sent to **AzureDiagnostics (legacy)** and **Resource-specific (preview)** tables.
+
+For Azure Diagnostics tables, all data is written into one single table and users will need to specify which category they'd like to query. If you'd like to view the full-text query of your request, [follow this article](../cosmosdb-monitor-resource-logs.md#full-text-query) to learn how to enable this feature.
+
+For [resource-specific tables](../cosmosdb-monitor-resource-logs.md#create-setting-portal), data is written into individual tables for each category of the resource. We recommend this mode since it makes it much easier to work with the data, provides better discoverability of the schemas, and improves performance across both ingestion latency and query times.
+
+## Common queries
+
+- Top N(10) RU consuming requests/queries in a given time frame
+
+# [Resource-specific](#tab/resource-specific)
+
+ ```Kusto
+ let topRequestsByRUcharge = CDBDataPlaneRequests
+ | where TimeGenerated > ago(24h)
+ | project RequestCharge , TimeGenerated, ActivityId;
+ CDBCassandraRequests
+ | project PIICommandText, ActivityId, DatabaseName , CollectionName
+ | join kind=inner topRequestsByRUcharge on ActivityId
+ | project DatabaseName , CollectionName , PIICommandText , RequestCharge, TimeGenerated
+ | order by RequestCharge desc
+ | take 10
+ ```
+
+# [Azure Diagnostics](#tab/azure-diagnostics)
+
+ ```Kusto
+ let topRequestsByRUcharge = AzureDiagnostics
+ | where Category == "DataPlaneRequests" and TimeGenerated > ago(1h)
+ | project requestCharge_s , TimeGenerated, activityId_g;
+ AzureDiagnostics
+ | where Category == "CassandraRequests"
+ | project piiCommandText_s, activityId_g, databasename_s , collectionname_s
+ | join kind=inner topRequestsByRUcharge on activityId_g
+ | project databasename_s , collectionname_s , piiCommandText_s , requestCharge_s, TimeGenerated
+ | order by requestCharge_s desc
+ | take 10
+ ```
++
+- Requests throttled (statusCode = 429) in a given time window
+
+# [Resource-specific](#tab/resource-specific)
+
+ ```Kusto
+ let throttledRequests = CDBDataPlaneRequests
+ | where StatusCode == "429"
+ | project OperationName , TimeGenerated, ActivityId;
+ CDBCassandraRequests
+ | project PIICommandText, ActivityId, DatabaseName , CollectionName
+ | join kind=inner throttledRequests on ActivityId
+ | project DatabaseName , CollectionName , PIICommandText , OperationName, TimeGenerated
+ ```
+
+# [Azure Diagnostics](#tab/azure-diagnostics)
+
+ ```Kusto
+ let throttledRequests = AzureDiagnostics
+ | where Category == "DataPlaneRequests"
+ | where statusCode_s == "429"
+ | project OperationName , TimeGenerated, activityId_g;
+ AzureDiagnostics
+ | where Category == "CassandraRequests"
+ | project piiCommandText_s, activityId_g, databasename_s , collectionname_s
+ | join kind=inner throttledRequests on activityId_g
+ | project databasename_s , collectionname_s , piiCommandText_s , OperationName, TimeGenerated
+ ```
++
+- Queries with large response lengths (payload size of the server response)
+
+# [Resource-specific](#tab/resource-specific)
+
+ ```Kusto
+ let operationsbyUserAgent = CDBDataPlaneRequests
+ | project OperationName, DurationMs, RequestCharge, ResponseLength, ActivityId;
+ CDBCassandraRequests
+ //specify collection and database
+ //| where DatabaseName == "DBNAME" and CollectionName == "COLLECTIONNAME"
+ | join kind=inner operationsbyUserAgent on ActivityId
+ | summarize max(ResponseLength) by PIICommandText
+ | order by max_ResponseLength desc
+ ```
+
+# [Azure Diagnostics](#tab/azure-diagnostics)
+
+ ```Kusto
+ let operationsbyUserAgent = AzureDiagnostics
+ | where Category=="DataPlaneRequests"
+ | project OperationName, duration_s, requestCharge_s, responseLength_s, activityId_g;
+ AzureDiagnostics
+ | where Category == "CassandraRequests"
+ //specify collection and database
+ //| where databasename_s == "DBNAME" and collectioname_s == "COLLECTIONNAME"
+ | join kind=inner operationsbyUserAgent on activityId_g
+ | summarize max(responseLength_s1) by piiCommandText_s
+ | order by max_responseLength_s1 desc
+ ```
++
+- RU Consumption by physical partition (across all replicas in the replica set)
+
+# [Resource-specific](#tab/resource-specific)
+
+ ```Kusto
+ CDBPartitionKeyRUConsumption
+ | where TimeGenerated >= now(-1d)
+ //specify collection and database
+ //| where DatabaseName == "DBNAME" and CollectionName == "COLLECTIONNAME"
+ // filter by operation type
+ //| where operationType_s == 'Create'
+ | summarize sum(todouble(RequestCharge)) by toint(PartitionKeyRangeId)
+ | render columnchart
+ ```
+
+# [Azure Diagnostics](#tab/azure-diagnostics)
+
+ ```Kusto
+ AzureDiagnostics
+ | where TimeGenerated >= now(-1d)
+ | where Category == 'PartitionKeyRUConsumption'
+ //specify collection and database
+ //| where databasename_s == "DBNAME" and collectioname_s == "COLLECTIONNAME"
+ // filter by operation type
+ //| where operationType_s == 'Create'
+ | summarize sum(todouble(requestCharge_s)) by toint(partitionKeyRangeId_s)
+ | render columnchart
+ ```
++
+- RU Consumption by logical partition (across all replicas in the replica set)
+
+# [Resource-specific](#tab/resource-specific)
+ ```Kusto
+ CDBPartitionKeyRUConsumption
+ | where TimeGenerated >= now(-1d)
+ //specify collection and database
+ //| where DatabaseName == "DBNAME" and CollectionName == "COLLECTIONNAME"
+ // filter by operation type
+ //| where operationType_s == 'Create'
+ | summarize sum(todouble(RequestCharge)) by PartitionKey, PartitionKeyRangeId
+ | render columnchart
+ ```
+
+# [Azure Diagnostics](#tab/azure-diagnostics)
+
+ ```Kusto
+ AzureDiagnostics
+ | where TimeGenerated >= now(-1d)
+ | where Category == 'PartitionKeyRUConsumption'
+ //specify collection and database
+ //| where databasename_s == "DBNAME" and collectioname_s == "COLLECTIONNAME"
+ // filter by operation type
+ //| where operationType_s == 'Create'
+ | summarize sum(todouble(requestCharge_s)) by partitionKey_s, partitionKeyRangeId_s
+ | render columnchart
+ ```
++
+## Next steps
+* For more information on how to create diagnostic settings for Cosmos DB see [Creating Diagnostics settings](../cosmosdb-monitor-resource-logs.md) article.
+
+* For detailed information about how to create a diagnostic setting by using the Azure portal, CLI, or PowerShell, see [create diagnostic setting to collect platform logs and metrics in Azure](../../azure-monitor/essentials/diagnostic-settings.md) article.
cosmos-db Find Request Unit Charge Cassandra https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/cassandra/find-request-unit-charge-cassandra.md
+
+ Title: Find request unit (RU) charge for a Cassandra API query in Azure Cosmos DB
+description: Learn how to find the request unit (RU) charge for Cassandra queries executed against an Azure Cosmos container. You can use the Azure portal, .NET and Java drivers to find the RU charge.
+++++ Last updated : 10/14/2020++
+# Find the request unit charge for operations executed in Azure Cosmos DB Cassandra API
+
+Azure Cosmos DB supports many APIs, such as SQL, MongoDB, Cassandra, Gremlin, and Table. Each API has its own set of database operations. These operations range from simple point reads and writes to complex queries. Each database operation consumes system resources based on the complexity of the operation.
+
+The cost of all database operations is normalized by Azure Cosmos DB and is expressed by Request Units (or RUs, for short). Request charge is the request units consumed by all your database operations. You can think of RUs as a performance currency abstracting the system resources such as CPU, IOPS, and memory that are required to perform the database operations supported by Azure Cosmos DB. No matter which API you use to interact with your Azure Cosmos container, costs are always measured by RUs. Whether the database operation is a write, point read, or query, costs are always measured in RUs. To learn more, see the [request units and it's considerations](../request-units.md) article.
+
+This article presents the different ways you can find the [request unit](../request-units.md) (RU) consumption for any operation executed against a container in Azure Cosmos DB Cassandra API. If you are using a different API, see [API for MongoDB](../find-request-unit-charge-mongodb.md), [SQL API](../find-request-unit-charge.md), [Gremlin API](../find-request-unit-charge-gremlin.md), and [Table API](../table/find-request-unit-charge.md) articles to find the RU/s charge.
+
+When you perform operations against the Azure Cosmos DB Cassandra API, the RU charge is returned in the incoming payload as a field named `RequestCharge`. You have multiple options for retrieving the RU charge.
+
+## Use the .NET SDK
+
+When you use the [.NET SDK](https://www.nuget.org/packages/CassandraCSharpDriver/), you can retrieve the incoming payload under the `Info` property of a `RowSet` object:
+
+```csharp
+RowSet rowSet = session.Execute("SELECT table_name FROM system_schema.tables;");
+double requestCharge = BitConverter.ToDouble(rowSet.Info.IncomingPayload["RequestCharge"].Reverse().ToArray(), 0);
+```
+
+For more information, see [Quickstart: Build a Cassandra app by using the .NET SDK and Azure Cosmos DB](manage-data-dotnet.md).
+
+## Use the Java SDK
+
+When you use the [Java SDK](https://mvnrepository.com/artifact/com.datastax.cassandra/cassandra-driver-core), you can retrieve the incoming payload by calling the `getExecutionInfo()` method on a `ResultSet` object:
+
+```java
+ResultSet resultSet = session.execute("SELECT table_name FROM system_schema.tables;");
+Double requestCharge = resultSet.getExecutionInfo().getIncomingPayload().get("RequestCharge").getDouble();
+```
+
+For more information, see [Quickstart: Build a Cassandra app by using the Java SDK and Azure Cosmos DB](manage-data-java.md).
+
+## Next steps
+
+To learn about optimizing your RU consumption, see these articles:
+
+* [Request units and throughput in Azure Cosmos DB](../request-units.md)
+* [Optimize provisioned throughput cost in Azure Cosmos DB](../optimize-cost-throughput.md)
+* [Optimize query cost in Azure Cosmos DB](../optimize-cost-reads-writes.md)
cosmos-db How To Create Container Cassandra https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/cassandra/how-to-create-container-cassandra.md
+
+ Title: Create a container in Azure Cosmos DB Cassandra API
+description: Learn how to create a container in Azure Cosmos DB Cassandra API by using Azure portal, .NET, Java, Python, Node.js, and other SDKs.
+++++ Last updated : 10/16/2020+++
+# Create a container in Azure Cosmos DB Cassandra API
+
+This article explains the different ways to create a container in Azure Cosmos DB Cassandra API. It shows how to create a container using Azure portal, Azure CLI, PowerShell, or supported SDKs. This article demonstrates how to create a container, specify the partition key, and provision throughput.
+
+This article explains the different ways to create a container in Azure Cosmos DB Cassandra API. If you are using a different API, see [API for MongoDB](../how-to-create-container-mongodb.md), [Gremlin API](../how-to-create-container-gremlin.md), [Table API](../table/how-to-create-container.md), and [SQL API](../how-to-create-container.md) articles to create the container.
+
+> [!NOTE]
+> When creating containers, make sure you donΓÇÖt create two containers with the same name but different casing. ThatΓÇÖs because some parts of the Azure platform are not case-sensitive, and this can result in confusion/collision of telemetry and actions on containers with such names.
+
+## <a id="portal-cassandra"></a>Create using Azure portal
+
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+
+1. [Create a new Azure Cosmos account](manage-data-dotnet.md#create-a-database-account), or select an existing account.
+
+1. Open the **Data Explorer** pane, and select **New Table**. Next, provide the following details:
+
+ * Indicate whether you are creating a new keyspace, or using an existing one.
+ * Enter a table name.
+ * Enter the properties and specify a primary key.
+ * Enter a throughput to be provisioned (for example, 1000 RUs).
+ * Select **OK**.
+
+ :::image type="content" source="../media/how-to-create-container/partitioned-collection-create-cassandra.png" alt-text="Screenshot of Cassandra API, Add Table dialog box":::
+
+> [!NOTE]
+> For Cassandra API, the primary key is used as the partition key.
+
+## <a id="dotnet-cassandra"></a>Create using .NET SDK
+
+```csharp
+// Create a Cassandra table with a partition/primary key and provision 1000 RU/s throughput.
+session.Execute(CREATE TABLE myKeySpace.myTable(
+ user_id int PRIMARY KEY,
+ firstName text,
+ lastName text) WITH cosmosdb_provisioned_throughput=1000);
+```
+
+If you encounter timeout exception when creating a collection, do a read operation to validate if the collection was created successfully. The read operation throws an exception until the collection create operation is successful. For the list of status codes supported by the create operation see the [HTTP Status Codes for Azure Cosmos DB](/rest/api/cosmos-db/http-status-codes-for-cosmosdb) article.
+
+## <a id="cli-mongodb"></a>Create using Azure CLI
+
+[Create a Cassandra table with Azure CLI](../scripts/cli/cassandr).
+
+## Create using PowerShell
+
+[Create a Cassandra table with PowerShell](../scripts/powershell/cassandr)
+
+## Next steps
+
+* [Partitioning in Azure Cosmos DB](../partitioning-overview.md)
+* [Request Units in Azure Cosmos DB](../request-units.md)
+* [Provision throughput on containers and databases](../set-throughput.md)
+* [Work with Azure Cosmos account](../account-databases-containers-items.md)
cosmos-db How To Provision Throughput Cassandra https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/cassandra/how-to-provision-throughput-cassandra.md
+
+ Title: Provision throughput on Azure Cosmos DB Cassandra API resources
+description: Learn how to provision container, database, and autoscale throughput in Azure Cosmos DB Cassandra API resources. You will use Azure portal, CLI, PowerShell and various other SDKs.
+++++ Last updated : 10/15/2020+++
+# Provision database, container or autoscale throughput on Azure Cosmos DB Cassandra API resources
+
+This article explains how to provision throughput in Azure Cosmos DB Cassandra API. You can provision standard(manual) or autoscale throughput on a container, or a database and share it among the containers within the database. You can provision throughput using Azure portal, Azure CLI, or Azure Cosmos DB SDKs.
+
+If you are using a different API, see [SQL API](../how-to-provision-container-throughput.md), [API for MongoDB](../how-to-provision-throughput-mongodb.md), [Gremlin API](../how-to-provision-throughput-gremlin.md) articles to provision the throughput.
+
+## <a id="portal-cassandra"></a> Azure portal
+
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+
+1. [Create a new Azure Cosmos account](../create-mongodb-dotnet.md#create-a-database-account), or select an existing Azure Cosmos account.
+
+1. Open the **Data Explorer** pane, and select **New Table**. Next, provide the following details:
+
+ * Indicate whether you are creating a new keyspace or using an existing one. Select the **Provision database throughput** option if you want to provision throughput at the keyspace level.
+ * Enter the table ID within the CQL command.
+ * Enter a primary key value (for example, `/userrID`).
+ * Enter a throughput that you want to provision (for example, 1000 RUs).
+ * Select **OK**.
+
+ :::image type="content" source="./media/how-to-provision-throughput-cassandra/provision-table-throughput-portal-cassandra-api.png" alt-text="Screenshot of Data Explorer, when creating a new collection with database level throughput":::
+
+> [!Note]
+> If you are provisioning throughput on a container in an Azure Cosmos account configured with Cassandra API, use `/myPrimaryKey` for the partition key path.
+
+## <a id="dotnet-cassandra"></a> .NET SDK
+
+### Provision throughput for a Cassandra table
+
+```csharp
+// Create a Cassandra table with a partition (primary) key and provision throughput of 400 RU/s
+session.Execute("CREATE TABLE myKeySpace.myTable(
+ user_id int PRIMARY KEY,
+ firstName text,
+ lastName text) WITH cosmosdb_provisioned_throughput=400");
+
+```
+Similar commands can be issued through any CQL-compliant driver.
+
+### Alter or change throughput for a Cassandra table
+
+```csharp
+// Altering the throughput too can be done through code by issuing following command
+session.Execute("ALTER TABLE myKeySpace.myTable WITH cosmosdb_provisioned_throughput=5000");
+```
+
+Similar command can be executed through any CQL compliant driver.
+
+```csharp
+// Create a Cassandra keyspace and provision throughput of 400 RU/s
+session.Execute("CREATE KEYSPACE IF NOT EXISTS myKeySpace WITH cosmosdb_provisioned_throughput=400");
+```
+
+## Azure Resource Manager
+
+Azure Resource Manager templates can be used to provision autoscale throughput on database or container-level resources for all Azure Cosmos DB APIs. See [Azure Resource Manager templates for Azure Cosmos DB](templates-samples.md) for samples.
+
+## Azure CLI
+
+Azure CLI can be used to provision autoscale throughput on a database or container-level resources for all Azure Cosmos DB APIs. For samples see [Azure CLI Samples for Azure Cosmos DB](cli-samples.md).
+
+## Azure PowerShell
+
+Azure PowerShell can be used to provision autoscale throughput on a database or container-level resources for all Azure Cosmos DB APIs. For samples see [Azure PowerShell samples for Azure Cosmos DB](powershell-samples.md).
+
+## Next steps
+
+See the following articles to learn about throughput provisioning in Azure Cosmos DB:
+
+* [Request units and throughput in Azure Cosmos DB](../request-units.md)
cosmos-db Kafka Connect https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/cassandra/kafka-connect.md
+
+ Title: Integrate Apache Kafka and Azure Cosmos DB Cassandra API using Kafka Connect
+description: Learn how to ingest data from Kafka to Azure Cosmos DB Cassandra API using DataStax Apache Kafka Connector
++++ Last updated : 12/14/2020++++
+# Ingest data from Apache Kafka into Azure Cosmos DB Cassandra API using Kafka Connect
+
+Existing Cassandra applications can easily work with the [Azure Cosmos DB Cassandra API](cassandra-introduction.md) because of its [CQLv4 driver compatibility](https://cassandra.apache.org/doc/latest/getting_started/drivers.html?highlight=driver). You leverage this capability to integrate with streaming platforms such as [Apache Kafka](https://kafka.apache.org/) and bring data into Azure Cosmos DB.
+
+Data in Apache Kafka (topics) is only useful when consumed by other applications or ingested into other systems. It's possible to build a solution using the [Kafka Producer/Consumer](https://kafka.apache.org/documentation/#api) APIs [using a language and client SDK of your choice](https://cwiki.apache.org/confluence/display/KAFKA/Clients). Kafka Connect provides an alternative solution. It's a platform to stream data between Apache Kafka and other systems in a scalable and reliable manner. Since Kafka Connect supports off the shelf connectors which includes Cassandra, you don't need to write custom code to integrate Kafka with Azure Cosmos DB Cassandra API.
+
+In this article, we will be using the open-source [DataStax Apache Kafka connector](https://docs.datastax.com/en/kafka/doc/kafka/kafkaIntro.html), that works on top of Kafka Connect framework to ingest records from a Kafka topic into rows of one or more Cassandra tables. The example provides a reusable setup using Docker Compose. This is quite convenient since it enables you to bootstrap all the required components locally with a single command. These components include Kafka, Zookeeper, Kafka Connect worker, and the sample data generator application.
+
+Here is a breakdown of the components and their service definitions - you can refer to the complete `docker-compose` file [in the GitHub repo](https://github.com/Azure-Samples/cosmosdb-cassandra-kafka/blob/main/docker-compose.yaml).
+
+- Kafka and Zookeeper use [debezium](https://hub.docker.com/r/debezium/kafka/) images.
+- To run as a Docker container, the DataStax Apache Kafka Connector is baked on top of an existing Docker image - [debezium/connect-base](https://github.com/debezium/docker-images/tree/master/connect-base/1.2). This image includes an installation of Kafka and its Kafka Connect libraries, thus making it really convenient to add custom connectors. You can refer to the [Dockerfile](https://github.com/Azure-Samples/cosmosdb-cassandra-kafka/blob/main/connector/Dockerfile).
+- The `data-generator` service seeds randomly generated (JSON) data into the `weather-data` Kafka topic. You can refer to the code and `Dockerfile` in [the GitHub repo](https://github.com/Azure-Samples/cosmosdb-cassandra-kafka/blob/main/data-generator/)
+
+## Prerequisites
+
+* [Provision an Azure Cosmos DB Cassandra API account](manage-data-dotnet.md#create-a-database-account)
+
+* [Use cqlsh or hosted shell for validation](cassandra-support.md#hosted-cql-shell-preview)
+
+* Install [Docker](https://docs.docker.com/get-docker/) and [Docker Compose](https://docs.docker.com/compose/install)
+
+## Create Keyspace, tables and start the integration pipeline
+
+Using the Azure portal, create the Cassandra Keyspace and the tables required for the demo application.
+
+> [!NOTE]
+> Use the same Keyspace and table names as below
+
+```sql
+CREATE KEYSPACE weather WITH REPLICATION = {'class' : 'NetworkTopologyStrategy', 'datacenter1' : 1};
+
+CREATE TABLE weather.data_by_state (station_id text, temp int, state text, ts timestamp, PRIMARY KEY (state, ts)) WITH CLUSTERING ORDER BY (ts DESC) AND cosmosdb_cell_level_timestamp=true AND cosmosdb_cell_level_timestamp_tombstones=true AND cosmosdb_cell_level_timetolive=true;
+
+CREATE TABLE weather.data_by_station (station_id text, temp int, state text, ts timestamp, PRIMARY KEY (station_id, ts)) WITH CLUSTERING ORDER BY (ts DESC) AND cosmosdb_cell_level_timestamp=true AND cosmosdb_cell_level_timestamp_tombstones=true AND cosmosdb_cell_level_timetolive=true;
+```
+
+Clone the GitHub repo:
+
+```bash
+git clone https://github.com/Azure-Samples/cosmosdb-cassandra-kafka
+cd cosmosdb-cassandra-kafka
+```
+
+Start all the
+
+```shell
+docker-compose --project-name kafka-cosmos-cassandra up --build
+```
+
+> [!NOTE]
+> It might take a while to download and start the containers: this is just a one time process.
+
+To confirm whether all the containers have started:
+
+```shell
+docker-compose -p kafka-cosmos-cassandra ps
+```
+
+The data generator application will start pumping data into the `weather-data` topic in Kafka. You can also do quick sanity check to confirm. Peek into the Docker container running the Kafka connect worker:
++
+```bash
+docker exec -it kafka-cosmos-cassandra_cassandra-connector_1 bash
+```
+
+Once you drop into the container shell, just start the usual Kafka console consumer process and you should see weather data (in JSON format) flowing in.
+
+```bash
+cd ../bin
+./kafka-console-consumer.sh --bootstrap-server kafka:9092 --topic weather-data
+```
+
+## Cassandra Sink connector setup
+
+Copy the JSON contents below to a file (you can name it `cassandra-sink-config.json`). You will need to update it as per your setup and the rest of this section will provide guidance around this topic.
+
+```json
+{
+ "name": "kafka-cosmosdb-sink",
+ "config": {
+ "connector.class": "com.datastax.oss.kafka.sink.CassandraSinkConnector",
+ "tasks.max": "1",
+ "topics": "weather-data",
+ "contactPoints": "<cosmos db account name>.cassandra.cosmos.azure.com",
+ "port": 10350,
+ "loadBalancing.localDc": "<cosmos db region e.g. Southeast Asia>",
+ "auth.username": "<enter username for cosmosdb account>",
+ "auth.password": "<enter password for cosmosdb account>",
+ "ssl.hostnameValidation": true,
+ "ssl.provider": "JDK",
+ "ssl.keystore.path": "/etc/alternatives/jre/lib/security/cacerts/",
+ "ssl.keystore.password": "changeit",
+ "datastax-java-driver.advanced.connection.init-query-timeout": 5000,
+ "maxConcurrentRequests": 500,
+ "maxNumberOfRecordsInBatch": 32,
+ "queryExecutionTimeout": 30,
+ "connectionPoolLocalSize": 4,
+ "topic.weather-data.weather.data_by_state.mapping": "station_id=value.stationid, temp=value.temp, state=value.state, ts=value.created",
+ "topic.weather-data.weather.data_by_station.mapping": "station_id=value.stationid, temp=value.temp, state=value.state, ts=value.created",
+ "key.converter": "org.apache.kafka.connect.storage.StringConverter",
+ "value.converter": "org.apache.kafka.connect.json.JsonConverter",
+ "value.converter.schemas.enable": false,
+ "offset.flush.interval.ms": 10000
+ }
+}
+```
+
+Here is a summary of the attributes:
+
+**Basic connectivity**
+
+- `contactPoints`: enter the contact point for Cosmos DB Cassandra
+- `loadBalancing.localDc`: enter the region for Cosmos DB account e.g. Southeast Asia
+- `auth.username`: enter the username
+- `auth.password`: enter the password
+- `port`: enter the port value (this is `10350`, not `9042`. leave it as is)
+
+**SSL configuration**
+
+Azure Cosmos DB enforces [secure connectivity over SSL](../database-security.md) and Kafka Connect connector supports SSL as well.
+
+- `ssl.keystore.path`: path to the JDK keystore in the container - `/etc/alternatives/jre/lib/security/cacerts/`
+- `ssl.keystore.password`: JDK keystore (default) password
+- `ssl.hostnameValidation`: We turn own node hostname validation
+- `ssl.provider`: `JDK` is used as the SSL provider
+
+**Generic parameters**
+
+- `key.converter`: We use the string converter `org.apache.kafka.connect.storage.StringConverter`
+- `value.converter`: since the data in Kafka topics is JSON, we make use of `org.apache.kafka.connect.json.JsonConverter`
+- `value.converter.schemas.enable`: Since our JSON payload doesn't have a schema associated with it (for the purposes of the demo app), we need to instruct Kafka Connect to not look for a schema by setting this attribute to `false`. Not doing so will result in failures.
+
+### Install the connector
+
+Install the connector using the Kafka Connect REST endpoint:
+
+```shell
+curl -X POST -H "Content-Type: application/json" --data @cassandra-sink-config.json http://localhost:8083/connectors
+```
+
+To check the status:
+
+```
+curl http://localhost:8080/connectors/kafka-cosmosdb-sink/status
+```
+
+If all goes well, the connector should start weaving its magic. It should authenticate to Azure Cosmos DB and start ingesting data from the Kafka topic (`weather-data`) into Cassandra tables - `weather.data_by_state` and `weather.data_by_station`
+
+You can now query data in the tables. Head over to the Azure portal, bring up the hosted CQL Shell for your Azure Cosmos DB account.
++
+## Query data from Azure Cosmos DB
+
+Check the `data_by_state` and `data_by_station` tables. Here is some sample queries to get you started:
+
+```sql
+select * from weather.data_by_state where state = 'state-1';
+select * from weather.data_by_state where state IN ('state-1', 'state-2');
+select * from weather.data_by_state where state = 'state-3' and ts > toTimeStamp('2020-11-26');
+
+select * from weather.data_by_station where station_id = 'station-1';
+select * from weather.data_by_station where station_id IN ('station-1', 'station-2');
+select * from weather.data_by_station where station_id IN ('station-2', 'station-3') and ts > toTimeStamp('2020-11-26');
+```
+
+## Clean up resources
++
+## Next steps
+
+* [Provision throughput on containers and databases](../set-throughput.md)
+* [Partition key best practices](../partitioning-overview.md#choose-partitionkey)
+* [Estimate RU/s using the Azure Cosmos DB capacity planner](../estimate-ru-with-capacity-planner.md) articles
cosmos-db Load Data Table https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/cassandra/load-data-table.md
+
+ Title: 'Tutorial: Java app to load sample data into a Cassandra API table in Azure Cosmos DB'
+description: This tutorial shows how to load sample user data to a Cassandra API table in Azure Cosmos DB by using a java application.
+++ Last updated : 05/20/2019+++
+#Customer intent: As a developer, I want to build a Java application to load data to a Cassandra API table in Azure Cosmos DB so that customers can store and manage the key/value data and utilize the global distribution, elastic scaling, multi-region , and other capabilities offered by Azure Cosmos DB.
+
++
+# Tutorial: Load sample data into a Cassandra API table in Azure Cosmos DB
+
+As a developer, you might have applications that use key/value pairs. You can use Cassandra API account in Azure Cosmos DB to store and manage key/value data. This tutorial shows how to load sample user data to a table in a Cassandra API account in Azure Cosmos DB by using a Java application. The Java application uses the [Java driver](https://github.com/datastax/java-driver) and loads user data such as user ID, user name, and user city.
+
+This tutorial covers the following tasks:
+
+> [!div class="checklist"]
+> * Load data into a Cassandra table
+> * Run the app
+
+If you donΓÇÖt have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
+
+## Prerequisites
+
+* This article belongs to a multi-part tutorial. Before you start with this doc, make sure to [create the Cassandra API account, keyspace, and table](create-account-java.md).
+
+## Load data into the table
+
+Use the following steps to load data into your Cassandra API table:
+
+1. Open the ΓÇ£UserRepository.javaΓÇ¥ file under the ΓÇ£src\main\java\com\azure\cosmosdb\cassandraΓÇ¥ folder and append the code to insert the user_id, user_name and user_bcity fields into the table:
+
+ ```java
+ /**
+ * Insert a row into user table
+ *
+ * @param id user_id
+ * @param name user_name
+ * @param city user_bcity
+ */
+ public void insertUser(PreparedStatement statement, int id, String name, String city) {
+ BoundStatement boundStatement = new BoundStatement(statement);
+ session.execute(boundStatement.bind(id, name, city));
+ }
+
+ /**
+ * Create a PrepareStatement to insert a row to user table
+ *
+ * @return PreparedStatement
+ */
+ public PreparedStatement prepareInsertStatement() {
+ final String insertStatement = "INSERT INTO uprofile.user (user_id, user_name , user_bcity) VALUES (?,?,?)";
+ return session.prepare(insertStatement);
+ }
+ ```
+
+2. Open the ΓÇ£UserProfile.javaΓÇ¥ file under the ΓÇ£src\main\java\com\azure\cosmosdb\cassandraΓÇ¥ folder. This class contains the main method that calls the createKeyspace and createTable methods you defined earlier. Now append the following code to insert some sample data into the Cassandra API table.
+
+ ```java
+ //Insert rows into user table
+ PreparedStatement preparedStatement = repository.prepareInsertStatement();
+ repository.insertUser(preparedStatement, 1, "JohnH", "Seattle");
+ repository.insertUser(preparedStatement, 2, "EricK", "Spokane");
+ repository.insertUser(preparedStatement, 3, "MatthewP", "Tacoma");
+ repository.insertUser(preparedStatement, 4, "DavidA", "Renton");
+ repository.insertUser(preparedStatement, 5, "PeterS", "Everett");
+ ```
+
+## Run the app
+
+Open a command prompt or terminal window and change the folder path to where you have created the project. Run the ΓÇ£mvn clean installΓÇ¥ command to generate the cosmosdb-cassandra-examples.jar file within the target folder and run the application.
+
+```bash
+cd "cassandra-demo"
+
+mvn clean install
+
+java -cp target/cosmosdb-cassandra-examples.jar com.azure.cosmosdb.cassandra.examples.UserProfile
+```
+
+You can now open Data Explorer in the Azure portal to confirm that the user information is added to the table.
+
+## Next steps
+
+In this tutorial, you've learned how to load sample data to a Cassandra API account in Azure Cosmos DB. You can now proceed to the next article:
+
+> [!div class="nextstepaction"]
+> [Query data from the Cassandra API account](query-data.md)
cosmos-db Manage Data Dotnet Core https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/cassandra/manage-data-dotnet-core.md
+
+ Title: 'Quickstart: Cassandra API with .NET Core - Azure Cosmos DB'
+description: This quickstart shows how to use the Azure Cosmos DB Cassandra API to create a profile application with the Azure portal and .NET Core
+++++
+ms.devlang: dotnet
+ Last updated : 10/01/2020+++
+# Quickstart: Build a Cassandra app with .NET Core and Azure Cosmos DB
+
+> [!div class="op_single_selector"]
+> * [.NET](manage-data-dotnet.md)
+> * [.NET Core](manage-data-dotnet-core.md)
+> * [Java v3](manage-data-java.md)
+> * [Java v4](manage-data-java-v4-sdk.md)
+> * [Node.js](manage-data-nodejs.md)
+> * [Python](manage-data-python.md)
+> * [Golang](manage-data-go.md)
+>
+
+This quickstart shows how to use .NET Core and the Azure Cosmos DB [Cassandra API](cassandra-introduction.md) to build a profile app by cloning an example from GitHub. This quickstart also shows you how to use the web-based Azure portal to create an Azure Cosmos DB account.
+
+Azure Cosmos DB is Microsoft's globally distributed multi-model database service. You can quickly create and query document, table, key-value, and graph databases, all of which benefit from the global distribution and horizontal scale capabilities at the core of Azure Cosmos DB.
+
+## Prerequisites
++
+In addition, you need:
+* If you don't already have Visual Studio 2019 installed, you can download and use the **free** [Visual Studio 2019 Community Edition](https://www.visualstudio.com/downloads/). Make sure that you enable **Azure development** during the Visual Studio setup.
+* Install [Git](https://www.git-scm.com/) to clone the example.
+
+<a id="create-account"></a>
+## Create a database account
+++
+## Clone the sample application
+
+Now let's switch to working with code. Let's clone a Cassandra API app from GitHub, set the connection string, and run it. You'll see how easy it is to work with data programmatically.
+
+1. Open a command prompt. Create a new folder named `git-samples`. Then, close the command prompt.
+
+ ```bash
+ md "C:\git-samples"
+ ```
+
+2. Open a git terminal window, such as git bash, and use the `cd` command to change to the new folder to install the sample app.
+
+ ```bash
+ cd "C:\git-samples"
+ ```
+
+3. Run the following command to clone the sample repository. This command creates a copy of the sample app on your computer.
+
+ ```bash
+ git clone https://github.com/Azure-Samples/azure-cosmos-db-cassandra-dotnet-core-getting-started.git
+ ```
+
+4. Next, open the CassandraQuickStartSample solution file in Visual Studio.
+
+## Review the code
+
+This step is optional. If you're interested to learn how the code creates the database resources, you can review the following snippets. The snippets are all taken from the `Program.cs` file within `async Task ProcessAsync()` method, installed in the `C:\git-samples\azure-cosmos-db-cassandra-dotnet-core-getting-started\CassandraQuickStart` folder. Otherwise, you can skip ahead to [Update your connection string](#update-your-connection-string).
+
+* Initialize the session by connecting to a Cassandra cluster endpoint. The Cassandra API on Azure Cosmos DB supports only TLSv1.2.
+
+ ```csharp
+ var options = new Cassandra.SSLOptions(SslProtocols.Tls12, true, ValidateServerCertificate);
+ options.SetHostNameResolver((ipAddress) => CASSANDRACONTACTPOINT);
+ Cluster cluster = Cluster
+ .Builder()
+ .WithCredentials(USERNAME, PASSWORD)
+ .WithPort(CASSANDRAPORT)
+ .AddContactPoint(CASSANDRACONTACTPOINT)
+ .WithSSL(options)
+ .Build()
+ ;
+ ISession session = await cluster.ConnectAsync();
+ ```
+
+* Drop existing keyspace if it already exists.
+
+ ```csharp
+ await session.ExecuteAsync(new SimpleStatement("DROP KEYSPACE IF EXISTS uprofile"));
+ ```
+
+* Create a new keyspace.
+
+ ```csharp
+ await session.ExecuteAsync(new SimpleStatement("CREATE KEYSPACE uprofile WITH REPLICATION = { 'class' : 'NetworkTopologyStrategy', 'datacenter1' : 1 };"));
+ ```
+
+* Create a new table.
+
+ ```csharp
+ await session.ExecuteAsync(new SimpleStatement("CREATE TABLE IF NOT EXISTS uprofile.user (user_id int PRIMARY KEY, user_name text, user_bcity text)"));
+ ```
+
+* Insert user entities by using the IMapper object with a new session that connects to the uprofile keyspace.
+
+ ```csharp
+ await mapper.InsertAsync<User>(new User(1, "LyubovK", "Dubai"));
+ ```
+
+* Query to get all user's information.
+
+ ```csharp
+ foreach (User user in await mapper.FetchAsync<User>("Select * from user"))
+ {
+ Console.WriteLine(user);
+ }
+ ```
+
+* Query to get a single user's information.
+
+ ```csharp
+ mapper.FirstOrDefault<User>("Select * from user where user_id = ?", 3);
+ ```
+
+## Update your connection string
+
+Now go back to the Azure portal to get your connection string information and copy it into the app. The connection string information enables your app to communicate with your hosted database.
+
+1. In the [Azure portal](https://portal.azure.com/), select **Connection String**.
+
+1. Use the :::image type="icon" source="./media/manage-data-dotnet/copy.png"::: button on the right side of the screen to copy the USERNAME value.
+
+ :::image type="content" source="./media/manage-data-dotnet/keys.png" alt-text="View and copy an access key in the Azure portal, Connection String page":::
+
+1. In Visual Studio, open the Program.cs file.
+
+1. Paste the USERNAME value from the portal over `<PROVIDE>` on line 13.
+
+ Line 13 of Program.cs should now look similar to
+
+ `private const string UserName = "cosmos-db-quickstart";`
+
+ You can also paste the same value over `<PROVIDE>` on line 15 for the CONTACT POINT value:
+
+ `private const string CassandraContactPoint = "cosmos-db-quickstarts.cassandra.cosmosdb.azure.com"; // DnsName`
+
+1. Go back to portal and copy the PASSWORD value. Paste the PASSWORD value from the portal over `<PROVIDE>` on line 14.
+
+ Line 14 of Program.cs should now look similar to
+
+ `private const string Password = "2Ggkr662ifxz2Mg...==";`
+
+1. Go back to portal and copy the CONTACT POINT value. Paste the CONTACT POINT value from the portal over `<PROVIDE>` on line 16.
+
+ Line 16 of Program.cs should now look similar to
+
+ `private const string CASSANDRACONTACTPOINT = "quickstart-cassandra-api.cassandra.cosmos.azure.com";`
+
+1. Save the Program.cs file.
+
+## Run the .NET Core app
+
+1. In Visual Studio, select **Tools** > **NuGet Package Manager** > **Package Manager Console**.
+
+2. At the command prompt, use the following command to install the .NET Driver's NuGet package.
+
+ ```cmd
+ Install-Package CassandraCSharpDriver
+ ```
+3. Press CTRL + F5 to run the application. Your app displays in your console window.
+
+ :::image type="content" source="./media/manage-data-dotnet/output.png" alt-text="View and verify the output":::
+
+ Press CTRL + C to stop execution of the program and close the console window.
+
+4. In the Azure portal, open **Data Explorer** to query, modify, and work with this new data.
+
+ :::image type="content" source="./media/manage-data-dotnet/data-explorer.png" alt-text="View the data in Data Explorer":::
+
+## Review SLAs in the Azure portal
++
+## Clean up resources
++
+## Next steps
+
+In this quickstart, you've learned how to create an Azure Cosmos DB account, create a container using the Data Explorer, and run a web app. You can now import additional data to your Cosmos DB account.
+
+> [!div class="nextstepaction"]
+> [Import Cassandra data into Azure Cosmos DB](migrate-data.md)
cosmos-db Manage Data Dotnet https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/cassandra/manage-data-dotnet.md
+
+ Title: 'Quickstart: Cassandra API with .NET - Azure Cosmos DB'
+description: This quickstart shows how to use the Azure Cosmos DB Cassandra API to create a profile application with the Azure portal and .NET
+++++
+ms.devlang: dotnet
+ Last updated : 10/01/2020+++
+# Quickstart: Build a Cassandra app with .NET SDK and Azure Cosmos DB
+
+> [!div class="op_single_selector"]
+> * [.NET](manage-data-dotnet.md)
+> * [.NET Core](manage-data-dotnet-core.md)
+> * [Java v3](manage-data-java.md)
+> * [Java v4](manage-data-java-v4-sdk.md)
+> * [Node.js](manage-data-nodejs.md)
+> * [Python](manage-data-python.md)
+> * [Golang](manage-data-go.md)
+>
+
+This quickstart shows how to use .NET and the Azure Cosmos DB [Cassandra API](cassandra-introduction.md) to build a profile app by cloning an example from GitHub. This quickstart also shows you how to use the web-based Azure portal to create an Azure Cosmos DB account.
+
+Azure Cosmos DB is Microsoft's globally distributed multi-model database service. You can quickly create and query document, table, key-value, and graph databases, all of which benefit from the global distribution and horizontal scale capabilities at the core of Azure Cosmos DB.
+
+## Prerequisites
++
+In addition, you need:
+* If you don't already have Visual Studio 2019 installed, you can download and use the **free** [Visual Studio 2019 Community Edition](https://www.visualstudio.com/downloads/). Make sure that you enable **Azure development** during the Visual Studio setup.
+* Install [Git](https://www.git-scm.com/) to clone the example.
+
+<a id="create-account"></a>
+## Create a database account
+++
+## Clone the sample application
+
+Now let's switch to working with code. Let's clone a Cassandra API app from GitHub, set the connection string, and run it. You'll see how easy it is to work with data programmatically.
+
+1. Open a command prompt. Create a new folder named `git-samples`. Then, close the command prompt.
+
+ ```bash
+ md "C:\git-samples"
+ ```
+
+2. Open a git terminal window, such as git bash, and use the `cd` command to change to the new folder to install the sample app.
+
+ ```bash
+ cd "C:\git-samples"
+ ```
+
+3. Run the following command to clone the sample repository. This command creates a copy of the sample app on your computer.
+
+ ```bash
+ git clone https://github.com/Azure-Samples/azure-cosmos-db-cassandra-dotnet-getting-started.git
+ ```
+
+4. Next, open the CassandraQuickStartSample solution file in Visual Studio.
+
+## Review the code
+
+This step is optional. If you're interested to learn how the code creates the database resources, you can review the following snippets. The snippets are all taken from the `Program.cs` file installed in the `C:\git-samples\azure-cosmos-db-cassandra-dotnet-getting-started\CassandraQuickStartSample` folder. Otherwise, you can skip ahead to [Update your connection string](#update-your-connection-string).
+
+* Initialize the session by connecting to a Cassandra cluster endpoint. The Cassandra API on Azure Cosmos DB supports only TLSv1.2.
+
+ ```csharp
+ var options = new Cassandra.SSLOptions(SslProtocols.Tls12, true, ValidateServerCertificate);
+ options.SetHostNameResolver((ipAddress) => CassandraContactPoint);
+ Cluster cluster = Cluster.Builder().WithCredentials(UserName, Password).WithPort(CassandraPort).AddContactPoint(CassandraContactPoint).WithSSL(options).Build();
+ ISession session = cluster.Connect();
+ ```
+
+* Create a new keyspace.
+
+ ```csharp
+ session.Execute("CREATE KEYSPACE uprofile WITH REPLICATION = { 'class' : 'NetworkTopologyStrategy', 'datacenter1' : 1 };");
+ ```
+
+* Create a new table.
+
+ ```csharp
+ session.Execute("CREATE TABLE IF NOT EXISTS uprofile.user (user_id int PRIMARY KEY, user_name text, user_bcity text)");
+ ```
+
+* Insert user entities by using the IMapper object with a new session that connects to the uprofile keyspace.
+
+ ```csharp
+ mapper.Insert<User>(new User(1, "LyubovK", "Dubai"));
+ ```
+
+* Query to get all user's information.
+
+ ```csharp
+ foreach (User user in mapper.Fetch<User>("Select * from user"))
+ {
+ Console.WriteLine(user);
+ }
+ ```
+
+* Query to get a single user's information.
+
+ ```csharp
+ mapper.FirstOrDefault<User>("Select * from user where user_id = ?", 3);
+ ```
+
+## Update your connection string
+
+Now go back to the Azure portal to get your connection string information and copy it into the app. The connection string information enables your app to communicate with your hosted database.
+
+1. In the [Azure portal](https://portal.azure.com/), select **Connection String**.
+
+1. Use the :::image type="icon" source="./media/manage-data-dotnet/copy.png"::: button on the right side of the screen to copy the USERNAME value.
+
+ :::image type="content" source="./media/manage-data-dotnet/keys.png" alt-text="View and copy an access key in the Azure portal, Connection String page":::
+
+1. In Visual Studio, open the Program.cs file.
+
+1. Paste the USERNAME value from the portal over `<FILLME>` on line 13.
+
+ Line 13 of Program.cs should now look similar to
+
+ `private const string UserName = "cosmos-db-quickstart";`
+
+1. Go back to portal and copy the PASSWORD value. Paste the PASSWORD value from the portal over `<FILLME>` on line 14.
+
+ Line 14 of Program.cs should now look similar to
+
+ `private const string Password = "2Ggkr662ifxz2Mg...==";`
+
+1. Go back to portal and copy the CONTACT POINT value. Paste the CONTACT POINT value from the portal over `<FILLME>` on line 15.
+
+ Line 15 of Program.cs should now look similar to
+
+ `private const string CassandraContactPoint = "cosmos-db-quickstarts.cassandra.cosmosdb.azure.com"; // DnsName`
+
+1. Save the Program.cs file.
+
+## Run the .NET app
+
+1. In Visual Studio, select **Tools** > **NuGet Package Manager** > **Package Manager Console**.
+
+2. At the command prompt, use the following command to install the .NET Driver's NuGet package.
+
+ ```cmd
+ Install-Package CassandraCSharpDriver
+ ```
+3. Press CTRL + F5 to run the application. Your app displays in your console window.
+
+ :::image type="content" source="./media/manage-data-dotnet/output.png" alt-text="View and verify the output":::
+
+ Press CTRL + C to stop execution of the program and close the console window.
+
+4. In the Azure portal, open **Data Explorer** to query, modify, and work with this new data.
+
+ :::image type="content" source="./media/manage-data-dotnet/data-explorer.png" alt-text="View the data in Data Explorer":::
+
+## Review SLAs in the Azure portal
++
+## Clean up resources
++
+## Next steps
+
+In this quickstart, you've learned how to create an Azure Cosmos DB account, create a container using the Data Explorer, and run a web app. You can now import additional data to your Cosmos DB account.
+
+> [!div class="nextstepaction"]
+> [Import Cassandra data into Azure Cosmos DB](migrate-data.md)
cosmos-db Manage Data Go https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/cassandra/manage-data-go.md
+
+ Title: Build a Go app with Azure Cosmos DB Cassandra API using the gocql client
+description: This quickstart shows how to use a Go client to interact with Azure Cosmos DB Cassandra API
++++
+ms.devlang: go
+ Last updated : 07/14/2020++
+# Quickstart: Build a Go app with the `gocql` client to manage Azure Cosmos DB Cassandra API data
+
+> [!div class="op_single_selector"]
+> * [.NET](manage-data-dotnet.md)
+> * [.NET Core](manage-data-dotnet-core.md)
+> * [Java v3](manage-data-java.md)
+> * [Java v4](manage-data-java-v4-sdk.md)
+> * [Node.js](manage-data-nodejs.md)
+> * [Python](manage-data-python.md)
+> * [Golang](manage-data-go.md)
+>
+
+Azure Cosmos DB is a multi-model database service that lets you quickly create and query document, table, key-value, and graph databases with global distribution and horizontal scale capabilities. In this quickstart, you will start by creating an Azure Cosmos DB Cassandra API account. You will then run a Go application to create a Cassandra keyspace, table, and execute a few operations. This Go app uses [gocql](https://github.com/gocql/gocql), which is a Cassandra client for the Go language.
+
+## Prerequisites
+
+- An Azure account with an active subscription. [Create one for free](https://azure.microsoft.com/free/?WT.mc_id=cassandrago-docs-abhishgu). Or [try Azure Cosmos DB for free](https://azure.microsoft.com/try/cosmosdb/?WT.mc_id=cassandrago-docs-abhishgu) without an Azure subscription.
+- [Go](https://golang.org/) installed on your computer, and a working knowledge of Go.
+- [Git](https://git-scm.com/downloads).
+
+## Create a database account
+
+Before you can create a database, you need to create a Cassandra account with Azure Cosmos DB.
++
+## Clone the sample application
+
+Start by cloning the application from GitHub.
+
+1. Open a command prompt and create a new folder named `git-samples`.
+
+ ```bash
+ md "C:\git-samples"
+ ```
+
+2. Open a git terminal window, such as git bash. Use the `cd` command to change into the new folder and install the sample app.
+
+ ```bash
+ cd "C:\git-samples"
+ ```
+
+3. Run the following command to clone the sample repository. This command creates a copy of the sample app on your computer.
+
+ ```bash
+ git clone https://github.com/Azure-Samples/azure-cosmos-db-cassandra-go-getting-started.git
+ ```
+
+## Review the code
+
+This step is optional. If you're interested to learn how the code creates the database resources, you can review the following code snippets. Otherwise, you can skip ahead to [Run the application](#run-the-application)
+
+The `GetSession` function (part of `utils\utils.go`) returns a [`*gocql.Session`](https://godoc.org/github.com/gocql/gocql#Session) that is used to execute cluster operations such as insert, find etc.
+
+```go
+func GetSession(cosmosCassandraContactPoint, cosmosCassandraPort, cosmosCassandraUser, cosmosCassandraPassword string) *gocql.Session {
+ clusterConfig := gocql.NewCluster(cosmosCassandraContactPoint)
+ port, err := strconv.Atoi(cosmosCassandraPort)
+
+ clusterConfig.Authenticator = gocql.PasswordAuthenticator{Username: cosmosCassandraUser, Password: cosmosCassandraPassword}
+ clusterConfig.Port = port
+ clusterConfig.SslOpts = &gocql.SslOptions{Config: &tls.Config{MinVersion: tls.VersionTLS12}}
+ clusterConfig.ProtoVersion = 4
+
+ session, err := clusterConfig.CreateSession()
+ ...
+ return session
+}
+```
+
+The Azure Cosmos DB Cassandra host is passed to the [`gocql.NewCluster`](https://godoc.org/github.com/gocql/gocql#NewCluster) function to get a [`*gocql.ClusterConfig`](https://godoc.org/github.com/gocql/gocql#ClusterConfig) struct that is then configured to use the username, password, port, and appropriate TLS version ([HTTPS/SSL/TLS encryption Security requirement](../database-security.md?WT.mc_id=cassandrago-docs-abhishgu#how-does-azure-cosmos-db-secure-my-database))
+
+The `GetSession` function is then called from the `main` function (`main.go`).
+
+```go
+func main() {
+ session := utils.GetSession(cosmosCassandraContactPoint, cosmosCassandraPort, cosmosCassandraUser, cosmosCassandraPassword)
+ defer session.Close()
+ ...
+}
+```
+
+The connectivity information and credentials are accepted in the form of environment variables (resolved in the `init` method)
+
+```go
+func init() {
+ cosmosCassandraContactPoint = os.Getenv("COSMOSDB_CASSANDRA_CONTACT_POINT")
+ cosmosCassandraPort = os.Getenv("COSMOSDB_CASSANDRA_PORT")
+ cosmosCassandraUser = os.Getenv("COSMOSDB_CASSANDRA_USER")
+ cosmosCassandraPassword = os.Getenv("COSMOSDB_CASSANDRA_PASSWORD")
+
+ if cosmosCassandraContactPoint == "" || cosmosCassandraUser == "" || cosmosCassandraPassword == "" {
+ log.Fatal("missing mandatory environment variables")
+ }
+}
+```
+
+It is then used to execute various operations (part of `operations\setup.go`) on Azure Cosmos DB starting with `keyspace` and `table` creation.
+
+As the name suggests, the `DropKeySpaceIfExists` function drops the `keyspace` only if it exists.
+
+```go
+const dropKeyspace = "DROP KEYSPACE IF EXISTS %s"
+
+func DropKeySpaceIfExists(keyspace string, session *gocql.Session) {
+ err := utils.ExecuteQuery(fmt.Sprintf(dropKeyspace, keyspace), session)
+ if err != nil {
+ log.Fatal("Failed to drop keyspace", err)
+ }
+ log.Println("Keyspace dropped")
+}
+```
+
+`CreateKeySpace` function is used to create the `keyspace` (`user_profile`)
+
+```go
+const createKeyspace = "CREATE KEYSPACE %s WITH REPLICATION = { 'class' : 'NetworkTopologyStrategy', 'datacenter1' : 1 }"
+
+func CreateKeySpace(keyspace string, session *gocql.Session) {
+ err := utils.ExecuteQuery(fmt.Sprintf(createKeyspace, keyspace), session)
+ if err != nil {
+ log.Fatal("Failed to create keyspace", err)
+ }
+ log.Println("Keyspace created")
+}
+```
+
+This is followed by table creation (`user`) which is taken care of `CreateUserTable` function
+
+```go
+const createTable = "CREATE TABLE %s.%s (user_id int PRIMARY KEY, user_name text, user_bcity text)"
+
+func CreateUserTable(keyspace, table string, session *gocql.Session) {
+ err := session.Query(fmt.Sprintf(createTable, keyspace, table)).Exec()
+ if err != nil {
+ log.Fatal("failed to create table ", err)
+ }
+ log.Println("Table created")
+}
+```
+
+Once the keyspace and table are created, we invoke CRUD operations (part of `operations\crud.go`).
+
+`InsertUser` is used to create a `User`. It sets the user info (ID, name, and city) as the query arguments using [`Bind`](https://godoc.org/github.com/gocql/gocql#Query.Bind)
+
+```go
+const createQuery = "INSERT INTO %s.%s (user_id, user_name , user_bcity) VALUES (?,?,?)"
+
+func InsertUser(keyspace, table string, session *gocql.Session, user model.User) {
+ err := session.Query(fmt.Sprintf(createQuery, keyspace, table)).Bind(user.ID, user.Name, user.City).Exec()
+ if err != nil {
+ log.Fatal("Failed to create user", err)
+ }
+ log.Println("User created")
+}
+```
+
+`FindUser` is used to search for a user (`model\user.go`) using a specific user ID while [`Scan`](https://godoc.org/github.com/gocql/gocql#Iter.Scan) binds the user attributes (returned by Cassandra) to individual variables (`userid`, `name`, `city`) -it is just one of the ways in which you can use the result obtained as the search query result
+
+```go
+const selectQuery = "SELECT * FROM %s.%s where user_id = ?"
+
+func FindUser(keyspace, table string, id int, session *gocql.Session) model.User {
+ var userid int
+ var name, city string
+ err := session.Query(fmt.Sprintf(selectQuery, keyspace, table)).Bind(id).Scan(&userid, &name, &city)
+
+ if err != nil {
+ if err == gocql.ErrNotFound {
+ log.Printf("User with id %v does not exist\n", id)
+ } else {
+ log.Printf("Failed to find user with id %v - %v\n", id, err)
+ }
+ }
+ return model.User{ID: userid, Name: name, City: city}
+}
+```
+
+`FindAllUsers` is used to fetch all the users. [`SliceMap`](https://godoc.org/github.com/gocql/gocql#Iter.SliceMap) is used as a shorthand to get all the user's info in the form of a slice of `map`s. Think of each `map` as key-value pairs where column name (for example, `user_id`) is the key along with its respective value.
+
+```go
+const findAllUsersQuery = "SELECT * FROM %s.%s"
+
+func FindAllUsers(keyspace, table string, session *gocql.Session) []model.User {
+ var users []model.User
+ results, _ := session.Query(fmt.Sprintf(findAllUsersQuery, keyspace, table)).Iter().SliceMap()
+
+ for _, u := range results {
+ users = append(users, mapToUser(u))
+ }
+ return users
+}
+```
+
+Each `map` of user info is converted to a `User` using `mapToUser` function that simply extracts the value from its respective column and uses it to create an instance of the `User` struct
+
+```go
+func mapToUser(m map[string]interface{}) model.User {
+ id, _ := m["user_id"].(int)
+ name, _ := m["user_name"].(string)
+ city, _ := m["user_bcity"].(string)
+
+ return model.User{ID: id, Name: name, City: city}
+}
+```
+
+## Run the application
+
+As previously mentioned, the application accepts connectivity and credentials in the form the environment variables.
+
+1. In your Azure Cosmos DB account in the [Azure portal](https://portal.azure.com/), select **Connection String**.
+
+ :::image type="content" source="./media/manage-data-go/copy-username-connection-string-azure-portal.png" alt-text="View and copy details from the Connection String page in Azure portal":::
+
+Copy the values for the following attributes (`CONTACT POINT`, `PORT`, `USERNAME` and `PRIMARY PASSWORD`) and set them to the respective environment variables
+
+```shell
+set COSMOSDB_CASSANDRA_CONTACT_POINT=<value for "CONTACT POINT">
+set COSMOSDB_CASSANDRA_PORT=<value for "PORT">
+set COSMOSDB_CASSANDRA_USER=<value for "USERNAME">
+set COSMOSDB_CASSANDRA_PASSWORD=<value for "PRIMARY PASSWORD">
+```
+
+In the terminal window, change to the correct folder. For example:
+
+```shell
+cd "C:\git-samples\azure-cosmosdb-cassandra-go-getting-started"
+```
+
+2. In the terminal, run the following command to start the application.
+
+```shell
+go run main.go
+```
+
+3. The terminal window displays notifications for the various operations including keyspace and table setup, user creation etc.
+
+4. In the Azure portal, open **Data Explorer** to query, modify, and work with this new data.
+
+ :::image type="content" source="./media/manage-data-go/view-data-explorer-go-app.png" alt-text="View the data in Data Explorer - Azure Cosmos DB":::
+
+## Review SLAs in the Azure portal
++
+## Clean up resources
++
+## Next steps
+
+In this quickstart, you learned how to create an Azure Cosmos DB account with Cassandra API, and run a Go app that creates a Cassandra database and container. You can now import additional data into your Azure Cosmos DB account.
+
+> [!div class="nextstepaction"]
+> [Import Cassandra data into Azure Cosmos DB](migrate-data.md)
cosmos-db Manage Data Java V4 Sdk https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/cassandra/manage-data-java-v4-sdk.md
+
+ Title: Java app with Azure Cosmos DB Cassandra API using Java 4.0 SDK
+description: This quickstart shows how to use the Azure Cosmos DB Cassandra API to create a profile application with the Azure portal and Java 4.0 SDK.
++++
+ms.devlang: java
+ Last updated : 05/18/2020+++
+# Quickstart: Build a Java app to manage Azure Cosmos DB Cassandra API data (v4 Driver)
+
+> [!div class="op_single_selector"]
+> * [.NET](manage-data-dotnet.md)
+> * [.NET Core](manage-data-dotnet-core.md)
+> * [Java v3](manage-data-java.md)
+> * [Java v4](manage-data-java-v4-sdk.md)
+> * [Node.js](manage-data-nodejs.md)
+> * [Python](manage-data-python.md)
+> * [Golang](manage-data-go.md)
+>
+
+In this quickstart, you create an Azure Cosmos DB Cassandra API account, and use a Cassandra Java app cloned from GitHub to create a Cassandra database and container using the [v4.x Apache Cassandra drivers](https://github.com/datastax/java-driver/tree/4.x) for Java. Azure Cosmos DB is a multi-model database service that lets you quickly create and query document, table, key-value, and graph databases with global distribution and horizontal scale capabilities.
+
+## Prerequisites
+
+- An Azure account with an active subscription. [Create one for free](https://azure.microsoft.com/free/?ref=microsoft.com&utm_source=microsoft.com&utm_medium=docs&utm_campaign=visualstudio). Or [try Azure Cosmos DB for free](https://azure.microsoft.com/try/cosmosdb/) without an Azure subscription.
+- [Java Development Kit (JDK) 8](https://www.azul.com/downloads/azure-only/zulu/?&version=java-8-lts&architecture=x86-64-bit&package=jdk). Point your `JAVA_HOME` environment variable to the folder where the JDK is installed.
+- A [Maven binary archive](https://maven.apache.org/download.cgi). On Ubuntu, run `apt-get install maven` to install Maven.
+- [Git](https://www.git-scm.com/downloads). On Ubuntu, run `sudo apt-get install git` to install Git.
+
+> [!NOTE]
+> This is a simple quickstart which uses [version 4](https://github.com/datastax/java-driver/tree/4.x) of the open-source Apache Cassandra driver for Java. In most cases, you should be able to connect an existing Apache Cassandra dependent Java application to Azure Cosmos DB Cassandra API without any changes to your existing code. However, we recommend adding our [custom Java extension](https://github.com/Azure/azure-cosmos-cassandra-extensions/tree/release/java-driver-4/1.0.1), which includes custom retry and load balancing policies, as well as recommended connection settings, for a better overall experience. This is to handle [rate limiting](scale-account-throughput.md#handling-rate-limiting-429-errors) and application level failover in Azure Cosmos DB where required. You can find a comprehensive sample which implements the extension [here](https://github.com/Azure-Samples/azure-cosmos-cassandra-extensions-java-sample-v4).
+
+## Create a database account
+
+Before you can create a document database, you need to create a Cassandra account with Azure Cosmos DB.
++
+## Clone the sample application
+
+Now let's switch to working with code. Let's clone a Cassandra app from GitHub, set the connection string, and run it. You'll see how easy it is to work with data programmatically.
+
+1. Open a command prompt. Create a new folder named `git-samples`. Then, close the command prompt.
+
+ ```bash
+ md "C:\git-samples"
+ ```
+
+2. Open a git terminal window, such as git bash, and use the `cd` command to change to the new folder to install the sample app.
+
+ ```bash
+ cd "C:\git-samples"
+ ```
+
+3. Run the following command to clone the sample repository. This command creates a copy of the sample app on your computer.
+
+ ```bash
+ git clone https://github.com/Azure-Samples/azure-cosmos-db-cassandra-java-getting-started-v4.git
+ ```
+
+## Review the code
+
+This step is optional. If you're interested to learn how the code creates the database resources, you can review the following snippets. Otherwise, you can skip ahead to [Update your connection string](#update-your-connection-string). These snippets are all taken from the *src/main/java/com/azure/cosmosdb/cassandra/util/CassandraUtils.java* file.
+
+* The `CqlSession` connects to the Azure Cosmos DB Cassandra API and returns a session to access (`Cluster` object from v3 driver is now obsolete). Cassandra Host, Port, User name and password is set using the connection string page in the Azure portal.
+
+ ```java
+ this.session = CqlSession.builder().withSslContext(sc)
+ .addContactPoint(new InetSocketAddress(cassandraHost, cassandraPort)).withLocalDatacenter(region)
+ .withAuthCredentials(cassandraUsername, cassandraPassword).build();
+ ```
++
+The following snippets are from the *src/main/java/com/azure/cosmosdb/cassandra/repository/UserRepository.java* file.
+
+* Drop the keyspace if it already exists from a previous run.
+
+ ```java
+ public void dropKeyspace() {
+ String query = "DROP KEYSPACE IF EXISTS "+keyspace+"";
+ session.execute(query);
+ LOGGER.info("dropped keyspace '"+keyspace+"'");
+ }
+ ```
+* A new keyspace is created.
+
+ ```java
+ public void createKeyspace() {
+ String query = "CREATE KEYSPACE "+keyspace+" WITH REPLICATION = { 'class' : 'NetworkTopologyStrategy', 'datacenter1' : 1 }";
+ session.execute(query);
+ LOGGER.info("Created keyspace '"+keyspace+"'");
+ }
+ ```
+
+* A new table is created.
+
+ ```java
+ public void createTable() {
+ String query = "CREATE TABLE "+keyspace+"."+table+" (user_id int PRIMARY KEY, user_name text, user_bcity text)";
+ session.execute(query);
+ LOGGER.info("Created table '"+table+"'");
+ }
+ ```
+
+* User entities are inserted using a prepared statement object.
+
+ ```java
+ public String prepareInsertStatement() {
+ final String insertStatement = "INSERT INTO "+keyspace+"."+table+" (user_id, user_name , user_bcity) VALUES (?,?,?)";
+ return insertStatement;
+ }
+
+ public void insertUser(String preparedStatement, int id, String name, String city) {
+ PreparedStatement prepared = session.prepare(preparedStatement);
+ BoundStatement bound = prepared.bind(id, city, name).setIdempotent(true);
+ session.execute(bound);
+ }
+ ```
+
+* Query to get get all User information.
+
+ ```java
+ public void selectAllUsers() {
+ final String query = "SELECT * FROM "+keyspace+"."+table+"";
+ List<Row> rows = session.execute(query).all();
+
+ for (Row row : rows) {
+ LOGGER.info("Obtained row: {} | {} | {} ", row.getInt("user_id"), row.getString("user_name"), row.getString("user_bcity"));
+ }
+ }
+ ```
+
+ * Query to get a single User information.
+
+ ```java
+ public void selectUser(int id) {
+ final String query = "SELECT * FROM "+keyspace+"."+table+" where user_id = 3";
+ Row row = session.execute(query).one();
+
+ LOGGER.info("Obtained row: {} | {} | {} ", row.getInt("user_id"), row.getString("user_name"), row.getString("user_bcity"));
+ }
+ ```
+
+## Update your connection string
+
+Now go back to the Azure portal to get your connection string information and copy it into the app. The connection string details enable your app to communicate with your hosted database.
+
+1. In your Azure Cosmos DB account in the [Azure portal](https://portal.azure.com/), select **Connection String**.
+
+ :::image type="content" source="./media/manage-data-java/copy-username-connection-string-azure-portal.png" alt-text="View and copy a username from the Azure portal, Connection String page":::
+
+2. Use the :::image type="icon" source="./media/manage-data-java/copy-button-azure-portal.png"::: button on the right side of the screen to copy the CONTACT POINT value.
+
+3. Open the *config.properties* file from the *C:\git-samples\azure-cosmosdb-cassandra-java-getting-started\java-examples\src\main\resources* folder.
+
+3. Paste the CONTACT POINT value from the portal over `<Cassandra endpoint host>` on line 2.
+
+ Line 2 of *config.properties* should now look similar to
+
+ `cassandra_host=cosmos-db-quickstart.cassandra.cosmosdb.azure.com`
+
+3. Go back to the portal and copy the USERNAME value. Past the USERNAME value from the portal over `<cassandra endpoint username>` on line 4.
+
+ Line 4 of *config.properties* should now look similar to
+
+ `cassandra_username=cosmos-db-quickstart`
+
+4. Go back to the portal and copy the PASSWORD value. Paste the PASSWORD value from the portal over `<cassandra endpoint password>` on line 5.
+
+ Line 5 of *config.properties* should now look similar to
+
+ `cassandra_password=2Ggkr662ifxz2Mg...==`
+
+5. On line 6, if you want to use a specific TLS/SSL certificate, then replace `<SSL key store file location>` with the location of the TLS/SSL certificate. If a value is not provided, the JDK certificate installed at <JAVA_HOME>/jre/lib/security/cacerts is used.
+
+6. If you changed line 6 to use a specific TLS/SSL certificate, update line 7 to use the password for that certificate.
+
+7. Note that you will need to add the default region (e.g. `West US`) for the contact point, e.g.
+
+ `region=West US`
+
+ This is because the v.4x driver only allows one local DC to be paired with the contact point. If you want to add a region other than the default (which is the region that was given when the Cosmos DB account was first created), you will need to use regional suffix when adding contact point, e.g. `host-westus.cassandra.cosmos.azure.com`.
+
+8. Save the *config.properties* file.
+
+## Run the Java app
+
+1. In the git terminal window, `cd` to the `azure-cosmosdb-cassandra-java-getting-started-v4` folder.
+
+ ```git
+ cd "C:\git-samples\azure-cosmosdb-cassandra-java-getting-started-v4"
+ ```
+
+2. In the git terminal window, use the following command to generate the `cosmosdb-cassandra-examples.jar` file.
+
+ ```git
+ mvn clean install
+ ```
+
+3. In the git terminal window, run the following command to start the Java application.
+
+ ```git
+ java -cp target/cosmosdb-cassandra-examples.jar com.azure.cosmosdb.cassandra.examples.UserProfile
+ ```
+
+ The terminal window displays notifications that the keyspace and table are created. It then selects and returns all users in the table and displays the output, and then selects a row by ID and displays the value.
+
+ Press Ctrl+C to stop execution of the program and close the console window.
+
+4. In the Azure portal, open **Data Explorer** to query, modify, and work with this new data.
+
+ :::image type="content" source="./media/manage-data-java/view-data-explorer-java-app.png" alt-text="View the data in Data Explorer - Azure Cosmos DB":::
+
+## Review SLAs in the Azure portal
++
+## Clean up resources
++
+## Next steps
+
+In this quickstart, you learned how to create an Azure Cosmos DB account with Cassandra API, and run a Cassandra Java app that creates a Cassandra database and container. You can now import additional data into your Azure Cosmos DB account.
+
+> [!div class="nextstepaction"]
+> [Import Cassandra data into Azure Cosmos DB](migrate-data.md)
cosmos-db Manage Data Java https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/cassandra/manage-data-java.md
+
+ Title: Java app with Azure Cosmos DB Cassandra API using Java 3.0 SDK
+description: This quickstart shows how to use the Azure Cosmos DB Cassandra API to create a profile application with the Azure portal and Java 3.0 SDK.
++++
+ms.devlang: java
+ Last updated : 07/17/2021+++
+# Quickstart: Build a Java app to manage Azure Cosmos DB Cassandra API data (v3 Driver)
+
+> [!div class="op_single_selector"]
+> * [.NET](manage-data-dotnet.md)
+> * [.NET Core](manage-data-dotnet-core.md)
+> * [Java v3](manage-data-java.md)
+> * [Java v4](manage-data-java-v4-sdk.md)
+> * [Node.js](manage-data-nodejs.md)
+> * [Python](manage-data-python.md)
+> * [Golang](manage-data-go.md)
+>
+
+In this quickstart, you create an Azure Cosmos DB Cassandra API account, and use a Cassandra Java app cloned from GitHub to create a Cassandra database and container using the [v3.x Apache Cassandra drivers](https://github.com/datastax/java-driver/tree/3.x) for Java. Azure Cosmos DB is a multi-model database service that lets you quickly create and query document, table, key-value, and graph databases with global distribution and horizontal scale capabilities.
+
+## Prerequisites
+
+- An Azure account with an active subscription. [Create one for free](https://azure.microsoft.com/free/?ref=microsoft.com&utm_source=microsoft.com&utm_medium=docs&utm_campaign=visualstudio). Or [try Azure Cosmos DB for free](https://azure.microsoft.com/try/cosmosdb/) without an Azure subscription.
+- [Java Development Kit (JDK) 8](https://www.azul.com/downloads/azure-only/zulu/?&version=java-8-lts&architecture=x86-64-bit&package=jdk). Point your `JAVA_HOME` environment variable to the folder where the JDK is installed.
+- A [Maven binary archive](https://maven.apache.org/download.cgi). On Ubuntu, run `apt-get install maven` to install Maven.
+- [Git](https://www.git-scm.com/downloads). On Ubuntu, run `sudo apt-get install git` to install Git.
+
+> [!NOTE]
+> This is a simple quickstart which uses [version 3](https://github.com/datastax/java-driver/tree/3.x) of the open-source Apache Cassandra driver for Java. In most cases, you should be able to connect an existing Apache Cassandra dependent Java application to Azure Cosmos DB Cassandra API without any changes to your existing code. However, we recommend adding our [custom Java extension](https://github.com/Azure/azure-cosmos-cassandra-extensions/tree/feature/java-driver-3%2F1.0.0), which includes custom retry and load balancing policies, for a better overall experience. This is to handle [rate limiting](/scale-account-throughput.md#handling-rate-limiting-429-errors) and application level failover in Azure Cosmos DB respectively. You can find a comprehensive sample which implements the extension [here](https://github.com/Azure-Samples/azure-cosmos-cassandra-extensions-java-sample).
+
+## Create a database account
+
+Before you can create a document database, you need to create a Cassandra account with Azure Cosmos DB.
++
+## Clone the sample application
+
+Now let's switch to working with code. Let's clone a Cassandra app from GitHub, set the connection string, and run it. You'll see how easy it is to work with data programmatically.
+
+1. Open a command prompt. Create a new folder named `git-samples`. Then, close the command prompt.
+
+ ```bash
+ md "C:\git-samples"
+ ```
+
+2. Open a git terminal window, such as git bash, and use the `cd` command to change to the new folder to install the sample app.
+
+ ```bash
+ cd "C:\git-samples"
+ ```
+
+3. Run the following command to clone the sample repository. This command creates a copy of the sample app on your computer.
+
+ ```bash
+ git clone https://github.com/Azure-Samples/azure-cosmos-db-cassandra-java-getting-started.git
+ ```
+
+## Review the code
+
+This step is optional. If you're interested to learn how the code creates the database resources, you can review the following snippets. Otherwise, you can skip ahead to [Update your connection string](#update-your-connection-string). These snippets are all taken from the *src/main/java/com/azure/cosmosdb/cassandra/util/CassandraUtils.java* file.
+
+* The Cassandra host, port, user name, password, and TLS/SSL options are set. The connection string information comes from the connection string page in the Azure portal.
+
+ ```java
+ cluster = Cluster.builder().addContactPoint(cassandraHost).withPort(cassandraPort).withCredentials(cassandraUsername, cassandraPassword).withSSL(sslOptions).build();
+ ```
+
+* The `cluster` connects to the Azure Cosmos DB Cassandra API and returns a session to access.
+
+ ```java
+ return cluster.connect();
+ ```
+
+The following snippets are from the *src/main/java/com/azure/cosmosdb/cassandra/repository/UserRepository.java* file.
+
+* Create a new keyspace.
+
+ ```java
+ public void createKeyspace() {
+ final String query = "CREATE KEYSPACE IF NOT EXISTS uprofile WITH replication = {'class': 'SimpleStrategy', 'replication_factor': '3' } ";
+ session.execute(query);
+ LOGGER.info("Created keyspace 'uprofile'");
+ }
+ ```
+
+* Create a new table.
+
+ ```java
+ public void createTable() {
+ final String query = "CREATE TABLE IF NOT EXISTS uprofile.user (user_id int PRIMARY KEY, user_name text, user_bcity text)";
+ session.execute(query);
+ LOGGER.info("Created table 'user'");
+ }
+ ```
+
+* Insert user entities using a prepared statement object.
+
+ ```java
+ public PreparedStatement prepareInsertStatement() {
+ final String insertStatement = "INSERT INTO uprofile.user (user_id, user_name , user_bcity) VALUES (?,?,?)";
+ return session.prepare(insertStatement);
+ }
+
+ public void insertUser(PreparedStatement statement, int id, String name, String city) {
+ BoundStatement boundStatement = new BoundStatement(statement);
+ session.execute(boundStatement.bind(id, name, city));
+ }
+ ```
+
+* Query to get all user information.
+
+ ```java
+ public void selectAllUsers() {
+ final String query = "SELECT * FROM uprofile.user";
+ List<Row> rows = session.execute(query).all();
+
+ for (Row row : rows) {
+ LOGGER.info("Obtained row: {} | {} | {} ", row.getInt("user_id"), row.getString("user_name"), row.getString("user_bcity"));
+ }
+ }
+ ```
+
+* Query to get a single user's information.
+
+ ```java
+ public void selectUser(int id) {
+ final String query = "SELECT * FROM uprofile.user where user_id = 3";
+ Row row = session.execute(query).one();
+
+ LOGGER.info("Obtained row: {} | {} | {} ", row.getInt("user_id"), row.getString("user_name"), row.getString("user_bcity"));
+ }
+ ```
+
+## Update your connection string
+
+Now go back to the Azure portal to get your connection string information and copy it into the app. The connection string details enable your app to communicate with your hosted database.
+
+1. In your Azure Cosmos DB account in the [Azure portal](https://portal.azure.com/), select **Connection String**.
+
+ :::image type="content" source="./media/manage-data-java/copy-username-connection-string-azure-portal.png" alt-text="View and copy a username from the Azure portal, Connection String page":::
+
+2. Use the :::image type="icon" source="./media/manage-data-java/copy-button-azure-portal.png"::: button on the right side of the screen to copy the CONTACT POINT value.
+
+3. Open the *config.properties* file from the *C:\git-samples\azure-cosmosdb-cassandra-java-getting-started\java-examples\src\main\resources* folder.
+
+3. Paste the CONTACT POINT value from the portal over `<Cassandra endpoint host>` on line 2.
+
+ Line 2 of *config.properties* should now look similar to
+
+ `cassandra_host=cosmos-db-quickstart.cassandra.cosmosdb.azure.com`
+
+3. Go back to the portal and copy the USERNAME value. Past the USERNAME value from the portal over `<cassandra endpoint username>` on line 4.
+
+ Line 4 of *config.properties* should now look similar to
+
+ `cassandra_username=cosmos-db-quickstart`
+
+4. Go back to the portal and copy the PASSWORD value. Paste the PASSWORD value from the portal over `<cassandra endpoint password>` on line 5.
+
+ Line 5 of *config.properties* should now look similar to
+
+ `cassandra_password=2Ggkr662ifxz2Mg...==`
+
+5. On line 6, if you want to use a specific TLS/SSL certificate, then replace `<SSL key store file location>` with the location of the TLS/SSL certificate. If a value is not provided, the JDK certificate installed at <JAVA_HOME>/jre/lib/security/cacerts is used.
+
+6. If you changed line 6 to use a specific TLS/SSL certificate, update line 7 to use the password for that certificate.
+
+7. Save the *config.properties* file.
+
+## Run the Java app
+
+1. In the git terminal window, `cd` to the `azure-cosmosdb-cassandra-java-getting-started` folder.
+
+ ```git
+ cd "C:\git-samples\azure-cosmosdb-cassandra-java-getting-started"
+ ```
+
+2. In the git terminal window, use the following command to generate the `cosmosdb-cassandra-examples.jar` file.
+
+ ```git
+ mvn clean install
+ ```
+
+3. In the git terminal window, run the following command to start the Java application.
+
+ ```git
+ java -cp target/cosmosdb-cassandra-examples.jar com.azure.cosmosdb.cassandra.examples.UserProfile
+ ```
+
+ The terminal window displays notifications that the keyspace and table are created. It then selects and returns all users in the table and displays the output, and then selects a row by ID and displays the value.
+
+ Press Ctrl+C to stop execution of the program and close the console window.
+
+4. In the Azure portal, open **Data Explorer** to query, modify, and work with this new data.
+
+ :::image type="content" source="./media/manage-data-java/view-data-explorer-java-app.png" alt-text="View the data in Data Explorer - Azure Cosmos DB":::
+
+## Review SLAs in the Azure portal
++
+## Clean up resources
++
+## Next steps
+
+In this quickstart, you learned how to create an Azure Cosmos DB account with Cassandra API, and run a Cassandra Java app that creates a Cassandra database and container. You can now import additional data into your Azure Cosmos DB account.
+
+> [!div class="nextstepaction"]
+> [Import Cassandra data into Azure Cosmos DB](migrate-data.md)
cosmos-db Manage Data Nodejs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/cassandra/manage-data-nodejs.md
+
+ Title: 'Quickstart: Cassandra API with Node.js - Azure Cosmos DB'
+description: This quickstart shows how to use the Azure Cosmos DB Cassandra API to create a profile application with Node.js
++++
+ms.devlang: nodejs
+ Last updated : 02/10/2021++
+# Quickstart: Build a Cassandra app with Node.js SDK and Azure Cosmos DB
+
+> [!div class="op_single_selector"]
+> * [.NET](manage-data-dotnet.md)
+> * [.NET Core](manage-data-dotnet-core.md)
+> * [Java v3](manage-data-java.md)
+> * [Java v4](manage-data-java-v4-sdk.md)
+> * [Node.js](manage-data-nodejs.md)
+> * [Python](manage-data-python.md)
+> * [Golang](manage-data-go.md)
+>
+
+In this quickstart, you create an Azure Cosmos DB Cassandra API account, and use a Cassandra Node.js app cloned from GitHub to create a Cassandra database and container. Azure Cosmos DB is a multi-model database service that lets you quickly create and query document, table, key-value, and graph databases with global distribution and horizontal scale capabilities.
+
+## Prerequisites
++
+In addition, you need:
+* [Node.js](https://nodejs.org/dist/v0.10.29/x64/node-v0.10.29-x64.msi) version v0.10.29 or higher
+* [Git](https://git-scm.com/)
+
+## Create a database account
+
+Before you can create a document database, you need to create a Cassandra account with Azure Cosmos DB.
++
+## Clone the sample application
+
+Now let's clone a Cassandra API app from GitHub, set the connection string, and run it. You see how easy it is to work with data programmatically.
+
+1. Open a command prompt. Create a new folder named `git-samples`. Then, close the command prompt.
+
+ ```bash
+ md "C:\git-samples"
+ ```
+
+2. Open a git terminal window, such as git bash. Use the `cd` command to change to the new folder to install the sample app.
+
+ ```bash
+ cd "C:\git-samples"
+ ```
+
+3. Run the following command to clone the sample repository. This command creates a copy of the sample app on your computer.
+
+ ```bash
+ git clone https://github.com/Azure-Samples/azure-cosmos-db-cassandra-nodejs-getting-started.git
+ ```
+
+1. Install the Node.js dependencies with npm.
+
+ ```bash
+ npm install
+ ```
+
+## Review the code
+
+This step is optional. If you're interested to learn how the code creates the database resources, you can review the following snippets. The snippets are all taken from the `uprofile.js` file in the `C:\git-samples\azure-cosmos-db-cassandra-nodejs-getting-started` folder. Otherwise, you can skip ahead to [Update your connection string](#update-your-connection-string).
+
+* The username and password values were set using the connection string page in the Azure portal.
+
+ ```javascript
+ let authProvider = new cassandra.auth.PlainTextAuthProvider(
+ config.username,
+ config.password
+ );
+ ```
+
+* The `client` is initialized with contactPoint information. The contactPoint is retrieved from the Azure portal.
+
+ ```javascript
+ let client = new cassandra.Client({
+ contactPoints: [`${config.contactPoint}:10350`],
+ authProvider: authProvider,
+ localDataCenter: config.localDataCenter,
+ sslOptions: {
+ secureProtocol: "TLSv1_2_method"
+ },
+ });
+ ```
+
+* The `client` connects to the Azure Cosmos DB Cassandra API.
+
+ ```javascript
+ client.connect();
+ ```
+
+* A new keyspace is created.
+
+ ```javascript
+ var query =
+ `CREATE KEYSPACE IF NOT EXISTS ${config.keySpace} WITH replication = {'class': 'NetworkTopologyStrategy', 'datacenter' : '1' }`;
+ await client.execute(query);
+ }
+ ```
+
+* A new table is created.
+
+ ```javascript
+ query =
+ `CREATE TABLE IF NOT EXISTS ${config.keySpace}.user (user_id int PRIMARY KEY, user_name text, user_bcity text)`;
+ await client.execute(query);
+ },
+ ```
+
+* Key/value entities are inserted.
+
+ ```javascript
+ const arr = [
+ `INSERT INTO ${config.keySpace}.user (user_id, user_name , user_bcity) VALUES (1, 'AdrianaS', 'Seattle')`,
+ `INSERT INTO ${config.keySpace}.user (user_id, user_name , user_bcity) VALUES (2, 'JiriK', 'Toronto')`,
+ `INSERT INTO ${config.keySpace}.user (user_id, user_name , user_bcity) VALUES (3, 'IvanH', 'Mumbai')`,
+ `INSERT INTO ${config.keySpace}.user (user_id, user_name , user_bcity) VALUES (4, 'IvanH', 'Seattle')`,
+ `INSERT INTO ${config.keySpace}.user (user_id, user_name , user_bcity) VALUES (5, 'IvanaV', 'Belgaum')`,
+ `INSERT INTO ${config.keySpace}.user (user_id, user_name , user_bcity) VALUES (6, 'LiliyaB', 'Seattle')`,
+ `INSERT INTO ${config.keySpace}.user (user_id, user_name , user_bcity) VALUES (7, 'JindrichH', 'Buenos Aires')`,
+ `INSERT INTO ${config.keySpace}.user (user_id, user_name , user_bcity) VALUES (8, 'AdrianaS', 'Seattle')`,
+ `INSERT INTO ${config.keySpace}.user (user_id, user_name , user_bcity) VALUES (9, 'JozefM', 'Seattle')`,
+ ];
+ for (const element of arr) {
+ await client.execute(element);
+ }
+ ```
+
+* Query to get all key values.
+
+ ```javascript
+ query = `SELECT * FROM ${config.keySpace}.user`;
+ const resultSelect = await client.execute(query);
+
+ for (const row of resultSelect.rows) {
+ console.log(
+ "Obtained row: %d | %s | %s ",
+ row.user_id,
+ row.user_name,
+ row.user_bcity
+ );
+ }
+ ```
+
+* Query to get a key-value.
+
+ ```javascript
+ query = `SELECT * FROM ${config.keySpace}.user where user_id=1`;
+ const resultSelectWhere = await client.execute(query);
+
+ for (const row of resultSelectWhere.rows) {
+ console.log(
+ "Obtained row: %d | %s | %s ",
+ row.user_id,
+ row.user_name,
+ row.user_bcity
+ );
+ }
+ ```
+
+* Close connection.
+
+ ```javascript
+ client.shutdown();
+ ```
+
+## Update your connection string
+
+Now go back to the Azure portal to get your connection string information and copy it into the app. The connection string enables your app to communicate with your hosted database.
+
+1. In your Azure Cosmos DB account in the [Azure portal](https://portal.azure.com/), select **Connection String**.
+
+1. Use the :::image type="icon" source="./media/manage-data-nodejs/copy.png"::: button on the right side of the screen to copy the top value, the CONTACT POINT.
+
+ :::image type="content" source="./media/manage-data-nodejs/keys.png" alt-text="View and copy the CONTACT POINT, USERNAME,and PASSWORD from the Azure portal, connection string page":::
+
+1. Open the `config.js` file.
+
+1. Paste the CONTACT POINT value from the portal over `'CONTACT-POINT` on line 9.
+
+ Line 9 should now look similar to
+
+ `contactPoint: "cosmos-db-quickstarts.cassandra.cosmosdb.azure.com",`
+
+1. Copy the USERNAME value from the portal and paste it over `<FillMEIN>` on line 2.
+
+ Line 2 should now look similar to
+
+ `username: 'cosmos-db-quickstart',`
+
+1. Copy the PASSWORD value from the portal and paste it over `USERNAME` on line 8.
+
+ Line 8 should now look similar to
+
+ `password: '2Ggkr662ifxz2Mg==',`
+
+1. Replace REGION with the Azure region you created this resource in.
+
+1. Save the `config.js` file.
++
+## Run the Node.js app
+
+1. In the terminal window, ensure you are in the sample directory you cloned earlier:
+
+ ```bash
+ cd azure-cosmos-db-cassandra-nodejs-getting-started
+ ```
+
+1. Run your node application:
+
+ ```bash
+ npm start
+ ```
+
+4. Verify the results as expected from the command line.
+
+ :::image type="content" source="./media/manage-data-nodejs/output.png" alt-text="View and verify the output":::
+
+ Press CTRL+C to stop execution of the program and close the console window.
+
+5. In the Azure portal, open **Data Explorer** to query, modify, and work with this new data.
+
+ :::image type="content" source="./media/manage-data-nodejs/data-explorer.png" alt-text="View the data in Data Explorer":::
+
+## Review SLAs in the Azure portal
++
+## Clean up resources
++
+## Next steps
+
+In this quickstart, you learned how to create an Azure Cosmos DB account with Cassandra API, and run a Cassandra Node.js app that creates a Cassandra database and container. You can now import additional data into your Azure Cosmos DB account.
+
+> [!div class="nextstepaction"]
+> [Import Cassandra data into Azure Cosmos DB](migrate-data.md)
cosmos-db Manage Data Python https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/cassandra/manage-data-python.md
+
+ Title: 'Quickstart: Cassandra API with Python - Azure Cosmos DB'
+description: This quickstart shows how to use the Azure Cosmos DB's Apache Cassandra API to create a profile application with Python.
++++
+ms.devlang: python
+ Last updated : 08/13/2020+++
+# Quickstart: Build a Cassandra app with Python SDK and Azure Cosmos DB
+
+> [!div class="op_single_selector"]
+> * [.NET](manage-data-dotnet.md)
+> * [.NET Core](manage-data-dotnet-core.md)
+> * [Java v3](manage-data-java.md)
+> * [Java v4](manage-data-java-v4-sdk.md)
+> * [Node.js](manage-data-nodejs.md)
+> * [Python](manage-data-python.md)
+> * [Golang](manage-data-go.md)
+>
+
+In this quickstart, you create an Azure Cosmos DB Cassandra API account, and use a Cassandra Python app cloned from GitHub to create a Cassandra database and container. Azure Cosmos DB is a multi-model database service that lets you quickly create and query document, table, key-value, and graph databases with global distribution and horizontal scale capabilities.
+
+## Prerequisites
+
+- An Azure account with an active subscription. [Create one for free](https://azure.microsoft.com/free/?ref=microsoft.com&utm_source=microsoft.com&utm_medium=docs&utm_campaign=visualstudio). Or [try Azure Cosmos DB for free](https://azure.microsoft.com/try/cosmosdb/) without an Azure subscription.
+- [Python 2.7 or 3.6+](https://www.python.org/downloads/).
+- [Git](https://git-scm.com/downloads).
+- [Python Driver for Apache Cassandra](https://github.com/datastax/python-driver).
+
+## Create a database account
+
+Before you can create a document database, you need to create a Cassandra account with Azure Cosmos DB.
++
+## Clone the sample application
+
+Now let's clone a Cassandra API app from GitHub, set the connection string, and run it. You see how easy it is to work with data programmatically.
+
+1. Open a command prompt. Create a new folder named `git-samples`. Then, close the command prompt.
+
+ ```bash
+ md "C:\git-samples"
+ ```
+
+2. Open a git terminal window, such as git bash, and use the `cd` command to change to the new folder to install the sample app.
+
+ ```bash
+ cd "C:\git-samples"
+ ```
+
+3. Run the following command to clone the sample repository. This command creates a copy of the sample app on your computer.
+
+ ```bash
+ git clone https://github.com/Azure-Samples/azure-cosmos-db-cassandra-python-getting-started.git
+ ```
+
+## Review the code
+
+This step is optional. If you're interested to learn how the code creates the database resources, you can review the following snippets. The snippets are all taken from the *pyquickstart.py* file. Otherwise, you can skip ahead to [Update your connection string](#update-your-connection-string).
+
+* The `cluster` is initialized with `contactPoint` and `port` information that is retrieved from the Azure portal. The `cluster` then connects to the Azure Cosmos DB Cassandra API by using the `connect()` method. An authorized connection is established by using the username, password, and the default certificate or an explicit certificate if you provide one within the config file.
+
+ :::code language="python" source="~/cosmosdb-cassandra-python-sample/pyquickstart.py" id="authenticateAndConnect":::
+
+* A new keyspace is created.
+
+ :::code language="python" source="~/cosmosdb-cassandra-python-sample/pyquickstart.py" id="createKeyspace":::
+
+* A new table is created.
+
+ :::code language="python" source="~/cosmosdb-cassandra-python-sample/pyquickstart.py" id="createTable":::
+
+* Key/value entities are inserted.
+
+ :::code language="python" source="~/cosmosdb-cassandra-python-sample/pyquickstart.py" id="insertData":::
+
+* Query to get all key values.
+
+ :::code language="python" source="~/cosmosdb-cassandra-python-sample/pyquickstart.py" id="queryAllItems":::
+
+* Query to get a key-value.
+
+ :::code language="python" source="~/cosmosdb-cassandra-python-sample/pyquickstart.py" id="queryByID":::
+
+## Update your connection string
+
+Now go back to the Azure portal to get your connection string information and copy it into the app. The connection string enables your app to communicate with your hosted database.
+
+1. In your Azure Cosmos DB account in the [Azure portal](https://portal.azure.com/), select **Connection String**.
+
+1. Use the :::image type="icon" source="./media/manage-data-python/copy.png"::: button on the right side of the screen to copy the top value, the CONTACT POINT.
+
+ :::image type="content" source="./media/manage-data-python/keys.png" alt-text="View and copy an access user name, password and contact point in the Azure portal, connection string blade":::
+
+1. Open the *config.py* file.
+
+1. Paste the CONTACT POINT value from the portal over `<FILLME>` on line 10.
+
+ Line 10 should now look similar to
+
+ `'contactPoint': 'cosmos-db-quickstarts.cassandra.cosmosdb.azure.com:10350'`
+
+1. Copy the USERNAME value from the portal and paste it over `<FILLME>` on line 6.
+
+ Line 6 should now look similar to
+
+ `'username': 'cosmos-db-quickstart',`
+
+1. Copy the PASSWORD value from the portal and paste it over `<FILLME>` on line 8.
+
+ Line 8 should now look similar to
+
+ `'password' = '2Ggkr662ifxz2Mg==`';`
+
+1. Save the *config.py* file.
+
+## Use the X509 certificate
+
+1. Copy the Baltimore CyberTrust Root certificate details from [https://baltimore-cybertrust-root.chain-demos.digicert.com/info/https://docsupdatetracker.net/index.html](https://baltimore-cybertrust-root.chain-demos.digicert.com/info/https://docsupdatetracker.net/index.html) into a text file. Save the file using the file extension *.cer*.
+
+ The certificate has serial number `02:00:00:b9` and SHA1 fingerprint `d4:de:20:d0:5e:66:fc:53:fe:1a:50:88:2c:78:db:28:52:ca:e4:74`.
+
+2. Open *pyquickstart.py* and change the `path\to\cert` to point to your new certificate.
+
+3. Save *pyquickstart.py*.
+
+## Run the Python app
+
+1. Use the cd command in the git terminal to change into the `azure-cosmos-db-cassandra-python-getting-started` folder.
+
+2. Run the following commands to install the required modules:
+
+ ```python
+ python -m pip install cassandra-driver==3.20.2
+ python -m pip install prettytable
+ python -m pip install requests
+ python -m pip install pyopenssl
+ ```
+
+ > [!NOTE]
+ > We recommend Python driver version **3.20.2** for use with Cassandra API. Higher versions may cause errors.
+
+2. Run the following command to start your Python application:
+
+ ```
+ python pyquickstart.py
+ ```
+
+3. Verify the results as expected from the command line.
+
+ Press CTRL+C to stop execution of the program and close the console window.
+
+ :::image type="content" source="./media/manage-data-python/output.png" alt-text="View and verify the output":::
+
+4. In the Azure portal, open **Data Explorer** to query, modify, and work with this new data.
+
+ :::image type="content" source="./media/manage-data-python/data-explorer.png" alt-text="View the data in Data Explorer":::
+
+## Review SLAs in the Azure portal
++
+## Clean up resources
++
+## Next steps
+
+In this quickstart, you learned how to create an Azure Cosmos DB account with Cassandra API, and run a Cassandra Python app that creates a Cassandra database and container. You can now import additional data into your Azure Cosmos DB account.
+
+> [!div class="nextstepaction"]
+> [Import Cassandra data into Azure Cosmos DB](migrate-data.md)
+
cosmos-db Migrate Data Blitzz https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/cassandra/migrate-data-blitzz.md
+
+ Title: Migrate data from Cassandra to Azure Cosmos DB Cassandra API using Blitzz
+description: Learn how to migrate data from Apache Cassandra database to Azure Cosmos DB Cassandra API using Blitzz.
++++ Last updated : 08/21/2019++++
+# Migrate data from Cassandra to Azure Cosmos DB Cassandra API account using Blitzz
+
+Cassandra API in Azure Cosmos DB has become a great choice for enterprise workloads running on Apache Cassandra for a variety of reasons such as:
+
+* **No overhead of managing and monitoring:** It eliminates the overhead of managing and monitoring a myriad of settings across OS, JVM, and yaml files and their interactions.
+
+* **Significant cost savings:** You can save cost with Azure Cosmos DB, which includes the cost of VMΓÇÖs, bandwidth, and any applicable licenses. Additionally, you donΓÇÖt have to manage the data centers, servers, SSD storage, networking, and electricity costs.
+
+* **Ability to use existing code and tools:** Azure Cosmos DB provides wire protocol level compatibility with existing Cassandra SDKs and tools. This compatibility ensures you can use your existing codebase with Azure Cosmos DB Cassandra API with trivial changes.
+
+There are various ways to migrate database workloads from one platform to another. [Blitzz](https://www.blitzz.io) is a tool that offers a secure and reliable way to perform zero downtime migration from a variety of databases to Azure Cosmos DB. This article describes the steps required to migrate data from Apache Cassandra database to Azure Cosmos DB Cassandra API using Blitzz.
+
+## Benefits using Blitzz for migration
+
+BlitzzΓÇÖs migration solution follows a step by step approach to migrate complex operational workloads. The following are some of the key aspects of BlitzzΓÇÖs zero-downtime migration plan:
+
+* It offers automatic migration of business logic (tables, indexes, views) from Apache Cassandra database to Azure Cosmos DB. You donΓÇÖt have to create schemas manually.
+
+* Blitzz offers high-volume and parallel database replication. It enables both the source and target platforms to be in-sync during the migration by using a technique called Change-Data-Capture (CDC). By using CDC, Blitzz continuously pulls a stream of changes from the source database(Apache Cassandra) and applies it to the destination database(Azure Cosmos DB).
+
+* It is fault-tolerant and provides exactly once delivery of data even during a hardware or software failure in the system.
+
+* It secures the data during transit using a variety of security methodologies like TLS, encryption.
+
+## Steps to migrate data
+
+This section describes the steps required to set up Blitzz and migrates data from Apache Cassandra database to Azure Cosmos DB.
+
+1. From the computer where you plan to install the Blitzz replicant, add a security certificate. This certificate is required by the Blitzz replicant to establish a TLS connection with the specified Azure Cosmos DB account. You can add the certificate with the following steps:
+
+ ```bash
+ wget https://cacert.omniroot.com/bc2025.crt
+ mv bc2025.crt bc2025.cer
+ keytool -keystore $JAVA_HOME/lib/security/cacerts -importcert -alias bc2025ca -file bc2025.cer
+ ```
+
+1. You can get the Blitzz installation and the binary files either by requesting a demo on the [Blitzz website](https://www.blitzz.io). Alternatively, you can also send an [email](mailto:success@blitzz.io) to the team.
+
+ :::image type="content" source="./media/migrate-data-blitzz/blitzz-replicant-download.png" alt-text="Blitzz replicant tool download":::
+
+ :::image type="content" source="./media/migrate-data-blitzz/replicant-files.png" alt-text="Blitzz replicant files":::
+
+1. From the CLI terminal, set up the source database configuration. Open the configuration file using **`vi conf/conn/cassandra.yml`** command and add a comma-separated list of IP addresses of the Cassandra nodes, port number, username, password, and any other required details. The following is an example of contents in the configuration file:
+
+ ```bash
+ type: CASSANDRA
+
+ host: 172.17.0.2
+ port: 9042
+
+ username: 'cassandra'
+ password: 'cassandra'
+
+ max-connections: 30
+
+ ```
+
+ :::image type="content" source="./media/migrate-data-blitzz/open-connection-editor-cassandra.png" alt-text="Open Cassandra connection editor":::
+
+ :::image type="content" source="./media/migrate-data-blitzz/cassandra-connection-configuration.png" alt-text="Cassandra connection configuration":::
+
+ After filling out the configuration details, save and close the file.
+
+1. Optionally, you can set up the source database filter file. The filter file specifies which schemas or tables to migrate. Open the configuration file using **`vi filter/cassandra_filter.yml`** command and enter the following configuration details:
+
+ ```bash
+
+ allow:
+ - schema: ΓÇ£io_blitzzΓÇ¥
+ Types: [TABLE]
+ ```
+
+ After filling out the database filter details, save and close the file.
+
+1. Next you will set up the destination database configuration. Before you define the configuration, [create an Azure Cosmos DB Cassandra API account](manage-data-dotnet.md#create-a-database-account) and then create a Keyspace, and a table to store the migrated data. Because you are migrating from Apache Cassandra to Cassandra API in Azure Cosmos DB, you can use the same partition key that you have used with Apache cassandra.
+
+1. Before migrating the data, increase the container throughput to the amount required for your application to migrate quickly. For example, you can increase the throughput to 100000 RUs. Scaling the throughput before starting the migration will help you to migrate your data in less time.
+
+ :::image type="content" source="./media/migrate-data-blitzz/scale-throughput.png" alt-text="Scale Azure Cosmos container throughout":::
+
+ Decrease the throughput after the migration is complete. Based on the amount of data stored and RUs required for each operation, you can estimate the throughput required after data migration. To learn more on how to estimate the RUs required, see [Provision throughput on containers and databases](../set-throughput.md) and [Estimate RU/s using the Azure Cosmos DB capacity planner](../estimate-ru-with-capacity-planner.md) articles.
+
+1. Get the **Contact Point, Port, Username**, and **Primary Password** of your Azure Cosmos account from the **Connection String** pane. You will use these values in the configuration file.
+
+1. From the CLI terminal, set up the destination database configuration. Open the configuration file using **`vi conf/conn/cosmosdb.yml`** command and add a comma-separated list of host URI, port number, username, password, and other required parameters. The following example shows the contents of the configuration file:
+
+ ```bash
+ type: COSMOSDB
+
+ host: '<Azure Cosmos accountΓÇÖs Contact point>'
+ port: 10350
+
+ username: 'blitzzdemo'
+ password: '<Your Azure Cosmos accountΓÇÖs primary password>'
+
+ max-connections: 30
+ ```
+
+1. Next migrate the data using Blitzz. You can run the Blizz replicant in **full** or **snapshot** mode:
+
+ * **Full mode** ΓÇô In this mode, the replicant continues to run after migration and it listens for any changes on the source Apache Cassandra system. If it detects any changes, they are replicated on the target Azure Cosmos account in real time.
+
+ * **Snapshot mode** ΓÇô In this mode, you can perform schema migration and one-time data replication. Real-time replication isnΓÇÖt supported with this option.
+
+ By using the above two modes, migration can be performed with zero downtime.
+
+1. To migrate data, from the Blitzz replicant CLI terminal, run the following command:
+
+ ```bash
+ ./bin/replicant full conf/conn/cassandra.yaml conf/conn/cosmosdb.yaml --filter filter/cassandra_filter.yaml --replace-existing
+ ```
+
+ The replicant UI shows the replication progress. Once the schema migration and snapshot operation are done, the progress shows 100%. After the migration is complete, you can validate the data on the target Azure Cosmos database.
+
+ :::image type="content" source="./media/migrate-data-blitzz/cassandra-data-migration-output.png" alt-text="Cassandra data migration output":::
++
+1. Because you have used full mode for migration, you can perform operations such as insert, update, or delete data on the source Apache Cassandra database. Later validate that they are replicated real time on the target Azure Cosmos database. After the migration, make sure to decrease the throughput configured for your Azure Cosmos container.
+
+1. You can stop the replicant any point and restart it with **--resume** switch. The replication resumes from the point it has stopped without compromising on data consistency. The following command shows how to use the resume switch.
+
+ ```bash
+ ./bin/replicant full conf/conn/cassandra.yaml conf/conn/cosmosdb.yaml --filter filter/cassandra_filter.yaml --replace-existing --resume
+ ```
+
+To learn more on the data migration to destination, real-time migration, see the [Blitzz replicant demo](https://www.youtube.com/watch?v=fsUhF9LUZmM).
+
+## Next steps
+
+* [Provision throughput on containers and databases](../set-throughput.md)
+* [Partition key best practices](../partitioning-overview.md#choose-partitionkey)
+* [Estimate RU/s using the Azure Cosmos DB capacity planner](../estimate-ru-with-capacity-planner.md) articles
cosmos-db Migrate Data Databricks https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/cassandra/migrate-data-databricks.md
+
+ Title: Migrate data from Apache Cassandra to the Azure Cosmos DB Cassandra API by using Databricks (Spark)
+description: Learn how to migrate data from an Apache Cassandra database to the Azure Cosmos DB Cassandra API by using Azure Databricks and Spark.
++++ Last updated : 03/10/2021++++
+# Migrate data from Cassandra to an Azure Cosmos DB Cassandra API account by using Azure Databricks
+
+Cassandra API in Azure Cosmos DB has become a great choice for enterprise workloads running on Apache Cassandra for several reasons:
+
+* **No overhead of managing and monitoring:** It eliminates the overhead of managing and monitoring settings across OS, JVM, and YAML files and their interactions.
+
+* **Significant cost savings:** You can save costs with the Azure Cosmos DB, which includes the cost of VMs, bandwidth, and any applicable licenses. You don't have to manage datacenters, servers, SSD storage, networking, and electricity costs.
+
+* **Ability to use existing code and tools:** The Azure Cosmos DB provides wire protocol-level compatibility with existing Cassandra SDKs and tools. This compatibility ensures that you can use your existing codebase with the Azure Cosmos DB Cassandra API with trivial changes.
+
+There are many ways to migrate database workloads from one platform to another. [Azure Databricks](https://azure.microsoft.com/services/databricks/) is a platform as a service (PaaS) offering for [Apache Spark](https://spark.apache.org/) that offers a way to perform offline migrations on a large scale. This article describes the steps required to migrate data from native Apache Cassandra keyspaces and tables into the Azure Cosmos DB Cassandra API by using Azure Databricks.
+
+## Prerequisites
+
+* [Provision an Azure Cosmos DB Cassandra API account](manage-data-dotnet.md#create-a-database-account).
+
+* [Review the basics of connecting to an Azure Cosmos DB Cassandra API](connect-spark-configuration.md).
+
+* Review the [supported features in the Azure Cosmos DB Cassandra API](cassandra-support.md) to ensure compatibility.
+
+* Ensure you've already created empty keyspaces and tables in your target Azure Cosmos DB Cassandra API account.
+
+* [Use cqlsh or hosted shell for validation](cassandra-support.md#hosted-cql-shell-preview).
+
+## Provision an Azure Databricks cluster
+
+You can follow instructions to [provision an Azure Databricks cluster](/azure/databricks/scenarios/quickstart-create-databricks-workspace-portal). We recommend selecting Databricks runtime version 7.5, which supports Spark 3.0.
++
+## Add dependencies
+
+You need to add the Apache Spark Cassandra Connector library to your cluster to connect to both native and Azure Cosmos DB Cassandra endpoints. In your cluster, select **Libraries** > **Install New** > **Maven**, and then add `com.datastax.spark:spark-cassandra-connector-assembly_2.12:3.0.0` in Maven coordinates.
++
+Select **Install**, and then restart the cluster when installation is complete.
+
+> [!NOTE]
+> Make sure that you restart the Databricks cluster after the Cassandra Connector library has been installed.
+
+## Create Scala Notebook for migration
+
+Create a Scala Notebook in Databricks. Replace your source and target Cassandra configurations with the corresponding credentials, and source and target keyspaces and tables. Then run the following code:
+
+```scala
+import com.datastax.spark.connector._
+import com.datastax.spark.connector.cql._
+import org.apache.spark.SparkContext
+
+// source cassandra configs
+val nativeCassandra = Map(
+ "spark.cassandra.connection.host" -> "<Source Cassandra Host>",
+ "spark.cassandra.connection.port" -> "9042",
+ "spark.cassandra.auth.username" -> "<USERNAME>",
+ "spark.cassandra.auth.password" -> "<PASSWORD>",
+ "spark.cassandra.connection.ssl.enabled" -> "false",
+ "keyspace" -> "<KEYSPACE>",
+ "table" -> "<TABLE>"
+)
+
+//target cassandra configs
+val cosmosCassandra = Map(
+ "spark.cassandra.connection.host" -> "<USERNAME>.cassandra.cosmos.azure.com",
+ "spark.cassandra.connection.port" -> "10350",
+ "spark.cassandra.auth.username" -> "<USERNAME>",
+ "spark.cassandra.auth.password" -> "<PASSWORD>",
+ "spark.cassandra.connection.ssl.enabled" -> "true",
+ "keyspace" -> "<KEYSPACE>",
+ "table" -> "<TABLE>",
+ //throughput related settings below - tweak these depending on data volumes.
+ "spark.cassandra.output.batch.size.rows"-> "1",
+ "spark.cassandra.output.concurrent.writes" -> "1000",
+ //"spark.cassandra.connection.remoteConnectionsPerExecutor" -> "1", // Spark 3.x
+ "spark.cassandra.connection.connections_per_executor_max"-> "1", // Spark 2.x
+ "spark.cassandra.concurrent.reads" -> "512",
+ "spark.cassandra.output.batch.grouping.buffer.size" -> "1000",
+ "spark.cassandra.connection.keep_alive_ms" -> "600000000"
+)
+
+//Read from native Cassandra
+val DFfromNativeCassandra = sqlContext
+ .read
+ .format("org.apache.spark.sql.cassandra")
+ .options(nativeCassandra)
+ .load
+
+//Write to CosmosCassandra
+DFfromNativeCassandra
+ .write
+ .format("org.apache.spark.sql.cassandra")
+ .options(cosmosCassandra)
+ .mode(SaveMode.Append) // only required for Spark 3.x
+ .save
+```
+
+> [!NOTE]
+> The `spark.cassandra.output.batch.size.rows` and `spark.cassandra.output.concurrent.writes` values and the number of workers in your Spark cluster are important configurations to tune in order to avoid [rate limiting](/samples/azure-samples/azure-cosmos-cassandra-extensions-java-sample-v4/azure-cosmos-cassandra-extensions-java-sample-v4/). Rate limiting happens when requests to Azure Cosmos DB exceed provisioned throughput or [request units](../request-units.md) (RUs). You might need to adjust these settings, depending on the number of executors in the Spark cluster and potentially the size (and therefore RU cost) of each record being written to the target tables.
+
+## Troubleshoot
+
+### Rate limiting (429 error)
+
+You might see a 429 error code or "request rate is large" error text even if you reduced settings to their minimum values. The following scenarios can cause rate limiting:
+
+* **Throughput allocated to the table is less than 6,000 [request units](../request-units.md)**. Even at minimum settings, Spark can write at a rate of around 6,000 request units or more. If you have provisioned a table in a keyspace with shared throughput, it's possible that this table has fewer than 6,000 RUs available at runtime.
+
+ Ensure that the table you are migrating to has at least 6,000 RUs available when you run the migration. If necessary, allocate dedicated request units to that table.
+
+* **Excessive data skew with large data volume**. If you have a large amount of data to migrate into a given table but have a significant skew in the data (that is, a large number of records being written for the same partition key value), then you might still experience rate limiting even if you have several [request units](../request-units.md) provisioned in your table. Request units are divided equally among physical partitions, and heavy data skew can cause a bottleneck of requests to a single partition.
+
+ In this scenario, reduce to minimal throughput settings in Spark and force the migration to run slowly. This scenario can be more common when you're migrating reference or control tables, where access is less frequent and skew can be high. However, if a significant skew is present in any other type of table, you might want to review your data model to avoid hot partition issues for your workload during steady-state operations.
+
+## Next steps
+
+* [Provision throughput on containers and databases](../set-throughput.md)
+* [Partition key best practices](../partitioning-overview.md#choose-partitionkey)
+* [Estimate RU/s using the Azure Cosmos DB capacity planner](../estimate-ru-with-capacity-planner.md)
+* [Elastic Scale in Azure Cosmos DB Cassandra API](scale-account-throughput.md)
cosmos-db Migrate Data Striim https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/cassandra/migrate-data-striim.md
+
+ Title: Migrate data to Azure Cosmos DB Cassandra API account using Striim
+description: Learn how to use Striim to migrate data from an Oracle database to an Azure Cosmos DB Cassandra API account.
++++ Last updated : 07/22/2019++++
+# Migrate data to Azure Cosmos DB Cassandra API account using Striim
+
+The Striim image in the Azure marketplace offers continuous real-time data movement from data warehouses and databases to Azure. While moving the data, you can perform in-line denormalization, data transformation, enable real-time analytics, and data reporting scenarios. ItΓÇÖs easy to get started with Striim to continuously move enterprise data to Azure Cosmos DB Cassandra API. Azure provides a marketplace offering that makes it easy to deploy Striim and migrate data to Azure Cosmos DB.
+
+This article shows how to use Striim to migrate data from an **Oracle database** to an **Azure Cosmos DB Cassandra API account**.
+
+## Prerequisites
+
+* If you don't have an [Azure subscription](../../guides/developer/azure-developer-guide.md#understanding-accounts-subscriptions-and-billing), create a [free account](https://azure.microsoft.com/free/?ref=microsoft.com&utm_source=microsoft.com&utm_medium=docs&utm_campaign=visualstudio) before you begin.
+
+* An Oracle database running on-premises with some data in it.
+
+## Deploy the Striim marketplace solution
+
+1. Sign into the [Azure portal](https://portal.azure.com/).
+
+1. Select **Create a resource** and search for **Striim** in the Azure marketplace. Select the first option and **Create**.
+
+ :::image type="content" source="../media/cosmosdb-sql-api-migrate-data-striim/striim-azure-marketplace.png" alt-text="Find Striim marketplace item":::
+
+1. Next, enter the configuration properties of the Striim instance. The Striim environment is deployed in a virtual machine. From the **Basics** pane, enter the **VM user name**, **VM password** (this password is used to SSH into the VM). Select your **Subscription**, **Resource Group**, and **Location details** where youΓÇÖd like to deploy Striim. Once complete, select **OK**.
+
+ :::image type="content" source="../media/cosmosdb-sql-api-migrate-data-striim/striim-configure-basic-settings.png" alt-text="Configure basic settings for Striim":::
++
+1. In the **Striim Cluster settings** pane, choose the type of Striim deployment and the virtual machine size.
+
+ |Setting | Value | Description |
+ | | | |
+ |Striim deployment type |Standalone | Striim can run in a **Standalone** or **Cluster** deployment types. Standalone mode will deploy the Striim server on a single virtual machine and you can select the size of the VMs depending on your data volume. Cluster mode will deploy the Striim server on two or more VMs with the selected size. Cluster environments with more than 2 nodes offer automatic high availability and failover.</br></br> In this tutorial, you can select Standalone option. Use the default ΓÇ