Updates from: 08/05/2021 03:05:17
Service Microsoft Docs article Related commit history on GitHub Change details
active-directory-b2c Azure Sentinel https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/azure-sentinel.md
+
+ Title: Secure Azure AD B2C with Azure Sentinel
+
+description: This tutorial shows how to perform Security Analytics for Azure AD B2C with Azure Sentinel.
+++++++++ Last updated : 07/19/2021++
+# Tutorial: How to perform security analytics for Azure AD B2C data with Azure Sentinel
+
+You can further secure your Azure AD B2C environment by routing logs and audit information to Azure Sentinel. Azure Sentinel is a cloud-native **Security Information Event Management (SIEM) and Security Orchestration Automated Response (SOAR)** solution. Azure Sentinel provides alert detection, threat visibility, proactive hunting, and threat response for **Azure AD B2C**.
+
+By utilizing Azure Sentinel in conjunction with Azure AD B2C, you can:
+
+- Detect previously undetected threats, and minimize false positives using Microsoft's analytics and unparalleled threat intelligence.
+- Investigate threats with artificial intelligence, and hunt for suspicious activities at scale, tapping into years of cyber security work at Microsoft.
+- Respond to incidents rapidly with built-in orchestration and automation of common tasks.
+- Meet security and compliance requirements for your organization.
+
+In this tutorial, youΓÇÖll learn:
+
+1. How to transfer the B2C logs to Azure Monitor Logs workspace.
+1. Enable **Azure Sentinel** on a Log Analytics workspace.
+1. Create a sample rule in Sentinel that will trigger an incident.
+1. And lastly, configure some automated response.
+
+## Configure AAD B2C with Azure Monitor Logs Analytics
+
+The next steps will take through the process to enable **_Diagnostic settings_** in Azure Active Directory within your Azure AD B2C tenant.
+Diagnostic settings define where logs and metrics for a resource should be sent.
+
+Follow steps **1 to 5** of the [Monitor Azure AD B2C with Azure monitor](./azure-monitor.md) to configure Azure AD B2C to send logs to Azure Monitor.
+
+## Deploy an Azure Sentinel instance
+
+> [!IMPORTANT]
+> To enable Azure Sentinel, you need **contributor permissions** to the subscription in which the Azure Sentinel workspace resides. To use Azure Sentinel, you need either contributor or reader permissions on the resource group that the workspace belongs to.
+
+Once you've configured your Azure AD B2C instance to send logs to Azure Monitor, you need to enable an Azure Sentinel instance.
+
+1. Sign into the Azure portal. Make sure that the subscription where the LA (log analytics) is workspace created in the previous step is selected.
+
+2. Search for and select **Azure Sentinel**.
+
+3. Select **Add**.
+
+ :::image type="content" source="./media/azure-sentinel/azure-sentinel-add.png" alt-text="search for Azure Sentinel in the Azure portal":::
+
+4. Select the workspace used in the previous step.
+
+ :::image type="content" source="./media/azure-sentinel/create-new-workspace.png" alt-text="select the sentinel workspace":::
+
+5. Select **Add Azure Sentinel**.
+
+ > [!NOTE]
+ > You can run Azure Sentinel on more than one workspace, but the data is isolated to a single workspace. For additional details on enabling Sentinel, please see this [QuickStart](../sentinel/quickstart-onboard.md).
+
+## Create a sentinel rule
+
+> [!NOTE]
+> Azure Sentinel provides out-of-the-box, built-in templates to help you create threat detection rules designed by Microsoft's team of security experts and analysts. Rules created from these templates automatically search across your data for any suspicious activity. Because today there is no native Azure AD B2C connector we will not use native rules in our example. For this tutorial we will create our own rule.
+
+Now that you've enabled Sentinel you'll want to be notified when something suspicious occurs in your B2C tenant.
+
+You can create custom analytics rules to help you discover threats and anomalous behaviors that are present in your environment. These rules search for specific events or sets of events, alert you when certain event thresholds or conditions are reached to then generate incidents for further investigation.
+
+> [!NOTE]
+> For a detailed review on Analytic Rules you can see this [Tutorial](../sentinel/tutorial-detect-threats-custom.md).
+
+In our scenario, we want to receive a notification if someone is trying to force access to our environment but they are not successful, this could mean a brute-force attack, we want to get notified for **_2 or more non successful logins within 60 sec_**
+
+1. From the Azure Sentinel navigation menu, select **Analytics**.
+2. In the action bar at the top, select **+Create** and select **Scheduled query rule**. This opens the **Analytics rule wizard**.
+
+ :::image type="content" source="./media/azure-sentinel/create-scheduled-rule.png" alt-text="select create scheduled query rule":::
+
+3. Analytics rule wizard - General tab
+
+ - Provide a unique **Name** and a **Description**
+ - **Name**: _B2C Non-successful logins_ **Description**: _Notify on two or more non-successful logins within 60 sec_
+ - In the **Tactics** field, you can choose from among categories of attacks by which to classify the rule. These are based on the tactics of the [MITRE ATT&CK](https://attack.mitre.org/) framework.
+
+ - For our example, we will choose _PreAttack_
+
+ > [!Tip]
+ > MITRE ATT&CK® is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies.
+
+ - Set the alert **Severity** as appropriate.
+ - As this is our first rule, we will choose _High_. We can makes changes to our rule later
+ - When you create the rule, its **Status** is **Enabled** by default, which means it will run immediately after you finish creating it. If you donΓÇÖt want it to run immediately, select **Disabled**, and the rule will be added to your **Active rules** tab and you can enable it from there when you need it.
+
+ :::image type="content" source="./media/azure-sentinel/create-new-rule.png" alt-text="provide basic rule properties":::
+
+4. Define the rule query logic and configure settings.
+
+ In the **Set rule logic** tab, we will write a query directly in the **Rule query** field. This query will alert you when there are two or more non-successful logins within 60 sec to your B2C tenant and will organize by _UserPrincipalName_
+
+ ```kusto
+ SigninLogs
+ | where ResultType != "0"
+ | summarize Count = count() by bin(TimeGenerated, 60s), UserPrincipalName
+ | project Count = toint(Count), UserPrincipalName
+ | where Count >= 1
+ ```
+
+ :::image type="content" source="./media/azure-sentinel/rule-query.png" alt-text="enter the rule query in the logic tab":::
+
+ In the Query scheduling section, set the following parameters:
+
+ :::image type="content" source="./media/azure-sentinel/query-scheduling.png" alt-text="set query scheduling parameters":::
+
+5. Click Next in **Incident Settings (Preview)** and in **Automated Response**. You will configure and add the Automated Response later.
+
+6. Click Next get to the **Review and create** tab to review all the settings for your new alert rule. When the "Validation passed" message appears, select **Create** to initialize your alert rule.
+
+ :::image type="content" source="./media/azure-sentinel/review-create.png" alt-text="review and create rule":::
+
+7. View the rule and Incidents it generates.
+
+ You can find your newly created custom rule (of type "Scheduled") in the table under the **Active rules** tab on the main **Analytics** screen. From this list you can **_edit_**, **_enable_**, **_disable_**, or **_delete_** rules.
+
+ :::image type="content" source="./media/azure-sentinel/rule-crud.png" alt-text="analytics screen showing options to edit, enable, disable or delete rules":::
+
+ To view the results of our new B2C Non-successful logins rule, go to the **Incidents** page, where you can triage, investigate, and remediate the threats.
+
+ An incident can include multiple alerts. It's an aggregation of all the relevant evidence for a specific investigation. You can set properties such as severity and status at the incident level.
+
+ > [!NOTE]
+ > For detailed review on Incident investigation please see [this Tutorial](../sentinel/tutorial-investigate-cases.md)
+
+ To begin the investigation, select a specific incident. On the right, you can see detailed information for the incident including its severity, entities involved, the raw events that triggered the incident, and the incidentΓÇÖs unique ID.
+
+ :::image type="content" source="./media/azure-sentinel/select-incident.png" alt-text="incident screen":::
+
+ To view more details about the alerts and entities in the incident, select **View full details** in the incident page and review the relevant tabs that summarize the incident information
+
+ :::image type="content" source="./media/azure-sentinel/full-details.png" alt-text="rule 73":::
+
+ To review further details about the incident, you can select **Evidence->Events** or **Events -> Link to Log Analytics**
+
+ The results will display the _UserPrincipalName_ of the identity trying to log in the _number_ of attempts.
+
+ :::image type="content" source="./media/azure-sentinel/logs.png" alt-text="details of selected incident":::
+
+## Automated response
+
+Azure Sentinel also provides a robust SOAR capability; additional information can be found at the official Sentinel documentation [here](../sentinel/automation-in-azure-sentinel.md).
+
+Automated actions, called a playbook in Sentinel can be attached to Analytics rules to suit your requirements.
+
+In our example, we are going to add an Email notification upon an incident created by our rule.
+
+To accomplish our task, we will use an existing Playbook from the Sentinel GitHub repository [Incident-Email-Notification](https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Incident-Email-Notification)
+
+Once the Playbook is configured, you'll have to just edit the existing rule and select the playbook into the Automation tab:
++
+## Next steps
+
+- Because no rule is perfect, if needed you can update the rule query to exclude false positives. For more information, see [Handle false positives in Azure Sentinel](../sentinel/false-positives.md)
+
+- To help with data analysis and creation of rich visual reports, choose and download from a gallery of expertly created workbooks that surface insights based on your data. [These workbooks](https://github.com/azure-ad-b2c/siem#workbooks) can be easily customized to your needs.
+
+- Learn more about Sentinel in the [Azure Sentinel documentation](../sentinel/index.yml)
active-directory-b2c Configure Authentication Sample Python Web App https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/configure-authentication-sample-python-web-app.md
+
+ Title: Configure authentication in a sample Python web application using Azure Active Directory B2C
+description: Using Azure Active Directory B2C to sign in and sign up users in a Python web application.
++++++ Last updated : 06/11/2021+++++
+# Configure authentication in a sample Python web application using Azure Active Directory B2C
+
+This article uses a sample Python web application to illustrate how to add Azure Active Directory B2C (Azure AD B2C) authentication to your web applications.
++
+## Overview
+
+OpenID Connect (OIDC) is an authentication protocol built on OAuth 2.0 that you can use to securely sign a user in to an application. This web app sample uses [MSAL for Python](https://github.com/AzureAD/microsoft-authentication-library-for-python). The MSAL for Python simplifies adding authentication and authorization support to Python web apps.
+
+The sign-in flow involves following steps:
+
+1. User navigates to the web app and select **Sign-in**.
+1. The app initiates authentication request, and redirects the user to Azure AD B2C.
+1. The user [sign-up or sign-in](add-sign-up-and-sign-in-policy.md), [reset the password](add-password-reset-policy.md), or sign-in with a [social account](add-identity-provider.md).
+1. Upon successful sign-in, Azure AD B2C returns an ID token to the app.
+1. The app exchanges the authorization code to an ID token. Then validates the ID token, reads the claims, and returns a secure page to the user.
++
+### Sign-out
++
+## Prerequisites
+
+A computer that's running either:
+
+* [Visual Studio Code](https://code.visualstudio.com/) or another code editor
+* [Python](https://nodejs.org/en/download/) 2.7+ or 3+
+
+## Step 1: Configure your user flow
++
+## Step 2: Register a web application
+
+To enable your application to sign in with Azure AD B2C, register your app in the Azure AD B2C directory. Registering your app establishes a trust relationship between the app and Azure AD B2C.
+
+During app registration, you'll specify the **Redirect URI**. The redirect URI is the endpoint to which the user is redirected by Azure AD B2C after they authenticate with Azure AD B2C. The app registration process generates an **Application ID**, also known as the **client ID**, that uniquely identifies your app. Once your app is registered, Azure AD B2C will use both the application ID and redirect URI to create authentication requests.
+
+### 2.1 Register the app
+
+Follow these steps to create the app registration:
+
+1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Select the **Directory + Subscription** icon in the portal toolbar, and then select the directory that contains your Azure AD B2C tenant.
+1. In the Azure portal, search for and select **Azure AD B2C**.
+1. Select **App registrations**, and then select **New registration**.
+1. Enter a **Name** for the application. For example, *webapp1*.
+1. Under **Supported account types**, select **Accounts in any identity provider or organizational directory (for authenticating users with user flows)**.
+1. Under **Redirect URI**, select **Web**, and then enter `http://localhost:5000/getAToken` in the URL text box.
+1. Under **Permissions**, select the **Grant admin consent to openid and offline access permissions** check box.
+1. Select **Register**.
+1. Select **Overview**.
+1. Record the **Application (client) ID** for use in a later step when you configure the web application.
+
+ ![Get your application ID](./media/configure-authentication-sample-python-web-app/get-azure-ad-b2c-app-id.png)
++
+### 2.2 Create a web app client secret
++
+## Step 3: Get the web app sample
+
+[Download the zip file](https://github.com/Azure-Samples/ms-identity-python-webapp/archive/master.zip), or clone the sample web application from GitHub.
+
+```bash
+git clone https://github.com/Azure-Samples/ms-identity-python-webapp.git
+```
+
+Extract the sample file to a folder where the total character length of the path is less than 260.
+
+## Step 4: Configure the sample application
+
+In the project's root directory:
+
+1. Rename the *app_config.py* file to *app_config.py.OLD*
+1. Rename the *app_config_b2c.py* to *app_config.py*
+
+Open the *app_config.py* file. This file contains information about your Azure AD B2C identity provider. Update the following properties of the app settings:
+
+|Key |Value |
+|||
+|`b2c_tenant`| The first part of your Azure AD B2C [tenant name](tenant-management.md#get-your-tenant-name). For example, `contoso`.|
+|`CLIENT_ID`| The web API application ID from [step 2.1](#21-register-the-app).|
+|`CLIENT_SECRET`| The client secret you created in [step 2.2](#22-create-a-web-app-client-secret). For increased security, considering storing it instead in an environment variable as recommended in the comments. |
+|`*_user_flow`|The user flows, or custom policy you created in [step 1](#step-1-configure-your-user-flow).|
+
+Your final configuration file should look like the following Python code:
+
+```python
+import os
+
+b2c_tenant = "contoso"
+signupsignin_user_flow = "B2C_1_signupsignin"
+editprofile_user_flow = "B2C_1_profileediting"
+resetpassword_user_flow = "B2C_1_passwordreset"
+authority_template = "https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{user_flow}"
+
+CLIENT_ID = "11111111-1111-1111-1111-111111111111" # Application (client) ID of app registration
+
+CLIENT_SECRET = "xxxxxxxxxxxxxxxxxxxxxxxx" # Placeholder - for use ONLY during testing.
+```
+
+> [!WARNING]
+> As noted in the code snippet comments, we recommend you **do not store secrets in plaintext** in your application code. The hardcoded variable is used in the code sample for *convenience only*. Consider using an environment variable or a secret store like Azure Key Vault.
++
+## Step 5: Run the sample application
+
+1. In your console or terminal, switch to the directory containing the sample. For example:
+
+ ```console
+ cd ms-identity-python-webapp
+ ```
+1. Run the following commands to install the required packages from PyPi and run the web app on your local machine:
+
+ ```console
+ pip install -r requirements.txt
+ flask run --host localhost --port 5000
+ ```
+
+ The console window displays the port number of the locally running application:
+
+ ```console
+ * Serving Flask app "app" (lazy loading)
+ * Environment: production
+ WARNING: This is a development server. Do not use it in a production deployment.
+ Use a production WSGI server instead.
+ * Debug mode: off
+ * Running on http://localhost:5000/ (Press CTRL+C to quit)
+ ```
+
+
+1. Browse to http://localhost:5000 to view the web application running on your local machine.
+
+1. Select **Sign In**.
+
+ ![Screenshot shows the sign-in with Azure AD B2C.](./media/configure-authentication-sample-python-web-app/web-app-sign-in.png)
++
+1. Complete the sign-up or sign-in process.
+
+1. After successful authentication, you'll see your display name in.
+
+ ![Screenshot demonstrates the web app token's display name claim.](./media/configure-authentication-sample-python-web-app/web-app-token-claims.png)
++
+## Call to a web API
+
+To enable your app to sign in with Azure AD B2C and call a web API, you must register two applications in the Azure AD B2C directory.
+
+- The **web application** (Python) registration you already created in [Step 2](#step-2-register-a-web-application). This app registration enables your app to sign in with Azure AD B2C. The app registration process generates an *Application ID*, also known as the *client ID*, that uniquely identifies your app. For example, **App ID: 1**.
+
+- The **web API** registration enables your app to call a protected web API. The registration exposes the web API permissions (scopes). The app registration process generates an *Application ID* that uniquely identifies your web API. For example, **App ID: 2**. Grant your app (App ID: 1) permissions to the web API scopes (App ID: 2).
+
+The following diagrams describe the app registrations and the application architecture.
+
+![Diagram describes a web app with web API, registrations and tokens.](./media/configure-authentication-sample-python-web-app/web-app-with-api-architecture.png)
++
+### Register the web API application
++
+### Configure scopes
++
+### Grant the web app permissions
++
+### Configure your web API
+
+This sample acquires an access token with the relevant scopes the web app can use to for a web API. To call a web API from code, use an existing web API, or create a new one. For more information, see [Enable authentication in your own web API using Azure AD B2C](enable-authentication-web-api.md).
+
+### Configure the sample application with the web API
+
+Open the *app_config.py* file. This file contains information about your Azure AD B2C identity provider. Update the following properties of the app settings:
+
+|Key |Value |
+|||
+|`ENDPOINT`| The URI of your web API. For example, https://localhost:44332/hello.|
+|`SCOPE`| The web API [scopes](#configure-scopes) you created.|
+
+Your final configuration file should look like the following Python code:
+
+```python
+import os
+
+b2c_tenant = "contoso"
+signupsignin_user_flow = "B2C_1_signupsignin"
+editprofile_user_flow = "B2C_1_profileediting"
+resetpassword_user_flow = "B2C_1_passwordreset"
+authority_template = "https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{user_flow}"
+
+CLIENT_ID = "11111111-1111-1111-1111-111111111111" # Application (client) ID of app registration
+
+CLIENT_SECRET = "xxxxxxxxxxxxxxxxxxxxxxxx" # Placeholder - for use ONLY during testing.
+
+### More code here
+
+# This is the API resource endpoint
+ENDPOINT = 'https://localhost:44332'
++
+SCOPE = ["https://contoso.onmicrosoft.com/api/demo.read", "https://contoso.onmicrosoft.com/api/demo.write"]
+```
+
+### Run the sample application
+
+1. In your console or terminal, switch to the directory containing the sample.
+1. Stop the app and rerun it.
+1. Select **Call Microsoft Graph API**.
+
+ ![Screenshot shows how to call a web API.](./media/configure-authentication-sample-python-web-app/call-web-api.png)
+
+## Deploy your application
+
+In a production application, the app registration redirect URI is typically a publicly accessible endpoint where your app is running, like `https://contoso.com/getAToken`.
+
+You can add and modify redirect URIs in your registered applications at any time. The following restrictions apply to redirect URIs:
+
+* The reply URL must begin with the scheme `https`.
+* The reply URL is case-sensitive. Its case must match the case of the URL path of your running application.
+
+## Next steps
+
+* Learn how to [Configure authentication options in a Python web application using Azure Active Directory B2C](enable-authentication-python-web-app-options.md)
active-directory-b2c Configure Authentication Sample Wpf Desktop App https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/configure-authentication-sample-wpf-desktop-app.md
+
+ Title: Configure authentication in a sample WPF desktop application using Azure Active Directory B2C
+description: Using Azure Active Directory B2C to sign in and sign up users in a WPF desktop application.
++++++ Last updated : 08/04/2021+++++
+# Configure authentication in a sample WPF desktop application using Azure Active Directory B2C
+
+This article uses a sample [WPF desktop](/visualstudio/designers/getting-started-with-wpf.md) application to illustrate how to add Azure Active Directory B2C (Azure AD B2C) authentication to your desktop apps.
+
+## Overview
+
+OpenID Connect (OIDC) is an authentication protocol built on OAuth 2.0, which you can securely use to sign-in a user to an application. This desktop app sample uses [MSAL](../active-directory/develop/msal-overview.md) library with OpenId Connect authorization code PKCE flow. The MSAL library is a Microsoft provided library that simplifies adding authentication and authorization support to desktop apps.
+
+The sign-in flow involves following steps:
+
+1. The user opens the app and selects **sign-in**.
+1. The app opens the desktop device's system browser, and starts an authentication request to Azure AD B2C.
+1. The user [signs up or signs in](add-sign-up-and-sign-in-policy.md), [resets the password](add-password-reset-policy.md), or signs in with a [social account](add-identity-provider.md).
+1. Upon successful sign-in, Azure AD B2C returns an authorization code to the app.
+1. The app takes the following actions:
+ 1. Exchanges the authorization code for an ID token, access token and refresh token.
+ 1. Reads the ID token claims.
+ 1. Stores the tokens to an in-memory cache for later use.
+
+### App registration overview
+
+To enable your app to sign in with Azure AD B2C and call a web API, register two applications in the Azure AD B2C directory.
+
+- The **desktop application** registration enables your app to sign in with Azure AD B2C. During app registration, specify the *Redirect URI*. The redirect URI is the endpoint to which the user is redirected by Azure AD B2C after they authenticate with Azure AD B2C. The app registration process generates an *Application ID*, also known as the *client ID*, that uniquely identifies your desktop app. For example, **App ID: 1**.
+
+- The **web API** registration enables your app to call a protected web API. The registration exposes the web API permissions (scopes). The app registration process generates an *Application ID* that uniquely identifies your web API. For example, **App ID: 2**. Grant your desktop app (App ID: 1) permissions to the web API scopes (App ID: 2).
+
+The following diagrams describe the apps registration and the application architecture.
+
+![Diagram describes a desktop app with web API, registrations and tokens.](./media/configure-authentication-sample-wpf-desktop-app/desktop-app-with-api-architecture.png)
+
+### Call to a web API
++
+### Sign-out
++
+## Prerequisites
+
+A computer that's running [Visual Studio 2019](https://www.visualstudio.com/downloads/) with **.NET desktop development**.
+
+## Step 1: Configure your user flow
++
+## Step 2: Register your applications
+
+In this step, create the desktop app and the web API application registration, and specify the scopes of your web API.
+
+### 2.1 Register the web API app
++
+### 2.2 Configure web API app scopes
+++
+### 2.3 Register the desktop app
+
+Follow these steps to create the desktop app registration:
+
+1. Select **App registrations**, and then select **New registration**.
+1. Enter a **Name** for the application. For example, *desktop-app1*.
+1. Under **Supported account types**, select **Accounts in any identity provider or organizational directory (for authenticating users with user flows)**.
+1. Under **Redirect URI**, select **Public client/native (desktop & desktop)**, and then enter: `https://your-tenant-name.b2clogin.com/oauth2/nativeclient`. Replace the `your-tenant-name` with your [tenant name](tenant-management.md#get-your-tenant-name). For more options, see [Configure redirect URI](enable-authentication-wpf-desktop-app-options.md#configure-redirect-uri).
+1. Select **Register**.
+1. After the app registration is completed, select **Overview**.
+1. Record the **Application (client) ID** for use in a later step when you configure the desktop application.
+ ![Screenshot showing how to get the desktop application ID.](./media/configure-authentication-sample-wpf-desktop-app/get-azure-ad-b2c-app-id.png)
+
+### 2.4 Grant the desktop app permissions for the web API
++
+## Step 3: Configure the sample web API
+
+This sample acquires an access token with the relevant scopes the desktop app can use for a web API. To call a web API from code, follow these steps:
+
+1. Use an existing web API, or create a new one. For more information, see [Enable authentication in your own web API using Azure AD B2C](enable-authentication-web-api.md).
+1. After you configure the web API, copy the URI of the web API endpoint. You will use the web API endpoint in the next steps.
+
+> [!TIP]
+> If you don't have a web API, you can still run this sample. In this case, the app returns the access token but won't be able to call the web API.
+
+## Step 4: Get the WPF desktop app sample
+
+1. [Download the zip file](https://github.com/Azure-Samples/active-directory-b2c-dotnet-desktop.git), or clone the sample web application from [GitHub repo](https://github.com/Azure-Samples/active-directory-b2c-dotnet-desktop.git).
+
+ ```bash
+ git clone https://github.com/Azure-Samples/active-directory-b2c-dotnet-desktop.git
+ ```
+
+1. Open the **active-directory-b2c-wpf** solution (`active-directory-b2c-wpf.sln`) in Visual Studio.
+++
+## Step 5: Configure the sample desktop app
+
+In the **active-directory-b2c-wpf** project, open the *App.xaml.cs* file. The `App.xaml.cs` class members contain information about your Azure AD B2C identity provider. The desktop app uses this information to establish a trust relationship with Azure AD B2C, sign the user in and out, acquire tokens, and validate them.
+
+Update the following members:
+
+|Key |Value |
+|||
+|`TenantName`|The first part of your Azure AD B2C [tenant name](tenant-management.md#get-your-tenant-name). For example, `contoso.b2clogin.com`.|
+|`ClientId`|The desktop application ID from [step 2.3](#23-register-the-desktop-app).|
+|`PolicySignUpSignIn`| The sign-up or sign-in user flow or custom policy you created in [step 1](#step-1-configure-your-user-flow).|
+|`PolicyEditProfile`|The edit profile user flow or custom policy you created in [step 1](#step-1-configure-your-user-flow).|
+|`ApiEndpoint`| (Optional) the web API endpoint you created in [Step 3](#step-3-configure-the-sample-web-api). For example, `https://contoso.azurewebsites.net/hello`.|
+| `ApiScopes` | The web API scopes you created in [step 2.4](#24-grant-the-desktop-app-permissions-for-the-web-api).|
+
+Your final *App.xaml.cs* file should look like the following C# code:
+
+```csharp
+public partial class App : Application
+{
+
+private static readonly string TenantName = "contoso";
+private static readonly string Tenant = $"{TenantName}.onmicrosoft.com";
+private static readonly string AzureAdB2CHostname = $"{TenantName}.b2clogin.com";
+private static readonly string ClientId = "<web-api-app-application-id>";
+private static readonly string RedirectUri = $"https://{TenantName}.b2clogin.com/oauth2/nativeclient";
+
+public static string PolicySignUpSignIn = "b2c_1_susi";
+public static string PolicyEditProfile = "b2c_1_edit_profile";
+public static string PolicyResetPassword = "b2c_1_reset";
+
+public static string[] ApiScopes = { $"https://{Tenant}//api/tasks.read" };
+public static string ApiEndpoint = "https://contoso.azurewebsites.net/hello";
+```
+
+## Step 6: Run and test the desktop app
+
+1. [Restore the NuGet packages](/nuget/consume-packages/package-restore.md).
+1. Press **F5** to build and run the sample.
+1. Select **Sign In**. Then sign up or sign in with your Azure AD B2C local or social account.
+
+ ![Screenshot demonstrates how to start the sign-in flow.](./media/configure-authentication-sample-wpf-desktop-app/sign-in.png)
+
+1. After a successful sign-up or sign-in, the token details are displayed in the lower pane of the WPF app.
+
+ ![Screenshot showing the Azure AD B2C access token and user ID.](./media/configure-authentication-sample-wpf-desktop-app/post-signin.png)
+
+1. Select **Call API**, to call your web API.
++
+## Next steps
+
+* [Configure authentication options in a WPF desktop application using Azure Active Directory B2C](enable-authentication-wpf-desktop-app-options.md)
active-directory-b2c Contentdefinitions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/contentdefinitions.md
Previously updated : 05/10/2021 Last updated : 08/04/2021
The **DataUri** element is used to specify the page identifier. Azure AD B2C use
| `globalexception` | Displays an error page when an exception or an error is encountered. | | `providerselection`, `idpselection` | Lists the identity providers that users can choose from during sign-in. | | `unifiedssp` | Displays a form for signing in with a local account that's based on an email address or a user name. This value also provides the ΓÇ£keep me sign-in functionalityΓÇ¥ and ΓÇ£Forgot your password?ΓÇ¥ link. |
-| `unifiedssd` | Displays a form for signing in with a local account that's based on an email address or a user name. |
+| `unifiedssd` | Displays a form for signing in with a local account that's based on an email address or a username. This page identifier is deprecated. Use the `unifiedssp` page identifier instead. |
| `multifactor` | Verifies phone numbers by using text or voice during sign-up or sign-in. | | `selfasserted` | Displays a form to collect data from a user. For example, enables users to create or update their profile. |
To migrate from the old **DataUri** value (without page contract) to page layout
| `urn:com:microsoft:aad:b2c:elements:globalexception:1.0.0` | `urn:com:microsoft:aad:b2c:elements:contract:globalexception:1.2.1` | | `urn:com:microsoft:aad:b2c:elements:globalexception:1.1.0` | `urn:com:microsoft:aad:b2c:elements:contract:globalexception:1.2.1` | | `urn:com:microsoft:aad:b2c:elements:idpselection:1.0.0` | `urn:com:microsoft:aad:b2c:elements:contract:providerselection:1.2.1` |
-| `urn:com:microsoft:aad:b2c:elements:selfasserted:1.0.0` | `urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.4` |
-| `urn:com:microsoft:aad:b2c:elements:selfasserted:1.1.0` | `urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.4` |
-| `urn:com:microsoft:aad:b2c:elements:unifiedssd:1.0.0` | `urn:com:microsoft:aad:b2c:elements:contract:unifiedssd:2.1.4` |
-| `urn:com:microsoft:aad:b2c:elements:unifiedssp:1.0.0` | `urn:com:microsoft:aad:b2c:elements:contract:unifiedssp:2.1.4` |
-| `urn:com:microsoft:aad:b2c:elements:unifiedssp:1.1.0` | `urn:com:microsoft:aad:b2c:elements:contract:unifiedssp:2.1.4` |
-| `urn:com:microsoft:aad:b2c:elements:multifactor:1.0.0` | `urn:com:microsoft:aad:b2c:elements:contract:multifactor:1.2.0` |
-| `urn:com:microsoft:aad:b2c:elements:multifactor:1.1.0` | `urn:com:microsoft:aad:b2c:elements:contract:multifactor:1.2.0` |
+| `urn:com:microsoft:aad:b2c:elements:selfasserted:1.0.0` | `urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.7` |
+| `urn:com:microsoft:aad:b2c:elements:selfasserted:1.1.0` | `urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.7` |
+| `urn:com:microsoft:aad:b2c:elements:unifiedssd:1.0.0` | `urn:com:microsoft:aad:b2c:elements:contract:unifiedssd:1.2.1` |
+| `urn:com:microsoft:aad:b2c:elements:unifiedssp:1.0.0` | `urn:com:microsoft:aad:b2c:elements:contract:unifiedssp:2.1.5` |
+| `urn:com:microsoft:aad:b2c:elements:unifiedssp:1.1.0` | `urn:com:microsoft:aad:b2c:elements:contract:unifiedssp:2.1.5` |
+| `urn:com:microsoft:aad:b2c:elements:multifactor:1.0.0` | `urn:com:microsoft:aad:b2c:elements:contract:multifactor:1.2.5` |
+| `urn:com:microsoft:aad:b2c:elements:multifactor:1.1.0` | `urn:com:microsoft:aad:b2c:elements:contract:multifactor:1.2.5` |
-The following example shows the content definition identifiers and the corresponding **DataUri** with latest page version:
+The following example shows the content definition identifiers and the corresponding **DataUri** with [latest page version](page-layout.md):
```xml <!--
The following example shows the content definition identifiers and the correspon
<DataUri>urn:com:microsoft:aad:b2c:elements:contract:providerselection:1.2.1</DataUri> </ContentDefinition> <ContentDefinition Id="api.signuporsignin">
- <DataUri>urn:com:microsoft:aad:b2c:elements:contract:unifiedssp:2.1.4</DataUri>
+ <DataUri>urn:com:microsoft:aad:b2c:elements:contract:unifiedssp:2.1.5</DataUri>
</ContentDefinition> <ContentDefinition Id="api.selfasserted">
- <DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.4</DataUri>
+ <DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.7</DataUri>
</ContentDefinition> <ContentDefinition Id="api.selfasserted.profileupdate">
- <DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.4</DataUri>
+ <DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.7</DataUri>
</ContentDefinition> <ContentDefinition Id="api.localaccountsignup">
- <DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.4</DataUri>
+ <DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.7</DataUri>
</ContentDefinition> <ContentDefinition Id="api.localaccountpasswordreset">
- <DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.4</DataUri>
+ <DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.7</DataUri>
</ContentDefinition> <ContentDefinition Id="api.phonefactor">
- <DataUri>urn:com:microsoft:aad:b2c:elements:contract:multifactor:1.2.2</DataUri>
+ <RecoveryUri>~/common/default_page_error.html</RecoveryUri>
+ <DataUri>urn:com:microsoft:aad:b2c:elements:contract:multifactor:1.2.5</DataUri>
</ContentDefinition> </ContentDefinitions> <!--
active-directory-b2c Custom Policy Rest Api Claims Exchange https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/custom-policy-rest-api-claims-exchange.md
Previously updated : 04/28/2021 Last updated : 08/04/2021 zone_pivot_groups: b2c-policy-type
In this example, the `userLanguage` will be sent to the REST service as `lang` w
### Configure the RESTful API technical profile
-After you deploy your REST API, set the metadata of the `REST-ValidateProfile` technical profile to reflect your own REST API, including:
+After you deploy your REST API, set the metadata of the `REST-GetProfile` technical profile to reflect your own REST API, including:
- **ServiceUrl**. Set the URL of the REST API endpoint. - **SendClaimsIn**. Specify how the input claims are sent to the RESTful claims provider.
To learn how to secure your APIs, see the following articles:
- [Secure your RESTful API](secure-rest-api.md) - [Reference: RESTful technical profile](restful-technical-profile.md)
active-directory-b2c Enable Authentication Python Web App Options https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/enable-authentication-python-web-app-options.md
+
+ Title: Enable Python web application options using Azure Active Directory B2C
+description: Enable the use of Python web application options by using several ways.
++++++ Last updated : 07/05/2021+++++
+# Configure authentication options in a Python web application using Azure Active Directory B2C
+
+This article describes ways you can customize and enhance the Azure Active Directory B2C (Azure AD B2C) authentication experience for your Python web application.
+
+Before you start, it is important to familiarize yourself with the [Configure authentication in a sample Python web application](configure-authentication-sample-python-web-app.md) article.
++
+To use a custom domain and your tenant ID in the authentication URL:
+
+1. Follow the guidance in [Enable custom domains](custom-domain.md).
+1. In the *app_config.py* file, update the `authority_template` class member with your custom domain.
+
+The following Python code shows the app settings before the change:
+
+```python
+authority_template = "https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{user_flow}"
+```
+
+The following Python code shows the app settings after the change:
+
+```python
+authority_template = "https://custom.domain.com/00000000-0000-0000-0000-000000000000/{user_flow}"
+```
++
+1. If you're using a custom policy, add the required input claim as described in [Set up direct sign-in](direct-signin.md#prepopulate-the-sign-in-name).
+1. Find the `initiate_auth_code_flow` method and add the `login_hint` parameter with the identity provider domain name. For example, facebook.com.
+
+```python
+def _build_auth_code_flow(authority=None, scopes=None):
+ return _build_msal_app(authority=authority).initiate_auth_code_flow(
+ scopes or [],
+ redirect_uri=url_for("authorized", _external=True),
+ login_hint="bob@contoso.com")
+```
++
+1. Check the domain name of your external identity provider. For more information, see [Redirect sign-in to a social provider](direct-signin.md#redirect-sign-in-to-a-social-provider).
+1. Find the `initiate_auth_code_flow` method and add the `domain_hint` parameter with the login hint.
+
+ ```python
+ def _build_auth_code_flow(authority=None, scopes=None):
+ return _build_msal_app(authority=authority).initiate_auth_code_flow(
+ scopes or [],
+ redirect_uri=url_for("authorized", _external=True),
+ domain_hint="facebook.com")
+ ```
++
+## Next steps
+
+- Learn more: [MSAL for Python configuration options](https://github.com/AzureAD/microsoft-authentication-library-for-python/wiki)
active-directory-b2c Enable Authentication Wpf Desktop App Options https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/enable-authentication-wpf-desktop-app-options.md
+
+ Title: Enable WPF desktop application options using Azure Active Directory B2C
+description: Enable the use of WPF desktop application options by using several ways.
++++++ Last updated : 08/04/2021+++++
+# Configure authentication options in a WPF desktop application using Azure Active Directory B2C
+
+This article describes ways you can customize and enhance the Azure Active Directory B2C (Azure AD B2C) authentication experience for your WPF desktop application. Before you start, familiarize yourself with the [Configure authentication in a sample WPF desktop application](configure-authentication-sample-wpf-desktop-app.md) article.
+++
+1. If you're using a custom policy, add the required input claim as described in [Set up direct sign-in](direct-signin.md#prepopulate-the-sign-in-name).
+1. Find your MSAL configuration object and add the `withLoginHint()` method with the login hint.
+
+```csharp
+authResult = await app.AcquireTokenInteractive(App.ApiScopes)
+ .WithParentActivityOrWindow(new WindowInteropHelper(this).Handle)
+ .WithLoginHint("bob@contoso.com")
+ .ExecuteAsync();
+```
++
+1. Check the domain name of your external identity provider. For more information, see [Redirect sign-in to a social provider](direct-signin.md#redirect-sign-in-to-a-social-provider).
+1. Create or use an existing `Dictionary` object to store extra query parameters.
+1. Add the `domain_hint` parameter with the corresponding domain name to the dictionary. For example, `facebook.com`.
+1. Pass the extra query parameters object into the MSAL configuration object's `WithExtraQueryParameters` method.
+
+```csharp
+Dictionary<string, string> extraQueryParameters = new Dictionary<string, string>();
+extraQueryParameters.Add("domain_hint", "facebook.com");
+
+authResult = await app.AcquireTokenInteractive(App.ApiScopes)
+ .WithParentActivityOrWindow(new WindowInteropHelper(this).Handle)
+ .WithExtraQueryParameters(extraQueryParameters)
+ .ExecuteAsync();
+```
++
+1. [Configure Language customization](language-customization.md).
+1. Create or use an existing `Dictionary` object to store extra query parameters.
+1. Add the `ui_locales` parameter with the corresponding language code to the dictionary. For example, `en-us`.
+1. Pass the extra query parameters object into the MSAL configuration object's `WithExtraQueryParameters` method.
+
+```csharp
+Dictionary<string, string> extraQueryParameters = new Dictionary<string, string>();
+extraQueryParameters.Add("ui_locales", "en-us");
+
+authResult = await app.AcquireTokenInteractive(App.ApiScopes)
+ .WithParentActivityOrWindow(new WindowInteropHelper(this).Handle)
+ .WithExtraQueryParameters(extraQueryParameters)
+ .ExecuteAsync();
+```
++
+1. Configure the [ContentDefinitionParameters](customize-ui-with-html.md#configure-dynamic-custom-page-content-uri) element.
+1. Create or use an existing `Dictionary` object to store extra query parameters.
+1. Add the custom query string parameter, such as `campaignId`. Set the parameter value. For example, `germany-promotion`.
+1. Pass the extra query parameters object into the MSAL configuration object's `WithExtraQueryParameters` method.
+
+```csharp
+Dictionary<string, string> extraQueryParameters = new Dictionary<string, string>();
+extraQueryParameters.Add("campaignId", "germany-promotion");
+
+authResult = await app.AcquireTokenInteractive(App.ApiScopes)
+ .WithParentActivityOrWindow(new WindowInteropHelper(this).Handle)
+ .WithExtraQueryParameters(extraQueryParameters)
+ .ExecuteAsync();
+```
++
+1. In your custom policy, define an [ID token hint technical profile](id-token-hint.md).
+1. In your code, generate or acquire an ID token, and set the token to a variable. For example, `idToken`.
+1. Create or use an existing `Dictionary` object to store extra query parameters.
+1. Add the `id_token_hint` parameter with the corresponding variable that stores the ID token.
+1. Pass the extra query parameters object into the MSAL configuration object's `extraQueryParameters` attribute.
+
+```csharp
+Dictionary<string, string> extraQueryParameters = new Dictionary<string, string>();
+extraQueryParameters.Add("id_token_hint", idToken);
+
+authResult = await app.AcquireTokenInteractive(App.ApiScopes)
+ .WithParentActivityOrWindow(new WindowInteropHelper(this).Handle)
+ .WithExtraQueryParameters(extraQueryParameters)
+ .ExecuteAsync();
+```
++++
+The following code snippet demonstrates how to configure MSAL logging:
+
+```csharp
+PublicClientApp = PublicClientApplicationBuilder.Create(ClientId)
+ .WithB2CAuthority(AuthoritySignUpSignIn)
+ .WithRedirectUri(RedirectUri)
+ .WithLogging(Log, LogLevel.Info, false) // don't log P(ersonally) I(dentifiable) I(nformation) details on a regular basis
+ .Build();
+```
+
+## Configure redirect URI
+
+In the [desktop app registration](configure-authentication-sample-wpf-desktop-app.md#23-register-the-desktop-app), there are important considerations when choosing a redirect URI:
+
+* **Development** For development use, and **desktop apps**, you can set the redirect URI to `http://localhost` and Azure AD B2C will respect any port in the request. If the registered URI contains a port, Azure AD B2C will use that port only. For example, if the registered redirect URI is `http://localhost`, the redirect URI in the request can be `http://localhost:<randomport>`. If the registered redirect URI is `http://localhost:8080`, the redirect URI in the request must be `http://localhost:8080`.
+* **Unique**: The scheme of the redirect URI must be unique for every application. In the example `com.onmicrosoft.contosob2c.exampleapp://oauth/redirect`, `com.onmicrosoft.contosob2c.exampleapp` is the scheme. This pattern should be followed. If two applications share the same scheme, the user is given a choice to choose an application. If the user chooses incorrectly, the sign-in fails.
+* **Complete**: The redirect URI must have a both a scheme and a path. The path must contain at least one forward slash after the domain. For example, `//oauth/` works while `//oauth` fails. Don't include special characters in the URI, for example, underscores.
+
+## Next steps
+
+- Learn more: [MSAL for .NET, UWP, NetCore, and Xamarin configuration options](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki)
active-directory-b2c Openid Connect https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/openid-connect.md
Previously updated : 06/18/2021 Last updated : 08/04/2021
GET https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/
client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6 &response_type=code+id_token &redirect_uri=https%3A%2F%2Faadb2cplayground.azurewebsites.net%2F
-&response_mode=form_post
+&response_mode=fragment
&scope=openid%20offline_access &state=arbitrary_data_you_can_receive_in_the_response &nonce=12345
active-directory-b2c Secure Rest Api https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/secure-rest-api.md
To create a certificate, you can use [Azure Key Vault](../key-vault/certificates
You can then [export the certificate](../key-vault/certificates/how-to-export-certificate.md).
-#### Option 2: prepare a self-sized certificate using PowerShell module
+#### Option 2: prepare a self-signed certificate using PowerShell module
[!INCLUDE [active-directory-b2c-create-self-signed-certificate](../../includes/active-directory-b2c-create-self-signed-certificate.md)]
active-directory-b2c Tutorial Web App Python https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory-b2c/tutorial-web-app-python.md
Previously updated : 06/12/2020 Last updated : 08/04/2021
In this tutorial, you configured a Python Flask web application to work with a u
Next, learn how to customize the UI of the user flow pages displayed to your users by Azure AD B2C: > [!div class="nextstepaction"]
-> [Customize the interface of user experiences in Azure AD B2C >](customize-ui.md)
+> [Customize the interface of user experiences in Azure AD B2C >](customize-ui.md)
active-directory Howto Mfa Nps Extension Vpn https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/authentication/howto-mfa-nps-extension-vpn.md
Previously updated : 07/07/2021 Last updated : 08/04/2021
This section details the configuration you created by using the wizard.
In this section, you configure your VPN server to use RADIUS authentication. The instructions assume that you have a working configuration of a VPN server but have not configured it to use RADIUS authentication. After you configure the VPN server, confirm that your configuration is working as expected. + > [!NOTE] > If you already have a working VPN server configuration that uses RADIUS authentication, you can skip this section. >
In this section, you configure your VPN server to use RADIUS authentication. The
b. For the **Shared secret**, select **Change**, and then enter the shared secret password that you created and recorded earlier.
- c. In the **Time-out (seconds)** box, enter a value of **30**.
- The timeout value is necessary to allow enough time to complete the second authentication factor. Some VPNs or regions require time-out settings greater than 30 seconds to prevent users from receiving multiple phone calls. If users do experience this issue, increase the **Time-out (seconds)** value in increments of 30 seconds until the issue doesn't reoccur.
-
- ![Add RADIUS Server window configuring the Time-out](./media/howto-mfa-nps-extension-vpn/image16.png)
+ c. In the **Time-out (seconds)** box, enter a value of **60**.
+ To minimize discarded requests, we recommend that VPN servers are configured with a timeout of at least 60 seconds. If needed, or to reduce discarded requests in the event logs, you can increase the VPN server timeout value to 90 or 120 seconds.
8. Select **OK**.
In this section, you confirm that the VPN client is authenticated and authorized
10. On the **Security** tab, ensure that only **Microsoft CHAP Version 2 (MS-CHAP v2)** is selected, and then select **OK**.
- ![The "Allow these protocols" option](./media/howto-mfa-nps-extension-vpn/image20.png)
+ ![The "Allow these protocols" option](./media/howto-mfa-nps-extension-vpn/image20.png)
11. Right-click the VPN connection, and then select **Connect**.
active-directory Licensing Service Plan Reference https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/enterprise-users/licensing-service-plan-reference.md
Previously updated : 5/13/2021 Last updated : 8/04/2021
When managing licenses in [the Azure portal](https://portal.azure.com/#blade/Mic
- **Service plans included (friendly names)**: A list of service plans (friendly names) in the product that correspond to the string ID and GUID >[!NOTE]
->This information last updated on August 2nd, 2021.
+>This information last updated on August 4th, 2021.
| Product name | String ID | GUID | Service plans included | Service plans included (friendly names) | | | | | | |
When managing licenses in [the Azure portal](https://portal.azure.com/#blade/Mic
| AZURE ACTIVE DIRECTORY PREMIUM P2 | AAD_PREMIUM_P2 | 84a661c4-e949-4bd2-a560-ed7766fcaf2b | AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>AAD_PREMIUM_P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>ADALLOM_S_DISCOVERY (932ad362-64a8-4783-9106-97849a1a30b9)<br/>EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0) | AZURE ACTIVE DIRECTORY PREMIUM P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>AZURE ACTIVE DIRECTORY PREMIUM P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>CLOUD APP SECURITY DISCOVERY (932ad362-64a8-4783-9106-97849a1a30b9)<br/>EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>MICROSOFT AZURE MULTI-FACTOR AUTHENTICATION (8a256a2b-b617-496d-b51b-e76466e88db0) | | AZURE INFORMATION PROTECTION PLAN 1 | RIGHTSMANAGEMENT | c52ea49f-fe5d-4e95-93ba-1de91d380f89 | RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3) | AZURE INFORMATION PROTECTION PREMIUM P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>MICROSOFT AZURE ACTIVE DIRECTORY RIGHTS (bea4c11e-220a-4e6d-8eb8-8ea15d019f90) | | COMMON AREA PHONE | MCOCAP | 295a8eb0-f78d-45c7-8b5b-1eed5ed02dff | MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c) | MICROSOFT 365 PHONE SYSTEM (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>MICROSOFT TEAMS (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>SKYPE FOR BUSINESS ONLINE (PLAN 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c) |
-| Common Area Phone for GCC | MCOCAP_GOV | b1511558-69bd-4e1b-8270-59ca96dba0f3 | MCOEV_GOV (db23fce2-a974-42ef-9002-d78dd42a0f22)<br/>TEAMS_GOV (304767db-7d23-49e8-a945-4a7eb65f9f28)<br/>MCOSTANDARD_GOV (a31ef4a2-f787-435e-8335-e47eb0cafc94) | Microsoft 365 Phone System for Government db23fce2-a974-42ef-9002-d78dd42a0f22)<br/>Microsoft Teams for Government (304767db-7d23-49e8-a945-4a7eb65f9f28)<br/>Skype for Business Online (Plan 2) for Government (a31ef4a2-f787-435e-8335-e47eb0cafc94) |
+| Common Area Phone for GCC | MCOCAP_GOV | b1511558-69bd-4e1b-8270-59ca96dba0f3 | MCOEV_GOV (db23fce2-a974-42ef-9002-d78dd42a0f22)<br/>TEAMS_GOV (304767db-7d23-49e8-a945-4a7eb65f9f28)<br/>MCOSTANDARD_GOV (a31ef4a2-f787-435e-8335-e47eb0cafc94) | Microsoft 365 Phone System for Government (db23fce2-a974-42ef-9002-d78dd42a0f22)<br/>Microsoft Teams for Government (304767db-7d23-49e8-a945-4a7eb65f9f28)<br/>Skype for Business Online (Plan 2) for Government (a31ef4a2-f787-435e-8335-e47eb0cafc94) |
| COMMUNICATIONS CREDITS | MCOPSTNC | 47794cd0-f0e5-45c5-9033-2eb6b5fc84e0 | MCOPSTNC (505e180f-f7e0-4b65-91d4-00d670bbd18c) | COMMUNICATIONS CREDITS (505e180f-f7e0-4b65-91d4-00d670bbd18c) | | DYNAMICS 365 CUSTOMER ENGAGEMENT PLAN ENTERPRISE EDITION | DYN365_ENTERPRISE_PLAN1 | ea126fc5-a19e-42e2-a731-da9d437bffcf | DYN365_ENTERPRISE_P1 (d56f3deb-50d8-465a-bedb-f079817ccac1)<br/>FLOW_DYN_P2 (b650d915-9886-424b-a08d-633cede56f57)<br/>NBENTERPRISE (03acaee3-9492-4f40-aed4-bcb6b32981b6)<br/>POWERAPPS_DYN_P2 (0b03f40b-c404-40c3-8651-2aceb74365fa)<br/>PROJECT_CLIENT_SUBSCRIPTION (fafd7243-e5c1-4a3a-9e40-495efcb1d3c3)<br/>SHAREPOINT_PROJECT (fe71d6c3-a2ea-4499-9778-da042bf08063)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014) | MICROSOFT SOCIAL ENGAGEMENT - SERVICE DISCONTINUATION (03acaee3-9492-4f40-aed4-bcb6b32981b6)<br/>POWERAPPS FOR DYNAMICS 365 (0b03f40b-c404-40c3-8651-2aceb74365fa)<br/>SHAREPOINT ONLINE (PLAN 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>FLOW FOR DYNAMICS 365 (b650d915-9886-424b-a08d-633cede56f57)<br/>DYNAMICS 365 CUSTOMER ENGAGEMENT PLAN (d56f3deb-50d8-465a-bedb-f079817ccac1)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>PROJECT ONLINE DESKTOP CLIENT (fafd7243-e5c1-4a3a-9e40-495efcb1d3c3)<br/>PROJECT ONLINE SERVICE (fe71d6c3-a2ea-4499-9778-da042bf08063) | | DYNAMICS 365 FOR CUSTOMER SERVICE ENTERPRISE EDITION | DYN365_ENTERPRISE_CUSTOMER_SERVICE | 749742bf-0d37-4158-a120-33567104deeb | DYN365_ENTERPRISE_CUSTOMER_SERVICE (99340b49-fb81-4b1e-976b-8f2ae8e9394f)<br/>FLOW_DYN_APPS (7e6d7d78-73de-46ba-83b1-6d25117334ba)<br/>NBENTERPRISE (03acaee3-9492-4f40-aed4-bcb6b32981b6)<br/>POWERAPPS_DYN_APPS (874fc546-6efe-4d22-90b8-5c4e7aa59f4b)<br/>PROJECT_ESSENTIALS (1259157c-8581-4875-bca7-2ffb18c51bda)<br/>SHAREPOINTENTERPRISE (5dbe027f-2339-4123-9542-606e4d348a72)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014) |MICROSOFT SOCIAL ENGAGEMENT - SERVICE DISCONTINUATION (03acaee3-9492-4f40-aed4-bcb6b32981b6)<br/>PROJECT ONLINE ESSENTIALS (1259157c-8581-4875-bca7-2ffb18c51bda)<br/>SHAREPOINT ONLINE (PLAN 2) (5dbe027f-2339-4123-9542-606e4d348a72)<br/>FLOW FOR DYNAMICS 365 (7e6d7d78-73de-46ba-83b1-6d25117334ba)<br/>POWERAPPS FOR DYNAMICS 365 (874fc546-6efe-4d22-90b8-5c4e7aa59f4b)<br/>DYNAMICS 365 FOR CUSTOMER SERVICE (99340b49-fb81-4b1e-976b-8f2ae8e9394f)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014) |
When managing licenses in [the Azure portal](https://portal.azure.com/#blade/Mic
| Microsoft 365 A1 | M365EDU_A1 | b17653a4-2443-4e8c-a550-18249dda78bb | AAD_EDU (3a3976ce-de18-4a87-a78e-5e9245e252df)<br/>INTUNE_EDU (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>WINDOWS_STORE (a420f25f-a7b3-4ff5-a9d0-5d58f73b537d) | Azure Active Directory for Education (3a3976ce-de18-4a87-a78e-5e9245e252df)<br/>Intune for Education (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>Windows Store Service (a420f25f-a7b3-4ff5-a9d0-5d58f73b537d) | | MICROSOFT 365 A3 FOR FACULTY | M365EDU_A3_FACULTY | 4b590615-0888-425a-a965-b3bf7789848d | AAD_BASIC_EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>ADALLOM_S_DISCOVERY (932ad362-64a8-4783-9106-97849a1a30b9)<br/>EducationAnalyticsP1 (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW_O365_P2 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>MYANALYTICS_P2 (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>INTUNE_EDU (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>OFFICE_FORMS_PLAN_2 (9b5de886-f035-4ff2-b3d8-c9127bea3620)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>KAIZALA_O365_P3 (aebd3021-9f8f-4bf8-bbe3-0ed2f4f047a1)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_E3 (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MINECRAFT_EDUCATION_EDITION (4c246bbc-f513-4311-beff-eba54c353256)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>ADALLOM_S_O365 (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>SHAREPOINTWAC_EDU (e03c7e47-402c-463c-ab25-949079bedb21)<br/>POWERAPPS_O365_P2 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>SCHOOL_DATA_SYNC_P2 (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SHAREPOINTENTERPRISE_EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_2 (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>WHITEBOARD_PLAN2 (94a54592-cd8b-425e-87c6-97868b000b91)<br/>Virtualization Rights for Windows 10 (E3/E5+VDA) (e7c91390-7625-45be-94e0-e16907e03118)<br/>YAMMER_EDU (2078e8df-cff6-4290-98cb-5408261a760a) | Azure Active Directory Basic for EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>Azure Active Directory Premium P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>Azure Information Protection Premium P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>Azure Rights Management (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Cloud App Security Discovery (932ad362-64a8-4783-9106-97849a1a30b9)<br/>Education Analytics (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>Exchange Online (Plan 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Flow for Office 365 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>Information Protection for Office 365 - Standard (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>Insights by MyAnalytics (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>Intune for Education (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>Microsoft Azure Multi-Factor Authentication (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>Microsoft Bookings (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>Microsoft Forms (Plan 2) (9b5de886-f035-4ff2-b3d8-c9127bea3620)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>Microsoft Kaizala Pro Plan 3 (aebd3021-9f8f-4bf8-bbe3-0ed2f4f047a1)<br/>Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>Microsoft Search (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Microsoft StaffHub (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>Microsoft Stream for O365 E3 SKU (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Minecraft Education Edition (4c246bbc-f513-4311-beff-eba54c353256)<br/>Mobile Device Management for Office 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>Office 365 Advanced Security Management (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>Office 365 ProPlus (43de0ff5-c92c-492b-9116-175376d08c38)<br/>Office for the web (Education) (e03c7e47-402c-463c-ab25-949079bedb21)<br/>PowerApps for Office 365 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>School Data Sync (Plan 2) (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SharePoint Plan 2 for EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>Sway (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>To-Do (Plan 2) (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>Whiteboard (Plan 2) (94a54592-cd8b-425e-87c6-97868b000b91)<br/>Windows 10 Enterprise (New) (e7c91390-7625-45be-94e0-e16907e03118)<br/>Yammer for Academic (2078e8df-cff6-4290-98cb-5408261a760a) | | MICROSOFT 365 A3 FOR STUDENTS | M365EDU_A3_STUDENT | 7cfd9a2b-e110-4c39-bf20-c6a3f36a3121 | AAD_BASIC_EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>ADALLOM_S_DISCOVERY (932ad362-64a8-4783-9106-97849a1a30b9)<br/>EducationAnalyticsP1 (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW_O365_P2 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>MYANALYTICS_P2 (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>INTUNE_EDU (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>OFFICE_FORMS_PLAN_2 (9b5de886-f035-4ff2-b3d8-c9127bea3620)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>KAIZALA_O365_P3 (aebd3021-9f8f-4bf8-bbe3-0ed2f4f047a1)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_E3 (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MINECRAFT_EDUCATION_EDITION (4c246bbc-f513-4311-beff-eba54c353256)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>ADALLOM_S_O365 (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>SHAREPOINTWAC_EDU (e03c7e47-402c-463c-ab25-949079bedb21)<br/>POWERAPPS_O365_P2 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>SCHOOL_DATA_SYNC_P2 (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SHAREPOINTENTERPRISE_EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_2 (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>WHITEBOARD_PLAN2 (94a54592-cd8b-425e-87c6-97868b000b91)<br/>Virtualization Rights for Windows 10 (E3/E5+VDA) (e7c91390-7625-45be-94e0-e16907e03118)<br/>YAMMER_EDU (2078e8df-cff6-4290-98cb-5408261a760a) | Azure Active Directory Basic for EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>Azure Active Directory Premium P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>Azure Information Protection Premium P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>Azure Rights Management (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Cloud App Security Discovery (932ad362-64a8-4783-9106-97849a1a30b9)<br/>Education Analytics (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>Exchange Online (Plan 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Flow for Office 365 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>Information Protection for Office 365 - Standard (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>Insights by MyAnalytics (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>Intune for Education (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>Microsoft Azure Multi-Factor Authentication (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>Microsoft Bookings (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>Microsoft Forms (Plan 2) (9b5de886-f035-4ff2-b3d8-c9127bea3620)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>Microsoft Kaizala Pro Plan 3 (aebd3021-9f8f-4bf8-bbe3-0ed2f4f047a1)<br/>Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>Microsoft Search (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Microsoft StaffHub (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>Microsoft Stream for O365 E3 SKU (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Minecraft Education Edition (4c246bbc-f513-4311-beff-eba54c353256)<br/>Mobile Device Management for Office 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>Office 365 Advanced Security Management (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>Office 365 ProPlus (43de0ff5-c92c-492b-9116-175376d08c38)<br/>Office for the web (Education) (e03c7e47-402c-463c-ab25-949079bedb21)<br/>PowerApps for Office 365 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>School Data Sync (Plan 2) (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SharePoint Plan 2 for EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>Sway (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>To-Do (Plan 2) (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>Whiteboard (Plan 2) (94a54592-cd8b-425e-87c6-97868b000b91)<br/>Windows 10 Enterprise (New) (e7c91390-7625-45be-94e0-e16907e03118)<br/>Yammer for Academic (2078e8df-cff6-4290-98cb-5408261a760a) |
+| Microsoft 365 A3 for students use benefit | M365EDU_A3_STUUSEBNFT | 18250162-5d87-4436-a834-d795c15c80f3 | AAD_BASIC_EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>ADALLOM_S_DISCOVERY (932ad362-64a8-4783-9106-97849a1a30b9)<br/>DYN365_CDS_O365_P2 (4ff01e01-1ba7-4d71-8cf8-ce96c3bbcf14)<br/>EducationAnalyticsP1 (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>INTUNE_EDU (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>OFFICE_FORMS_PLAN_2 (9b5de886-f035-4ff2-b3d8-c9127bea3620)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>KAIZALA_O365_P3 (aebd3021-9f8f-4bf8-bbe3-0ed2f4f047a1)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_E3 (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MINECRAFT_EDUCATION_EDITION (4c246bbc-f513-4311-beff-eba54c353256)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>ADALLOM_S_O365 (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>SHAREPOINTWAC_EDU (e03c7e47-402c-463c-ab25-949079bedb21)<br/>POWERAPPS_O365_P2 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>FLOW_O365_P2 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>PROJECT_O365_P2 (31b4e2fc-4cd6-4e7d-9c1b-41407303bd66)<br/>SCHOOL_DATA_SYNC_P2 (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SHAREPOINTENTERPRISE_EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_2 (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>UNIVERSAL_PRINT_NO_SEEDING (b67adbaf-a096-42c9-967e-5a84edbe0086)<br/>WHITEBOARD_PLAN2 (94a54592-cd8b-425e-87c6-97868b000b91)<br/>Virtualization Rights for Windows 10 (E3/E5+VDA) (e7c91390-7625-45be-94e0-e16907e03118)<br/>YAMMER_EDU (2078e8df-cff6-4290-98cb-5408261a760a) | Azure Active Directory Basic for EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>Azure Active Directory Premium P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>Cloud App Security Discovery (932ad362-64a8-4783-9106-97849a1a30b9)<br/>Common Data Service - O365 P2 (4ff01e01-1ba7-4d71-8cf8-ce96c3bbcf14)<br/>Education Analytics (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>Exchange Online (Plan 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Information Protection for Office 365 ΓÇô Standard (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>Intune for Education (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>Microsoft 365 Apps for enterprise (43de0ff5-c92c-492b-9116-175376d08c38)<br/>Microsoft Azure Active Directory Rights (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Microsoft Azure Multi-Factor Authentication (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>Microsoft Forms (Plan 2) (9b5de886-f035-4ff2-b3d8-c9127bea3620)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>Microsoft Kaizala Pro Plan 3 (aebd3021-9f8f-4bf8-bbe3-0ed2f4f047a1)<br/>Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>Microsoft Search (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Microsoft StaffHub (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>Microsoft Stream for O365 E3 SKU (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Minecraft Education Edition (4c246bbc-f513-4311-beff-eba54c353256)<br/>Mobile Device Management for Office 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>Office 365 Advanced Security Management (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>Office for the web (Education) (e03c7e47-402c-463c-ab25-949079bedb21)<br/>Power Apps for Office 365 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>Power Automate for Office 365 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>Project for Office (Plan E3) (31b4e2fc-4cd6-4e7d-9c1b-41407303bd66)<br/>School Data Sync (Plan 2) (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SharePoint Plan 2 for EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>Sway (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>To-Do (Plan 2) (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>Universal Print Without Seeding (b67adbaf-a096-42c9-967e-5a84edbe0086)<br/>Whiteboard (Plan 2) (94a54592-cd8b-425e-87c6-97868b000b91)<br/>Windows 10 Enterprise (New) (e7c91390-7625-45be-94e0-e16907e03118)<br/>Yammer for Academic (2078e8df-cff6-4290-98cb-5408261a760a) |
+| Microsoft 365 A3 - Unattended License for students use benefit | M365EDU_A3_STUUSEBNFT_RPA1 | 1aa94593-ca12-4254-a738-81a5972958e8 | AAD_BASIC_EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>ADALLOM_S_DISCOVERY (932ad362-64a8-4783-9106-97849a1a30b9)<br/>DYN365_CDS_O365_P2 (4ff01e01-1ba7-4d71-8cf8-ce96c3bbcf14)<br/>EducationAnalyticsP1 (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>ContentExplorer_Standard (2b815d45-56e4-4e3a-b65c-66cb9175b560)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>INTUNE_EDU (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>OFFICESUBSCRIPTION_unattended (8d77e2d9-9e28-4450-8431-0def64078fc5)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>OFFICE_FORMS_PLAN_2 (9b5de886-f035-4ff2-b3d8-c9127bea3620)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>KAIZALA_O365_P3 (aebd3021-9f8f-4bf8-bbe3-0ed2f4f047a1)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_E3 (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MINECRAFT_EDUCATION_EDITION (4c246bbc-f513-4311-beff-eba54c353256)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>ADALLOM_S_O365 (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>SHAREPOINTWAC_EDU (e03c7e47-402c-463c-ab25-949079bedb21)<br/>POWERAPPS_O365_P2 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>FLOW_O365_P2 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>PROJECT_O365_P2 (31b4e2fc-4cd6-4e7d-9c1b-41407303bd66)<br/>SCHOOL_DATA_SYNC_P2 (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SHAREPOINTENTERPRISE_EDU(63038b2c-28d0-45f6-bc36-33062963b498)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_2 (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>UNIVERSAL_PRINT_NO_SEEDING (b67adbaf-a096-42c9-967e-5a84edbe0086)<br/>WHITEBOARD_PLAN2 (94a54592-cd8b-425e-87c6-97868b000b91)<br/>Virtualization Rights for Windows 10 (E3/E5+VDA) (e7c91390-7625-45be-94e0-e16907e03118)<br/>YAMMER_EDU (2078e8df-cff6-4290-98cb-5408261a760a) | Azure Active Directory Basic for EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>Azure Active Directory Premium P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>Azure Information Protection Premium P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>Cloud App Security Discovery (932ad362-64a8-4783-9106-97849a1a30b9)<br/>Common Data Service - O365 P2 (4ff01e01-1ba7-4d71-8cf8-ce96c3bbcf14)<br/>Education Analytics (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>Exchange Online (Plan 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Information Protection and Governance Analytics ΓÇô Standard (2b815d45-56e4-4e3a-b65c-66cb9175b560)<br/>Information Protection for Office 365 ΓÇô Standard (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>Intune for Education (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>Microsoft 365 Apps for enterprise (unattended) (8d77e2d9-9e28-4450-8431-0def64078fc5)<br/>Microsoft Azure Multi-Factor Authentication (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>Microsoft Forms (Plan 2) (9b5de886-f035-4ff2-b3d8-c9127bea3620)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>Microsoft Kaizala Pro Plan 3 (aebd3021-9f8f-4bf8-bbe3-0ed2f4f047a1)<br/>Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>Microsoft Search (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Microsoft StaffHub (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>Microsoft Stream for O365 E3 SKU (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Minecraft Education Edition (4c246bbc-f513-4311-beff-eba54c353256)<br/>Mobile Device Management for Office 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>Office 365 Advanced Security Management (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>Office for the web (Education) (e03c7e47-402c-463c-ab25-949079bedb21)<br/>Power Apps for Office 365 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>Power Automate for Office 365 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>Project for Office (Plan E3) (31b4e2fc-4cd6-4e7d-9c1b-41407303bd66)<br/>School Data Sync (Plan 2) (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SharePoint Plan 2 for EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>Sway (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>To-Do (Plan 2) (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>Universal Print Without Seeding (b67adbaf-a096-42c9-967e-5a84edbe0086)<br/>Whiteboard (Plan 2) (94a54592-cd8b-425e-87c6-97868b000b91)<br/>Windows 10 Enterprise (New) (e7c91390-7625-45be-94e0-e16907e03118)<br/>Yammer for Academic (2078e8df-cff6-4290-98cb-5408261a760a) |
| MICROSOFT 365 A5 FOR FACULTY | M365EDU_A5_FACULTY | e97c048c-37a4-45fb-ab50-922fbf07a370 | AAD_BASIC_EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>AAD_PREMIUM_P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>ATA (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>RMS_S_PREMIUM2 (5689bec4-755d-4753-8b61-40975025187c)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>LOCKBOX_ENTERPRISE (9f431833-0334-42de-a7dc-70aa40db46db)<br/>EducationAnalyticsP1 (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW_O365_P3 (07699545-9485-468e-95b6-2fca3738be01)<br/>INFORMATION_BARRIERS (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>MIP_S_CLP2 (efb0351d-3b08-4503-993d-383af8de41e3)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>INTUNE_EDU (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>M365_ADVANCED_AUDITING (2f442157-a11c-46b9-ae5b-6e39ff4e5849)<br/>MCOMEETADV (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>ADALLOM_S_STANDALONE (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>WINDEFATP (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>OFFICE_FORMS_PLAN_3 (96c1e14a-ef43-418d-b115-9636cdaa8eed)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>KAIZALA_STANDALONE (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>EXCHANGE_ANALYTICS (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_E5 (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MINECRAFT_EDUCATION_EDITION (4c246bbc-f513-4311-beff-eba54c353256)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>EQUIVIO_ANALYTICS (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>ADALLOM_S_O365 (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>ATP_ENTERPRISE (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>THREAT_INTELLIGENCE (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>PAM_ENTERPRISE (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>SAFEDOCS (bf6f5520-59e3-4f82-974b-7dbbc4fd27c7)<br/>SHAREPOINTWAC_EDU (e03c7e47-402c-463c-ab25-949079bedb21)<br/>BI_AZURE_P2 (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>POWERAPPS_O365_P3 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>PREMIUM_ENCRYPTION (617b097b-4b93-4ede-83de-5f075bb5fb2f)<br/>SCHOOL_DATA_SYNC_P2 (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SHAREPOINTENTERPRISE_EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_3 (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>WHITEBOARD_PLAN3 (4a51bca5-1eff-43f5-878c-177680f191af)<br/>Virtualization Rights for Windows 10 (E3/E5+VDA) (e7c91390-7625-45be-94e0-e16907e03118)<br/>YAMMER_EDU (2078e8df-cff6-4290-98cb-5408261a760a) | Azure Active Directory Basic for EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>Azure Active Directory Premium P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>Azure Active Directory Premium P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>Azure Advanced Threat Protection (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>Azure Information Protection Premium P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>Azure Information Protection Premium P2 (5689bec4-755d-4753-8b61-40975025187c)<br/>Azure Rights Management (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Customer Lockbox (9f431833-0334-42de-a7dc-70aa40db46db)<br/>Education Analytics (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>Exchange Online (Plan 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Flow for Office 365 (07699545-9485-468e-95b6-2fca3738be01)<br/>Information Barriers (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>Information Protection for Office 365 - Premium (efb0351d-3b08-4503-993d-383af8de41e3)<br/>Information Protection for Office 365 - Standard (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>Intune for Education (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>Microsoft 365 Advanced Auditing (2f442157-a11c-46b9-ae5b-6e39ff4e5849)<br/>Microsoft 365 Audio Conferencing (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>Microsoft 365 Phone System (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>Microsoft Azure Multi-Factor Authentication (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>Microsoft Bookings (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>Microsoft Cloud App Security (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>MICROSOFT DEFENDER FOR ENDPOINT (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>Microsoft Forms (Plan 3) (96c1e14a-ef43-418d-b115-9636cdaa8eed)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>Microsoft Kaizala (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>Microsoft MyAnalytics (Full) (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>Microsoft Search (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Microsoft StaffHub (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>Microsoft Stream for O365 E5 SKU (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Minecraft Education Edition (4c246bbc-f513-4311-beff-eba54c353256)<br/>Mobile Device Management for Office 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>Office 365 Advanced eDiscovery (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>Office 365 Advanced Security Management (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>Microsoft Defender for Office 365 (Plan 1) (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>Microsoft Defender for Office 365 (Plan 2) (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>Office 365 Privileged Access Management (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>Office 365 ProPlus (43de0ff5-c92c-492b-9116-175376d08c38)<br/>Office 365 SafeDocs (bf6f5520-59e3-4f82-974b-7dbbc4fd27c7)<br/>Office for the web (Education) (e03c7e47-402c-463c-ab25-949079bedb21)<br/>Power BI Pro (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>PowerApps for Office 365 Plan 3 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>Premium Encryption in Office 365 (617b097b-4b93-4ede-83de-5f075bb5fb2f)<br/>School Data Sync (Plan 2) (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SharePoint Plan 2 for EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>Sway (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>To-Do (Plan 3) (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>Whiteboard (Plan 3) (4a51bca5-1eff-43f5-878c-177680f191af)<br/>Windows 10 Enterprise (New) (e7c91390-7625-45be-94e0-e16907e03118)<br/>Yammer for Academic (2078e8df-cff6-4290-98cb-5408261a760a) | | MICROSOFT 365 A5 FOR STUDENTS | M365EDU_A5_STUDENT | 46c119d4-0379-4a9d-85e4-97c66d3f909e | AAD_BASIC_EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>AAD_PREMIUM_P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>ATA (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>RMS_S_PREMIUM (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>RMS_S_PREMIUM2 (5689bec4-755d-4753-8b61-40975025187c)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>LOCKBOX_ENTERPRISE (9f431833-0334-42de-a7dc-70aa40db46db)<br/>EducationAnalyticsP1 (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>FLOW_O365_P3 (07699545-9485-468e-95b6-2fca3738be01)<br/>INFORMATION_BARRIERS (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>MIP_S_CLP2 (efb0351d-3b08-4503-993d-383af8de41e3)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>INTUNE_EDU (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>M365_ADVANCED_AUDITING (2f442157-a11c-46b9-ae5b-6e39ff4e5849)<br/>MCOMEETADV (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>MICROSOFTBOOKINGS (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>ADALLOM_S_STANDALONE (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>WINDEFATP (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>OFFICE_FORMS_PLAN_3 (96c1e14a-ef43-418d-b115-9636cdaa8eed)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>KAIZALA_STANDALONE (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>EXCHANGE_ANALYTICS (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_E5 (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MINECRAFT_EDUCATION_EDITION (4c246bbc-f513-4311-beff-eba54c353256)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>EQUIVIO_ANALYTICS (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>ADALLOM_S_O365 (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>ATP_ENTERPRISE (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>THREAT_INTELLIGENCE (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>PAM_ENTERPRISE (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>SAFEDOCS (bf6f5520-59e3-4f82-974b-7dbbc4fd27c7)<br/>SHAREPOINTWAC_EDU (e03c7e47-402c-463c-ab25-949079bedb21)<br/>BI_AZURE_P2 (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>POWERAPPS_O365_P3 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>PREMIUM_ENCRYPTION (617b097b-4b93-4ede-83de-5f075bb5fb2f)<br/>SCHOOL_DATA_SYNC_P2 (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SHAREPOINTENTERPRISE_EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_3 (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>WHITEBOARD_PLAN3 (4a51bca5-1eff-43f5-878c-177680f191af)<br/>Virtualization Rights for Windows 10 (E3/E5+VDA) (e7c91390-7625-45be-94e0-e16907e03118)<br/>YAMMER_EDU (2078e8df-cff6-4290-98cb-5408261a760a) | Azure Active Directory Basic for EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>Azure Active Directory Premium P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>Azure Active Directory Premium P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>Azure Advanced Threat Protection (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>Azure Information Protection Premium P1 (6c57d4b6-3b23-47a5-9bc9-69f17b4947b3)<br/>Azure Information Protection Premium P2 (5689bec4-755d-4753-8b61-40975025187c)<br/>Azure Rights Management (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Customer Lockbox (9f431833-0334-42de-a7dc-70aa40db46db)<br/>Education Analytics (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>Exchange Online (Plan 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Flow for Office 365 (07699545-9485-468e-95b6-2fca3738be01)<br/>Information Barriers (c4801e8a-cb58-4c35-aca6-f2dcc106f287)<br/>Information Protection for Office 365 - Premium (efb0351d-3b08-4503-993d-383af8de41e3)<br/>Information Protection for Office 365 - Standard (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>Intune for Education (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>Microsoft 365 Advanced Auditing (2f442157-a11c-46b9-ae5b-6e39ff4e5849)<br/>Microsoft 365 Audio Conferencing (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>Microsoft 365 Phone System (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>Microsoft Azure Multi-Factor Authentication (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>Microsoft Bookings (199a5c09-e0ca-4e37-8f7c-b05d533e1ea2)<br/>Microsoft Cloud App Security (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>MICROSOFT DEFENDER FOR ENDPOINT (871d91ec-ec1a-452b-a83f-bd76c7d770ef)<br/>Microsoft Forms (Plan 3) (96c1e14a-ef43-418d-b115-9636cdaa8eed)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>Microsoft Kaizala (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>Microsoft MyAnalytics (Full) (34c0d7a0-a70f-4668-9238-47f9fc208882)<br/>Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>Microsoft Search (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Microsoft StaffHub (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>Microsoft Stream for O365 E5 SKU (6c6042f5-6f01-4d67-b8c1-eb99d36eed3e)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Minecraft Education Edition (4c246bbc-f513-4311-beff-eba54c353256)<br/>Mobile Device Management for Office 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>Office 365 Advanced eDiscovery (4de31727-a228-4ec3-a5bf-8e45b5ca48cc)<br/>Office 365 Advanced Security Management (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>Microsoft Defender for Office 365 (Plan 1) (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>Microsoft Defender for Office 365 (Plan 2) (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>Office 365 Privileged Access Management (b1188c4c-1b36-4018-b48b-ee07604f6feb)<br/>Office 365 ProPlus (43de0ff5-c92c-492b-9116-175376d08c38)<br/>Office 365 SafeDocs (bf6f5520-59e3-4f82-974b-7dbbc4fd27c7)<br/>Office for the web (Education) (e03c7e47-402c-463c-ab25-949079bedb21)<br/>Power BI Pro (70d33638-9c74-4d01-bfd3-562de28bd4ba)<br/>PowerApps for Office 365 Plan 3 (9c0dab89-a30c-4117-86e7-97bda240acd2)<br/>Premium Encryption in Office 365 (617b097b-4b93-4ede-83de-5f075bb5fb2f)<br/>School Data Sync (Plan 2) (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SharePoint Plan 2 for EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>Sway (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>To-Do (Plan 3) (3fb82609-8c27-4f7b-bd51-30634711ee67)<br/>Whiteboard (Plan 3) (4a51bca5-1eff-43f5-878c-177680f191af)<br/>Windows 10 Enterprise (New) (e7c91390-7625-45be-94e0-e16907e03118)<br/>Yammer for Academic (2078e8df-cff6-4290-98cb-5408261a760a) |
+| Microsoft 365 A5 for students use benefit | M365EDU_A5_STUUSEBNFT | 31d57bc7-3a05-4867-ab53-97a17835a411 | AAD_BASIC_EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>AAD_PREMIUM_P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>ADALLOM_S_DISCOVERY (932ad362-64a8-4783-9106-97849a1a30b9)<br/>DYN365_CDS_O365_P3 (28b0fa46-c39a-4188-89e2-58e979a6b014)<br/>EducationAnalyticsP1 (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Content_Explorer (d9fa6af4-e046-4c89-9226-729a0786685d)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>INTUNE_EDU (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>MTP (bf28f719-7844-4079-9c78-c1307898e192)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>ADALLOM_S_STANDALONE (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>ATA (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>ATP_ENTERPRISE (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>THREAT_INTELLIGENCE (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>OFFICE_FORMS_PLAN_2 (9b5de886-f035-4ff2-b3d8-c9127bea3620)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>KAIZALA_STANDALONE (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_E3 (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MINECRAFT_EDUCATION_EDITION (4c246bbc-f513-4311-beff-eba54c353256)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>ADALLOM_S_O365 (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>SAFEDOCS (bf6f5520-59e3-4f82-974b-7dbbc4fd27c7)<br/>SHAREPOINTWAC_EDU (e03c7e47-402c-463c-ab25-949079bedb21)<br/>POWERAPPS_O365_P2 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>FLOW_O365_P2 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>PROJECT_O365_P3 (b21a6b06-1988-436e-a07b-51ec6d9f52ad)<br/>SCHOOL_DATA_SYNC_P2 (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SHAREPOINTENTERPRISE_EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_2 (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>UNIVERSAL_PRINT_NO_SEEDING (b67adbaf-a096-42c9-967e-5a84edbe0086)<br/>WHITEBOARD_PLAN3 (4a51bca5-1eff-43f5-878c-177680f191af)<br/>Virtualization Rights for Windows 10 (E3/E5+VDA) (e7c91390-7625-45be-94e0-e16907e03118)<br/>YAMMER_EDU (2078e8df-cff6-4290-98cb-5408261a760a) | Azure Active Directory Basic for EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>Azure Active Directory Premium P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>Azure Active Directory Premium P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>Cloud App Security Discovery (932ad362-64a8-4783-9106-97849a1a30b9)<br/>Common Data Service - O365 P3 (28b0fa46-c39a-4188-89e2-58e979a6b014)<br/>Education Analytics (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>Exchange Online (Plan 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Information Protection and Governance Analytics ΓÇô Premium (d9fa6af4-e046-4c89-9226-729a0786685d)<br/>Information Protection for Office 365 ΓÇô Standard (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>Intune for Education (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>Microsoft 365 Apps for enterprise (43de0ff5-c92c-492b-9116-175376d08c38)<br/>Microsoft 365 Defender (bf28f719-7844-4079-9c78-c1307898e192)<br/>Microsoft Azure Active Directory Rights (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Microsoft Azure Multi-Factor Authentication (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>Microsoft Cloud App Security (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>Microsoft Defender for Identity (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>Microsoft Defender for Office 365 (Plan 1) (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>Microsoft Defender for Office 365 (Plan 2) (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>Microsoft Forms (Plan 2) (9b5de886-f035-4ff2-b3d8-c9127bea3620)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>Microsoft Kaizala (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>Microsoft Search (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Microsoft StaffHub (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>Microsoft Stream for O365 E3 SKU (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Minecraft Education Edition (4c246bbc-f513-4311-beff-eba54c353256)<br/>Mobile Device Management for Office 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>Office 365 Advanced Security Management (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>Office 365 SafeDocs (bf6f5520-59e3-4f82-974b-7dbbc4fd27c7)<br/>Office for the web (Education) (e03c7e47-402c-463c-ab25-949079bedb21)<br/>Power Apps for Office 365 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>Power Automate for Office 365 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>Project for Office (Plan E5) (b21a6b06-1988-436e-a07b-51ec6d9f52ad)<br/>School Data Sync (Plan 2) (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SharePoint Plan 2 for EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>Sway (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>To-Do (Plan 2) (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>Universal Print Without Seeding (b67adbaf-a096-42c9-967e-5a84edbe0086)<br/>Whiteboard (Plan 3) (4a51bca5-1eff-43f5-878c-177680f191af)<br/>Windows 10 Enterprise (New) (e7c91390-7625-45be-94e0-e16907e03118)<br/>Yammer for Academic (2078e8df-cff6-4290-98cb-5408261a760a) |
+| Microsoft 365 A5 without Audio Conferencing for students use benefit | M365EDU_A5_NOPSTNCONF_STUUSEBNFT | 81441ae1-0b31-4185-a6c0-32b6b84d419f| AAD_BASIC_EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>AAD_PREMIUM_P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>DYN365_CDS_O365_P3 (28b0fa46-c39a-4188-89e2-58e979a6b014)<br/>EducationAnalyticsP1 (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>EXCHANGE_S_ENTERPRISE (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Content_Explorer (d9fa6af4-e046-4c89-9226-729a0786685d)<br/>MIP_S_CLP1 (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>INTUNE_EDU (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>MTP (bf28f719-7844-4079-9c78-c1307898e192)<br/>RMS_S_ENTERPRISE (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>MFA_PREMIUM (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>ADALLOM_S_STANDALONE (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>ATA (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>ATP_ENTERPRISE (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>THREAT_INTELLIGENCE (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>OFFICE_FORMS_PLAN_2 (9b5de886-f035-4ff2-b3d8-c9127bea3620)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>KAIZALA_STANDALONE (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Deskless (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_E3 (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MINECRAFT_EDUCATION_EDITION (4c246bbc-f513-4311-beff-eba54c353256)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>ADALLOM_S_O365 (8c098270-9dd4-4350-9b30-ba4703f3b36b <br/>SAFEDOCS (bf6f5520-59e3-4f82-974b-7dbbc4fd27c7 <br/>SHAREPOINTWAC_EDU (e03c7e47-402c-463c-ab25-949079bedb21)<br/>POWERAPPS_O365_P2 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>FLOW_O365_P2 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>PROJECT_O365_P3 (b21a6b06-1988-436e-a07b-51ec6d9f52ad)<br/>SCHOOL_DATA_SYNC_P2 (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SHAREPOINTENTERPRISE_EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_2 (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>UNIVERSAL_PRINT_NO_SEEDING (b67adbaf-a096-42c9-967e-5a84edbe0086)<br/>WHITEBOARD_PLAN3 (4a51bca5-1eff-43f5-878c-177680f191af)<br/>Virtualization Rights for Windows 10 (E3/E5+VDA) (e7c91390-7625-45be-94e0-e16907e03118)<br/>YAMMER_EDU (2078e8df-cff6-4290-98cb-5408261a760a) | Azure Active Directory Basic for EDU (1d0f309f-fdf9-4b2a-9ae7-9c48b91f1426)<br/>Azure Active Directory Premium P1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>Azure Active Directory Premium P2 (eec0eb4f-6444-4f95-aba0-50c24d67f998)<br/>Common Data Service - O365 P3 (28b0fa46-c39a-4188-89e2-58e979a6b014)<br/>Education Analytics (a9b86446-fa4e-498f-a92a-41b447e03337)<br/>Exchange Online (Plan 2) (efb87545-963c-4e0d-99df-69c6916d9eb0)<br/>Information Protection and Governance Analytics - Premium) (d9fa6af4-e046-4c89-9226-729a0786685d)<br/>Information Protection for Office 365 ΓÇô Standard (5136a095-5cf0-4aff-bec3-e84448b38ea5)<br/>Intune for Education (da24caf9-af8e-485c-b7c8-e73336da2693)<br/>Microsoft 365 Apps for enterprise (43de0ff5-c92c-492b-9116-175376d08c38)<br/>Microsoft 365 Defender (bf28f719-7844-4079-9c78-c1307898e192)<br/>Microsoft Azure Active Directory Rights (bea4c11e-220a-4e6d-8eb8-8ea15d019f90)<br/>Microsoft Azure Multi-Factor Authentication (8a256a2b-b617-496d-b51b-e76466e88db0)<br/>Microsoft Cloud App Security (2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2)<br/>Microsoft Defender for Identity (14ab5db5-e6c4-4b20-b4bc-13e36fd2227f)<br/>Microsoft Defender for Office 365 (Plan 1) (f20fedf3-f3c3-43c3-8267-2bfdd51c0939)<br/>Microsoft Defender for Office 365 (Plan 2) (8e0c0a52-6a6c-4d40-8370-dd62790dcd70)<br/>Microsoft Forms (Plan 2) (9b5de886-f035-4ff2-b3d8-c9127bea3620)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>Microsoft Kaizala (0898bdbb-73b0-471a-81e5-20f1fe4dd66e)<br/>Microsoft Planner (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>Microsoft Search (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>Microsoft StaffHub (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>Microsoft Stream for O365 E3 SKU (9e700747-8b1d-45e5-ab8d-ef187ceec156)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Minecraft Education Edition (4c246bbc-f513-4311-beff-eba54c353256)<br/>Mobile Device Management for Office 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>Office 365 Advanced Security Management (8c098270-9dd4-4350-9b30-ba4703f3b36b)<br/>Office 365 SafeDocs (bf6f5520-59e3-4f82-974b-7dbbc4fd27c7)<br/>Office for the web (Education) (e03c7e47-402c-463c-ab25-949079bedb21)<br/>Power Apps for Office 365 (c68f8d98-5534-41c8-bf36-22fa496fa792)<br/>Power Automate for Office 365 (76846ad7-7776-4c40-a281-a386362dd1b9)<br/>Project for Office (Plan E5) (b21a6b06-1988-436e-a07b-51ec6d9f52ad)<br/>School Data Sync (Plan 2) (500b6a2a-7a50-4f40-b5f9-160e5b8c2f48)<br/>SharePoint Plan 2 for EDU (63038b2c-28d0-45f6-bc36-33062963b498)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>Sway (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>To-Do (Plan 2) (c87f142c-d1e9-4363-8630-aaea9c4d9ae5)<br/>Universal Print Without Seeding (b67adbaf-a096-42c9-967e-5a84edbe0086)<br/>Whiteboard (Plan 3) (4a51bca5-1eff-43f5-878c-177680f191af)<br/>Windows 10 Enterprise (New) (e7c91390-7625-45be-94e0-e16907e03118)<br/>Yammer for Academic (2078e8df-cff6-4290-98cb-5408261a760a) |
| MICROSOFT 365 APPS FOR BUSINESS | O365_BUSINESS | cdd28e44-67e3-425e-be4c-737fab2899d3 | FORMS_PLAN_E1 (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>OFFICE_BUSINESS (094e7854-93fc-4d55-b2c0-3ab5369ebdc1)<br/>ONEDRIVESTANDARD (13696edf-5a08-49f6-8134-03083ed8ba30)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97) | MICROSOFT FORMS (PLAN E1) (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>OFFICE 365 BUSINESS (094e7854-93fc-4d55-b2c0-3ab5369ebdc1)<br/>ONEDRIVESTANDARD (13696edf-5a08-49f6-8134-03083ed8ba30)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97) | | MICROSOFT 365 APPS FOR BUSINESS | SMB_BUSINESS | b214fe43-f5a3-4703-beeb-fa97188220fc | FORMS_PLAN_E1 (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>OFFICE_BUSINESS (094e7854-93fc-4d55-b2c0-3ab5369ebdc1)<br/>ONEDRIVESTANDARD (13696edf-5a08-49f6-8134-03083ed8ba30)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97) | MICROSOFT FORMS (PLAN E1) (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>OFFICE 365 BUSINESS (094e7854-93fc-4d55-b2c0-3ab5369ebdc1)<br/>ONEDRIVESTANDARD (13696edf-5a08-49f6-8134-03083ed8ba30)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97) | | MICROSOFT 365 APPS FOR ENTERPRISE | OFFICESUBSCRIPTION | c2273bd0-dff7-4215-9ef5-2c7bcfb06425 | FORMS_PLAN_E1 (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>ONEDRIVESTANDARD (13696edf-5a08-49f6-8134-03083ed8ba30)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97) | MICROSOFT FORMS (PLAN E1) (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>OFFICESUBSCRIPTION (43de0ff5-c92c-492b-9116-175376d08c38)<br/>ONEDRIVESTANDARD (13696edf-5a08-49f6-8134-03083ed8ba30)<br/>OFFICE ONLINE (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97) |
active-directory Reference Connect Adsynctools https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/hybrid/reference-connect-adsynctools.md
The following documentation provides reference information for the ADSyncTools.p
## Install the ADSyncTools PowerShell Module To install the ADSyncTools PowerShell Module do the following:
-1. Open Windows PowerShell with administrative priviledges
+1. Open Windows PowerShell with administrative privileges
2. Type or copy and paste the following: ``` powershell [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
To install the ADSyncTools PowerShell Module do the following:
5. You should now see information about the module.
-## Clear-ADSyncToolsConsistencyGuid
-
+## Clear-ADSyncToolsMsDsConsistencyGuid
### SYNOPSIS
-Clear the mS-Ds-ConsistencyGuid from AD User
-
+Clear an Active Directory object mS-DS-ConsistencyGuid
### SYNTAX- ```
-Clear-ADSyncToolsConsistencyGuid [-User] <Object> [<CommonParameters>]
+Clear-ADSyncToolsMsDsConsistencyGuid [-Identity] <Object> [<CommonParameters>]
```- ### DESCRIPTION
-Clear the value in mS-Ds-ConsistencyGuid for the target AD user
+Clears the value in mS-DS-ConsistencyGuid for the target Active Directory object.
+Supports Active Directory objects in multi-domain forests.
### EXAMPLES- #### EXAMPLE 1 ```
-Example of how to use this cmdlet
+Clear-ADSyncToolsMsDsConsistencyGuid -Identity 'CN=User1,OU=Sync,DC=Contoso,DC=com'
```- #### EXAMPLE 2 ```
-Another example of how to use this cmdlet
+Clear-ADSyncToolsMsDsConsistencyGuid -Identity 'User1@Contoso.com'
+```
+#### EXAMPLE 3
+```
+'User1@Contoso.com' | Clear-ADSyncToolsMsDsConsistencyGuid
```- ### PARAMETERS-
-#### -User
-Target User in AD to set
-
+#### -Identity
+Target object in AD to clear mS-DS-ConsistencyGuid
```yaml Type: Object Parameter Sets: (All) Aliases:- Required: True Position: 1 Default value: None Accept pipeline input: True (ByPropertyName, ByValue) Accept wildcard characters: False ```- #### CommonParameters
-This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.
-For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
-
-## Confirm-ADSyncToolsADModuleLoaded
-
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+## Connect-ADSyncToolsSqlDatabase
### SYNOPSIS
-{{Fill in the Synopsis}}
-
+Connect to a SQL database for testing purposes
### SYNTAX- ```
-Confirm-ADSyncToolsADModuleLoaded
+Connect-ADSyncToolsSqlDatabase [-Server] <String> [[-Instance] <String>] [[-Database] <String>]
+ [[-Port] <String>] [[-UserName] <String>] [[-Password] <String>] [<CommonParameters>]
```- ### DESCRIPTION
-{{Fill in the Description}}
-
+SQL Diagnostics related functions and utilities
### EXAMPLES-
-#### Example 1
-```powershell
-PS C:\> {{ Add example code here }}
+#### EXAMPLE 1
```-
-{{ Add example description here }}
-
-## Connect-AdSyncDatabase
-
-### SYNOPSIS
-{{Fill in the Synopsis}}
-
-### SYNTAX
-
+Connect-ADSyncToolsSqlDatabase -Server 'sqlserver01.contoso.com' -Database 'ADSync'
```
-Connect-AdSyncDatabase [-Server] <String> [[-Instance] <String>] [[-Database] <String>] [[-UserName] <String>]
- [[-Password] <String>] [<CommonParameters>]
+#### EXAMPLE 2
```-
-### DESCRIPTION
-{{Fill in the Description}}
-
-### EXAMPLES
-
-#### Example 1
-```powershell
-PS C:\> {{ Add example code here }}
+Connect-ADSyncToolsSqlDatabase -Server 'sqlserver01.contoso.com' -Instance 'INTANCE01' -Database 'ADSync'
```-
-{{ Add example description here }}
- ### PARAMETERS-
-#### -Database
-{{Fill Database Description}}
-
+#### -Server
+SQL Server Name
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+Required: True
+Position: 1
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+#### -Instance
+SQL Server Instance Name
```yaml Type: String Parameter Sets: (All) Aliases:- Required: False Position: 2 Default value: None Accept pipeline input: False Accept wildcard characters: False ```-
-#### -Instance
-{{Fill Instance Description}}
-
+#### -Database
+SQL Server Database Name
```yaml Type: String Parameter Sets: (All) Aliases:- Required: False
-Position: 1
+Position: 3
Default value: None Accept pipeline input: False Accept wildcard characters: False ```-
-#### -Password
-{{Fill Password Description}}
-
+#### -Port
+SQL Server Port (e.g.
+49823)
```yaml Type: String Parameter Sets: (All) Aliases:- Required: False Position: 4 Default value: None Accept pipeline input: False Accept wildcard characters: False ```-
-#### -Server
-{{Fill Server Description}}
-
+#### -UserName
+SQL Server Login Username
```yaml Type: String Parameter Sets: (All) Aliases:-
-Required: True
-Position: 0
+Required: False
+Position: 5
Default value: None Accept pipeline input: False Accept wildcard characters: False ```-
-#### -UserName
-{{Fill UserName Description}}
-
+#### -Password
+SQL Server Login Password
```yaml Type: String Parameter Sets: (All) Aliases:- Required: False
-Position: 3
+Position: 6
Default value: None Accept pipeline input: False Accept wildcard characters: False ```- #### CommonParameters
-This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.
-For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+## ConvertFrom-ADSyncToolsAadDistinguishedName
+### SYNOPSIS
+Convert Azure AD Connector DistinguishedName to ImmutableId
+### SYNTAX
+```
+ConvertFrom-ADSyncToolsAadDistinguishedName [-DistinguishedName] <String> [<CommonParameters>]
+```
+### DESCRIPTION
+Takes an Azure AD Connector DistinguishedName like CN={514635484D4B376E38307176645973555049486139513D3D}
+and converts to the respective base64 ImmutableID value, e.g.
+QF5HMK7n80qvdYsUPIHa9Q==
+### EXAMPLES
+#### EXAMPLE 1
+```
+ConvertFrom-ADSyncToolsAadDistinguishedName 'CN={514635484D4B376E38307176645973555049486139513D3D}'
+```
+### PARAMETERS
+#### -DistinguishedName
+Azure AD Connector Space DistinguishedName
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+Required: True
+Position: 1
+Default value: None
+Accept pipeline input: True (ByPropertyName, ByValue)
+Accept wildcard characters: False
+```
+#### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+## ConvertFrom-ADSyncToolsImmutableID
+### SYNOPSIS
+Convert Base64 ImmutableId (SourceAnchor) to GUID value
+### SYNTAX
+```
+ConvertFrom-ADSyncToolsImmutableID [-Value] <String> [<CommonParameters>]
+```
+### DESCRIPTION
+Converts value of the ImmutableID from Base64 string and returns a GUID value
+In case Base64 string cannot be converted to GUID, returns a Byte Array.
+### EXAMPLES
+#### EXAMPLE 1
+```
+ConvertFrom-ADSyncToolsImmutableID 'iGhmiAEBERG7uxI0VniQqw=='
+```
+#### EXAMPLE 2
+```
+'iGhmiAEBERG7uxI0VniQqw==' | ConvertFrom-ADSyncToolsImmutableID
+```
+### PARAMETERS
+#### -Value
+ImmutableId in Base64 format
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+Required: True
+Position: 1
+Default value: None
+Accept pipeline input: True (ByPropertyName, ByValue)
+Accept wildcard characters: False
+```
+#### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+## ConvertTo-ADSyncToolsAadDistinguishedName
+### SYNOPSIS
+Convert ImmutableId to Azure AD Connector DistinguishedName
+### SYNTAX
+```
+ConvertTo-ADSyncToolsAadDistinguishedName [-ImmutableId] <String> [<CommonParameters>]
+```
+### DESCRIPTION
+Takes an ImmutableId (SourceAnchor) like QF5HMK7n80qvdYsUPIHa9Q== and converts to the respective
+Azure AD Connector DistinguishedName value, e.g.
+CN={514635484D4B376E38307176645973555049486139513D3D}
+### EXAMPLES
+#### EXAMPLE 1
+```
+ConvertTo-ADSyncToolsAadDistinguishedName 'QF5HMK7n80qvdYsUPIHa9Q=='
+```
+### PARAMETERS
+#### -ImmutableId
+ImmutableId (SourceAnchor)
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+Required: True
+Position: 1
+Default value: None
+Accept pipeline input: True (ByPropertyName, ByValue)
+Accept wildcard characters: False
+```
+#### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+## ConvertTo-ADSyncToolsCloudAnchor
+### SYNOPSIS
+Convert Base64 Anchor to CloudAnchor
+### SYNTAX
+```
+ConvertTo-ADSyncToolsCloudAnchor [-Anchor] <String> [<CommonParameters>]
+```
+### DESCRIPTION
+Takes a Base64 Anchor like VAAAAFUAcwBlAHIAXwBjADcAMgA5ADAAMwBlAGQALQA3ADgAMQA2AC0ANAAxAGMAZAAtADkAMAA2ADYALQBlAGEAYwAzADMAZAAxADcAMQBkADcANwAAAA==
+and converts to the respective CloudAnchor value, e.g.
+User_abc12345-1234-abcd-9876-ab0123456789
+### EXAMPLES
+#### EXAMPLE 1
+```
+ConvertTo-ADSyncToolsCloudAnchor "VAAAAFUAcwBlAHIAXwBjADcAMgA5ADAAMwBlAGQALQA3ADgAMQA2AC0ANAAxAGMAZAAtADkAMAA2ADYALQBlAGEAYwAzADMAZAAxADcAMQBkADcANwAAAA=="
+```
+#### EXAMPLE 2
+```
+"VAAAAFUAcwBlAHIAXwBjADcAMgA5ADAAMwBlAGQALQA3ADgAMQA2AC0ANAAxAGMAZAAtADkAMAA2ADYALQBlAGEAYwAzADMAZAAxADcAMQBkADcANwAAAA==" | ConvertTo-ADSyncToolsCloudAnchor
+```
+### PARAMETERS
+#### -Anchor
+Base64 Anchor
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+Required: True
+Position: 1
+Default value: None
+Accept pipeline input: True (ByPropertyName, ByValue)
+Accept wildcard characters: False
+```
+#### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+## ConvertTo-ADSyncToolsImmutableID
+### SYNOPSIS
+Convert GUID (ObjectGUID / ms-Ds-Consistency-Guid) to a Base64 string
+### SYNTAX
+```
+ConvertTo-ADSyncToolsImmutableID [-Value] <Object> [<CommonParameters>]
+```
+### DESCRIPTION
+Converts a value in GUID, GUID string or byte array format to a Base64 string
+### EXAMPLES
+#### EXAMPLE 1
+```
+ConvertTo-ADSyncToolsImmutableID '88888888-0101-3333-cccc-1234567890cd'
+```
+#### EXAMPLE 2
+```
+'88888888-0101-3333-cccc-1234567890cd' | ConvertTo-ADSyncToolsImmutableID
+```
+### PARAMETERS
+#### -Value
+GUID, GUID string or byte array
+```yaml
+Type: Object
+Parameter Sets: (All)
+Aliases:
+Required: True
+Position: 1
+Default value: None
+Accept pipeline input: True (ByPropertyName, ByValue)
+Accept wildcard characters: False
+```
+#### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+## Export-ADSyncToolsAadDisconnectors
+### SYNOPSIS
+Export Azure AD Disconnector objects
+### SYNTAX
+```
+Export-ADSyncToolsAadDisconnectors [[-SyncObjectType] <Object>] [<CommonParameters>]
+```
+### DESCRIPTION
+Executes CSExport tool to export all Disconnectors to XML and then takes this XML output and converts it to a CSV file
+with: UserPrincipalName, Mail, SourceAnchor, DistinguishedName, CsObjectId, ObjectType, ConnectorId, CloudAnchor
+### EXAMPLES
+#### EXAMPLE 1
+```
+Export-ADSyncToolsDisconnectors -SyncObjectType 'PublicFolder'
+```
+Exports to CSV all PublicFolder Disconnector objects
+#### EXAMPLE 2
+```
+Export-ADSyncToolsDisconnectors
+```
+Exports to CSV all Disconnector objects
+### PARAMETERS
+#### -SyncObjectType
+ObjectType to include in output
+```yaml
+Type: Object
+Parameter Sets: (All)
+Aliases:
+Required: False
+Position: 1
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+#### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+### INPUTS
+Use ObjectType argument in case you want to export Disconnectors for a given object type only
+### OUTPUTS
+Exports a CSV file with Disconnector objects containing:
-## Export-ADSyncToolsConsistencyGuidMigration
+UserPrincipalName, Mail, SourceAnchor, DistinguishedName, CsObjectId, ObjectType, ConnectorId and CloudAnchor
+## Export-ADSyncToolsHybridAadJoinReport
### SYNOPSIS
-Export ConsistencyGuid Report
-
+Generates a report of certificates stored in Active Directory Computer objects, specifically,
+certificates issued by the Hybrid Azure AD join feature.
### SYNTAX
+#### SingleObject
+```
+Export-ADSyncToolsHybridAadJoinReport [-DN] <String> [[-Filename] <String>] [<CommonParameters>]
+```
+#### MultipleObjects
+```
+Export-ADSyncToolsHybridAadJoinReport [-OU] <String> [[-Filename] <String>] [<CommonParameters>]
+```
+### DESCRIPTION
+This tool checks for all certificates present in UserCertificate property of a Computer object in AD and, for each
+non-expired certificate present, validates if the certificate was issued for the Hybrid Azure AD join feature
+(that is, Subject Name is CN={ObjectGUID}).
+Before version 1.4, Azure AD Connect would synchronize to Azure AD any Computer that contained at least one certificate but
+in Azure AD Connect version 1.4 and later, ADSync engine can identify Hybrid Azure AD join certificates and will "cloudfilter"
+(exclude) the computer object from synchronizing to Azure AD unless there's a valid Hybrid Azure AD join certificate present.
+Azure AD Device objects that were already synchronized to AD but do not have a valid Hybrid Azure AD join certificate will be
+deleted from Azure AD (CloudFiltered=TRUE) by Azure AD Connect.
+### EXAMPLES
+#### EXAMPLE 1
+```
+Export-ADSyncToolsHybridAzureADjoinCertificateReport -DN 'CN=Computer1,OU=SYNC,DC=Fabrikam,DC=com'
+```
+#### EXAMPLE 2
+```
+Export-ADSyncToolsHybridAzureADjoinCertificateReport -OU 'OU=SYNC,DC=Fabrikam,DC=com' -Filename "MyHybridAzureADjoinReport.csv" -Verbose
+```
+### PARAMETERS
+#### -DN
+Computer DistinguishedName
+```yaml
+Type: String
+Parameter Sets: SingleObject
+Aliases:
+Required: True
+Position: 1
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+#### -OU
+AD OrganizationalUnit
+```yaml
+Type: String
+Parameter Sets: MultipleObjects
+Aliases:
+Required: True
+Position: 1
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+#### -Filename
+Output CSV filename (optional)
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+Required: False
+Position: 2
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+#### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+### RELATED LINKS
+More Information:
+[Understand Azure AD Connect 1.4.xx.x and device disappearance](/troubleshoot/azure/active-directory/reference-connect-device-disappearance)
+## Export-ADSyncToolsObjects
+### SYNOPSIS
+Export Azure AD Connect Objects to XML files
+### SYNTAX
+#### ObjectId
+```
+Export-ADSyncToolsObjects [-ObjectId] <Object> [-Source] <Object> [-ExportSerialized] [<CommonParameters>]
+```
+#### DistinguishedName
+```
+Export-ADSyncToolsObjects [-DistinguishedName] <Object> [-ConnectorName] <Object> [-ExportSerialized]
+ [<CommonParameters>]
+```
+### DESCRIPTION
+Exports internal ADSync objects from Metaverse and associated connected objects from Connector Spaces
+### EXAMPLES
+#### EXAMPLE 1
+```
+Export-ADSyncToolsObjects -ObjectId '9D220D58-0700-E911-80C8-000D3A3614C0' -Source Metaverse
+```
+#### EXAMPLE 2
+```
+Export-ADSyncToolsObjects -ObjectId '9e220d58-0700-e911-80c8-000d3a3614c0' -Source ConnectorSpace
+```
+#### EXAMPLE 3
+```
+Export-ADSyncToolsObjects -DistinguishedName 'CN=User1,OU=ADSync,DC=Contoso,DC=com' -ConnectorName 'Contoso.com'
+```
+### PARAMETERS
+#### -ObjectId
+ObjectId is the unique identifier of the object in the respective connector space or metaverse
+```yaml
+Type: Object
+Parameter Sets: ObjectId
+Aliases:
+Required: True
+Position: 1
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+#### -Source
+Source is the table where the object resides which can either ConnectorSpace or Metaverse
+```yaml
+Type: Object
+Parameter Sets: ObjectId
+Aliases:
+Required: True
+Position: 2
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+#### -DistinguishedName
+DistinguishedName is the identifier of the object in the respective connector space
+```yaml
+Type: Object
+Parameter Sets: DistinguishedName
+Aliases:
+Required: True
+Position: 1
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+#### -ConnectorName
+ConnectorName is the name of the connector space where the object resides
+```yaml
+Type: Object
+Parameter Sets: DistinguishedName
+Aliases:
+Required: True
+Position: 2
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+#### -ExportSerialized
+ExportSerialized exports additional XML files
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases:
+Required: False
+Position: 3
+Default value: False
+Accept pipeline input: False
+Accept wildcard characters: False
```
-Export-ADSyncToolsConsistencyGuidMigration [-AlternativeLoginId] [-UserPrincipalName] <String>
+#### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+## Export-ADSyncToolsRunHistory
+### SYNOPSIS
+Export Azure AD Connect Run History
+### SYNTAX
+```
+Export-ADSyncToolsRunHistory [-TargetName] <String> [<CommonParameters>]
+```
+### DESCRIPTION
+Function to export Azure AD Connect Run Profile and Run Step results to CSV and XML format respectively.
+The resulting Run Profile CSV file can be imported into a spreadsheet and the Run Step XML file can be imported with Import-Clixml
+### EXAMPLES
+#### EXAMPLE 1
+```
+Export-ADSyncToolsRunHistory -TargetName MyADSyncHistory
+```
+### PARAMETERS
+#### -TargetName
+Name of the output file
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+Required: True
+Position: 1
+Default value: None
+Accept pipeline input: True (ByPropertyName, ByValue)
+Accept wildcard characters: False
+```
+#### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+## Export-ADSyncToolsSourceAnchorReport
+### SYNOPSIS
+Export ms-ds-Consistency-Guid Report
+### SYNTAX
+```
+Export-ADSyncToolsSourceAnchorReport [-AlternativeLoginId] [-UserPrincipalName] <String>
[-ImmutableIdGUID] <String> [-Output] <String> [<CommonParameters>] ```- ### DESCRIPTION
-Generates a ConsistencyGuid report based on an import CSV file from Import-ADSyncToolsImmutableIdMigration
-
+Generates a ms-ds-Consistency-Guid report based on an import CSV file from Import-ADSyncToolsSourceAnchor
### EXAMPLES- #### EXAMPLE 1 ```
-Import-Csv .\AllSyncUsers.csv | Export-ADSyncToolsConsistencyGuidMigration -Output ".\AllSyncUsers-Report"
+Import-Csv .\AllSyncUsers.csv | Export-ADSyncToolsSourceAnchorReport -Output ".\AllSyncUsers-Report"
```- #### EXAMPLE 2 ``` Another example of how to use this cmdlet ```- ### PARAMETERS- #### -AlternativeLoginId Use Alternative Login ID (mail)- ```yaml Type: SwitchParameter Parameter Sets: (All) Aliases:- Required: False Position: Named Default value: False Accept pipeline input: False Accept wildcard characters: False ```- #### -UserPrincipalName UserPrincipalName- ```yaml Type: String Parameter Sets: (All) Aliases:- Required: True Position: 1 Default value: None Accept pipeline input: True (ByPropertyName, ByValue) Accept wildcard characters: False ```- #### -ImmutableIdGUID ImmutableIdGUID- ```yaml Type: String Parameter Sets: (All) Aliases:- Required: True Position: 2 Default value: None Accept pipeline input: True (ByPropertyName, ByValue) Accept wildcard characters: False ```- #### -Output Output filename for CSV and LOG files- ```yaml Type: String Parameter Sets: (All) Aliases:- Required: True Position: 3 Default value: None Accept pipeline input: False Accept wildcard characters: False ```- #### CommonParameters
-This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.
-For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
-
-## Get-ADSyncSQLBrowserInstances
-
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+## Get-ADSyncToolsAadObject
### SYNOPSIS
-{{Fill in the Synopsis}}
-
+Get synced objects for a given SyncObjectType
### SYNTAX- ```
-Get-ADSyncSQLBrowserInstances [[-hostName] <String>]
+Get-ADSyncToolsAadObject [-SyncObjectType] <Object> [-Credential] <PSCredential> [<CommonParameters>]
```- ### DESCRIPTION
-{{Fill in the Description}}
-
+Reads from Azure AD all synced objects for a given object class (SyncObjectType).
### EXAMPLES-
-#### Example 1
-```powershell
-PS C:\> {{ Add example code here }}
+#### EXAMPLE 1
+```
+Get-ADSyncToolsAadObject -SyncObjectType 'publicFolder' -Credential $(Get-Credential)
+```
+### PARAMETERS
+#### -SyncObjectType
+Object Type
+```yaml
+Type: Object
+Parameter Sets: (All)
+Aliases:
+Required: True
+Position: 1
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+#### -Credential
+Azure AD Global Admin Credential
+```yaml
+Type: PSCredential
+Parameter Sets: (All)
+Aliases:
+Required: True
+Position: 2
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
```
-{{ Add example description here }}
+#### CommonParameters
-### PARAMETERS
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
-#### -hostName
-{{Fill hostName Description}}
+### OUTPUTS
+This cmdlet returns the "Shadow" properties that are synchronized by the sync client, which might be different than the actual value stored in the respective property of Azure AD. For instance, a user's UPN that is synchronized with a non-verified domain suffix 'user@nonverified.domain', will have the UPN suffix in Azure AD converted to the tenant's default domain, 'user@tenantname.onmicrosoft.com'. In this case, Get-ADSyncToolsAadObject will return the "Shadow" value of 'user@nonverified.domain', and not the actual value in Azure AD 'user@tenantname.onmicrosoft.com'.
+
+## Get-ADSyncToolsMsDsConsistencyGuid
+### SYNOPSIS
+Get an Active Directory object ms-ds-ConsistencyGuid
+### SYNTAX
+```
+Get-ADSyncToolsMsDsConsistencyGuid [-Identity] <Object> [<CommonParameters>]
+```
+### DESCRIPTION
+Returns the value in mS-DS-ConsistencyGuid attribute of the target Active Directory object in GUID format.
+Supports Active Directory objects in multi-domain forests.
+### EXAMPLES
+#### EXAMPLE 1
+```
+Get-ADSyncToolsMsDsConsistencyGuid -Identity 'CN=User1,OU=Sync,DC=Contoso,DC=com'
+```
+#### EXAMPLE 2
+```
+Get-ADSyncToolsMsDsConsistencyGuid -Identity 'User1@Contoso.com'
+```
+#### EXAMPLE 3
+```
+'User1@Contoso.com' | Get-ADSyncToolsMsDsConsistencyGuid
+```
+### PARAMETERS
+#### -Identity
+Target object in AD to get
+```yaml
+Type: Object
+Parameter Sets: (All)
+Aliases:
+Required: True
+Position: 1
+Default value: None
+Accept pipeline input: True (ByPropertyName, ByValue)
+Accept wildcard characters: False
+```
+#### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+## Get-ADSyncToolsRunHistory
+### SYNOPSIS
+Get Azure AD Connect Run History
+### SYNTAX
+```
+Get-ADSyncToolsRunHistory [[-Days] <Int32>] [<CommonParameters>]
+```
+### DESCRIPTION
+Function that returns the Azure AD Connect Run History in XML format
+### EXAMPLES
+#### EXAMPLE 1
+```
+Get-ADSyncToolsRunHistory
+```
+#### EXAMPLE 2
+```
+Get-ADSyncToolsRunHistory -Days 3
+```
+### PARAMETERS
+#### -Days
+Number of days back to collect History (default = 1)
+```yaml
+Type: Int32
+Parameter Sets: (All)
+Aliases:
+Required: False
+Position: 1
+Default value: 1
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+#### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+## Get-ADSyncToolsRunHistoryLegacyWmi
+### SYNOPSIS
+Get Azure AD Connect Run History for older versions of Azure AD Connect (WMI)
+### SYNTAX
+```
+Get-ADSyncToolsRunHistoryLegacyWmi [[-Days] <Int32>] [<CommonParameters>]
+```
+### DESCRIPTION
+Function that returns the Azure AD Connect Run History in XML format
+### EXAMPLES
+#### EXAMPLE 1
+```
+Get-ADSyncToolsRunHistory
+```
+#### EXAMPLE 2
+```
+Get-ADSyncToolsRunHistory -Days 3
+```
+### PARAMETERS
+#### -Days
+Number of days back to collect History (default = 1)
+```yaml
+Type: Int32
+Parameter Sets: (All)
+Aliases:
+Required: False
+Position: 1
+Default value: 1
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+#### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+## Get-ADSyncToolsSqlBrowserInstances
+### SYNOPSIS
+Get SQL Server Instances from SQL Browser service
+### SYNTAX
+```
+Get-ADSyncToolsSqlBrowserInstances [[-Server] <String>]
+```
+### DESCRIPTION
+SQL Diagnostics related functions and utilities
+### EXAMPLES
+#### EXAMPLE 1
+```
+Get-ADSyncToolsSqlBrowserInstances -Server 'sqlserver01'
+```
+### PARAMETERS
+#### -Server
+SQL Server Name
```yaml Type: String Parameter Sets: (All) Aliases:- Required: False
-Position: 0
+Position: 1
Default value: None Accept pipeline input: False Accept wildcard characters: False ```-
-## Get-ADSyncToolsADuser
-
+## Get-ADSyncToolsTenantAzureEnvironment
### SYNOPSIS
-Get user from AD
-
+Helper function to get which Azure environment the user belongs.
### SYNTAX- ```
-Get-ADSyncToolsADuser [-User] <Object> [<CommonParameters>]
+Get-ADSyncToolsTenantAzureEnvironment [-Credential] <PSCredential> [<CommonParameters>]
```- ### DESCRIPTION
-Returns an AD object
-TO DO: Multi forest support
+This function will call Oauth discovery endpoint to get CloudInstance and
+tenant_region_scope to determine the Azure environment.
+https://login.microsoftonline.com/{tenant}/.well-known/openid-configuration
### EXAMPLES- #### EXAMPLE 1 ```
-Example of how to use this cmdlet
-```
-
-#### EXAMPLE 2
-```
-Another example of how to use this cmdlet
+Get-ADSyncToolsTenantAzureEnvironment -Credential (Get-Credential)
```- ### PARAMETERS-
-#### -User
-Target User in AD to set ConsistencyGuid
+#### -Credential
+The user's PowerShell Credential object:
```yaml
-Type: Object
+Type: PSCredential
Parameter Sets: (All) Aliases:- Required: True Position: 1 Default value: None
-Accept pipeline input: True (ByPropertyName, ByValue)
+Accept pipeline input: False
Accept wildcard characters: False ``` #### CommonParameters
-This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.
-For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
-
-## Get-ADSyncToolsConsistencyGuid
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+### INPUTS
+The user's PowerShell Credential object
+### OUTPUTS
+The Azure environment (string)
+## Get-ADSyncToolsTls12
### SYNOPSIS
-Get the mS-Ds-ConsistencyGuid from AD User
-
+Gets Client\Server TLS 1.2 settings for .NET Framework
### SYNTAX- ```
-Get-ADSyncToolsConsistencyGuid [-User] <Object> [<CommonParameters>]
+Get-ADSyncToolsTls12 [<CommonParameters>]
```- ### DESCRIPTION
-Returns the value in mS-Ds-ConsistencyGuid attribute of the target AD user in GUID format
+Reads information from the Registry regarding TLS 1.2 for .NET Framework:
+
+| Path | Name |
+| | |
+| HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319 | SystemDefaultTlsVersions |
+| HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319 | SchUseStrongCrypto |
+| HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 | SystemDefaultTlsVersions |
+| HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 | SchUseStrongCrypto |
+| HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server | Enabled |
+| HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server | DisabledByDefault |
+| HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client | Enabled |
+| HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client | DisabledByDefault |
### EXAMPLES- #### EXAMPLE 1 ```
-Example of how to use this cmdlet
+Get-ADSyncToolsTls12
```
+### PARAMETERS
+#### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+### RELATED LINKS
+More Information:
+[TLS 1.2 enforcement for Azure AD Connect](reference-connect-tls-enforcement.md)
-#### EXAMPLE 2
+## Import-ADSyncToolsObjects
+### SYNOPSIS
+Import Azure AD Connect Object from XML file
+### SYNTAX
```
-Another example of how to use this cmdlet
+Import-ADSyncToolsObjects [-Path] <String> [<CommonParameters>]
+```
+### DESCRIPTION
+Imports an internal ADSync object from XML file that was exported using Export-ADSyncToolsObjects
+### EXAMPLES
+#### EXAMPLE 1
+```
+Import-ADSyncToolsObjects -Path .\20210224-003104_81275a23-0168-eb11-80de-00155d188c11_MV.xml
```- ### PARAMETERS-
-#### -User
-Target User in AD to set
-
+#### -Path
+Path for the XML file to import
```yaml
-Type: Object
+Type: String
Parameter Sets: (All) Aliases:- Required: True Position: 1 Default value: None Accept pipeline input: True (ByPropertyName, ByValue) Accept wildcard characters: False ```- #### CommonParameters
-This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.
-For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
-
-## Get-ADSyncToolsObjectGuid
-
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+## Import-ADSyncToolsRunHistory
### SYNOPSIS
-Get the ObjectGuid from AD User
-
+Import Azure AD Connect Run History
### SYNTAX- ```
-Get-ADSyncToolsObjectGuid [-User] <Object> [<CommonParameters>]
+Import-ADSyncToolsRunHistory [-Path] <String> [<CommonParameters>]
```- ### DESCRIPTION
-Returns the value in ObjectGUID attribute of the target AD user in GUID format
-
+Function to Import Azure AD Connect Run Step results from XML created using Export-ADSyncToolsRunHistory
### EXAMPLES- #### EXAMPLE 1 ```
-Example of how to use this cmdlet
-```
-
-#### EXAMPLE 2
-```
-Another example of how to use this cmdlet
+Export-ADSyncToolsRunHistory -Path .\RunHistory-RunStep.xml
```- ### PARAMETERS-
-#### -User
-Target User in AD to set
-
+#### -Path
+Path for the XML file to import
```yaml
-Type: Object
+Type: String
Parameter Sets: (All) Aliases:- Required: True Position: 1 Default value: None Accept pipeline input: True (ByPropertyName, ByValue) Accept wildcard characters: False ```- #### CommonParameters
-This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.
-For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
-
-## Get-ADSyncToolsRunHistory
-
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+## Import-ADSyncToolsSourceAnchor
### SYNOPSIS
-Get AAD Connect Run History
-
+Import ImmutableID from Azure AD
### SYNTAX- ```
-Get-ADSyncToolsRunHistory [[-Days] <Int32>] [<CommonParameters>]
+Import-ADSyncToolsSourceAnchor [-Output] <String> [-IncludeSyncUsersFromRecycleBin] [<CommonParameters>]
```- ### DESCRIPTION
-Function that returns the AAD Connect Run History in XML format
-
+Generates a file with all Azure AD Synchronized users containing the ImmutableID value in GUID format
+Requirements: MSOnline PowerShell Module
### EXAMPLES- #### EXAMPLE 1 ```
-Get-ADSyncToolsRunHistory
+Import-ADSyncToolsSourceAnchor -OutputFile '.\AllSyncUsers.csv'
```- #### EXAMPLE 2 ```
-Get-ADSyncToolsRunHistory -Days 1
+Another example of how to use this cmdlet
```- ### PARAMETERS-
-#### -Days
-{{Fill Days Description}}
-
+#### -Output
+Output CSV file
```yaml
-Type: Int32
+Type: String
Parameter Sets: (All) Aliases:-
-Required: False
+Required: True
Position: 1
-Default value: 3
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+#### -IncludeSyncUsersFromRecycleBin
+Get Synchronized Users from Azure AD Recycle Bin
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases:
+Required: False
+Position: Named
+Default value: False
Accept pipeline input: False Accept wildcard characters: False ```- #### CommonParameters
-This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.
-For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
-
-## Get-ADSyncToolsSourceAnchorChanged
-
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+## Invoke-ADSyncToolsSqlQuery
### SYNOPSIS
-Get users with SourceAnchor changed errors
-
+Invoke a SQL query against a database for testing purposes
### SYNTAX- ```
-Get-ADSyncToolsSourceAnchorChanged [-sourcePath] <Object> [-outputPath] <Object> [<CommonParameters>]
+Invoke-ADSyncToolsSqlQuery [-SqlConnection] <SqlConnection> [[-Query] <String>] [<CommonParameters>]
```- ### DESCRIPTION
-Function queries AAD Connect Run History and exports all the users reporting the Error:
- "SourceAnchor attribute has changed."
-
+SQL Diagnostics related functions and utilities
### EXAMPLES- #### EXAMPLE 1 ```
-#Required Parameters
+New-ADSyncToolsSqlConnection -Server SQLserver01.Contoso.com -Port 49823 | Invoke-ADSyncToolsSqlQuery
```-
-$sourcePath = Read-Host -Prompt "Enter your log file path with file name" #"\<Source_Path\>"
- $outputPath = Read-Host -Prompt "Enter your out file path with file name" #"\<Out_Path\>"
-
- Get-ADSyncToolsUsersSourceAnchorChanged -sourcePath $sourcePath -outputPath $outputPath
- #### EXAMPLE 2 ```
-Another example of how to use this cmdlet
+$sqlConn = New-ADSyncToolsSqlConnection -Server SQLserver01.Contoso.com -Port 49823
```-
+Invoke-ADSyncToolsSqlQuery -SqlConnection $sqlConn -Query 'SELECT *, database_id FROM sys.databases'
### PARAMETERS-
-#### -sourcePath
-{{Fill sourcePath Description}}
-
+#### -SqlConnection
+SQL Connection
```yaml
-Type: Object
+Type: SqlConnection
Parameter Sets: (All) Aliases:- Required: True Position: 1 Default value: None
-Accept pipeline input: False
+Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False ```-
-#### -outputPath
-{{Fill outputPath Description}}
-
+#### -Query
+SQL Query
```yaml
-Type: Object
+Type: String
Parameter Sets: (All) Aliases:-
-Required: True
+Required: False
Position: 2
-Default value: None
+Default value: SELECT name, database_id FROM sys.databases
Accept pipeline input: False Accept wildcard characters: False ```- #### CommonParameters
-This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.
-For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
-
-## Import-ADSyncToolsImmutableIdMigration
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+## Remove-ADSyncToolsAadObject
### SYNOPSIS
-Import ImmutableID from AAD
-
+Remove orphaned synced object from Azure AD
### SYNTAX-
+#### CsvInput
```
-Import-ADSyncToolsImmutableIdMigration [-Output] <String> [-IncludeSyncUsersFromRecycleBin]
+Remove-ADSyncToolsAadObject [-Credential] <PSCredential> [-InputCsvFilename] <Object> [-WhatIf] [-Confirm]
[<CommonParameters>] ```-
+#### ObjectInput
+```
+Remove-ADSyncToolsAadObject [-Credential] <PSCredential> [-SourceAnchor] <Object> [-SyncObjectType] <Object>
+ [-WhatIf] [-Confirm] [<CommonParameters>]
+```
### DESCRIPTION
-Generates a file with all Azure AD Synchronized users containing the ImmutableID value in GUID format
-Requirements: MSOnline PowerShell Module
-
+Deletes from Azure AD a synced object(s) based on SourceAnchor and ObjecType in batches of 10 objects
+The CSV file can be generated using Export-ADSyncToolsAadDisconnectors
### EXAMPLES- #### EXAMPLE 1 ```
-Import-ADSyncToolsImmutableIdMigration -OutputFile '.\AllSyncUsers.csv'
+Remove-ADSyncToolsAadObject -InputCsvFilename .\DeleteObjects.csv -Credential (Get-Credential)
```- #### EXAMPLE 2 ```
-Another example of how to use this cmdlet
+Remove-ADSyncToolsAadObject -SourceAnchor '2epFRNMCPUqhysJL3SWL1A==' -SyncObjectType 'publicFolder' -Credential (Get-Credential)
```- ### PARAMETERS-
-#### -Output
-Output CSV file
-
+#### -Credential
+Azure AD Global Admin Credential
```yaml
-Type: String
+Type: PSCredential
Parameter Sets: (All) Aliases:- Required: True Position: 1 Default value: None
-Accept pipeline input: False
+Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False ```-
-#### -IncludeSyncUsersFromRecycleBin
-Get Synchronized Users from Azure AD Recycle Bin
-
+#### -InputCsvFilename
+CSV Input filename
```yaml
-Type: SwitchParameter
-Parameter Sets: (All)
+Type: Object
+Parameter Sets: CsvInput
Aliases:-
-Required: False
-Position: Named
-Default value: False
-Accept pipeline input: False
+Required: True
+Position: 2
+Default value: None
+Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False ```-
-#### CommonParameters
-This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.
-For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
--
-## Invoke-AdSyncDatabaseQuery
-
-### SYNOPSIS
-{{Fill in the Synopsis}}
-
-### SYNTAX
-
-```
-Invoke-AdSyncDatabaseQuery [-SqlConnection] <SqlConnection> [[-Query] <String>] [<CommonParameters>]
+#### -SourceAnchor
+Object SourceAnchor
+```yaml
+Type: Object
+Parameter Sets: ObjectInput
+Aliases:
+Required: True
+Position: 2
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
```-
-### DESCRIPTION
-{{Fill in the Description}}
-
-### EXAMPLES
-
-#### Example 1
-```powershell
-PS C:\> {{ Add example code here }}
+#### -SyncObjectType
+Object Type
+```yaml
+Type: Object
+Parameter Sets: ObjectInput
+Aliases:
+Required: True
+Position: 3
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
```-
-{{ Add example description here }}
-
-### PARAMETERS
-
-#### -Query
-{{Fill Query Description}}
-
+#### -WhatIf
+Shows what would happen if the cmdlet runs.
+The cmdlet is not run.
```yaml
-Type: String
+Type: SwitchParameter
Parameter Sets: (All)
-Aliases:
-
+Aliases: wi
Required: False
-Position: 1
+Position: Named
Default value: None Accept pipeline input: False Accept wildcard characters: False ```-
-#### -SqlConnection
-{{Fill SqlConnection Description}}
-
+#### -Confirm
+Prompts you for confirmation before running the cmdlet.
```yaml
-Type: SqlConnection
+Type: SwitchParameter
Parameter Sets: (All)
-Aliases:
-
-Required: True
-Position: 0
+Aliases: cf
+Required: False
+Position: Named
Default value: None Accept pipeline input: False Accept wildcard characters: False ```- #### CommonParameters
-This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.
-For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
-
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+### INPUTS
+InputCsvFilename must point to a CSV file with at least 2 columns: SourceAnchor, SyncObjectType
+### OUTPUTS
+Shows results from ExportDeletions operation
+DISCLAIMER: Other than User objects that have a Recycle Bin, any other object types DELETED with this function cannot be RECOVERED!
## Remove-ADSyncToolsExpiredCertificates- ### SYNOPSIS Script to Remove Expired Certificates from UserCertificate Attribute- ### SYNTAX- ``` Remove-ADSyncToolsExpiredCertificates [-TargetOU] <String> [[-BackupOnly] <Boolean>] [-ObjectClass] <String> [<CommonParameters>] ```- ### DESCRIPTION This script takes all the objects from a target Organizational Unit in your Active Directory domain - filtered by Object Class (User/Computer) and deletes all expired certificates present in the UserCertificate attribute. By default (BackupOnly mode) it will only backup expired certificates to a file and not do any changes in AD.
-If you use -BackupOnly $false then any Expired Certificate present in UserCertificate attribute for these objects will be removed from AD after being copied to file.
+If you use -BackupOnly $false then any Expired Certificate present in UserCertificate attribute for these objects will be removed from Active Directory after being copied to file.
Each certificate will be backed up to a separated filename: ObjectClass_ObjectGUID_CertThumprint.cer The script will also create a log file in CSV format showing all the users with certificates that either are valid or expired including the actual action taken (Skipped/Exported/Deleted).- ### EXAMPLES- #### EXAMPLE 1 ``` Check all users in target OU - Expired Certificates will be copied to separated files and no certificates will be removed ```- Remove-ADSyncToolsExpiredCertificates -TargetOU "OU=Users,OU=Corp,DC=Contoso,DC=com" -ObjectClass user- #### EXAMPLE 2 ``` Delete Expired Certs from all Computer objects in target OU - Expired Certificates will be copied to files and removed from AD ```- Remove-ADSyncToolsExpiredCertificates -TargetOU "OU=Computers,OU=Corp,DC=Contoso,DC=com" -ObjectClass computer -BackupOnly $false- ### PARAMETERS- #### -TargetOU Target OU to lookup for AD objects- ```yaml Type: String Parameter Sets: (All) Aliases:- Required: True Position: 1 Default value: None Accept pipeline input: False Accept wildcard characters: False ```- #### -BackupOnly BackupOnly will not delete any certificates from AD- ```yaml Type: Boolean Parameter Sets: (All) Aliases:- Required: False Position: 2 Default value: True Accept pipeline input: False Accept wildcard characters: False ```- #### -ObjectClass Object Class filter- ```yaml Type: String Parameter Sets: (All) Aliases:- Required: True Position: 3 Default value: None Accept pipeline input: False Accept wildcard characters: False ```- #### CommonParameters
-This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.
-For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
-
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
## Repair-ADSyncToolsAutoUpgradeState- ### SYNOPSIS
-Short description
-
+Repair Azure AD Connect AutoUpgrade State
### SYNTAX- ``` Repair-ADSyncToolsAutoUpgradeState ```- ### DESCRIPTION
-Long description
-
+Fixes an issue with AutoUpgrade introduced in build 1.1.524 (May 2017) which disables the online checking
+of new versions while AutoUpgrade is enabled.
### EXAMPLES- #### EXAMPLE 1 ```
-Example of how to use this cmdlet
-```
-
-#### EXAMPLE 2
-```
-Another example of how to use this cmdlet
-```
-
-## Resolve-ADSyncHostAddress
-
+Repair-ADSyncToolsAutoUpgradeState
+```
+## Resolve-ADSyncToolsSqlHostAddress
### SYNOPSIS
-{{Fill in the Synopsis}}
-
+Resolve a SQL server name
### SYNTAX- ```
-Resolve-ADSyncHostAddress [[-hostName] <String>]
+Resolve-ADSyncToolsSqlHostAddress [-Server] <String> [<CommonParameters>]
```- ### DESCRIPTION
-{{Fill in the Description}}
-
+SQL Diagnostics related functions and utilities
### EXAMPLES-
-#### Example 1
-```powershell
-PS C:\> {{ Add example code here }}
+#### EXAMPLE 1
+```
+Resolve-ADSyncToolsSqlHostAddress -Server 'sqlserver01'
```-
-{{ Add example description here }}
- ### PARAMETERS-
-#### -hostName
-{{Fill hostName Description}}
-
+#### -Server
+SQL Server Name
```yaml Type: String Parameter Sets: (All) Aliases:-
-Required: False
-Position: 0
+Required: True
+Position: 1
Default value: None Accept pipeline input: False Accept wildcard characters: False ```-
-## Restore-ADSyncToolsExpiredCertificates
-
+#### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+## Search-ADSyncToolsADobject
### SYNOPSIS
-(TO DO) Restores AD UserCertificate attribute from a certificate file
-
+Search an Active Directory object in Active Directory Forest by its UserPrincipalName, sAMAccountName or DistinguishedName
### SYNTAX- ```
-Restore-ADSyncToolsExpiredCertificates
+Search-ADSyncToolsADobject [-Identity] <Object> [<CommonParameters>]
```- ### DESCRIPTION
-Long description
-
+Supports multi-domain queries and returns all the required properties including mS-DS-ConsistencyGuid.
### EXAMPLES- #### EXAMPLE 1 ```
-Example of how to use this cmdlet
+Search-ADSyncToolsADobject 'CN=user1,OU=Sync,DC=Contoso,DC=com'
```- #### EXAMPLE 2 ```
-Another example of how to use this cmdlet
+Search-ADSyncToolsADobject -Identity "user1@Contoso.com"
```-
-## Set-ADSyncToolsConsistencyGuid
-
+#### EXAMPLE 3
+```
+Get-ADUser 'CN=user1,OU=Sync,DC=Contoso,DC=com' | Search-ADSyncToolsADobject
+```
+### PARAMETERS
+#### -Identity
+Target User in AD to set ConsistencyGuid
+```yaml
+Type: Object
+Parameter Sets: (All)
+Aliases:
+Required: True
+Position: 1
+Default value: None
+Accept pipeline input: True (ByPropertyName, ByValue)
+Accept wildcard characters: False
+```
+#### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+## Set-ADSyncToolsMsDsConsistencyGuid
### SYNOPSIS
-Set mS-Ds-ConsistencyGuid on AD User
-
+Set an Active Directory object ms-ds-ConsistencyGuid
### SYNTAX- ```
-Set-ADSyncToolsConsistencyGuid [-User] <Object> [-Value] <Object> [<CommonParameters>]
+Set-ADSyncToolsMsDsConsistencyGuid [-Identity] <Object> [-Value] <Object> [<CommonParameters>]
```- ### DESCRIPTION
-Set a value in mS-Ds-ConsistencyGuid attribute for the target AD user
-
+Sets a value in mS-DS-ConsistencyGuid attribute for the target Active Directory user.
+Supports Active Directory objects in multi-domain forests.
### EXAMPLES- #### EXAMPLE 1 ```
-Example of how to use this cmdlet
+Set-ADSyncToolsMsDsConsistencyGuid -Identity 'CN=User1,OU=Sync,DC=Contoso,DC=com' -Value '88666888-0101-1111-bbbb-1234567890ab'
```- #### EXAMPLE 2 ```
-Another example of how to use this cmdlet
+Set-ADSyncToolsMsDsConsistencyGuid -Identity 'CN=User1,OU=Sync,DC=Contoso,DC=com' -Value 'GGhsjYwBEU+buBsE4sqhtg=='
+```
+#### EXAMPLE 3
+```
+Set-ADSyncToolsMsDsConsistencyGuid 'User1@Contoso.com' '8d6c6818-018c-4f11-9bb8-1b04e2caa1b6'
+```
+#### EXAMPLE 4
+```
+Set-ADSyncToolsMsDsConsistencyGuid 'User1@Contoso.com' 'GGhsjYwBEU+buBsE4sqhtg=='
+```
+#### EXAMPLE 5
+```
+'88666888-0101-1111-bbbb-1234567890ab' | Set-ADSyncToolsMsDsConsistencyGuid -Identity User1
+```
+#### EXAMPLE 6
+```
+'GGhsjYwBEU+buBsE4sqhtg==' | Set-ADSyncToolsMsDsConsistencyGuid User1
```- ### PARAMETERS-
-#### -User
-Target User in AD to set ConsistencyGuid
-
+#### -Identity
+Target object in AD to set mS-DS-ConsistencyGuid
```yaml Type: Object Parameter Sets: (All) Aliases:- Required: True Position: 1 Default value: None Accept pipeline input: True (ByPropertyName, ByValue) Accept wildcard characters: False ```- #### -Value
-ImmutableId (Byte array, GUID, GUID string or Base64 string)
-
+Value to set (ImmutableId, Byte array, GUID, GUID string or Base64 string)
```yaml Type: Object Parameter Sets: (All) Aliases:- Required: True Position: 2 Default value: None Accept pipeline input: True (ByPropertyName, ByValue) Accept wildcard characters: False ```- #### CommonParameters
-This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.
-For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
-
-## Test-ADSyncNetworkPort
-
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+## Set-ADSyncToolsTls12
### SYNOPSIS
-{{Fill in the Synopsis}}
-
+Sets Client\Server TLS 1.2 settings for .NET Framework
### SYNTAX- ```
-Test-ADSyncNetworkPort [[-hostName] <String>] [[-port] <String>]
+Set-ADSyncToolsTls12 [[-Enabled] <Boolean>] [<CommonParameters>]
```- ### DESCRIPTION
-{{Fill in the Description}}
-
-### EXAMPLES
+Sets the registry entries to enable/disable TLS 1.2 for .NET Framework:
-#### Example 1
-```powershell
-PS C:\> {{ Add example code here }}
-```
+| Path | Name |
+| | |
+| HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319 | SystemDefaultTlsVersions |
+| HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319 | SchUseStrongCrypto |
+| HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 | SystemDefaultTlsVersions |
+| HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 | SchUseStrongCrypto |
+| HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server | Enabled |
+| HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server | DisabledByDefault |
+| HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client | Enabled |
+| HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client | DisabledByDefault |
-{{ Add example description here }}
+Running the cmdlet without any parameters will enable TLS 1.2 for .NET Framework
+### EXAMPLES
+#### EXAMPLE 1
+```
+Set-ADSyncToolsTls12
+```
+#### EXAMPLE 2
+```
+Set-ADSyncToolsTls12 -Enabled $true
+```
### PARAMETERS
+#### -Enabled
+TLS 1.2 Enabled
+```yaml
+Type: Boolean
+Parameter Sets: (All)
+Aliases:
+Required: False
+Position: 1
+Default value: True
+Accept pipeline input: True (ByPropertyName, ByValue)
+Accept wildcard characters: False
+```
+#### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+### RELATED LINKS
+More Information:
+[TLS 1.2 enforcement for Azure AD Connect](reference-connect-tls-enforcement.md)
-#### -hostName
-{{Fill hostName Description}}
-
+## Test-ADSyncToolsSqlNetworkPort
+### SYNOPSIS
+Test the SQL Server network port
+### SYNTAX
+```
+Test-ADSyncToolsSqlNetworkPort [[-Server] <String>] [[-Port] <String>]
+```
+### DESCRIPTION
+SQL Diagnostics related functions and utilities
+### EXAMPLES
+#### EXAMPLE 1
+```
+Test-ADSyncToolsSqlNetworkPort -Server 'sqlserver01'
+```
+#### EXAMPLE 2
+```
+Test-ADSyncToolsSqlNetworkPort -Server 'sqlserver01' -Port 1433
+```
+### PARAMETERS
+#### -Server
+SQL Server Name
```yaml Type: String Parameter Sets: (All) Aliases:- Required: False
-Position: 0
+Position: 1
Default value: None Accept pipeline input: False Accept wildcard characters: False ```-
-#### -port
-{{Fill port Description}}
-
+#### -Port
+SQL Server Port
```yaml Type: String Parameter Sets: (All) Aliases:- Required: False
-Position: 1
+Position: 2
Default value: None Accept pipeline input: False Accept wildcard characters: False ```- ## Trace-ADSyncToolsADImport- ### SYNOPSIS
-Creates a trace file from and AD Import Step
-
+Creates a trace file from an Active Directory Import Step
### SYNTAX-
+#### ADConnectorXML
```
-Trace-ADSyncToolsADImport [[-ADConnectorXML] <String>] [[-dc] <String>] [[-rootDN] <String>]
- [[-filter] <String>] [-SkipCredentials] [[-ADwatermark] <String>] [<CommonParameters>]
+Trace-ADSyncToolsADImport [-DC] <String> [-RootDN] <String> [[-Filter] <String>] [[-Credential] <PSCredential>]
+ [-SSL] [-ADConnectorXML] <String> [<CommonParameters>]
+```
+#### ADwatermarkInput
+```
+Trace-ADSyncToolsADImport [-DC] <String> [-RootDN] <String> [[-Filter] <String>] [[-Credential] <PSCredential>]
+ [-SSL] [-ADwatermark] <String> [<CommonParameters>]
```- ### DESCRIPTION
-Traces all ldap queries of an AAD Connect AD Import run from a given AD watermark checkpoint (partition cookie).
+Traces all LDAP queries of an Active Directory Import run from a given Active Directory watermark checkpoint (also called a partition cookie).
Creates a trace file '.\ADimportTrace_yyyyMMddHHmmss.log' on the current folder.-
+To use -ADConnectorXML, go to the Synchronization Service Manager, right-click your AD Connector and select "Export Connector..."
### EXAMPLES- #### EXAMPLE 1 ```
-Example of how to use this cmdlet
+Trace Active Directory Import for user objects by providing an AD Connector XML file
```-
+Trace-ADSyncToolsADImport -DC 'DC1.contoso.com' -RootDN 'DC=Contoso,DC=com' -Filter '(&(objectClass=user))' -ADConnectorXML .\ADConnector.xml
#### EXAMPLE 2 ```
-Another example of how to use this cmdlet
+Trace Active Directory Import for all objects by providing the Active Directory watermark (cookie) and AD Connector credential
```-
+$creds = Get-Credential
+Trace-ADSyncToolsADImport -DC 'DC1.contoso.com' -RootDN 'DC=Contoso,DC=com' -Credential $creds -ADwatermark "TVNEUwMAAAAXyK9ir1zSAQAAAAAAAAAA(...)"
### PARAMETERS-
-#### -ADConnectorXML
-{{Fill ADConnectorXML Description}}
-
+#### -DC
+Target Domain Controller
```yaml Type: String Parameter Sets: (All) Aliases:-
-Required: False
+Required: True
Position: 1 Default value: None Accept pipeline input: False Accept wildcard characters: False ```-
-#### -dc
-XML file of AD Connector Export
-
+#### -RootDN
+Forest Root DN
```yaml Type: String Parameter Sets: (All) Aliases:-
-Required: False
+Required: True
Position: 2
-Default value: DC1.domain.contoso.com
+Default value: None
Accept pipeline input: False Accept wildcard characters: False ```-
-#### -rootDN
-Target Domain Controller
-
+#### -Filter
+AD objects type to trace.
+Use '(&(objectClass=*))' for all object types
```yaml Type: String Parameter Sets: (All) Aliases:- Required: False Position: 3
-Default value: DC=Domain,DC=Contoso,DC=com
+Default value: (&(objectClass=*))
Accept pipeline input: False Accept wildcard characters: False ```-
-#### -filter
-Forest Root DN
-
+#### -Credential
+Provide the credential to run LDAP query against AD
```yaml
-Type: String
+Type: PSCredential
Parameter Sets: (All) Aliases:- Required: False Position: 4
-Default value: (&(objectClass=*))
+Default value: None
Accept pipeline input: False Accept wildcard characters: False ```-
-#### -SkipCredentials
-Types of AD objects to trace \> * = all object types
-
+#### -SSL
+SSL Connection
```yaml Type: SwitchParameter Parameter Sets: (All) Aliases:- Required: False
-Position: Named
+Position: 5
Default value: False Accept pipeline input: False Accept wildcard characters: False ```-
+#### -ADConnectorXML
+AD Connector Export XML file - Right-click AD Connector and select "Export Connector..."
+```yaml
+Type: String
+Parameter Sets: ADConnectorXML
+Aliases:
+Required: True
+Position: 6
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
#### -ADwatermark
-If already running as Domain Administrator there's no need to provide AD credentials.
Manual input of watermark, instead of XML file e.g. $ADwatermark = "TVNEUwMAAAAXyK9ir1zSAQAAAAAAAAAA(...)"- ```yaml Type: String
-Parameter Sets: (All)
+Parameter Sets: ADwatermarkInput
Aliases:-
-Required: False
-Position: 5
+Required: True
+Position: 6
Default value: None Accept pipeline input: False Accept wildcard characters: False ```- #### CommonParameters
-This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.
-For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
-
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
## Trace-ADSyncToolsLdapQuery- ### SYNOPSIS
-Short description
-
+Trace LDAP queries
### SYNTAX- ```
-Trace-ADSyncToolsLdapQuery [-Context] <String> [-Server] <String> [-Port] <Int32> [-Filter] <String>
- [<CommonParameters>]
+Trace-ADSyncToolsLdapQuery [-RootDN] <String> [-Credential] <PSCredential> [[-Server] <String>]
+ [[-Port] <Int32>] [-Filter <String>] [<CommonParameters>]
```- ### DESCRIPTION
-Long description
-
+{{ Fill in the Description }}
### EXAMPLES- #### EXAMPLE 1 ```
-Example of how to use this cmdlet
-```
-
-#### EXAMPLE 2
-```
-Another example of how to use this cmdlet
+Trace-ADSyncToolsLdapQuery -RootDN "DC=Contoso,DC=com" -Credential $Credential
```- ### PARAMETERS-
-#### -Context
-Param1 help description
-
+#### -RootDN
+Forest/Domain DistinguishedName
```yaml Type: String Parameter Sets: (All) Aliases:- Required: True Position: 1 Default value: None
-Accept pipeline input: False
+Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False ```-
-#### -Server
-Param2 help description
-
+#### -Credential
+AD Credential
```yaml
-Type: String
+Type: PSCredential
Parameter Sets: (All) Aliases:- Required: True Position: 2
-Default value: Localhost
-Accept pipeline input: False
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+#### -Server
+Domain Controller Name (optional)
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+Required: False
+Position: 3
+Default value: None
+Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False ```- #### -Port
-Param2 help description
-
+Domain Controller port (default: 389)
```yaml Type: Int32 Parameter Sets: (All) Aliases:-
-Required: True
+Required: False
Position: 3 Default value: 389
-Accept pipeline input: False
+Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False ```- #### -Filter
-Param2 help description
-
+LDAP filter (default: objectClass=*)
```yaml Type: String Parameter Sets: (All) Aliases:-
-Required: True
-Position: 4
+Required: False
+Position: Named
Default value: (objectClass=*) Accept pipeline input: False Accept wildcard characters: False ```- #### CommonParameters
-This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.
-For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
-
-## Update-ADSyncToolsConsistencyGuidMigration
-
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+## Update-ADSyncToolsSourceAnchor
### SYNOPSIS Updates users with the new ConsistencyGuid (ImmutableId)- ### SYNTAX- ```
-Update-ADSyncToolsConsistencyGuidMigration [[-DistinguishedName] <String>] [-ImmutableIdGUID] <String>
- [-Action] <String> [-Output] <String> [-WhatIf] [-Confirm] [<CommonParameters>]
+Update-ADSyncToolsSourceAnchor [[-DistinguishedName] <String>] [-ImmutableIdGUID] <String> [-Action] <String>
+ [-Output] <String> [-WhatIf] [-Confirm] [<CommonParameters>]
```- ### DESCRIPTION Updates users with the new ConsistencyGuid (ImmutableId) value taken from the ConsistencyGuid Report This function supports the WhatIf switch
-Note: ConsistencyGuid Report must be imported with Tab Demiliter
-
+Note: ConsistencyGuid Report must be imported with Tab delimiter
### EXAMPLES- #### EXAMPLE 1 ```
-Import-Csv .\AllSyncUsersTEST-Report.csv -Delimiter "`t"| Update-ADSyncToolsConsistencyGuidMigration -Output .\AllSyncUsersTEST-Result2 -WhatIf
+Import-Csv .\AllSyncUsersTEST-Report.csv -Delimiter "`t"| Update-ADSyncToolsSourceAnchor -Output .\AllSyncUsersTEST-Result2 -WhatIf
```- #### EXAMPLE 2 ```
-Import-Csv .\AllSyncUsersTEST-Report.csv -Delimiter "`t"| Update-ADSyncToolsConsistencyGuidMigration -Output .\AllSyncUsersTEST-Result2
+Import-Csv .\AllSyncUsersTEST-Report.csv -Delimiter "`t"| Update-ADSyncToolsSourceAnchor -Output .\AllSyncUsersTEST-Result2
```- ### PARAMETERS- #### -DistinguishedName DistinguishedName- ```yaml Type: String Parameter Sets: (All) Aliases:- Required: False Position: 1 Default value: False Accept pipeline input: True (ByPropertyName, ByValue) Accept wildcard characters: False ```- #### -ImmutableIdGUID ImmutableIdGUID- ```yaml Type: String Parameter Sets: (All) Aliases:- Required: True Position: 2 Default value: None Accept pipeline input: True (ByPropertyName, ByValue) Accept wildcard characters: False ```- #### -Action Action- ```yaml Type: String Parameter Sets: (All) Aliases:- Required: True Position: 3 Default value: None Accept pipeline input: True (ByPropertyName, ByValue) Accept wildcard characters: False ```- #### -Output Output filename for LOG files- ```yaml Type: String Parameter Sets: (All) Aliases:- Required: True Position: 4 Default value: None Accept pipeline input: False Accept wildcard characters: False ```- #### -WhatIf Shows what would happen if the cmdlet runs. The cmdlet is not run.- ```yaml Type: SwitchParameter Parameter Sets: (All) Aliases: wi- Required: False Position: Named Default value: None Accept pipeline input: False Accept wildcard characters: False ```- #### -Confirm Prompts you for confirmation before running the cmdlet.- ```yaml Type: SwitchParameter Parameter Sets: (All) Aliases: cf- Required: False Position: Named Default value: None Accept pipeline input: False Accept wildcard characters: False ```- #### CommonParameters
-This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.
-For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+
active-directory Certificate Signing Options https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/manage-apps/certificate-signing-options.md
Title: Advanced SAML token certificate signing options for Azure AD apps
+ Title: Advanced certificate signing options in a SAML token
+ description: Learn how to use advanced certificate signing options in the SAML token for pre-integrated apps in Azure Active Directory
Previously updated : 03/25/2019 Last updated : 07/30/2021
-# Advanced certificate signing options in the SAML token for gallery apps in Azure Active Directory
+# Advanced certificate signing options in a SAML token
Today Azure Active Directory (Azure AD) supports thousands of pre-integrated applications in the Azure Active Directory App Gallery. Over 500 of the applications support single sign-on by using the [Security Assertion Markup Language](https://wikipedia.org/wiki/Security_Assertion_Markup_Language) (SAML) 2.0 protocol, such as the [NetSuite](https://azuremarketplace.microsoft.com/marketplace/apps/aad.netsuite) application. When a customer authenticates to an application through Azure AD by using SAML, Azure AD sends a token to the application (via an HTTP POST). The application then validates and uses the token to sign in the customer instead of prompting for a username and password. These SAML tokens are signed with the unique certificate that's generated in Azure AD and by specific standard algorithms.
To change an application's SAML certificate signing options and the certificate
1. In the [Azure Active Directory portal](https://aad.portal.azure.com/), sign in to your account. The **Azure Active Directory admin center** page appears. 1. In the left pane, select **Enterprise applications**. A list of the enterprise applications in your account appears.
-1. Select an application. An overview page for the application appears.
+1. Select an application. An overview page for the application appears. In this example, the Salesforce application is used.
![Example: Application overview page](./media/certificate-signing-options/application-overview-page.png)
active-directory Cirrus Identity Bridge For Azure Ad Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/cirrus-identity-bridge-for-azure-ad-tutorial.md
Previously updated : 07/30/2021 Last updated : 08/03/2021
In this tutorial, you'll learn how to integrate Cirrus Identity Bridge for Azure
To get started, you need the following items: * An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
-* Cirrus Identity Bridge for Azure AD single sign-on (SSO) enabled subscription.
+* Cirrus Identity Bridge for Azure AD single sign-on (SSO) enabled subscription. If you are not already a subscriber, please visit the [Cirrus Identity Azure AD Bridge Registration Page](https://info.cirrusidentity.com/cirrus-identity-azure-ad-app-gallery-registration).
## Scenario description
To configure and test Azure AD SSO with Cirrus Identity Bridge for Azure AD, per
1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon. 1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on. 1. **[Configure Cirrus Identity Bridge for Azure AD SSO](#configure-cirrus-identity-bridge-for-azure-ad-sso)** - to configure the single sign-on settings on application side.
- 1. **[Create Cirrus Identity Bridge for Azure AD test user](#create-cirrus-identity-bridge-for-azure-ad-test-user)** - to have a counterpart of B.Simon in Cirrus Identity Bridge for Azure AD that is linked to the Azure AD representation of user.
+ 1. **[Setup Cirrus Identity Bridge for Azure AD testing](#setup-cirrus-identity-bridge-for-azure-ad-testing)** - to have a counterpart of B.Simon in Cirrus Identity Bridge for Azure AD that is linked to the Azure AD representation of user.
1. **[Test SSO](#test-sso)** - to verify whether the configuration works. ## Configure Azure AD SSO
Follow these steps to enable Azure AD SSO in the Azure portal.
`<CUSTOMER_LOGIN_URL>` > [!NOTE]
- > These values are not real. Update these values with the actual Identifier,Reply URL and Sign on URL. Contact [Cirrus Identity Bridge for Azure AD Client support team](https://www.cirrusidentity.com/resources/service-desk) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
+ > These values are not real. Update these values with the actual Identifier and Sign on URL. If you have not yet subscribed to the Cirrus Bridge, please visit the [registration page](https://info.cirrusidentity.com/cirrus-identity-azure-ad-app-gallery-registration). If you are an existing Cirrus Bridge customer, contact [Cirrus Identity Bridge for Azure AD Client support team](https://www.cirrusidentity.com/resources/service-desk) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.
1. Cirrus Identity Bridge for Azure AD application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes.
In this section, you'll enable B.Simon to use Azure single sign-on by granting a
To configure single sign-on on **Cirrus Identity Bridge for Azure AD** side, you need to send the **App Federation Metadata Url** to [Cirrus Identity Bridge for Azure AD support team](https://www.cirrusidentity.com/resources/service-desk). They set this setting to have the SAML SSO connection set properly on both sides.
-### Create Cirrus Identity Bridge for Azure AD test user
+### Setup Cirrus Identity Bridge for Azure AD testing
-In this section, you create a user called Britta Simon in Cirrus Identity Bridge for Azure AD. Work with [Cirrus Identity Bridge for Azure AD support team](https://www.cirrusidentity.com/resources/service-desk) to add the users in the Cirrus Identity Bridge for Azure AD platform. Users must be created and activated before you use single sign-on.
+In this section, you verify a user called Britta Simon can be used for testing. The [Cirrus Identity Bridge for Azure AD support team](https://www.cirrusidentity.com/resources/service-desk) will provide a testing URL to verify Britta Simon is ready to use with the Cirrus Identity Bridge for Azure AD platform. The test user Britta Simon will need to also be added to any applications using the Cirrus Identity Bridge for Azure AD as a method to authenticate (for example, applications in multilateral federation metadata).
## Test SSO
active-directory Policystat Tutorial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/saas-apps/policystat-tutorial.md
Title: 'Tutorial: Azure Active Directory integration with PolicyStat | Microsoft Docs'
+ Title: 'Tutorial: Azure Active Directory SAML 2.0 Integration with PolicyStat | Microsoft Docs'
description: Learn how to configure single sign-on between Azure Active Directory and PolicyStat.
aks Node Updates Kured https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/aks/node-updates-kured.md
You can use your own workflows and processes to handle node reboots, or use `kur
Unattended upgrades apply updates to the Linux node OS, but the image used to create nodes for your cluster remains unchanged. If a new Linux node is added to your cluster, the original image is used to create the node. This new node will receive all the security and kernel updates available during the automatic check every night but will remain unpatched until all checks and restarts are complete.
-Alternatively, you can use node image upgrade to check for and update node images used by your cluster. For more details on nod image upgrade, see [Azure Kubernetes Service (AKS) node image upgrade][node-image-upgrade].
+Alternatively, you can use node image upgrade to check for and update node images used by your cluster. For more details on node image upgrade, see [Azure Kubernetes Service (AKS) node image upgrade][node-image-upgrade].
### Node upgrades
aks Use Managed Identity https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/aks/use-managed-identity.md
You can now update an AKS cluster currently working with service principals to w
az aks update -g <RGName> -n <AKSName> --enable-managed-identity ``` > [!NOTE]
-> Once the system-assigned or user-assigned identities have been updated to managed identity, perform an `az aks nodepool upgrade --node-image-only` on your nodes to complete the update to managed identity.
+> After updating, your cluster's control plane and addon pods will switch to use managed identity, but kubelet will KEEP USING SERVICE PRINCIPAL until you upgrade your agentpool. Perform an `az aks nodepool upgrade --node-image-only` on your nodes to complete the update to managed identity.
+ ## Obtain and use the system-assigned managed identity for your AKS cluster
app-service Tutorial Custom Container https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/tutorial-custom-container.md
Title: 'Tutorial: Build and run a custom image in Azure App Service' description: A step-by-step guide to build a custom Linux or Windows image, push the image to Azure Container Registry, and then deploy that image to Azure App Service. Learn how to migrate custom software to App Service in a custom container. Previously updated : 07/16/2021 Last updated : 08/04/2021 keywords: azure app service, web app, linux, windows, docker, container
To deploy a container to Azure App Service, you first create a web app on App Se
> > ```azurecli-interactive > clientId=$(az identity show --resource-group <group-name> --name <identity-name> --query clientId --output tsv)
- > az resource update --ids /subscriptions/<subscription-id>/resourceGroups/myResourceGroup/providers/Microsoft.Web/sites/<registry-name>/config/web --set properties.AcrUserManagedIdentityID=$clientId
+ > az resource update --ids /subscriptions/<subscription-id>/resourceGroups/myResourceGroup/providers/Microsoft.Web/sites/<app-name>/config/web --set properties.AcrUserManagedIdentityID=$clientId
> ``` ## Deploy the image and test the app
app-service Web Sites Integrate With Vnet https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/app-service/web-sites-integrate-with-vnet.md
description: Integrate app in Azure App Service with Azure virtual networks.
ms.assetid: 90bc6ec6-133d-4d87-a867-fcf77da75f5a Previously updated : 08/05/2020 Last updated : 08/04/2021
This article describes the Azure App Service VNet Integration feature and how to set it up with apps in [Azure App Service](./overview.md). With [Azure Virtual Network][VNETOverview] (VNets), you can place many of your Azure resources in a non-internet-routable network. The VNet Integration feature enables your apps to access resources in or through a VNet. VNet Integration doesn't enable your apps to be accessed privately.
-Azure App Service has two variations on the VNet Integration feature:
+Azure App Service has two variations:
[!INCLUDE [app-service-web-vnet-types](../../includes/app-service-web-vnet-types.md)]
Azure App Service has two variations on the VNet Integration feature:
1. Select **Add VNet**.
- ![Select VNet Integration][1]
+ :::image type="content" source="./media/web-sites-integrate-with-vnet/vnetint-app.png" alt-text="Select VNet Integration":::
1. The drop-down list contains all of the Azure Resource Manager virtual networks in your subscription in the same region. Underneath that is a list of the Resource Manager virtual networks in all other regions. Select the VNet you want to integrate with.
- ![Select the VNet][2]
+ :::image type="content" source="./media/web-sites-integrate-with-vnet/vnetint-add-vnet.png" alt-text="Select the VNet":::
- * If the VNet is in the same region, either create a new subnet or select an empty preexisting subnet.
- * To select a VNet in another region, you must have a VNet gateway provisioned with point to site enabled.
- * To integrate with a classic VNet, instead of selecting the **Virtual Network** drop-down list, select **Click here to connect to a Classic VNet**. Select the classic virtual network you want. The target VNet must already have a Virtual Network gateway provisioned with point-to-site enabled.
+ * If the VNet is in the same region, either create a new subnet or select an empty preexisting subnet.
+ * To select a VNet in another region, you must have a VNet gateway provisioned with point to site enabled.
+ * To integrate with a classic VNet, instead of selecting the **Virtual Network** drop-down list, select **Click here to connect to a Classic VNet**. Select the classic virtual network you want. The target VNet must already have a Virtual Network gateway provisioned with point-to-site enabled.
- ![Select Classic VNet][3]
+ :::image type="content" source="./media/web-sites-integrate-with-vnet/vnetint-classic.png" alt-text="Select Classic VNet":::
During the integration, your app is restarted. When integration is finished, you'll see details on the VNet you're integrated with. ## Regional VNet Integration
+Regional VNet Integration supports connecting to a VNet in the same region and doesn't require a gateway. Using regional VNet Integration enables your app to access:
+
+* Resources in a VNet in the same region as your app.
+* Resources in VNets peered to the VNet your app is integrated with.
+* Service endpoint secured services.
+* Resources across Azure ExpressRoute connections.
+* Resources in the VNet you're integrated with.
+* Resources across peered connections, which include Azure ExpressRoute connections.
+* Private endpoint enabled services.
+
+When you use VNet Integration with VNets in the same region, you can use the following Azure networking features:
+
+* **Network security groups (NSGs)**: You can block outbound traffic with an NSG that's placed on your integration subnet. The inbound rules don't apply because you can't use VNet Integration to provide inbound access to your app.
+* **Route tables (UDRs)**: You can place a route table on the integration subnet to send outbound traffic where you want.
+
+The feature is fully supported for both Windows and Linux apps, including [custom containers](./quickstart-custom-container.md). All of the behaviors act the same between Windows apps and Linux apps.
### How regional VNet Integration works Apps in App Service are hosted on worker roles. The Basic and higher pricing plans are dedicated hosting plans where there are no other customers' workloads running on the same workers. Regional VNet Integration works by mounting virtual interfaces with addresses in the delegated subnet. Because the from address is in your VNet, it can access most things in or through your VNet like a VM in your VNet would. The networking implementation is different than running a VM in your VNet. That's why some networking features aren't yet available for this feature.
-![How regional VNet Integration works][5]
+
+When regional VNet Integration is enabled, your app makes outbound through your VNet. The outbound addresses that are listed in the app properties portal are the addresses still used by your app. If all traffic routing is enabled, all outbound traffic is sent into your VNet. If all traffic routing is not enabled, only private traffic (RFC1918) and service endpoints configured on the integration subnet will be sent into the VNet and outbound traffic to the internet will go through the same channels as normal.
+
+The feature supports only one virtual interface per worker. One virtual interface per worker means one regional VNet Integration per App Service plan. All of the apps in the same App Service plan can use the same VNet Integration. If you need an app to connect to an additional VNet, you need to create another App Service plan. The virtual interface used isn't a resource that customers have direct access to.
+
+Because of the nature of how this technology operates, the traffic that's used with VNet Integration doesn't show up in Azure Network Watcher or NSG flow logs.
+
+### Subnet requirements
+
+VNet Integration depends on a dedicated subnet. When you provision a subnet, the Azure subnet loses five IPs from the start. One address is used from the integration subnet for each plan instance. When you scale your app to four instances, then four addresses are used.
+
+When you scale up or down in size, the required address space is doubled for a short period of time. This affects the real, available supported instances for a given subnet size. The following table shows both the maximum available addresses per CIDR block and the impact this has on horizontal scale:
+
+| CIDR block size | Max available addresses | Max horizontal scale (instances)<sup>*</sup> |
+|--|-||
+| /28 | 11 | 5 |
+| /27 | 27 | 13 |
+| /26 | 59 | 29 |
+
+<sup>*</sup>Assumes that you'll need to scale up or down in either size or SKU at some point.
+
+Since subnet size can't be changed after assignment, use a subnet that's large enough to accommodate whatever scale your app might reach. To avoid any issues with subnet capacity, you should use a /26 with 64 addresses.
-When regional VNet Integration is enabled, your app makes outbound calls to the internet through the same channels as normal. The outbound addresses that are listed in the app properties portal are the addresses still used by your app. What changes for your app are the calls to service endpoint secured services, or RFC 1918 addresses go into your VNet. If WEBSITE_VNET_ROUTE_ALL is set to 1, all outbound traffic can be sent into your VNet.
+When you want your apps in your plan to reach a VNet that's already connected to by apps in another plan, select a different subnet than the one being used by the pre-existing VNet Integration.
+
+### Routes
+
+There are two types of routing to consider when configuring regional VNet Integration. Application routing defines what traffic is routed from your application and into the VNet. Network routing is the ability to control how traffic is routed from your VNet and out.
+
+#### Application routing
+
+When configuring application routing, you can either route all traffic or only private traffic (also known as [RFC1918](https://datatracker.ietf.org/doc/html/rfc1918#section-3) traffic) into your VNet. You configure this through the Route All setting. If Route All is disabled, your app only routes private traffic into your VNet. If you want to route all of your outbound traffic into your VNet, make sure that Route All is enabled.
> [!NOTE]
-> `WEBSITE_VNET_ROUTE_ALL` is currently not supported in Windows containers.
+> * When Route All is enabled, all traffic is subject to the NSGs and UDRs that are applied to your integration subnet. When all traffic routing is enabled, outbound traffic is still sent from the addresses that are listed in your app properties, unless you provide routes that direct the traffic elsewhere.
>
+> * Route All is currently not supported in Windows containers.
+>
+> * Regional VNet Integration isn't able to use port 25.
-The feature supports only one virtual interface per worker. One virtual interface per worker means one regional VNet Integration per App Service plan. All of the apps in the same App Service plan can use the same VNet Integration. If you need an app to connect to an additional VNet, you need to create another App Service plan. The virtual interface used isn't a resource that customers have direct access to.
+You can use the following steps to disable Route All in your app through the portal:
-Because of the nature of how this technology operates, the traffic that's used with VNet Integration doesn't show up in Azure Network Watcher or NSG flow logs.
+
+1. Go to the **VNet Integration** UI in your app portal.
+1. Set **Route All** to Disabled.
+
+ :::image type="content" source="./media/web-sites-integrate-with-vnet/vnetint-route-all-disabling.png" alt-text="Disable Route All":::
+
+1. Select **Yes**.
+
+You can also configure Route All using CLI (*Note*: minimum `az version` required is 2.27.0):
+
+```azurecli-interactive
+az webapp config set --resource-group myRG --name myWebApp --vnet-route-all-enabled [true|false]
+```
+
+The Route All configuration setting replaces and takes precedence over the legacy `WEBSITE_VNET_ROUTE_ALL` app setting.
++
+#### Network routing
+
+You can use route tables to route outbound traffic from your app to wherever you want. Route tables affect your destination traffic. When Route All is disabled in [application routing](#application-routing), only private traffic (RFC1918) is affected by your route tables. Common destinations can include firewall devices or gateways. Routes that are set on your integration subnet won't affect replies to inbound app requests.
+
+If you want to route all outbound traffic on-premises, you can use a route table to send all outbound traffic to your ExpressRoute gateway. If you do route traffic to a gateway, be sure to set routes in the external network to send any replies back.
+
+Border Gateway Protocol (BGP) routes also affect your app traffic. If you have BGP routes from something like an ExpressRoute gateway, your app outbound traffic is affected. Similar to user defined routes, BGP routes affect traffic according to your routing scope setting.
+
+### Network security groups
+
+An app that uses regional VNet Integration can use a [network security group][VNETnsg] to block outbound traffic to resources in your VNet or the Internet. To block traffic to public addresses, you must ensure you enable [Route All](#application-routing) to the VNet. When Route All is not enabled, NSGs are only applied to RFC1918 traffic.
+
+An NSG that's applied to your integration subnet is in effect regardless of any route tables applied to your integration subnet.
+
+The inbound rules in an NSG do not apply to your app because VNet Integration affects only outbound traffic from your app. To control inbound traffic to your app, use the Access Restrictions feature.
+
+### Service endpoints
+
+Regional VNet Integration enables you to reach Azure services that are secured with service endpoints. To access a service endpoint-secured service, you must do the following:
+
+* Configure regional VNet Integration with your web app to connect to a specific subnet for integration.
+* Go to the destination service and configure service endpoints against the integration subnet.
+
+### Private endpoints
+
+If you want to make calls to [private endpoints][privateendpoints], then you must make sure that your DNS lookups resolve to the private endpoint. You can enforce this behavior in one of the following ways:
+
+* Integrate with Azure DNS private zones. When your VNet doesn't have a custom DNS server, this is done automatically when the zones are linked to the VNet.
+* Manage the private endpoint in the DNS server used by your app. To do this you must know the private endpoint address and then point the endpoint you are trying to reach to that address using an A record.
+* Configure your own DNS server to forward to Azure DNS private zones.
+
+### Azure DNS private zones
+
+After your app integrates with your VNet, it uses the same DNS server that your VNet is configured with, and if no custom DNS is specified it will use Azure default DNS and any private zones linked to the VNet.
+
+> [!NOTE]
+> For Linux Apps Azure DNS private zones only works if Route All is enabled.
+
+### Limitations
+
+There are some limitations with using VNet Integration with VNets in the same region:
+
+* You can't reach resources across global peering connections.
+* You can't reach resources across peering connections with Classic Virtual Networks.
+* The feature is available from all App Service scale units in Premium V2 and Premium V3. It's also available in Standard but only from newer App Service scale units. If you are on an older scale unit, you can only use the feature from a Premium V2 App Service plan. If you want to make sure you can use the feature in a Standard App Service plan, create your app in a Premium V3 App Service plan. Those plans are only supported on our newest scale units. You can scale down if you desire after that.
+* The integration subnet can be used by only one App Service plan.
+* The feature can't be used by Isolated plan apps that are in an App Service Environment.
+* The feature requires an unused subnet that's a /28 or larger in an Azure Resource Manager VNet.
+* The app and the VNet must be in the same region.
+* You can't delete a VNet with an integrated app. Remove the integration before you delete the VNet.
+* You can have only one regional VNet Integration per App Service plan. Multiple apps in the same App Service plan can use the same VNet.
+* You can't change the subscription of an app or a plan while there's an app that's using regional VNet Integration.
+* Your app can't resolve addresses in Azure DNS Private Zones on Linux plans without configuration changes.
## Gateway-required VNet Integration
You can't use gateway-required VNet Integration:
* To access service endpoint secured resources. * With a coexistence gateway that supports both ExpressRoute and point-to-site or site-to-site VPNs.
-### Set up a gateway in your Azure virtual network ###
+### Set up a gateway in your Azure virtual network
To create a gateway:
If you create the gateway for use with App Service VNet Integration, you don't n
Gateway-required VNet Integration is built on top of point-to-site VPN technology. Point-to-site VPNs limit network access to the virtual machine that hosts the app. Apps are restricted to send traffic out to the internet only through Hybrid Connections or through VNet Integration. When your app is configured with the portal to use gateway-required VNet Integration, a complex negotiation is managed on your behalf to create and assign certificates on the gateway and the application side. The result is that the workers used to host your apps are able to directly connect to the virtual network gateway in the selected VNet.
-![How gateway-required VNet Integration works][6]
### Access on-premises resources
Connecting and disconnecting with a VNet is at an app level. Operations that can
The only operation you can take in the app view of your VNet Integration instance is to disconnect your app from the VNet it's currently connected to. To disconnect your app from a VNet, select **Disconnect**. Your app is restarted when you disconnect from a VNet. Disconnecting doesn't change your VNet. The subnet or gateway isn't removed. If you then want to delete your VNet, first disconnect your app from the VNet and delete the resources in it, such as gateways.
-The App Service plan VNet Integration UI shows you all of the VNet integrations used by the apps in your App Service plan. To see details on each VNet, select the VNet you're interested in. There are two actions you can perform here for gateway-required VNet Integration:
+The App Service plan VNet Integration UI shows you all of the VNet Integrations used by the apps in your App Service plan. To see details on each VNet, select the VNet you're interested in. There are two actions you can perform here for gateway-required VNet Integration:
* **Sync network**: The sync network operation is used only for the gateway-dependent VNet Integration feature. Performing a sync network operation ensures that your certificates and network information are in sync. If you add or change the DNS of your VNet, perform a sync network operation. This operation restarts any apps that use this VNet. This operation will not work if you are using an app and a vnet belonging to different subscriptions. * **Add routes**: Adding routes drives outbound traffic into your VNet.
-The private IP assigned to the instance is exposed via the environment variable, **WEBSITE_PRIVATE_IP**. Kudu console UI also shows the list of environment variables available to the Web App. This IP is assigned from the address range of the integrated subnet. For Regional VNet Integration, the value of WEBSITE_PRIVATE_IP is an IP from the address range of the delegated subnet, and for Gateway-required VNet Integration, the value is an IP from the adress range of the Point-to-site address pool configured on the Virtual Network Gateway. This is the IP that will be used by the Web App to connect to the resources through the Virtual Network.
+The private IP assigned to the instance is exposed via the environment variable, **WEBSITE_PRIVATE_IP**. Kudu console UI also shows the list of environment variables available to the Web App. This IP is assigned from the address range of the integrated subnet. For regional VNet Integration, the value of WEBSITE_PRIVATE_IP is an IP from the address range of the delegated subnet, and for Gateway-required VNet Integration, the value is an IP from the address range of the Point-to-site address pool configured on the Virtual Network Gateway. This is the IP that will be used by the Web App to connect to the resources through the Virtual Network.
> [!NOTE] > The value of WEBSITE_PRIVATE_IP is bound to change. However, it will be an IP within the address range of the integration subnet or the point-to-site address range, so you will need to allow access from the entire address range.
Three charges are related to the use of the gateway-required VNet Integration fe
## Troubleshooting > [!NOTE]
-> VNET integration is not supported for Docker Compose scenarios in App Service.
+> VNET Integration is not supported for Docker Compose scenarios in App Service.
> Azure Functions Access Restrictions are ignored if their is a private endpoint present. >
Commands:
add : Add a regional virtual network integration to a webapp. list : List the virtual network integrations on a webapp. remove : Remove a regional virtual network integration from webapp.-
-az appservice vnet-integration --help
-
-Group
- az appservice vnet-integration : A method that lists the virtual network
- integrations used in an appservice plan.
- This command group is in preview. It may be changed/removed in a future release.
-Commands:
- list : List the virtual network integrations used in an appservice plan.
```
-PowerShell support for regional VNet integration is available too, but you must create generic resource with a property array of the subnet resourceID
+PowerShell support for regional VNet Integration is available too, but you must create generic resource with a property array of the subnet resourceID
```azurepowershell # Parameters
$location = 'myRegion'
$integrationsubnetname = 'myIntegrationSubnet' $subscriptionID = 'aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee'
-#Property array with the SubnetID
+# Property array with the SubnetID
$properties = @{ subnetResourceId = "/subscriptions/$subscriptionID/resourceGroups/$resourcegroupname/providers/Microsoft.Network/virtualNetworks/$VNetname/subnets/$integrationsubnetname" }
-#Creation of the VNet integration
+# Creation of the VNet Integration
$vNetParams = @{ ResourceName = "$sitename/VirtualNetwork" Location = $location
$vNetParams = @{
New-AzResource @vNetParams ``` -
-For gateway-required VNet Integration, you can integrate App Service with an Azure virtual network by using PowerShell. For a ready-to-run script, see [Connect an app in Azure App Service to an Azure virtual network](https://gallery.technet.microsoft.com/scriptcenter/Connect-an-app-in-Azure-ab7527e3).
--
-<!--Image references-->
-[1]: ./media/web-sites-integrate-with-vnet/vnetint-app.png
-[2]: ./media/web-sites-integrate-with-vnet/vnetint-addvnet.png
-[3]: ./media/web-sites-integrate-with-vnet/vnetint-classic.png
-[5]: ./media/web-sites-integrate-with-vnet/vnetint-regionalworks.png
-[6]: ./media/web-sites-integrate-with-vnet/vnetint-gwworks.png
-- <!--Links--> [VNETOverview]: ../virtual-network/virtual-networks-overview.md [AzurePortal]: https://portal.azure.com/
For gateway-required VNet Integration, you can integrate App Service with an Azu
[VNETRouteTables]: ../virtual-network/manage-route-table.md [installCLI]: /cli/azure/install-azure-cli [privateendpoints]: networking/private-endpoint.md
+[VNETnsg]: /azure/virtual-network/security-overview/
automanage Arm Deploy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/automanage/arm-deploy.md
Follow the steps below to onboard a machine to Automanage Best Practices. The ARM template below will create a `configurationProfileAssignment` object, which is the Azure resource that represents a machine that has been onboarded to Automanage. ## Prerequisites
-* You must have created an existing Automanage Account. See [this document](./automanage-account.md) for more information on the Automanage Account and how to create one.
-* You must have the **Contributor** role on the resource group containing the machines you want to onboard to Automanage
+* You must have created an existing Automanage Account and assigned it the correct permissions. See [this document](./automanage-account.md) for more information on the Automanage Account and how to create one and assign permissions.
+* If you have an existing Automanage Account with permissions assigned, you must also have the **Contributor** role on the resource group containing the machines you want to onboard to Automanage.
+ ## ARM template overview The following ARM template will onboard your specified machine onto Azure Automanage Best Practices. Details on the ARM template and steps on how to deploy are located in the ARM template deployment section [below](#arm-template-deployment).
automanage Automanage Account https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/automanage/automanage-account.md
az deployment sub create --location <location> --template-file azuredeploy2.json
"metadata": { "description": "The principal to assign the role to" }
+ },
+ "dateTime": {
+ "type": "string",
+ "defaultValue": "[utcNow()]"
} }, "variables": {
az deployment sub create --location <location> --template-file azuredeploy2.json
{ "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2020-04-01-preview",
- "name": "[guid(variables('contributorRoleDefinitionID'))]",
+ "name": "[guid(concat(parameters('dateTime'), variables('contributorRoleDefinitionID')))]",
"properties": { "roleDefinitionId": "[variables('contributorRoleDefinitionID')]", "principalId": "[parameters('principalId')]"
az deployment sub create --location <location> --template-file azuredeploy2.json
{ "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2020-04-01-preview",
- "name": "[guid(variables('resourcePolicyContributorRoleDefinitionID'))]",
+ "name": "[guid(concat(parameters('dateTime'), variables('resourcePolicyContributorRoleDefinitionID')))]",
"properties": { "roleDefinitionId": "[variables('resourcePolicyContributorRoleDefinitionID')]", "principalId": "[parameters('principalId')]"
availability-zones Az Region https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/availability-zones/az-region.md
description: To create highly available and resilient applications in Azure, Ava
Previously updated : 06/15/2021 Last updated : 08/04/2021
To achieve comprehensive business continuity on Azure, build your application ar
| Brazil South | France Central | South Africa North* | Australia East | | Canada Central | Germany West Central | | Central India* | | Central US | North Europe | | Japan East |
-| East US | UK South | | Korea Central* |
-| East US 2 | West Europe | | Southeast Asia |
-| South Central US | | | |
+| East US | Norway East* | | Korea Central* |
+| East US 2 | UK South | | Southeast Asia |
+| South Central US | West Europe | | |
| US Gov Virginia | | | | | West US 2 | | | | | West US 3 | | | |
azure-government Azure Services In Fedramp Auditscope https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-government/compliance/azure-services-in-fedramp-auditscope.md
Title: Azure Services in FedRAMP and DoD SRG Audit Scope
description: This article contains tables for Azure Public and Azure Government that illustrate what FedRAMP (Moderate vs. High) and DoD SRG (Impact level 2, 4, 5 or 6) audit scope a given service has reached. Previously updated : 07/26/2021 Last updated : 08/04/2021
This article provides a detailed list of in-scope cloud services across Azure Pu
* Planned 2021 = indicates the service will be reviewed by 3PAO and JAB in 2021. Once the service is authorized, status will be updated ## Azure public services by audit scope
-| _Last Updated: July 2021_ |
+| _Last Updated: August 2021_ |
| Azure Service| DoD CC SRG IL 2 | FedRAMP Moderate | FedRAMP High | Planned 2021 | | |::|:-:|::|::|
This article provides a detailed list of in-scope cloud services across Azure Pu
| [Azure Database for MariaDB](https://azure.microsoft.com/services/mariadb/) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | | [Azure Database Migration Service](https://azure.microsoft.com/services/database-migration/) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | | [Azure Databricks](https://azure.microsoft.com/services/databricks/)| :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark:**&ast;&ast;** | |
-| [Azure Data Lake Storage](https://azure.microsoft.com/services/storage/data-lake-storage/) | | | | :heavy_check_mark: |
| [Azure DDoS Protection](https://azure.microsoft.com/services/ddos-protection/) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | | [Azure Dedicated HSM](https://azure.microsoft.com/services/azure-dedicated-hsm/) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | |
-| [Azure DevOps (formerly VSTS)](https://azure.microsoft.com/services/devops/) | | | | |
| [Azure DevTest Labs](https://azure.microsoft.com/services/devtest-lab/) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | | [Azure DNS](https://azure.microsoft.com/services/dns/) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | | [Azure for Education](https://azure.microsoft.com/developer/students/) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | |
This article provides a detailed list of in-scope cloud services across Azure Pu
| [Azure Lab Services](https://azure.microsoft.com/services/lab-services/) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | | [Azure Lighthouse](https://azure.microsoft.com/services/azure-lighthouse/) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | | [Azure Machine Learning Services](https://azure.microsoft.com/services/machine-learning-service/) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | |
-| [Azure Machine Learning studio](https://azure.microsoft.com/services/machine-learning-studio/) | | | | :heavy_check_mark: |
| [Azure Managed Applications](https://azure.microsoft.com/services/managed-applications/) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | | [Azure Marketplace Portal](https://azuremarketplace.microsoft.com/en-us) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | | [Azure Maps](https://azure.microsoft.com/services/azure-maps/) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | |
This article provides a detailed list of in-scope cloud services across Azure Pu
| [Cloud Services](https://azure.microsoft.com/services/cloud-services/) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | | [Cognitive | [Cognitive
+| [Cognitive Services Containers](https://docs.microsoft.com/azure/cognitive-services/cognitive-services-container-support) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | |
| [Cognitive | [Cognitive | [Cognitive
This article provides a detailed list of in-scope cloud services across Azure Pu
| [Cognitive | [Cognitive | [Cognitive
-| [Cognitive Services Containers](../../cognitive-services/cognitive-services-container-support.md) | | | | :heavy_check_mark: |
| [Container Instances](https://azure.microsoft.com/services/container-instances/) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | | [Container Registry](https://azure.microsoft.com/services/container-registry/) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | | [Content Delivery Network](https://azure.microsoft.com/services/cdn/) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | | [Customer Lockbox](../../security/fundamentals/customer-lockbox-overview.md) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | |
-| [Data Catalog](https://azure.microsoft.com/services/data-catalog/) | | | | :heavy_check_mark: |
| [Data Factory](https://azure.microsoft.com/services/data-factory/) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | | [Data Integrator](/power-platform/admin/data-integrator) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | | [Dynamics 365 Commerce](https://dynamics.microsoft.com/commerce/overview/)| :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | |
This article provides a detailed list of in-scope cloud services across Azure Pu
| [Dynamics 365 Field Service](https://dynamics.microsoft.com/field-service/overview/)| :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | | [Dynamics 365 Finance](https://dynamics.microsoft.com/finance/overview/)| :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | | [Dynamics 365 Guides](/dynamics365/mixed-reality/guides/get-started)| :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | |
+| [Dynamics 365 Sales](https://docs.microsoft.com/dynamics365/sales-enterprise/overview) | | | | :heavy_check_mark: |
+| [Dynamics 365 Sales Professional](https://docs.microsoft.com/dynamics365/sales-professional/sales-professional-overview) | | | | :heavy_check_mark: |
| [Dynamics 365 Supply Chain](https://dynamics.microsoft.com/supply-chain-management/overview/)| :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | | [Dynamics 365 Chat (Dynamics 365 Omni-Channel Engagement Hub)](/dynamics365/omnichannel/introduction-omnichannel) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | | [Dataverse (Common Data Service)](/powerapps/maker/common-data-service/data-platform-intro) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | |
This article provides a detailed list of in-scope cloud services across Azure Pu
| [Microsoft Cloud App Security](/cloud-app-security/what-is-cloud-app-security) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | | [Microsoft Graph](https://developer.microsoft.com/en-us/graph) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | | [Azure Health Bot](/healthbot/) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | |
-| [Microsoft Managed Desktop](https://www.microsoft.com/en-us/microsoft-365/modern-desktop/enterprise/microsoft-managed-desktop) | | | | |
| [Power Apps](/powerapps/powerapps-overview) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | | [Power Apps Portal](https://powerapps.microsoft.com/portals/) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | | [Microsoft Stream](/stream/overview) | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | |
azure-monitor Status Monitor V2 Get Started https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/app/status-monitor-v2-get-started.md
Install-Module -Name Az.ApplicationMonitor -AllowPrerelease -AcceptLicense
```powershell Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process -Force
-Enable-ApplicationInsightsMonitoring -ConnectionString 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
+Enable-ApplicationInsightsMonitoring -ConnectionString 'InstrumentationKey=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
```
Expand-Archive -LiteralPath $pathToZip -DestinationPath $pathInstalledModule
### Enable monitoring ```powershell
-Enable-ApplicationInsightsMonitoring -ConnectionString 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
+Enable-ApplicationInsightsMonitoring -ConnectionString 'InstrumentationKey=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
```
azure-monitor Monitor Vm Azure https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-monitor/vm/monitor-vm-azure.md
You can access the configuration for the workspace directly from VM insights by
![Workspace configuration](media/monitor-vm-azure/workspace-configuration.png)
-Select **Advanced Settings** from the workspace menu and then **Data** to configure data sources. For Windows agents, select **Windows Event Logs** and add common event logs such as *System* and *Application*. For Linux agents, select **Syslog** and add common facilities such as *kern* and *daemon*. See [Agent data sources in Azure Monitor](../agents/agent-data-sources.md) for a list of the data sources available and details on configuring them.
+Select **Agents configuration** from the workspace menu to configure data sources. For Windows agents, select **Windows Event Logs** and add common event logs such as *System* and *Application*. For Linux agents, select **Syslog** and add common facilities such as *kern* and *daemon*. See [Agent data sources in Azure Monitor](../agents/agent-data-sources.md) for a list of the data sources available and details on configuring them.
![Configure events](media/monitor-vm-azure/configure-events.png)
See [Connect Operations Manager to Azure Monitor](../agents/om-agents.md) for de
## Next steps * [Learn how to analyze data in Azure Monitor logs using log queries.](../logs/get-started-queries.md)
-* [Learn about alerts using metrics and logs in Azure Monitor.](../alerts/alerts-overview.md)
+* [Learn about alerts using metrics and logs in Azure Monitor.](../alerts/alerts-overview.md)
azure-netapp-files Azacsnap Cmd Ref Test https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-netapp-files/azacsnap-cmd-ref-test.md
na ms.devlang: na Previously updated : 04/21/2021 Last updated : 08/04/2021
END : Storage tests complete
END : Test process complete for 'storage' ```
-> [!NOTE]
-> For Azure Large Instance, `azacsnap -c test --test storage` command extrapolates the storage
-generation and HLI SKU. Based on this information it then provides guidance on configuring 'boot'
-snapshots (see the line starting with `Action:` output).
-
-```output
-SID1 : Generation 4
-Storage: ams07-a700s-saphan-1-01v250-client25-nprod
-HLI SKU: S96
-Action : Configure the 'boot' snapshots on ALL the servers.
-```
- ## Next steps - [Snapshot backup with Azure Application Consistent Snapshot tool](azacsnap-cmd-ref-backup.md)
azure-netapp-files Azacsnap Installation https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-netapp-files/azacsnap-installation.md
na ms.devlang: na Previously updated : 05/19/2021 Last updated : 08/03/2021
tools.
## Enable communication with storage
-This section explains how to enable communication with storage.
+This section explains how to enable communication with storage.
-### Azure NetApp Files
+Follow the instructions to configure storage for your configuration, either:
+1. [Azure NetApp Files (with Virtual Machine)](#azure-netapp-files-with-virtual-machine)
+1. [Azure Large Instance (Bare Metal)](#azure-large-instance-bare-metal)
+
+### Azure NetApp Files (with Virtual Machine)
Create RBAC Service Principal
Create RBAC Service Principal
1. Cut and Paste the output content into a file called `azureauth.json` stored on the same system as the `azacsnap` command and secure the file with appropriate system permissions.
-### Azure Large Instance
+### Azure Large Instance (Bare Metal)
Communication with the storage back-end executes over an encrypted SSH channel. The following example steps are to provide guidance on setup of SSH for this communication.
azure-netapp-files Azacsnap Tips https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-netapp-files/azacsnap-tips.md
na ms.devlang: na Previously updated : 04/21/2021 Last updated : 08/04/2021
The following conditions should be monitored to ensure a healthy system:
## Delete a snapshot
-To delete a snapshot, execute the command `azacsnap -c delete`. It's not possible to delete
+To delete a snapshot, use the command `azacsnap -c delete`. It's not possible to delete
snapshots from the OS level. You must use the correct command (`azacsnap -c delete`) to delete the storage snapshots. > [!IMPORTANT]
If you decide to perform the disaster recovery failover, the `azacsnap -c restor
> [!IMPORTANT] > This operation applies only to Azure Large Instance.
-In some cases, customers already have tools to protect SAP HANA and only want to configure 'boot' volume snapshots. In this case, the task is simplified and the following steps should be taken.
+In some cases, customers already have tools to protect SAP HANA and only want to configure 'boot' volume snapshots. In this case only the following steps need to completed.
1. Complete steps 1-4 of the pre-requisites for installation. 1. Enable communication with storage.
-1. Download the run the installer to install the snapshot tools.
+1. Download and run the installer to install the snapshot tools.
1. Complete setup of snapshot tools.
-1. Create a new configuration file as follows. The boot volume details must be in the OtherVolume stanza (user entries in <span style="color:red">red</span>):
+1. Get the list of volumes to be added to the azacsnap configuration file, in this example the Storage User Name is `cl25h50backup` and the Storage IP Address is `10.1.1.10`
+ ```bash
+ ssh cl25h50backup@10.1.1.10 "volume show -volume *boot*"
+ ```
+ ```output
+ Last login time: 7/20/2021 23:54:03
+ Vserver Volume Aggregate State Type Size Available Used%
+ - - - - --
+ ams07-a700s-saphan-1-01v250-client25-nprod t250_sles_boot_sollabams07v51_vol aggr_n01_ssd online RW 150GB 57.24GB 61%
+ ams07-a700s-saphan-1-01v250-client25-nprod t250_sles_boot_sollabams07v52_vol aggr_n01_ssd online RW 150GB 81.06GB 45%
+ ams07-a700s-saphan-1-01v250-client25-nprod t250_sles_boot_sollabams07v53_vol aggr_n01_ssd online RW 150GB 79.56GB 46%
+ 3 entries were displayed.
+ ```
+ > [!NOTE]
+ > In this example, this host is part of a 3 node Scale-Out system and all 3 boot volumes can be seen from this host. This means all 3 boot volumes can be snapshot from this host, and all 3 should be added to the configuration file in the next step.
+
+1. Create a new configuration file as follows. The boot volume details must be in the OtherVolume stanza:
```output
- > <span style="color:red">azacsnap -c configure --configuration new --configfile BootVolume.json</span>
+ azacsnap -c configure --configuration new --configfile BootVolume.json
+ ```
+ ```bash
Building new config file
- Add comment to config file (blank entry to exit adding comments):<span style="color:red">Boot only config file.</span>
+ Add comment to config file (blank entry to exit adding comments): Boot only config file.
Add comment to config file (blank entry to exit adding comments):
- Add database to config? (y/n) [n]: <span style="color:red">y</span>
- HANA SID (for example, H80): <span style="color:red">X</span>
- HANA Instance Number (for example, 00): <span style="color:red">X</span>
- HANA HDB User Store Key (for example, `hdbuserstore List`): <span style="color:red">X</span>
- HANA Server's Address (hostname or IP address): <span style="color:red">X</span>
+ Add database to config? (y/n) [n]: y
+ HANA SID (for example, H80): X
+ HANA Instance Number (for example, 00): X
+ HANA HDB User Store Key (for example, `hdbuserstore List`): X
+ HANA Server's Address (hostname or IP address): X
Add ANF Storage to database section? (y/n) [n]:
- Add HLI Storage to database section? (y/n) [n]: <span style="color:red">y</span>
+ Add HLI Storage to database section? (y/n) [n]: y
Add DATA Volume to HLI Storage section of Database section? (y/n) [n]:
- Add OTHER Volume to HLI Storage section of Database section? (y/n) [n]: <span style="color:red">y</span>
- Storage User Name (for example, clbackup25): <span style="color:red">shoasnap</span>
- Storage IP Address (for example, 192.168.1.30): <span style="color:red">10.1.1.10</span>
- Storage Volume Name (for example, hana_data_soldub41_t250_vol): <span style="color:red">t210_sles_boot_azsollabbl20a31_vol</span>
+ Add OTHER Volume to HLI Storage section of Database section? (y/n) [n]: y
+ Storage User Name (for example, clbackup25): cl25h50backup
+ Storage IP Address (for example, 192.168.1.30): 10.1.1.10
+ Storage Volume Name (for example, hana_data_soldub41_t250_vol): t250_sles_boot_sollabams07v51_vol
+ Add OTHER Volume to HLI Storage section of Database section? (y/n) [n]: y
+ Storage User Name (for example, clbackup25): cl25h50backup
+ Storage IP Address (for example, 192.168.1.30): 10.1.1.10
+ Storage Volume Name (for example, hana_data_soldub41_t250_vol): t250_sles_boot_sollabams07v52_vol
+ Add OTHER Volume to HLI Storage section of Database section? (y/n) [n]: y
+ Storage User Name (for example, clbackup25): cl25h50backup
+ Storage IP Address (for example, 192.168.1.30): 10.1.1.10
+ Storage Volume Name (for example, hana_data_soldub41_t250_vol): t250_sles_boot_sollabams07v53_vol
Add OTHER Volume to HLI Storage section of Database section? (y/n) [n]: Add HLI Storage to database section? (y/n) [n]: Add database to config? (y/n) [n]:
In some cases, customers already have tools to protect SAP HANA and only want to
"dataVolume": [], "otherVolume": [ {
- "backupName": "shoasnap",
+ "backupName": "cl25h50backup",
+ "ipAddress": "10.1.1.10",
+ "volume": "t250_sles_boot_sollabams07v51_vol"
+ },
+ {
+ "backupName": "cl25h50backup",
+ "ipAddress": "10.1.1.10",
+ "volume": "t250_sles_boot_sollabams07v52_vol"
+ },
+ {
+ "backupName": "cl25h50backup",
"ipAddress": "10.1.1.10",
- "volume": "t210_sles_boot_azsollabbl20a31_vol"
+ "volume": "t250_sles_boot_sollabams07v53_vol"
} ] }
In some cases, customers already have tools to protect SAP HANA and only want to
```output List snapshot details called with snapshotFilter 'TestBootVolume' #, Volume, Snapshot, Create Time, HANA Backup ID, Snapshot Size
- #1, t210_sles_boot_azsollabbl20a31_vol, TestBootVolume.2020-07-03T034651.7059085Z, "Fri Jul 03 03:48:24 2020", "otherVolume Backup|azacsnap version: 5.0 (Build: 20210421.6349)", 200KB
- , t210_sles_boot_azsollabbl20a31_vol, , , Size used by Snapshots, 1.31GB
+ #1, t250_sles_boot_sollabams07v51_vol, TestBootVolume.2020-07-03T034651.7059085Z, "Fri Jul 03 03:48:24 2020", "otherVolume Backup|azacsnap version: 5.0 (Build: 20210421.6349)", 200KB
+ , t250_sles_boot_sollabams07v51_vol, , , Size used by Snapshots, 1.31GB
+ #1, t250_sles_boot_sollabams07v52_vol, TestBootVolume.2020-07-03T034651.7059085Z, "Fri Jul 03 03:48:24 2020", "otherVolume Backup|azacsnap version: 5.0 (Build: 20210421.6349)", 200KB
+ , t250_sles_boot_sollabams07v52_vol, , , Size used by Snapshots, 1.31GB
+ #1, t250_sles_boot_sollabams07v53_vol, TestBootVolume.2020-07-03T034651.7059085Z, "Fri Jul 03 03:48:24 2020", "otherVolume Backup|azacsnap version: 5.0 (Build: 20210421.6349)", 200KB
+ , t250_sles_boot_sollabams07v53_vol, , , Size used by Snapshots, 1.31GB
```
-1. Set up automatic snapshot backup.
+1. *Optional* Set up automatic snapshot backup with `crontab`, or a suitable scheduler capable of running the `azacsnap` backup commands.
> [!NOTE] > Setting up communication with SAP HANA is not required.
azure-netapp-files Azure Netapp Files Solution Architectures https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-netapp-files/azure-netapp-files-solution-architectures.md
This section provides references for Virtual Desktop infrastructure solutions.
### <a name="windows-virtual-desktop"></a>Azure Virtual Desktop
-* [Benefits of using Azure NetApp Files with Windows Virtual Desktop](solutions-windows-virtual-desktop.md)
-* [Storage options for FSLogix profile containers in Windows Virtual Desktop](../virtual-desktop/store-fslogix-profile.md#azure-platform-details)
+* [Benefits of using Azure NetApp Files with Azure Virtual Desktop](solutions-windows-virtual-desktop.md)
+* [Storage options for FSLogix profile containers in Azure Virtual Desktop](../virtual-desktop/store-fslogix-profile.md#azure-platform-details)
* [Create an FSLogix profile container for a host pool using Azure NetApp Files](../virtual-desktop/create-fslogix-profile-container.md)
-* [Windows Virtual Desktop at enterprise scale](/azure/architecture/example-scenario/wvd/windows-virtual-desktop)
+* [Azure Virtual Desktop at enterprise scale](/azure/architecture/example-scenario/wvd/windows-virtual-desktop)
* [Microsoft FSLogix for the enterprise - Azure NetApp Files best practices](/azure/architecture/example-scenario/wvd/windows-virtual-desktop-fslogix#azure-netapp-files-best-practices) * [Setting up Azure NetApp Files for MSIX App Attach](https://techcommunity.microsoft.com/t5/windows-virtual-desktop/setting-up-azure-netapp-files-for-msix-app-attach-step-by-step/m-p/1990021)
azure-netapp-files Performance Linux Concurrency Session Slots https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-netapp-files/performance-linux-concurrency-session-slots.md
A concurrency level as low as 155 is sufficient to achieve 155,000 Oracle DB NFS
See [Oracle database performance on Azure NetApp Files single volumes](performance-oracle-single-volumes.md) for details.
-The `sunrpc.max_tcp_slot_table_entries` tunable is a connection-level tuning parameter. *As a best practice, set this value to 128 or less per connection, not surpassing 3,000 slots environment wide.*
+The `sunrpc.max_tcp_slot_table_entries` tunable is a connection-level tuning parameter. *As a best practice, set this value to 128 or less per connection, not surpassing 10,000 slots environment wide.*
### Examples of slot count based on concurrency recommendation
azure-netapp-files Solutions Windows Virtual Desktop https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-netapp-files/solutions-windows-virtual-desktop.md
Title: Using Windows Virtual Desktop with Azure NetApp Files | Microsoft Docs
-description: Provides best practice guidance and sample blueprints on deploying Windows Virtual Desktop with Azure NetApp Files.
+ Title: Using Azure Virtual Desktop with Azure NetApp Files | Microsoft Docs
+description: Provides best practice guidance and sample blueprints on deploying Azure Virtual Desktop with Azure NetApp Files.
documentationcenter: ''
Last updated 08/13/2020
-# Benefits of using Azure NetApp Files with Windows Virtual Desktop
+# Benefits of using Azure NetApp Files with Azure Virtual Desktop
-This article provides best practice guidance on deploying Windows Virtual Desktop (WVD) with Azure NetApp Files.
+This article provides best practice guidance on deploying Azure Virtual Desktop with Azure NetApp Files.
-Azure NetApp Files is a highly performant file storage service from Azure. It can provide up to 450,000 IOPS and sub-millisecond latency, capable of supporting extremely large scale of Windows Virtual Desktop deployments. You can adjust the bandwidth and change the service level of your Azure NetApp Files volumes on demand almost instantaneously without pausing IO while retaining data plane access. This capability allows you to easily optimize your WVD deployment scale for cost. You can also create space-efficient, point-in-time volume snapshots without impacting volume performance. This capability makes it possible for you to roll back individual [FSLogix user profile containers](../virtual-desktop/store-fslogix-profile.md) via a copy from the `~snapshot` directory, or to instantaneously roll back the entire volume at once via the volume revert capability. With up to 255 (rotational) snapshots in place to protect a volume from data loss or corruption, administrators have many chances to undo what has been done.
+Azure NetApp Files is a highly performant file storage service from Azure. It can provide up to 450,000 IOPS and sub-millisecond latency, capable of supporting extremely large scale of Azure Virtual Desktop deployments. You can adjust the bandwidth and change the service level of your Azure NetApp Files volumes on demand almost instantaneously without pausing IO while retaining data plane access. This capability allows you to easily optimize your Azure Virtual Desktop deployment scale for cost. You can also create space-efficient, point-in-time volume snapshots without impacting volume performance. This capability makes it possible for you to roll back individual [FSLogix user profile containers](../virtual-desktop/store-fslogix-profile.md) via a copy from the `~snapshot` directory, or to instantaneously roll back the entire volume at once via the volume revert capability. With up to 255 (rotational) snapshots in place to protect a volume from data loss or corruption, administrators have many chances to undo what has been done.
## Sample blueprints
-The following sample blueprints show the integration of Windows Virtual Desktop with Azure NetApp Files. In a pooled desktop scenario, users are directed to the best available session (the [breadth-first mode](../virtual-desktop/host-pool-load-balancing.md#breadth-first-load-balancing-method)) host in the pool, using [multi-session virtual machines](../virtual-desktop/windows-10-multisession-faq.yml#what-is-windows-10-enterprise-multi-session). On the other hand, personal desktops are reserved for scenarios in which each user has their own virtual machine.
+The following sample blueprints show the integration of Azure Virtual Desktop with Azure NetApp Files. In a pooled desktop scenario, users are directed to the best available session (the [breadth-first mode](../virtual-desktop/host-pool-load-balancing.md#breadth-first-load-balancing-method)) host in the pool, using [multi-session virtual machines](../virtual-desktop/windows-10-multisession-faq.yml#what-is-windows-10-enterprise-multi-session). On the other hand, personal desktops are reserved for scenarios in which each user has their own virtual machine.
### Pooled desktop scenario
-For the pooled scenario, the Windows Virtual Desktop team [recommends](/windows-server/remote/remote-desktop-services/virtual-machine-recs#multi-session-recommendations) the following guidance by user count to vCPU. Note that no virtual machine size is specified in this recommendation.
+For the pooled scenario, the Azure Virtual Desktop team [recommends](/windows-server/remote/remote-desktop-services/virtual-machine-recs#multi-session-recommendations) the following guidance by user count to vCPU. Note that no virtual machine size is specified in this recommendation.
| Workload type | Light | Medium | Heavy | |--|--||--|
For the pooled scenario, the Windows Virtual Desktop team [recommends](/windows-
This recommendation is confirmed by a 500-user LoginVSI test, logging approximately 62 ΓÇ£knowledge / medium usersΓÇ¥ onto each D16as_V4 virtual machine.
-As an example, at 62 users per D16as_V4 virtual machine, Azure NetApp Files can easily support 60,000 users per environment. Testing to evaluate the upper limit of the D32as_v4 virtual machine is ongoing. If the WVD user per vCPU recommendation holds true for the D32as_v4, more than 120,000 users would fit within 1,000 virtual machines before broaching [the 1,000 IP VNet limit](./azure-netapp-files-network-topologies.md), as shown in the following figure.
+As an example, at 62 users per D16as_V4 virtual machine, Azure NetApp Files can easily support 60,000 users per environment. Testing to evaluate the upper limit of the D32as_v4 virtual machine is ongoing. If the Azure Virtual Desktop user per vCPU recommendation holds true for the D32as_v4, more than 120,000 users would fit within 1,000 virtual machines before broaching [the 1,000 IP VNet limit](./azure-netapp-files-network-topologies.md), as shown in the following figure.
-![Windows Virtual Desktop pooled desktop scenario](../media/azure-netapp-files/solutions-pooled-desktop-scenario.png)
+![Azure Virtual Desktop pooled desktop scenario](../media/azure-netapp-files/solutions-pooled-desktop-scenario.png)
### Personal desktop scenario In a personal desktop scenario, the following figure shows the general-purpose architectural recommendation. Users are mapped to specific desktop pods and each pod has just under 1,000 virtual machines, leaving room for IP addresses propagating from the management VNet. Azure NetApp Files can easily handle 900+ personal desktops per single-session host pool VNet, with the actual number of virtual machines being equal to 1,000 minus the number of management hosts found in the Hub VNet. If more personal desktops are needed, it's easy to add more pods (host pools and virtual networks), as shown in the following figure.
-![Windows Virtual Desktop personal desktop scenario](../media/azure-netapp-files/solutions-personal-desktop-scenario.png)
+![Azure Virtual Desktop personal desktop scenario](../media/azure-netapp-files/solutions-personal-desktop-scenario.png)
When building a POD based architecture like this, assigning users to the correct pod upon login is of importance to assure users will always find their user profiles.
azure-netapp-files Troubleshoot Dual Protocol Volumes https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-netapp-files/troubleshoot-dual-protocol-volumes.md
This article describes resolutions to error conditions you might have when creat
| LDAP over TLS is enabled, and dual-protocol volume creation fails with the error `This Active Directory has no Server root CA Certificate`. | If this error occurs when you are creating a dual-protocol volume, make sure that the root CA certificate is uploaded in your NetApp account. | | Dual-protocol volume creation fails with the error `Failed to validate LDAP configuration, try again after correcting LDAP configuration`. | The pointer (PTR) record of the AD host machine might be missing on the DNS server. You need to create a reverse lookup zone on the DNS server, and then add a PTR record of the AD host machine in that reverse lookup zone. <br> For example, assume that the IP address of the AD machine is `10.x.x.x`, the hostname of the AD machine (as found by using the `hostname` command) is `AD1`, and the domain name is `contoso.com`. The PTR record added to the reverse lookup zone should be `10.x.x.x` -> `contoso.com`. | | Dual-protocol volume creation fails with the error `Failed to create the Active Directory machine account \\\"TESTAD-C8DD\\\". Reason: Kerberos Error: Pre-authentication information was invalid Details: Error: Machine account creation procedure failed\\n [ 434] Loaded the preliminary configuration.\\n [ 537] Successfully connected to ip 10.x.x.x, port 88 using TCP\\n**[ 950] FAILURE`. | This error indicates that the AD password is incorrect when Active Directory is joined to the NetApp account. Update the AD connection with the correct password and try again. |
-| Dual-protocol volume creation fails with the error `Could not query DNS server. Verify that the network configuration is correct and that DNS servers are available`. | This error indicates that DNS is not reachable. The reason might be because DNS IP is incorrect, or there is a networking issue. Check the DNS IP entered in AD connection and make sure that the IP is correct. <br> Also, make sure that the AD and the volume are in same region and in same VNet. If they are in different VNETs, ensure that VNet peering is established between the two VNets.|
+| Dual-protocol volume creation fails with the error `Could not query DNS server. Verify that the network configuration is correct and that DNS servers are available`. | This error indicates that DNS is not reachable. The reason might be because DNS IP is incorrect, or there is a networking issue. Check the DNS IP entered in AD connection and make sure that the IP is correct. <br> Also, make sure that the AD and the volume are in same region and in same VNet. If they are in different VNETs, ensure that VNet peering is established between the two VNets. <br> See [Guidelines for Azure NetApp Files network planning](azure-netapp-files-network-topologies.md#azure-native-environments) for details. |
| Permission is denied error when mounting a dual-protocol volume. | A dual-protocol volume supports both the NFS and SMB protocols. When you try to access the mounted volume on the UNIX system, the system attempts to map the UNIX user you use to a Windows user. If no mapping is found, the ΓÇ£Permission deniedΓÇ¥ error occurs. <br> This situation applies also when you use the ΓÇÿrootΓÇÖ user for the access. <br> To avoid the ΓÇ£Permission deniedΓÇ¥ issue, make sure that Windows Active Directory includes `pcuser` before you access the mount point. If you add `pcuser` after encountering the ΓÇ£Permission deniedΓÇ¥ issue, wait 24 hours for the cache entry to clear before trying the access again. | ## Common errors for SMB and dual-protocol volumes
azure-netapp-files Whats New https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-netapp-files/whats-new.md
Azure NetApp Files is updated regularly. This article provides a summary about t
* [SMB Continuous Availability (CA) shares support for FSLogix user profile containers](azure-netapp-files-create-volumes-smb.md#add-an-smb-volume) (Preview)
- [FSLogix](/fslogix/overview) is a set of solutions that enhance, enable, and simplify non-persistent Windows computing environments. FSLogix solutions are appropriate for virtual environments in both public and private clouds. FSLogix solutions can also be used to create more portable computing sessions when you use physical devices. FSLogix can be used to provide dynamic access to persistent user profile containers stored on SMB shared networked storage, including Azure NetApp Files. To further enhance FSLogix resiliency to storage service maintenance events, Azure NetApp Files has extended support for SMB Transparent Failover via [SMB Continuous Availability (CA) shares on Azure NetApp Files](azure-netapp-files-create-volumes-smb.md#add-an-smb-volume) for user profile containers. See Azure NetApp Files [Windows Virtual Desktop solutions](azure-netapp-files-solution-architectures.md#windows-virtual-desktop) for additional information.
+ [FSLogix](/fslogix/overview) is a set of solutions that enhance, enable, and simplify non-persistent Windows computing environments. FSLogix solutions are appropriate for virtual environments in both public and private clouds. FSLogix solutions can also be used to create more portable computing sessions when you use physical devices. FSLogix can be used to provide dynamic access to persistent user profile containers stored on SMB shared networked storage, including Azure NetApp Files. To further enhance FSLogix resiliency to storage service maintenance events, Azure NetApp Files has extended support for SMB Transparent Failover via [SMB Continuous Availability (CA) shares on Azure NetApp Files](azure-netapp-files-create-volumes-smb.md#add-an-smb-volume) for user profile containers. See Azure NetApp Files [Azure Virtual Desktop solutions](azure-netapp-files-solution-architectures.md#windows-virtual-desktop) for additional information.
* [SMB3 Protocol Encryption](azure-netapp-files-create-volumes-smb.md#add-an-smb-volume) (Preview)
azure-sql Automated Backups Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/automated-backups-overview.md
For SQL Database, the backup storage redundancy can be configured at the time of
> [!IMPORTANT]
-> Configure backup storage redundancy during the managed instance creation process as once the resource is provisioned, it is no longer possible to change the storage redundancy.
+> Backup storage redundancy for Hyperscale and SQL Managed Instance can only be set during database creation. This setting cannot be modified once the resource is provisioned. [Database copy](database-copy.md) process can be used to update the backup storage redundancy settings for an existing Hyperscale database.
> [!IMPORTANT] > Zone-redundant storage is currently only available in [certain regions](../../storage/common/storage-redundancy.md#zone-redundant-storage). > [!NOTE]
-> Configurable Backup Storage Redundancy for Azure SQL Database is currently available in public preview in all Azure regions and generally available in Southeast Asia Azure region only. This feature is not yet available for Hyperscale tier.
+> Configurable Backup Storage Redundancy for Azure SQL Database is currently available in public preview in all Azure regions and generally available in Southeast Asia Azure region only.
### Backup usage
azure-sql Database Copy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/database-copy.md
A database copy is a transactionally consistent snapshot of the source database
> [!NOTE] > Azure SQL Database Configurable Backup Storage Redundancy is currently available in public preview in Brazil South and generally available in Southeast Asia Azure region only. In the preview, if the source database is created with locally-redundant or zone-redundant backup storage redundancy, database copy to a server in a different Azure region is not supported.
+## Database Copy for Azure SQL Hyperscale
+
+For Azure SQL Hyperscale the target database determines whether the copy will be a fast copy or a size of data copy.
+
+Fast copy: When the copy is done in the same region as the source, the copy will be created from the snapshots of blobs, this copy is a fast operation regardless of the database size.
+
+Size of data copy: When the target database is in a different region than the source or if the database backup storage redundancy (Local, Zonal, Geo) from the target differs from the source database, the copy operation will be a size of data operation. Copy time will not be directly proportional to size as page server blobs are copied in parallel.
+ ## Logins in the database copy When you copy a database to the same server, the same logins can be used on both databases. The security principal you use to copy the database becomes the database owner on the new database.
azure-sql Doc Changes Updates Release Notes https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/doc-changes-updates-release-notes.md
This table provides a quick comparison for the change in terminology:
| Feature | Details | | | | | [16 TB support for SQL Managed Instance General Purpose](https://techcommunity.microsoft.com/t5/azure-sql/increased-storage-limit-to-16-tb-for-sql-managed-instance/ba-p/2421443) | Support for allocation up to 16 TB of space on SQL Managed Instance General Purpose |
+| [Azure Active Directory only authentication for Azure SQL](https://techcommunity.microsoft.com/t5/azure-sql/azure-active-directory-only-authentication-for-azure-sql/ba-p/2417673) | Public Preview for Azure Active Directory only authenticaion on Azure SQL Managed Instance. |
| [Migration with Log Replay Service](../managed-instance/log-replay-service-migrate.md) | Migrate databases from SQL Server to SQL Managed Instance by using Log Replay Service. | | [Maintenance window](./maintenance-window.md)| The maintenance window feature allows you to configure maintenance schedule. |
+| [Service Broker cross-instance message exchange for Azure SQL Managed Instance](https://azure.microsoft.com/en-gb/updates/service-broker-message-exchange-for-azure-sql-managed-instance-in-public-preview/) | Support for cross-instance message exchange on Azure SQL Managed Instance. |
+| [Long-term backup retention for Azure SQL Managed Instance](https://azure.microsoft.com/en-gb/updates/longterm-backup-retention-ltr-for-azure-sql-managed-instance-in-public-preview/) | Support for Long-term backup retention up to 10 years on Azure SQL Managed Instance. |
+| [Azure Monitor SQL insights for Azure SQL Managed Instance](https://azure.microsoft.com/en-gb/updates/azure-monitor-sql-insights-for-azure-sql-in-public-preview/) | Azure Monitor SQL insights for Azure SQL Managed Instance in public preview |
| [Distributed transactions](./elastic-transactions-overview.md) | Distributed transactions across Managed Instances. | | [Instance pools](../managed-instance/instance-pools-overview.md) | A convenient and cost-efficient way to migrate smaller SQL instances to the cloud. |
-| [Instance-level Azure AD server principals (logins)](/sql/t-sql/statements/create-login-transact-sql) | Create instance-level logins using a [CREATE LOGIN FROM EXTERNAL PROVIDER](/sql/t-sql/statements/create-login-transact-sql?view=azuresqldb-mi-current&preserve-view=true) statement. |
| [Transactional Replication](../managed-instance/replication-transactional-overview.md) | Replicate the changes from your tables into other databases in SQL Managed Instance, SQL Database, or SQL Server. Or update your tables when some rows are changed in other instances of SQL Managed Instance or SQL Server. For information, see [Configure replication in Azure SQL Managed Instance](../managed-instance/replication-between-two-instances-configure-tutorial.md). | | Threat detection |For information, see [Configure threat detection in Azure SQL Managed Instance](../managed-instance/threat-detection-configure.md).|
-| Long-term backup retention | For information, see [Configure long-term back up retention in Azure SQL Managed Instance](../managed-instance/long-term-backup-retention-configure.md), which is currently in limited public preview. |
| Query Store hints | For information, see [Query Store hints](/sql/relational-databases/performance/query-store-hints?view=azuresqldb-mi-current&preserve-view=true).| | | |
This table provides a quick comparison for the change in terminology:
### SQL Managed Instance H1 2021 updates -- [Public Preview for Support 16 TB for SQL Managed Instance General Purpose](https://techcommunity.microsoft.com/t5/azure-sql/increased-storage-limit-to-16-tb-for-sql-managed-instance/ba-p/2421443) - support for allocation of up to 16 TB of space for SQL Managed Instance General Purpose (Public Preview)
-
-- [Migrate to Managed Instance with Log Replay Service](../managed-instance/log-replay-service-migrate.md) - allows migrating databases from SQL Server to SQL Managed Instance by using Log Replay Service (Public Preview)
+- [Public Preview for Support 16 TB for SQL Managed Instance General Purpose](https://techcommunity.microsoft.com/t5/azure-sql/increased-storage-limit-to-16-tb-for-sql-managed-instance/ba-p/2421443) - support for allocation of up to 16 TB of space for SQL Managed Instance General Purpose (Public Preview).
+
+- [Parallel backup for better performance in SQL Managed Instance General Purpose](https://techcommunity.microsoft.com/t5/azure-sql/parallel-backup-for-better-performance-in-sql-managed-instance/ba-p/2421762) - support for faster backups for SQL Managed Instance General Purpose.
+
+- [Azure Active Directory only authentication for Azure SQL](https://techcommunity.microsoft.com/t5/azure-sql/azure-active-directory-only-authentication-for-azure-sql/ba-p/2417673) - Public Preview for Azure Active Directory only authenticaion on Azure SQL Managed Instance.
+
+- [Use Resource Health to monitor health status of your Azure SQL Managed Instance](resource-health-to-troubleshoot-connectivity.md) - support for Resource Health monitoring on Azure SQL Managed Instance.
+
+- [Service-aided subnet configuration for Azure SQL Managed Instance now makes use of service tags for user-defined routes](../managed-instance/connectivity-architecture-overview.md) - support for User defined route (UDR) table.
+
+- [Migrate to Managed Instance with Log Replay Service](../managed-instance/log-replay-service-migrate.md) - allows migrating databases from SQL Server to SQL Managed Instance by using Log Replay Service (Public Preview).
- [Maintenance window](./maintenance-window.md) - the maintenance window feature allows you to configure maintenance schedule, see [Maintenance window announcement](https://techcommunity.microsoft.com/t5/azure-sql/maintenance-window-for-azure-sql-database-and-managed-instance/ba-p/2174835) (Public Preview).
+- [Machine Learning Services on Azure SQL Managed Instance now generally available](https://azure.microsoft.com/en-gb/updates/machine-learning-services-on-azure-sql-managed-instance-now-generally-available/) - General availability for Machine Learning Services on Azure SQL Managed Instance.
+
+- [Service Broker cross-instance message exchange for Azure SQL Managed Instance](https://azure.microsoft.com/en-gb/updates/service-broker-message-exchange-for-azure-sql-managed-instance-in-public-preview/) - support for cross-instance message exchange.
+
+- [Long-term backup retention for Azure SQL Managed Instance](https://azure.microsoft.com/en-gb/updates/longterm-backup-retention-ltr-for-azure-sql-managed-instance-in-public-preview/) - Support for Long-term backup retention up to 10 years on Azure SQL Managed Instance.
+
+- [Dynamic data masking granular permissions for Azure SQL Managed Instance](dynamic-data-masking-overview.md) - general availability for Dynamic data masking granular permissions for Azure SQL Managed Instance.
+
+- [Azure SQL Managed Instance auditing of Microsoft operations](https://azure.microsoft.com/en-gb/updates/azure-sql-auditing-of-microsoft-operations-is-now-generally-available/) - general availability for Azure SQL Managed Instance auditing of Microsoft operations.
+
+- [Azure Monitor SQL insights for Azure SQL Managed Instance](https://azure.microsoft.com/en-gb/updates/azure-monitor-sql-insights-for-azure-sql-in-public-preview/) - Azure Monitor SQL insights for Azure SQL Managed Instance in public preview.
+ ### SQL Managed Instance H2 2019 updates - [Service-aided subnet configuration](https://azure.microsoft.com/updates/service-aided-subnet-configuration-for-managed-instance-in-azure-sql-database-available/) is a secure and convenient way to manage subnet configuration where you control data traffic while SQL Managed Instance ensures the uninterrupted flow of management traffic.
azure-sql Service Tier Hyperscale https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/service-tier-hyperscale.md
These are the current limitations to the Hyperscale service tier as of GA. We'r
| Migration to Hyperscale is currently a one-way operation | Once a database is migrated to Hyperscale, it can't be migrated directly to a non-Hyperscale service tier. At present, the only way to migrate a database from Hyperscale to non-Hyperscale is to export/import using a bacpac file or other data movement technologies (Bulk Copy, Azure Data Factory, Azure Databricks, SSIS, etc.) Bacpac export/import from Azure portal, from PowerShell using [New-AzSqlDatabaseExport](/powershell/module/az.sql/new-azsqldatabaseexport) or [New-AzSqlDatabaseImport](/powershell/module/az.sql/new-azsqldatabaseimport), from Azure CLI using [az sql db export](/cli/azure/sql/db#az_sql_db_export) and [az sql db import](/cli/azure/sql/db#az_sql_db_import), and from [REST API](/rest/api/sql/) is not supported. Bacpac import/export for smaller Hyperscale databases (up to 200 GB) is supported using SSMS and [SqlPackage](/sql/tools/sqlpackage) version 18.4 and later. For larger databases, bacpac export/import may take a long time, and may fail for various reasons.| | Migration of databases with In-Memory OLTP objects | Hyperscale supports a subset of In-Memory OLTP objects, including memory-optimized table types, table variables, and natively compiled modules. However, when any kind of In-Memory OLTP objects are present in the database being migrated, migration from Premium and Business Critical service tiers to Hyperscale is not supported. To migrate such a database to Hyperscale, all In-Memory OLTP objects and their dependencies must be dropped. After the database is migrated, these objects can be recreated. Durable and non-durable memory-optimized tables are not currently supported in Hyperscale, and must be changed to disk tables.| | Geo-replication | [Geo-replication](active-geo-replication-overview.md) on Hyperscale is now in public preview. |
-| Database Copy | [Database copy](database-copy.md) on Hyperscale is now in public preview. |
| Intelligent Database Features | With the exception of the "Force Plan" option, all other Automatic Tuning options aren't yet supported on Hyperscale: options may appear to be enabled, but there won't be any recommendations or actions made. | | Query Performance Insights | Query Performance Insights is currently not supported for Hyperscale databases. | | Shrink Database | DBCC SHRINKDATABASE or DBCC SHRINKFILE isn't currently supported for Hyperscale databases. |
azure-sql Transparent Data Encryption Tde Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/database/transparent-data-encryption-tde-overview.md
Last updated 06/23/2021
# Transparent data encryption for SQL Database, SQL Managed Instance, and Azure Synapse Analytics [!INCLUDE[appliesto-sqldb-sqlmi-asa](../includes/appliesto-sqldb-sqlmi-asa.md)]
-[Transparent data encryption (TDE)](/sql/relational-databases/security/encryption/transparent-data-encryption) helps protect Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics against the threat of malicious offline activity by encrypting data at rest. It performs real-time encryption and decryption of the database, associated backups, and transaction log files at rest without requiring changes to the application. By default, TDE is enabled for all newly deployed SQL Databases and must be manually enabled for older databases of Azure SQL Database, Azure SQL Managed Instance. TDE must be manually enabled for Azure Synapse Analytics.
+[Transparent data encryption (TDE)](/sql/relational-databases/security/encryption/transparent-data-encryption) helps protect Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics against the threat of malicious offline activity by encrypting data at rest. It performs real-time encryption and decryption of the database, associated backups, and transaction log files at rest without requiring changes to the application. By default, TDE is enabled for all newly deployed Azure SQL Databases and must be manually enabled for older databases of Azure SQL Database. For Azure SQL Managed Instance, TDE is enabled at the instance level and newly created databases. TDE must be manually enabled for Azure Synapse Analytics.
> [!NOTE] > This article applies to Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics (dedicated SQL pools (formerly SQL DW)). For documentation on Transparent Data Encryption for dedicated SQL pools inside Synapse workspaces, see [Azure Synapse Analytics encryption](../../synapse-analytics/security/workspaces-encryption.md).
TDE performs real-time I/O encryption and decryption of the data at the page lev
For Azure SQL Database and Azure Synapse, the TDE protector is set at the [server](logical-servers.md) level and is inherited by all databases associated with that server. For Azure SQL Managed Instance, the TDE protector is set at the instance level and it is inherited by all encrypted databases on that instance. The term *server* refers both to server and instance throughout this document, unless stated differently. > [!IMPORTANT]
-> All newly created databases in SQL Database are encrypted by default by using service-managed transparent data encryption. Existing SQL databases created before May 2017 and SQL databases created through restore, geo-replication, and database copy are not encrypted by default. Existing SQL Managed Instance databases created before February 2019 are not encrypted by default. SQL Managed Instance databases created through restore inherit encryption status from the source.
+> All newly created databases in SQL Database are encrypted by default by using service-managed transparent data encryption. Existing SQL databases created before May 2017 and SQL databases created through restore, geo-replication, and database copy are not encrypted by default. Existing SQL Managed Instance databases created before February 2019 are not encrypted by default. SQL Managed Instance databases created through restore inherit encryption status from the source. To restore an existing TDE-encrypted database, the required TDE certificate must first be [imported](../managed-instance/tde-certificate-migrate.md) into the SQL Managed Instance.
> [!NOTE] > TDE cannot be used to encrypt system databases, such as the **master** database, in Azure SQL Database and Azure SQL Managed Instance. The **master** database contains objects that are needed to perform the TDE operations on the user databases. It is recommended to not store any sensitive data in the system databases. [Infrastructure encryption](transparent-data-encryption-byok-overview.md#doubleencryption) is now being rolled out which encrypts the system databases including master.
Use the following set of commands for Azure SQL Database and Azure Synapse:
- For a general description of TDE, see [Transparent data encryption](/sql/relational-databases/security/encryption/transparent-data-encryption). - To learn more about TDE with BYOK support for Azure SQL Database, Azure SQL Managed Instance and Azure Synapse, see [Transparent data encryption with Bring Your Own Key support](transparent-data-encryption-byok-overview.md). - To start using TDE with Bring Your Own Key support, see the how-to guide, [Turn on transparent data encryption by using your own key from Key Vault](transparent-data-encryption-byok-configure.md).-- For more information about Key Vault, see [Secure access to a key vault](../../key-vault/general/security-features.md).
+- For more information about Key Vault, see [Secure access to a key vault](../../key-vault/general/security-features.md).
azure-sql Sql Agent Extension Automatic Registration All Vms https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-sql/virtual-machines/windows/sql-agent-extension-automatic-registration-all-vms.md
You can enable the automatic registration feature for multiple Azure subscriptio
To do so, follow these steps:
-1. Save [this script](https://github.com/microsoft/tigertoolbox/blob/master/AzureSQLVM/AutoRegTools.psm1).
+1. Save [this script](https://github.com/microsoft/tigertoolbox/blob/master/AzureSQLVM/EnableBySubscription.ps1).
1. Navigate to where you saved the script by using an administrative Command Prompt or PowerShell window. 1. Connect to Azure (`az login`). 1. Execute the script, passing in SubscriptionIds as parameters such as
azure-video-analyzer Detect Motion Emit Events Quickstart https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-video-analyzer/video-analyzer-docs/detect-motion-emit-events-quickstart.md
Title: Detect motion and emit events from the edge - Azure
description: This quickstart shows you how to use Azure Video Analyzer to detect motion and emit events, by programmatically calling direct methods. Last updated 06/01/2021
-zone_pivot_groups: ams-lva-edge-programming-languages
+zone_pivot_groups: video-analyzer-programming-languages
# Quickstart: Detect motion and emit events
azure-vmware Configure Github Enterprise Server https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/configure-github-enterprise-server.md
Create somewhere for GitHub Actions to run; again, we'll use Azure VMware Soluti
1. Install [the Actions runner](https://github.com/actions/runner) application, which runs a job from a GitHub Actions workflow. Identify and download the most current Linux x64 release of the Actions runner, either from [the releases page](https://github.com/actions/runner/releases) or by running the following quick script. This script requires both curl and [jq](https://stedolan.github.io/jq/) to be present on your VM.
- `LATEST\_RELEASE\_ASSET\_URL=$( curl https://api.github.com/repos/actions/runner/releases/latest | \`
+ ```bash
+ LATEST\_RELEASE\_ASSET\_URL=$( curl https://api.github.com/repos/actions/runner/releases/latest | \
- ` jq -r '.assets | .[] | select(.name | match("actions-runner-linux-arm64")) | .url' )`
+ jq -r '.assets | .[] | select(.name | match("actions-runner-linux-arm64")) | .url' )
- `DOWNLOAD\_URL=$( curl $LATEST\_RELEASE\_ASSET\_URL | \`
+ DOWNLOAD\_URL=$( curl $LATEST\_RELEASE\_ASSET\_URL | \
- ` jq -r '.browser\_download\_url' )`
+ jq -r '.browser\_download\_url' )
- `curl -OL $DOWNLOAD\_URL`
+ curl -OL $DOWNLOAD\_URL
+ ```
- You should now have a file locally on your VM, actions-runner-linux-arm64-\*.tar.gz. Extract this tarball locally:
+ You should now have a file locally on your VM, actions-runner-linux-arm64-\*.tar.gz. Extract this tarball locally:
- `tar xzf actions-runner-linux-arm64-\*.tar.gz`
+ ```bash
+ tar xzf actions-runner-linux-arm64-\*.tar.gz
+ ```
- This extraction unpacks a few files locally, including a `config.sh` and `run.sh` script.
+ This extraction unpacks a few files locally, including a `config.sh` and `run.sh` script.
## Enable GitHub Actions
Configure and enable GitHub Actions on the GitHub Enterprise Server instance.
1. [Access the GitHub Enterprise Server instance's administrative shell over SSH](https://docs.github.com/en/enterprise/admin/configuration/accessing-the-administrative-shell-ssh), and then run the following commands:
- `# set an environment variable containing your Blob storage connection string`
-
- `export CONNECTION\_STRING="<your connection string from the blob storage step>"`
-
- `# configure actions storage`
-
- `ghe-config secrets.actions.storage.blob-provider azure`
-
- `ghe-config secrets.actions.storage.azure.connection-string "$CONNECTION\_STRING"`
-
- `# apply these settings`
-
- `ghe-config-apply`
-
- `# execute a precheck, this install additional software required by Actions on GitHub Enterprise Server`
-
- `ghe-actions-precheck -p azure -cs "$CONNECTION\_STRING"`
+1. Set an environment variable containing your Blob storage connection string.
+
+ ```bash
+ export CONNECTION\_STRING="<your connection string from the blob storage step>"
+ ```
+
+1. Configure actions storage.
- `# enable actions, and re-apply the config`
+ ```bash
+ ghe-config secrets.actions.storage.blob-provider azure
+
+ ghe-config secrets.actions.storage.azure.connection-string "$CONNECTION\_STRING`
+ ```
+
+1. Apply the settings.
+
+ ```bash
+ ghe-config-apply
+ ```
+
+1. Execute a precheck, this install additional software required by Actions on GitHub Enterprise Server.
- `ghe-config app.actions.enabled true`
+ ```bash
+ ghe-actions-precheck -p azure -cs "$CONNECTION\_STRING"
+ ```
+
+1. Enable actions, and re-apply the configuration.
+
+ ```bash
+ ghe-config app.actions.enabled true
- `ghe-config-apply`
+ ghe-config-apply
+ ```
-1. Next check the health of your blob storage:
+1. Check the health of your blob storage.
- `ghe-actions-check -s blob`
+ ```bash
+ ghe-actions-check -s blob
+ ```
You should see output: _Blob Storage is healthy_.
-1. Now that **GitHub Actions** is configured, enable it for your users. Sign in to your GitHub Enterprise Server instance as an administrator, and select the ![Rocket icon.](media/github-enterprise-server/rocket-icon.png) in the upper right corner of any page.
+1. Now that **GitHub Actions** is configured, enable it for your users. Sign in to your GitHub Enterprise Server instance as an administrator, and select the :::image type="icon" source="media/github-enterprise-server/rocket-icon.png"::: in the upper right corner of any page.
1. In the left sidebar, select **Enterprise overview**, then **Policies**, **Actions**, and select the option to **enable Actions for all organizations**.
Configure and enable GitHub Actions on the GitHub Enterprise Server instance.
1. Copy the command to **configure** the runner, for instance:
- `./config.sh --url https://10.1.1.26/enterprises/octo-org --token AAAAAA5RHF34QLYBDCHWLJC7L73MA`
+ ```bash
+ ./config.sh --url https://10.1.1.26/enterprises/octo-org --token AAAAAA5RHF34QLYBDCHWLJC7L73MA
+ ```
1. Copy the `config.sh` command and paste it into a session on your Actions runner (created previously).
azure-vmware Configure Vmware Hcx https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/configure-vmware-hcx.md
For an end-to-end overview of this procedure, view the [Azure VMware Solution: C
:::image type="content" source="media/tutorial-vmware-hcx/interconnect-appliance-state.png" alt-text="Screenshot that shows selections for checking the status of the appliance." lightbox="media/tutorial-vmware-hcx/interconnect-appliance-state.png":::
+ >[!NOTE]
+ >After establishing the service mesh, you may notice a new datastore and a new host in your private cloud. This is perfectly normal behavior after establishing a service mesh.
+ >
+ >:::image type="content" source="media/tutorial-vmware-hcx/hcx-service-mesh-datastore-host.png" alt-text="Screenshot showing the HCX service mesh datastore and host." lightbox="media/tutorial-vmware-hcx/hcx-service-mesh-datastore-host.png":::
+ For an end-to-end overview of this procedure, view the [Azure VMware Solution: Service Mesh](https://www.youtube.com/embed/COY3oIws108) video. ## Create a network extension
For an end-to-end overview of this procedure, view the [Azure VMware Solution: N
If the HCX interconnect tunnel status is **UP** and green, you're ready to migrate and protect Azure VMware Solution VMs using VMware HCX. Azure VMware Solution supports workload migrations (with or without a network extension). You can still migrate workloads in your vSphere environment, along with on-premises creation of networks and deployment of VMs onto those networks. For more information, see the [VMware HCX Documentation](https://docs.vmware.com/en/VMware-HCX/https://docsupdatetracker.net/index.html). -
azure-vmware Protect Azure Vmware Solution With Application Gateway https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/azure-vmware/protect-azure-vmware-solution-with-application-gateway.md
This article shows you how to use Application Gateway in front of a web server f
## Topology The diagram shows how Application Gateway is used to protect Azure IaaS virtual machines (VMs), Azure virtual machine scale sets, or on-premises servers. Application Gateway treats Azure VMware Solution VMs as on-premises servers. > [!IMPORTANT] > Azure Application Gateway is currently the only supported method to expose web apps running on Azure VMware Solution VMs.
backup Archive Tier Support https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/backup/archive-tier-support.md
Title: Archive Tier support description: Learn about Archive Tier Support for Azure Backup Previously updated : 07/27/2021 Last updated : 08/04/2021
Supported clients:
- The capability is provided using PowerShell >[!Note]
->Archive Tier support for SQL Servers in Azure VMs is now generally available in North Europe, Central India, and Australia East. For the detailed list of supported regions, refer to the [support matrix](#support-matrix). <br><br> For the remaining regions for SQL Servers in Azure VMs, Archive Tier support is in limited public preview. Archive Tier support for Azure Virtual Machines is also in limited public preview. To sign up for limited public preview, use this [link](https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR463S33c54tEiJLEM6Enqb9UNU5CVTlLVFlGUkNXWVlMNlRPM1lJWUxLRy4u).
+>Archive Tier support for SQL Servers in Azure VMs is now generally available in North Europe, Central India, South East Asia, and Australia East. For the detailed list of supported regions, refer to the [support matrix](#support-matrix). <br><br> For the remaining regions for SQL Servers in Azure VMs, Archive Tier support is in limited public preview. Archive Tier support for Azure Virtual Machines is also in limited public preview. To sign up for limited public preview, use this [link](https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR463S33c54tEiJLEM6Enqb9UNU5CVTlLVFlGUkNXWVlMNlRPM1lJWUxLRy4u).
## Get started with PowerShell
Stop protection and delete data deletes all the recovery points. For recovery po
| Workloads | Preview | Generally available | | | | |
-| SQL Server in Azure VM | East US, East US 2, Central US, South Central US, West US, West US 2, West Central US, North Central US, Brazil South, Canada East, Canada Central, West Europe, UK South, UK West, East Asia, Japan East, South India, South East Asia | Australia East, Central India, North Europe |
+| SQL Server in Azure VM | East US, East US 2, Central US, South Central US, West US, West US 2, West Central US, North Central US, Brazil South, Canada East, Canada Central, West Europe, UK South, UK West, East Asia, Japan East, South India | Australia East, Central India, North Europe, South East Asia |
| Azure Virtual Machines | East US, East US 2, Central US, South Central US, West US, West US 2, West Central US, North Central US, Brazil South, Canada East, Canada Central, West Europe, UK South, UK West, East Asia, Japan East, South India, South East Asia, Australia East, Central India, North Europe | None | ## Error codes and troubleshooting steps
backup Backup Azure Arm Restore Vms https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/backup/backup-azure-arm-restore-vms.md
For more information, see [Back up and restore Active Directory domain controlle
Managed identities eliminate the need for the user to maintain the credentials. Managed identities provide an identity for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication.
-Azure Backup offers the flexibility to restore the managed Azure VM with [Managed identities](/azure/active-directory/managed-identities-azure-resources/overview). You can choose to select [system-managed identities](/azure/active-directory/managed-identities-azure-resources/overview#managed-identity-types) or user-managed identities as shown in the figure below. This is introduced as one of the input parameters in the [**Restore configuration** blade](/azure/backup/backup-azure-arm-restore-vms#create-a-vm) of Azure VM. Managed identities used as one of the input parameter is only used for accessing the storage accounts, which is used as staging location during restore and not for any other Azure resource controlling. These Managed identities have to be associated to the vault.
+Azure Backup offers the flexibility to restore the managed Azure VM with [managed identities](/azure/active-directory/managed-identities-azure-resources/overview). You can choose to select [system-managed identities](/azure/active-directory/managed-identities-azure-resources/overview#managed-identity-types) or user-managed identities as shown in the figure below. This is introduced as one of the input parameters in the [**Restore configuration** blade](/azure/backup/backup-azure-arm-restore-vms#create-a-vm) of Azure VM. Managed identities used as one of the input parameter is only used for accessing the storage accounts, which is used as staging location during restore and not for any other Azure resource controlling. These managed identities have to be associated to the vault.
:::image type="content" source="./media/backup-azure-arm-restore-vms/select-system-managed-identities-or-user-managed-identities.png" alt-text="Screenshot for choice to select system managed identities or user managed identities.":::
-If you choose to select system-assigned or User-assigned Managed identities, check for the below actions for Managed Identity on the target staging Storage Account.
+If you choose to select system-assigned or user-assigned managed identities, check for the below actions for managed identity on the target staging Storage Account.
```json "permissions": [
You can also select the [user-managed identity](/azure/active-directory/managed-
>[!Note] >The support is available for only managed VMs, and not supported for classic VMs and unmanaged VMs. For the [storage accounts that are restricted with firewalls](/azure/storage/common/storage-network-security?tabs=azure-portal), system MSI is only supported.
+>
+>Currently, this is available in all Azure public regions, except Germany West Central and India Central.
## Track the restore operation
backup Backup Support Matrix Iaas https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/backup/backup-support-matrix-iaas.md
Backup of Azure VMs with locks | Unsupported for unmanaged VMs. <br><br> Support
[Azure Dedicated Host](../virtual-machines/dedicated-hosts.md) | Supported<br></br>While restoring an Azure VM through the [Create New](backup-azure-arm-restore-vms.md#create-a-vm) option, though the restore gets successful, Azure VM can't be restored in the dedicated host. To achieve this, we recommend you to restore as disks. While [restoring as disks](backup-azure-arm-restore-vms.md#restore-disks) with the template, create a VM in dedicated host, and then attach the disks.<br></br>This is not applicable in secondary region, while performing [Cross Region Restore](backup-azure-arm-restore-vms.md#cross-region-restore). Windows Storage Spaces configuration of standalone Azure VMs | Supported [Azure VM Scale Sets](../virtual-machine-scale-sets/virtual-machine-scale-sets-orchestration-modes.md#scale-sets-with-flexible-orchestration) | Supported for flexible orchestration model to back up and restore Single Azure VM.
-Restore with Managed identities | Yes, supported for managed Azure VMs, and not supported for classic and unmanaged Azure VMs. [Learn more](backup-azure-arm-restore-vms.md#restore-vms-with-managed-identities)
+Restore with Managed identities | Yes, supported for managed Azure VMs, and not supported for classic and unmanaged Azure VMs. <br><br> Currently, this is available in all Azure public regions, except Germany West Central and India Central. <br><br> [Learn more](backup-azure-arm-restore-vms.md#restore-vms-with-managed-identities).
## VM storage support
cognitive-services Spatial Analysis Web App https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Computer-vision/spatial-analysis-web-app.md
Most of the **Environment Variables** for the IoT Edge Module are already set in
"EULA": { "value": "accept" },
-"ENDPOINT":{
+"BILLING":{
"value": "<Use a key from your Computer Vision resource>" }, "APIKEY":{
cognitive-services Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Face/Overview.md
keywords: facial recognition, facial recognition software, facial analysis, face
The Azure Face service provides AI algorithms that detect, recognize, and analyze human faces in images. Facial recognition software is important in many different scenarios, such as identity verification, touchless access control, and face blurring for privacy.
-**Identity verification** checks that a new (remote) user is who they claim to be by matching their face against the photo on their identity document. It is commonly used in the gig economy, banking and online education industries.
+Identity Verification: Verifies someoneΓÇÖs identity against a government-issued ID card like a passport or driverΓÇÖs license or other enrollment image to grant access to digital or physical services or recover an account. Specific access scenarios include opening a new account, verifying a worker, or administering an online assessment. Identity verification can be done once when a person is onboarded, and repeatedly as someone accesses a digital or physical service.
-**Face analysis** locates human faces in an image and returns different kinds of face-related data, such as whether the person is wearing a mask, glasses, facial hair, etc.
+Touchless Access Control: Compared to todayΓÇÖs methods like cards or tickets, opt-in face identification enables an enhanced access control experience while reducing the hygiene and security risks from card sharing, loss, or theft. Facial recognition assists the check-in process with a human in the loop for check-ins in airports, stadiums, theme parks, or buildings as well as reception kiosks at offices, hospitals, gyms, clubs, or schools.
+
+Face Redaction: Redact or blur detected faces of people recorded in a video to protect their privacy.
This documentation contains the following types of articles: * The [quickstarts](./Quickstarts/client-libraries.md) are step-by-step instructions that let you make calls to the service and get results in a short period of time.
cognitive-services How To Use Logging https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/how-to-use-logging.md
config.set_property(speechsdk.PropertyId.Speech_LogFilename, "LogfilePathAndName
[config setPropertyTo:@"LogfilePathAndName" byId:SPXSpeechLogFilename]; ```
+```go
+import ("github.com/Microsoft/cognitive-services-speech-sdk-go/common")
+
+config.SetProperty(common.SpeechLogFilename, "LogfilePathAndName")
+```
+ You can create a recognizer from the config object. This will enable logging for all recognizers. > [!NOTE]
cognitive-services Speech Container Howto https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Speech-Service/speech-container-howto.md
Speech containers enable customers to build a speech application architecture th
| Container | Features | Latest | Release status | |--|--|--|--|
-| Speech-to-text | Analyzes sentiment and transcribes continuous real-time speech or batch audio recordings with intermediate results. | 2.12.0 | Generally Available |
-| Custom Speech-to-text | Using a custom model from the [Custom Speech portal](https://speech.microsoft.com/customspeech), transcribes continuous real-time speech or batch audio recordings into text with intermediate results. | 2.12.0 | Generally Available |
-| Text-to-speech | Converts text to natural-sounding speech with plain text input or Speech Synthesis Markup Language (SSML). | 1.14.0 | Generally Available |
+| Speech-to-text | Analyzes sentiment and transcribes continuous real-time speech or batch audio recordings with intermediate results. | 2.13.0 | Generally Available |
+| Custom Speech-to-text | Using a custom model from the [Custom Speech portal](https://speech.microsoft.com/customspeech), transcribes continuous real-time speech or batch audio recordings into text with intermediate results. | 2.13.0 | Generally Available |
+| Text-to-speech | Converts text to natural-sounding speech with plain text input or Speech Synthesis Markup Language (SSML). | 1.14.1 | Generally Available |
| Speech Language Identification | Detect the language spoken in audio files. | 1.0 | Gated preview |
-| Neural Text-to-speech | Converts text to natural-sounding speech using deep neural network technology, allowing for more natural synthesized speech. | 1.6.0 | Generally Available |
+| Neural Text-to-speech | Converts text to natural-sounding speech using deep neural network technology, allowing for more natural synthesized speech. | 1.8.0 | Generally Available |
If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/cognitive-services/) before you begin.
cognitive-services Quickstart Build Deploy Custom Model https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/Translator/custom-translator/quickstart-build-deploy-custom-model.md
This article provides step-by-step instructions to build a translation system wi
3. When you have both of the above, sign in to the [Custom Translator](https://portal.customtranslator.azure.ai) portal to create workspaces, projects, upload files and create/deploy models.
+You can also view a full, start to finish walkthrough video of Custom Translator on [YouTube](https://www.youtube.com/watch?v=TykB6WDTkRc&t=3s).
+ >[!Note] >Custom Translator does not support creating workspace for Translator Text API resource that was created inside [Enabled VNET](../../../api-management/api-management-using-with-vnet.md).
Reference](../reference/v3-0-reference.md) webpage.
## Next steps -- Learn how to navigate the [Custom Translator workspace and manage your projects](workspace-and-project.md).
+- Learn how to navigate the [Custom Translator workspace and manage your projects](workspace-and-project.md).
cognitive-services Container Image Tags https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/containers/container-image-tags.md
The [Custom Speech-to-text][sp-cstt] container image can be found on the `mcr.mi
# [Latest version](#tab/current)
-Release note for `2.12.0-amd64`:
+Release note for `2.13.0-amd64`:
Regular monthly release
Note that due to the phrase lists feature, the size of this container image has
| Image Tags | Notes | Digest | |-|:|:-|
-| `latest` | | `sha256:22284b8e38f83a735fc59f466fb5ba138d5c56b9e8f446dc05cbb5ac63a9a31f`|
-| `2.12.0-amd64` | | `sha256:22284b8e38f83a735fc59f466fb5ba138d5c56b9e8f446dc05cbb5ac63a9a31f`|
+| `latest` | | `sha256:55ff552d0c593a4ddbed0ae0dede758f93011a165f1afd6738ba906a7e24eeee`|
+| `2.13.0-amd64` | | `sha256:55ff552d0c593a4ddbed0ae0dede758f93011a165f1afd6738ba906a7e24eeee`|
# [Previous version](#tab/previous)
+Release note for `2.12.1-amd64`:
+
+Regular monthly release
+ Release note for `2.11.0-amd64`: **Fixes**
Release note for `2.5.0-amd64`:
| Image Tags | Notes | |-|:--|
+| `2.12.1-amd64` | |
| `2.11.0-amd64` | | | `2.10.0-amd64` | | | `2.9.0-amd64` | |
The [Custom Text-to-speech][sp-ctts] container image can be found on the `mcr.mi
# [Latest version](#tab/current)
-Release note for `1.14.0-amd64`:
+Release note for `1.14.1-amd64`:
Regular monthly release | Image Tags | Notes | Digest | |-|:|:--|
-| `latest` | | `sha256:1c5c56b76de5dd5ae56ad32aa094c5335b82bd4b78ad805767bf3cef68da674b` |
-| `1.14.0-amd64` | | `sha256:1c5c56b76de5dd5ae56ad32aa094c5335b82bd4b78ad805767bf3cef68da674b` |
+| `latest` | | `sha256:1db1eea50b96fd56cf4e63ff22878a8da1130f8bfa497c9ce70fbe9db40e3d2c` |
+| `1.14.1-amd64` | | `sha256:1db1eea50b96fd56cf4e63ff22878a8da1130f8bfa497c9ce70fbe9db40e3d2c` |
# [Previous version](#tab/previous)
Since Speech-to-text v2.5.0, images are supported in the *US Government Virginia
# [Latest version](#tab/current)
-Release note for `2.12.0-amd64-<locale>`:
+Release note for `2.13.0-amd64-<locale>`:
-**Feature**
-* Upgrade to latest models.
+Regular monthly release
Note that due to the phrase lists feature, the size of this container image has increased. | Image Tags | Notes | |-|:--| | `latest` | Container image with the `en-US` locale. |
-| `2.12.0-amd64-<locale>` | Replace `<locale>` with one of the available locales, listed below. For example `2.12.0-amd64-en-us`.|
+| `2.13.0-amd64-<locale>` | Replace `<locale>` with one of the available locales, listed below. For example `2.13.0-amd64-en-us`.|
This container has the following locales available.
-| Locale for v2.12.0 | Notes | Digest |
+| Locale for v2.13.0 | Notes | Digest |
|--|:--|:--|
-| `ar-ae` | Container image with the `ar-AE` locale. | `sha256:064aac5ddd8344081961be631d8f21787ca031bfb7b80e539393464d7bb45778` |
-| `ar-bh` | Container image with the `ar-BH` locale. | `sha256:e85734b5563b909851f91ee0e6736c1dee90289f97018d594a026a1f29e0ed3e` |
-| `ar-eg` | Container image with the `ar-EG` locale. | `sha256:f4a1047fe225a16d515ab0818393114073979c9eff862ca01c1a8fec6cc5db06` |
-| `ar-iq` | Container image with the `ar-IQ` locale. | `sha256:422f18155a43817448b9db0dfdf87972ede8ffdd75c154251e00df20812da233` |
-| `ar-jo` | Container image with the `ar-JO` locale. | `sha256:6521a7ad179aed7c8305968613d8688afbc20224e9e12e88a90352a36d59f860` |
-| `ar-kw` | Container image with the `ar-KW` locale. | `sha256:064aac5ddd8344081961be631d8f21787ca031bfb7b80e539393464d7bb45778` |
-| `ar-lb` | Container image with the `ar-LB` locale. | `sha256:5aba99800db4709451f9d3cfdbfae38f4f9d33eb1ad582f3734db29adb1a9312` |
-| `ar-om` | Container image with the `ar-OM` locale. | `sha256:96493991234739d6af47b27e00da14b3b380936422d6b91c3c89fcd56252b54d` |
-| `ar-qa` | Container image with the `ar-QA` locale. | `sha256:064aac5ddd8344081961be631d8f21787ca031bfb7b80e539393464d7bb45778` |
-| `ar-sa` | Container image with the `ar-SA` locale. | `sha256:064aac5ddd8344081961be631d8f21787ca031bfb7b80e539393464d7bb45778` |
-| `ar-sy` | Container image with the `ar-SY` locale. | `sha256:5ca200a4f178c222833c425635e5e0bc6c1afe1fd8ed36d79c5057eddb2a896b` |
-| `bg-bg` | Container image with the `bg-BG` locale. | `sha256:20349f5cfdf5b494b7b99fd21919fb1293506af45cfa4deeebe86c685fe148fd` |
-| `ca-es` | Container image with the `ca-ES` locale. | `sha256:2c8157e92e43ef2da62cf0cbdc03789d9212af50e631dcb2f05b15da166ca98c` |
-| `cs-cz` | Container image with the `cs-CZ` locale. | `sha256:b7d7165585c42b71a10a59f56d697c976507d43dd7194497511e9454e30fab5e` |
-| `da-dk` | Container image with the `da-DK` locale. | `sha256:7dce8b535f20be8c950cf03ffa36d2a0596d82cb894d336933ff8e9fdff9a971` |
-| `de-de` | Container image with the `de-DE` locale. | `sha256:a129a9b671f79055d14a94150d47ed466c18c5d0a6309df7a2d3a805683a9cc3` |
-| `el-gr` | Container image with the `el-GR` locale. | `sha256:84d0fa507571051d6879e06882135ab3382b35ea6a28e175e665400047910086` |
-| `en-au` | Container image with the `en-AU` locale. | `sha256:c7901ee73bf87040f2b2f8d811007b6282070a72793214e7473b934b460004c9` |
-| `en-ca` | Container image with the `en-CA` locale. | `sha256:a26b8e87a5d9b0a6ef954770ce1ae6fc0d6bbbf97875274a5610be38e161f80b` |
-| `en-gb` | Container image with the `en-GB` locale. | `sha256:6ad9c80ba0e1f48ecce5112c685b576a4214671a39fd12749eb26c62c49f8e67` |
-| `en-hk` | Container image with the `en-HK` locale. | `sha256:82f8abb2396aede6ab16e67f1c705ef58bd71b269e832ce0c43f1769aad74469` |
-| `en-ie` | Container image with the `en-IE` locale. | `sha256:1daad42be533a5d284e4e7bf75e87b1a09943052e2bbe58e2f085b952c069882` |
-| `en-in` | Container image with the `en-IN` locale. | `sha256:a29eb8e6c72962096d8d281e6f329daacbd92200a2f9a970e522234a5b08ba54` |
-| `en-nz` | Container image with the `en-NZ` locale. | `sha256:9b1273d7610f585cbb1475d83837b671c43c05625b0c73828176dc93fd9982c1` |
-| `en-ph` | Container image with the `en-PH` locale. | `sha256:aacf6d9111493a6fee960b3fe5f87955a1eef04e56e2908e91a7b2ade5a17638` |
-| `en-sg` | Container image with the `en-SG` locale. | `sha256:d47f1fc3235734a4642875442ebef3d73e139d5699c42bee2c252c9534c0cd72` |
-| `en-us` | Container image with the `en-US` locale. | `sha256:3ad65ef9e0a0e496eb80eab187aa2d770c725d84d45689ad570511f5bbac0f2a` |
-| `en-za` | Container image with the `en-ZA` locale. | `sha256:8caba9bea8d794a77b6d674bad1e478d1cc925089bb4cc64f80f7b2a15f8a035` |
-| `es-ar` | Container image with the `es-AR` locale. | `sha256:145b10dddf8600b0ab8c6edc4e262ee0843b3c794ca6fc4fe943d5096597c506` |
-| `es-bo` | Container image with the `es-BO` locale. | `sha256:77475a986862bacbe78f86558771ae04e5a2bd4f2d49cab30151e5a8ba6965fb` |
-| `es-cl` | Container image with the `es-CL` locale. | `sha256:72ecd5fbed1138a433a8d4a4021209b3f481cba2c86e5c9b97bf25595cb52bc7` |
-| `es-co` | Container image with the `es-CO` locale. | `sha256:26d20e889edf08bf54ba2e7434793da41f8830c7a2e238f4e21f398f5a4ba054` |
-| `es-cr` | Container image with the `es-CR` locale. | `sha256:37ec3204a2527659c9bbd9c016eb06ce676f9703a579b4e428b49b3f34917157` |
-| `es-cu` | Container image with the `es-CU` locale. | `sha256:6880436e0d674942dcc38cba4a5fa63e05718959a5f51dcb7e529ecb25b66602` |
-| `es-do` | Container image with the `es-DO` locale. | `sha256:3adab6788008209afd34ccfee95a71cbc85f48ab976ae596dad51c5f8f954936` |
-| `es-ec` | Container image with the `es-EC` locale. | `sha256:50b89dbee77960eb9020bd38194c893cc54ab94edb4f93a0d4c8c9998ad731e2` |
-| `es-es` | Container image with the `es-ES` locale. | `sha256:a2d3f2e3d1c205f87b3ebf0c10d09f74529b658c01362b20889a2a0988c19936` |
-| `es-gt` | Container image with the `es-GT` locale. | `sha256:3c4d7495781eab151843a945a81086163b5db35338017eb232c99893bc14450a` |
-| `es-hn` | Container image with the `es-HN` locale. | `sha256:3289ebe6a3447cec9e66eaf508f2d10fcebba324164a96d85ed02f9bff5585b4` |
-| `es-mx` | Container image with the `es-MX` locale. | `sha256:5c8ac33806a34238e291b5ec55862429415a60883aaaea84a8bf9e3e67ff7963` |
-| `es-ni` | Container image with the `es-NI` locale. | `sha256:5e13ec7acf7160889035041d3237a1b2814749428516a2b3a1843f8d511eb30c` |
-| `es-pa` | Container image with the `es-PA` locale. | `sha256:9c34f23de138039354dc1e7d654bfef6d1290846b6da0136519cd1c77d8671c2` |
-| `es-pe` | Container image with the `es-PE` locale. | `sha256:d726750e523222f12908e7836ef9aa289873eb91026ed4ae08f138f2af279d88` |
-| `es-pr` | Container image with the `es-PR` locale. | `sha256:04b5ecd38ec30d21a55320dc0193c436484a5203a4b2dcf4ac3b75a2ff266eaf` |
-| `es-py` | Container image with the `es-PY` locale. | `sha256:23468dfddb63b20ba394e07841176c4d26d31626ee4e7d453a6ec9a2652f439e` |
-| `es-sv` | Container image with the `es-SV` locale. | `sha256:5a21ffe2d29f1e767634bb28035c44ef8284dd7320fdf22adf638603d6500b6d` |
-| `es-us` | Container image with the `es-US` locale. | `sha256:0c0904e6794e7d84e259923ca8ebe57cfaef7fb195f29e01f322701bb226afaf` |
-| `es-uy` | Container image with the `es-UY` locale. | `sha256:b08612341054b28621d0b462f340aeff03c7064328bbbc3f2dea9c07276bcb10` |
-| `es-ve` | Container image with the `es-VE` locale. | `sha256:96984115e3380c44929bf8cce4b295f9c05d0bf92c1b1d31a87e1a7aaf7eee38` |
-| `et-ee` | Container image with the `et-EE` locale. | `sha256:36f02ef75ce7f09b4ffbf06e5c61a59e9066a503017a7f845f0636bc139d2ac9` |
-| `fi-fi` | Container image with the `fi-FI` locale. | `sha256:05c16cd1d888c707e985d59f187621491c77a4cd5997ac71c49beaa6c86f39f8` |
-| `fr-ca` | Container image with the `fr-CA` locale. | `sha256:2e181fc9260f4c85b5dee67379b22bc8031a24d902a810367f4c13cb5282c9f9` |
-| `fr-fr` | Container image with the `fr-FR` locale. | `sha256:2a580f39f788e4459e0a3c544bca6724bc3f7b6e9aa64e9ddaf53675d211de7c` |
-| `ga-ie` | Container image with the `ga-IE` locale. | `sha256:70e820e105ce6897c22260af841ec4049afa83bae5ef1299cbf7b5f7bb820c3c` |
-| `gu-in` | Container image with the `gu-IN` locale. | `sha256:c7c2cfd2090c0658eba6e6da6bf1b4b2649873893c6efa5d0985b7ba6923353a` |
-| `hi-in` | Container image with the `hi-IN` locale. | `sha256:4cace269d6116cc2ca726239150651d2602ae33d95f91b5f76d75c8e9dcacce3` |
-| `hr-hr` | Container image with the `hr-HR` locale. | `sha256:aaf72098d1fa79438f79472470ea3399c29c32b948091a4689e13361c560a913` |
-| `hu-hu` | Container image with the `hu-HU` locale. | `sha256:122f2123913e5869801458cd1c89605c2caba15e02b8c66b61b48d47969c86bc` |
-| `it-it` | Container image with the `it-IT` locale. | `sha256:847c1b0b521c2382b1ca1fd2c50b12ba92e1336f8fb99627ef8e015b32865bac` |
-| `ja-jp` | Container image with the `ja-JP` locale. | `sha256:1b8c5e699197b7327dc027e2358ff04c97dbd3570d1523c8d64f3db18599c6ba` |
-| `ko-kr` | Container image with the `ko-KR` locale. | `sha256:38b722e2e4f6479f560af3da727dd29010e8d0d05d3f368cf2f55eb939b3155c` |
-| `lt-lt` | Container image with the `lt-LT` locale. | `sha256:5064a002072625b6277b479e3681ee305f567bffd16437ad631b60ba5646d494` |
-| `lv-lv` | Container image with the `lv-LV` locale. | `sha256:feed8608f89a233d01f1611144aa4619651ae34e7667938aebf91488f9f7c95d` |
-| `mr-in` | Container image with the `mr-IN` locale. | `sha256:51ccd73028e6fe0ea87e3fb16a1380079cc35e89817897ce05b4c3609d92cd1b` |
-| `mt-mt` | Container image with the `mt-MT` locale. | `sha256:ce8a8c0edf2a69f6f3cc1e97d55ca9780ddc693c23e4fddda07e15bdf5ae0325` |
-| `nb-no` | Container image with the `nb-NO` locale. | `sha256:48020e478248404af4353e6a1bcfd587362d347f82a26235b6074f24fa7bda94` |
-| `nl-nl` | Container image with the `nl-NL` locale. | `sha256:d6e95e09b39acff519e5a9cbacc4428b63099f09233e3ec4da4df0b2542691e0` |
-| `pl-pl` | Container image with the `pl-PL` locale. | `sha256:37f2514d5a6e92edc5b4e617a29f35081b19b007a5608b8ebfeb8cd73f396c46` |
-| `pt-br` | Container image with the `pt-BR` locale. | `sha256:99a610bf2011fba1a6019122bbe1e12a4f62fa83134d27bfbb8b29ebcafdf548` |
-| `pt-pt` | Container image with the `pt-PT` locale. | `sha256:14dff7b99958456911addc6cdbb2d949815d2f7f46379603cfbdb7b8a0fbb91b` |
-| `ro-ro` | Container image with the `ro-RO` locale. | `sha256:47bc1aa59c06d86dd23c1fc23522860ec36e598f8438e8212a1a1d2617918415` |
-| `ru-ru` | Container image with the `ru-RU` locale. | `sha256:4e414bcfef5014e280eb59a0f5b71c921fe3c555be73d94e4023682844178b52` |
-| `sk-sk` | Container image with the `sk-SK` locale. | `sha256:65dcb88c8cbaa9fdf2a0d7daf33e479db924448334f7cd0f17c542f9e8462313` |
-| `sl-si` | Container image with the `sl-SI` locale. | `sha256:8066547ed0a2571ba2d26b34b72691ad9c5cb66cf0fbe4464af971199abd9bf7` |
-| `sv-se` | Container image with the `sv-SE` locale. | `sha256:a9bb856066653abe1458ac7dae12c968a40834fb75d8047ad74d9c15f7df62ed` |
-| `ta-in` | Container image with the `ta-IN` locale. | `sha256:60339700f76a17d77753659c2895f9fe5c40574641d5530cb482ed4575c59ff1` |
-| `te-in` | Container image with the `te-IN` locale. | `sha256:8d05d03fb0fe03eb9ff499d81c1bbf8932848de6d723b66b32eb6ed970225ce6` |
-| `th-th` | Container image with the `th-TH` locale. | `sha256:5d02087aa366829162098d21efb084724d3a5b8d72a8815c45de5e2017f9368c` |
-| `tr-tr` | Container image with the `tr-TR` locale. | `sha256:0d7198cde7eba3500caa153e869d14ce0ad07568416dfd69108dc5793106e3ec` |
-| `zh-cn` | Container image with the `zh-CN` locale. | `sha256:27ad0c04c41eadb445bab067cb14f84ede08a09ac9ba44bca163f2af89b8a5c2` |
-| `zh-hk` | Container image with the `zh-HK` locale. | `sha256:7b816c7e753684e5f886de43ca7630c0b52f47e704e2c7e50581ff2bca138703` |
-| `zh-tw` | Container image with the `zh-TW` locale. | `sha256:fb3d06558c1a479377324ed689f13519f5df4a6283b2933401aec3e2a2b0b25a` |
+| `ar-ae` | Container image with the `ar-AE` locale. | `sha256:9114c6885513cc3ae8d3c9393d3f4f334bb68ff9e444734951f469f8d56fb41c` |
+| `ar-bh` | Container image with the `ar-BH` locale. | `sha256:924dc807076633f4e04f1f604c3db63d908a484c69459bf593d72b58d901cd43` |
+| `ar-eg` | Container image with the `ar-EG` locale. | `sha256:13387db275daf6375e12ce1da5b858493ab71b249a3759e438345ac32119c6b2` |
+| `ar-iq` | Container image with the `ar-IQ` locale. | `sha256:2e8bea90f7a106a94e36d9c90e767c58cd8004a61880af53bd4ffb4292a655fe` |
+| `ar-jo` | Container image with the `ar-JO` locale. | `sha256:23c8529ee0e91fee549523021711a755da4c249f21493a1864a64941b36e2986` |
+| `ar-kw` | Container image with the `ar-KW` locale. | `sha256:9114c6885513cc3ae8d3c9393d3f4f334bb68ff9e444734951f469f8d56fb41c` |
+| `ar-lb` | Container image with the `ar-LB` locale. | `sha256:70bbb43641f22e96e70d3b5723b2599dd83533f33d979ff9dfb04a627799f4d1` |
+| `ar-om` | Container image with the `ar-OM` locale. | `sha256:f6fc1c1bcb7d20f2daa30506a039d16ad0537a60c01e41b399159704a001fe42` |
+| `ar-qa` | Container image with the `ar-QA` locale. | `sha256:9114c6885513cc3ae8d3c9393d3f4f334bb68ff9e444734951f469f8d56fb41c` |
+| `ar-sa` | Container image with the `ar-SA` locale. | `sha256:9114c6885513cc3ae8d3c9393d3f4f334bb68ff9e444734951f469f8d56fb41c` |
+| `ar-sy` | Container image with the `ar-SY` locale. | `sha256:218c1f57623b81770c22c7f871bce58a3227ef5fcbe7581e18a69f77107b5c96` |
+| `bg-bg` | Container image with the `bg-BG` locale. | `sha256:9537460403216802831fa02a6eb3bf7a3f6e1e6669953ab4ae9c98ea6283799a` |
+| `ca-es` | Container image with the `ca-ES` locale. | `sha256:94f68e496546eb3c33cf07b7f88807fa23c3f9d5022c2e630b589e29951f0538` |
+| `cs-cz` | Container image with the `cs-CZ` locale. | `sha256:10de908ebf603c6b3a2a937edc870d5fe1c4dc6bc9bb7e1f0eca9b9ed2b19a88` |
+| `da-dk` | Container image with the `da-DK` locale. | `sha256:cf03effc2a616b8fea8eacf7d45728cd00b9948f4f3e55d692db0125c51881da` |
+| `de-de` | Container image with the `de-DE` locale. | `sha256:9c9a51d595253c54811ba8d7502799b638f6332c0524fca2543f20efb76c7337` |
+| `el-gr` | Container image with the `el-GR` locale. | `sha256:6bb17c45a291f6293970a4de7bfdc9e31fdffedf80e76f66bca3cab118f76252` |
+| `en-au` | Container image with the `en-AU` locale. | `sha256:1e58c2e2416208b658d18fc4bf6374d6032710ff29c09f125c6d19a4d6609e92` |
+| `en-ca` | Container image with the `en-CA` locale. | `sha256:f0c4da3aa11f9eb72adbc7eab0c18047eec5016ec8c2fec2f1132ddceb3b6f3a` |
+| `en-gb` | Container image with the `en-GB` locale. | `sha256:4d0917974effee44ebf1721e9c0d9a3a2ab957613ce3862fe99062add5d5d08a` |
+| `en-hk` | Container image with the `en-HK` locale. | `sha256:b72a01b0cfaa97ea6102b48acb0a546501bb63618ee4ec9b892bdbdc6fd7ce8c` |
+| `en-ie` | Container image with the `en-IE` locale. | `sha256:d26f56f1f4c41b1c035eb47950cb5bc6bd86cbe07ef08c2276275a46ac4c4ad4` |
+| `en-in` | Container image with the `en-IN` locale. | `sha256:0ad933b9b3626d21d8ac0320f7fb4c72bcf6767258e39ac57698ce0269ed7750` |
+| `en-nz` | Container image with the `en-NZ` locale. | `sha256:d6f9344f7cf0b827b63fb91c31e490546732e8a6c93080e925cd922458ae3695` |
+| `en-ph` | Container image with the `en-PH` locale. | `sha256:dbd1fe80e1801b5fa7e468365f469c1b5770b0f27f2e5afb90c25a74702a0a21` |
+| `en-sg` | Container image with the `en-SG` locale. | `sha256:f234725e54af7bda1c6baa7e9f907b703a85118d65249ca0c050c52109397cc6` |
+| `en-us` | Container image with the `en-US` locale. | `sha256:88dd53d975829707f6ef91ad91aec9ed5fd12df8f4ef33e8c3bdf4701eaaca84` |
+| `en-za` | Container image with the `en-ZA` locale. | `sha256:502693715b8b666a9c10084c733848f95201e9882f9bfae7df770bd9dc8bb983` |
+| `es-ar` | Container image with the `es-AR` locale. | `sha256:6aa4f300639f7ee958adced5e7e5867e7f4d4093f2ca953f3ee5da9128bf08f6` |
+| `es-bo` | Container image with the `es-BO` locale. | `sha256:60f01882b393e00743c61c783e98c1cdcf73097c555999f10e5612b06b5afa90` |
+| `es-cl` | Container image with the `es-CL` locale. | `sha256:7b58b3a823c0fff1b92e46dd848610f2c9dcae5be0463845292e810d3efa1b1b` |
+| `es-co` | Container image with the `es-CO` locale. | `sha256:c51291acc65e1a839477f9bdbd042e4c81d2e638f48a00b6ca423023c9fd6c2c` |
+| `es-cr` | Container image with the `es-CR` locale. | `sha256:085b3bf2869fcedb56745e6adc98f2a332d57d0b1ac66cc219cec436a884d7d5` |
+| `es-cu` | Container image with the `es-CU` locale. | `sha256:43e5425cab3f708ed8632152514f4152f45a19953758fb7b5ebe9f4a767bcfdb` |
+| `es-do` | Container image with the `es-DO` locale. | `sha256:249f3165e0347b223ff06e34c309a753965a3df55bda2a78e04d86c946205d06` |
+| `es-ec` | Container image with the `es-EC` locale. | `sha256:624eeed264f25bab59a7723c6e6c3ae760bc63c46ebe3bcd3db171220682c14d` |
+| `es-es` | Container image with the `es-ES` locale. | `sha256:6d2d41e3b78ebba9d5d46fc8bddb90d0d69680a904774f5da1fa01eb4efd68e1` |
+| `es-gt` | Container image with the `es-GT` locale. | `sha256:ce4b4b761d1a2ca2b657b877c46a341a83f0b1a46447007262c051f6785b7312` |
+| `es-hn` | Container image with the `es-HN` locale. | `sha256:d4ecebce65a18763ac1126bf83706e49ebed80b79255e3820a68e97037d2a501` |
+| `es-mx` | Container image with the `es-MX` locale. | `sha256:c3088a60818b85cd0f04445837ea0ddcb6e7ac4f77269471717002166195d6d2` |
+| `es-ni` | Container image with the `es-NI` locale. | `sha256:1d88e66f6fd86ddf6e47596d2e2b9b3fe64ea7e72f6c4c965d3f1c5b98592e1b` |
+| `es-pa` | Container image with the `es-PA` locale. | `sha256:bb07eb832bcd23f302f0a7b6c4e87bf33186a47ed154ac8b42a1f6dea0f35432` |
+| `es-pe` | Container image with the `es-PE` locale. | `sha256:b726f92daf85c8aa6b169767efdb2af1691ddb7b21b8af3e9afcb984f41d8539` |
+| `es-pr` | Container image with the `es-PR` locale. | `sha256:660a5f9e13d62a963c9c92219f8268ad7f7af5ed08890534679e143cff184004` |
+| `es-py` | Container image with the `es-PY` locale. | `sha256:cb708bc008a59ac35e292094eba912af741c49eb7e67c2df3c1023ab41a6d454` |
+| `es-sv` | Container image with the `es-SV` locale. | `sha256:acd788410f8f6f8c269c85e6c70365e751a92976d61b34b7435766c0ae2fd11a` |
+| `es-us` | Container image with the `es-US` locale. | `sha256:f7ef486a64a413f7d69510f25a39ddce9653265852da1b3cc438000f1bbfa368` |
+| `es-uy` | Container image with the `es-UY` locale. | `sha256:7f6975423cbcf201e318bea9865e93a8e4a6a241b472845d90a877400470338b` |
+| `es-ve` | Container image with the `es-VE` locale. | `sha256:e2f498c4a19f88779dfae350e0cefb4f0aa1c518c18f43139d4bec6a4f655f45` |
+| `et-ee` | Container image with the `et-EE` locale. | `sha256:66ec075ea26141d73e07a223f72f10ea8237d0d9675e67d569f026ca6125cd95` |
+| `fi-fi` | Container image with the `fi-FI` locale. | `sha256:34b4ee60880d310aa08f1584c2f8d1a9a0236ac0067b9d8ad8bf5057749f2d9b` |
+| `fr-ca` | Container image with the `fr-CA` locale. | `sha256:709bc27ebd387cc18d3d16136280234f64c4ba28f05383a52e0bbe066574105a` |
+| `fr-fr` | Container image with the `fr-FR` locale. | `sha256:cfd3140a3c7a5234c0273e34b9b124897cff6c2d11403217096616dd34c14e38` |
+| `ga-ie` | Container image with the `ga-IE` locale. | `sha256:f03b3407772d4a5be1642ff0f78c64283c2e8fd9b473f8bab90864a59d4f8a4a` |
+| `gu-in` | Container image with the `gu-IN` locale. | `sha256:c67190092fcf7af406406e5906d9de79a8fb37565e84b2dc0786caee0b5b27e2` |
+| `hi-in` | Container image with the `hi-IN` locale. | `sha256:eea6f9608d9802ac43e755de39d87e95e708d5c642f58de09863363051112540` |
+| `hr-hr` | Container image with the `hr-HR` locale. | `sha256:3943c40ef4696c44887d08a1cb911f535af451b811737b0101a4fa0ef4284d68` |
+| `hu-hu` | Container image with the `hu-HU` locale. | `sha256:52eb41ca6694497356cb23bd02daf4bb2408ffad418696aeb1bdf1f03c2e2845` |
+| `it-it` | Container image with the `it-IT` locale. | `sha256:70aa2b907f114278d839a958dea29c74b64cd1f7a5a0406194d2aa3583c12048` |
+| `ja-jp` | Container image with the `ja-JP` locale. | `sha256:14e222688387847f51fd858c5575e554046796090e41f072d6200d89f5608e4a` |
+| `ko-kr` | Container image with the `ko-KR` locale. | `sha256:8f3ed7b3896b205b5690e5515a5511581715e698cd6fe0704c153d35a4c9af80` |
+| `lt-lt` | Container image with the `lt-LT` locale. | `sha256:806572a1ae31575806062301d22233b753c415388184496ee67589ddbc264d49` |
+| `lv-lv` | Container image with the `lv-LV` locale. | `sha256:780444acc9be4514072926146c36b7ccce003f27577b339cf431fec2ca6d79f5` |
+| `mr-in` | Container image with the `mr-IN` locale. | `sha256:75460753cba8d45babaf859f94dfd1a1c75b312a841eacded099680dc77c2f89` |
+| `mt-mt` | Container image with the `mt-MT` locale. | `sha256:8d92a5f26100d309a11f05ce13e5e5a0f2bbc072df917af158cc251dc75a4d4f` |
+| `nb-no` | Container image with the `nb-NO` locale. | `sha256:d9c75c885591ced0e10cca5594ae5cf92cb1dde73306f8454737b7927aada89a` |
+| `nl-nl` | Container image with the `nl-NL` locale. | `sha256:15cc274d238cae2a1d9cabc3e5a71e4ba90ae6318fea63937c8830bd55da0fc2` |
+| `pl-pl` | Container image with the `pl-PL` locale. | `sha256:a45730afdc6d15060eff8526e1be08f679b25a2be26156d39266a40e6cd82bc9` |
+| `pt-br` | Container image with the `pt-BR` locale. | `sha256:8f578440ae5c9cd81eee18f68c677bb56ced7c6a6a217d98da60dc856fd2e002` |
+| `pt-pt` | Container image with the `pt-PT` locale. | `sha256:99fedeb4acc49fd3185d34532b1a7321931b17f2eda16ab8643312dbf8afcf38` |
+| `ro-ro` | Container image with the `ro-RO` locale. | `sha256:7677c49b2426fb26eff59a97a012d5890aa7fdbc09684ef0fb29fdbe63fac333` |
+| `ru-ru` | Container image with the `ru-RU` locale. | `sha256:452d269e8e12ae1379d4568bc1b15fefdd3679903365adb3a68bc6669c738615` |
+| `sk-sk` | Container image with the `sk-SK` locale. | `sha256:e6fd994a344b5452b4a5b90a499fed0681dd6ef2fab3db161d407cf4f45ff5dd` |
+| `sl-si` | Container image with the `sl-SI` locale. | `sha256:4df5fdc9732c07d479275561522ce34a38c3864098a56e12ec8329e40f4e6f2a` |
+| `sv-se` | Container image with the `sv-SE` locale. | `sha256:49180ac0eccee59a22800f4c1ae870e3a71543e46d2986fc82ec9b77c7de1ea0` |
+| `ta-in` | Container image with the `ta-IN` locale. | `sha256:a0c64efbf2d9d0a111efc79cc7b70e06ac01745de57d9c768f99c54ac5642cee` |
+| `te-in` | Container image with the `te-IN` locale. | `sha256:8811c30c10980a3ddf441f1d4e21240bfb8663af6200c2d666fdeb83f48a79c5` |
+| `th-th` | Container image with the `th-TH` locale. | `sha256:99860f484f52d9665f33d95659daa8aec5071fa5a97534d40ee4941690ce3e96` |
+| `tr-tr` | Container image with the `tr-TR` locale. | `sha256:170b56107ccb22335422c1838e368c0f5cb4518c3309e6259b754ede9e46ff51` |
+| `zh-cn` | Container image with the `zh-CN` locale. | `sha256:d8721f303ca0b24705c42e8c0f5d20dcafb3d00b278b7c363d1a4c129f5e2cbd` |
+| `zh-hk` | Container image with the `zh-HK` locale. | `sha256:12af9f057acec8231dcdeb1e4037ac53a95957796b5e8dbf48f55db6970a4431` |
+| `zh-tw` | Container image with the `zh-TW` locale. | `sha256:b2c1d333b7718c9cc2708287e388c45abcd28a3e8d7fc3c758cc4b73d2697662` |
# [Previous version](#tab/previous)
+Release note for `2.12.1-amd64-<locale>`:
+
+**Feature**
+* Upgrade to latest models.
+ Release note for `2.11.0-amd64-<locale>`: **Feature**
Release note for `2.5.0-amd64-<locale>`:
| Image Tags | Notes | |--|:--|
+| `2.12.1-amd64-<locale>` | Replace `<locale>` with one of the available locales, listed below. For example `2.12.1-amd64-en-us`.|
| `2.11.0-amd64-<locale>` | Replace `<locale>` with one of the available locales, listed below. For example `2.11.0-amd64-en-us`.| | `2.10.0-amd64-<locale>` | Replace `<locale>` with one of the available locales, listed below. For example `2.10.0-amd64-en-us`.| | `2.9.0-amd64-<locale>` | Replace `<locale>` with one of the available locales, listed below. For example `2.9.0-amd64-en-us`. |
Release note for `2.5.0-amd64-<locale>`:
This container has the following locales available.
+| Locale for v2.12.1 | Notes | Digest |
+|--|:--|:--|
+| `ar-ae` | Container image with the `ar-AE` locale. | `sha256:070b6f390dbe7b81b72845c1c9c83087979e1e330d84d417f39a371298a4d270` |
+| `ar-bh` | Container image with the `ar-BH` locale. | `sha256:2b67e2a2a3ba79e52c5de4b2af7f3d3db565466d9a55d5f9d7501f349f42b49d` |
+| `ar-eg` | Container image with the `ar-EG` locale. | `sha256:71cccd4dc4938397ea5b065fb32ab7347350c834edb036805362ca28e7cfec94` |
+| `ar-iq` | Container image with the `ar-IQ` locale. | `sha256:a9000def8d9c634af244384442c2723ad887c79e7f80a767bf7fcf3638a9deac` |
+| `ar-jo` | Container image with the `ar-JO` locale. | `sha256:b8be9222b3e1bc40ba86c41e707f239d9ae23bc87d90b800615c314a443d947f` |
+| `ar-kw` | Container image with the `ar-KW` locale. | `sha256:070b6f390dbe7b81b72845c1c9c83087979e1e330d84d417f39a371298a4d270` |
+| `ar-lb` | Container image with the `ar-LB` locale. | `sha256:d41dbc9e93ae524abb95d2adde53924a32956ab1ec14a115916e5e531b3f3624` |
+| `ar-om` | Container image with the `ar-OM` locale. | `sha256:3071d896f82d062e126331e3162d5408eb399aeda3041be2336f81bed0634e5e` |
+| `ar-qa` | Container image with the `ar-QA` locale. | `sha256:070b6f390dbe7b81b72845c1c9c83087979e1e330d84d417f39a371298a4d270` |
+| `ar-sa` | Container image with the `ar-SA` locale. | `sha256:070b6f390dbe7b81b72845c1c9c83087979e1e330d84d417f39a371298a4d270` |
+| `ar-sy` | Container image with the `ar-SY` locale. | `sha256:d7207eb391d0455ae112b61bc2c22280618131ad9591324bcde7e5057777fc26` |
+| `bg-bg` | Container image with the `bg-BG` locale. | `sha256:c5c9639b9e09e07f6d8733017d30beed3aad54fa91c69c72526d34aa27ead884` |
+| `ca-es` | Container image with the `ca-ES` locale. | `sha256:dc6b7697099cd966aa4c8ba0b192ccb286b4241a76b12dbf494a9de319191334` |
+| `cs-cz` | Container image with the `cs-CZ` locale. | `sha256:ded8e56b863567e73b92cba4b7abeaf3f8c9ae335280a9645961d683ebfe8f9f` |
+| `da-dk` | Container image with the `da-DK` locale. | `sha256:d3fc39e0d0454609bde5f6df67d7ade199f5361559ce11f097e97fca312d78b7` |
+| `de-de` | Container image with the `de-DE` locale. | `sha256:bbd8ede305ec5b551cdfac857507a1d05c3ca95119e431f0f43fe073d830f8fd` |
+| `el-gr` | Container image with the `el-GR` locale. | `sha256:e4f39db7de5fb8106237f73adb2fbb229a7b8cb21291e593a346f928af87503f` |
+| `en-au` | Container image with the `en-AU` locale. | `sha256:186731d8479923a9dce053aee78f1347cd512471ead33802faef19bfa4e94883` |
+| `en-ca` | Container image with the `en-CA` locale. | `sha256:04ede5a65eaf6f1d7a36d97056468b024b1577e3cf3a2cdafcd511d1de64f9d8` |
+| `en-gb` | Container image with the `en-GB` locale. | `sha256:ef48d6889daec88405e7a86b3851df449066da8f0f62404260eabe68081e9b32` |
+| `en-hk` | Container image with the `en-HK` locale. | `sha256:7d66fb960d55822c648919557d8e921c570dbbe36b165621f2bd5081df3c51c1` |
+| `en-ie` | Container image with the `en-IE` locale. | `sha256:4285ff1d4b2231bc112a50c22072dabb303240ce18aeeab7183da3a572298a6a` |
+| `en-in` | Container image with the `en-IN` locale. | `sha256:b32b94f8a2bf56e0fa2cf63f885e9456b430411038ce2ebef6abd45159787ef6` |
+| `en-nz` | Container image with the `en-NZ` locale. | `sha256:c2162d7524bafd554fea81f2b3d95f3848ff0bf4ec0c4bd9d9bc4f2eae75ca27` |
+| `en-ph` | Container image with the `en-PH` locale. | `sha256:e55f7d21d3b9d230bba78b41eb2418abacb7e6d832a0ec350ab86f98420260ce` |
+| `en-sg` | Container image with the `en-SG` locale. | `sha256:d0d3d6d266f05cdedcaf75949ece66492e2e37b15684a80d08de3494381a5d10` |
+| `en-us` | Container image with the `en-US` locale. | `sha256:b708d553eeb22958563c24fef18edc67f89d1b4ea0ff31a66ea34c624fcec878` |
+| `en-za` | Container image with the `en-ZA` locale. | `sha256:5a5ad9afb9f0935ec9ffd5a1034bed186c46d2f9ea82ab485f949695ca4c2b61` |
+| `es-ar` | Container image with the `es-AR` locale. | `sha256:c0f4dde13c319b4fd75b6b8615fc68aacd22ac04cf8b605d8d62486a08851d2d` |
+| `es-bo` | Container image with the `es-BO` locale. | `sha256:af5f1435cd3e58ee9e98d8623a071dd72f30bf9ddbd90e1a61f06677ff34c0d3` |
+| `es-cl` | Container image with the `es-CL` locale. | `sha256:ba42ed9a8c102b1af53873fc0d9ccd288723be3f5a409bf1480363381f8127fa` |
+| `es-co` | Container image with the `es-CO` locale. | `sha256:08292bac0b6d97c5ba3cb2b277c53289235216c124c72ce74c0a2d734860c777` |
+| `es-cr` | Container image with the `es-CR` locale. | `sha256:e245443a75fdcdd8c10463a45a80d716d36cf336dfb23948f17d50939f65e919` |
+| `es-cu` | Container image with the `es-CU` locale. | `sha256:d5d853b26104f2b9b7bf48a89dfe8a19f72c5d689eb474d68c8234c8b297dbf0` |
+| `es-do` | Container image with the `es-DO` locale. | `sha256:9a503a29fdf52a973c0e9339ac8b4f52442e7130c340ca7e12c8a38df004c8a1` |
+| `es-ec` | Container image with the `es-EC` locale. | `sha256:661726852daeb5d1d839c05e95c0a683e9722564356089bd4023edfbf83076ae` |
+| `es-es` | Container image with the `es-ES` locale. | `sha256:3c55158c8e030fbad2f090b587cbd6501303128af77ff0bddc8819e6a9a88e62` |
+| `es-gt` | Container image with the `es-GT` locale. | `sha256:31ea64c3cf1d442b5182d664a16afd81ac402ab8a0c2434e642317f20c920be4` |
+| `es-hn` | Container image with the `es-HN` locale. | `sha256:1ed31bb1cd484fc23b177c355ef65c12dc2b937c113b2b175f8b383e9390ca86` |
+| `es-mx` | Container image with the `es-MX` locale. | `sha256:0c979930fa983fd76f6d3610b2d9c1018eaefe456b8b5d07f5ff90d605bebc9e` |
+| `es-ni` | Container image with the `es-NI` locale. | `sha256:7bb685a97e64130caaea382d1b33b57ffb4dbeb16881f421ed212f81f0d46de2` |
+| `es-pa` | Container image with the `es-PA` locale. | `sha256:4da6a791737e136e494753666c7a40518e147c7bd225461165714510c19a44c6` |
+| `es-pe` | Container image with the `es-PE` locale. | `sha256:62b41c8003fcc17f5aef9729cfcbbdf81990e1ba2bc4ddefcd947ce3374f5794` |
+| `es-pr` | Container image with the `es-PR` locale. | `sha256:eb396527bd28bfbd4a5d70ea29775b8352f3490d159b3ceeb32b442058817e12` |
+| `es-py` | Container image with the `es-PY` locale. | `sha256:a70f0196b552934d35b165059b28f192f97f83d451ae08ec0d267ab8a3c6adf5` |
+| `es-sv` | Container image with the `es-SV` locale. | `sha256:361588561ed3ade02926e9db88ae1a9455fd76e6370ad794638d794129aa0036` |
+| `es-us` | Container image with the `es-US` locale. | `sha256:120b28f629f4825e7b7f52f28f535f6c1bf2f8139c8288867a4bf491fc155a4e` |
+| `es-uy` | Container image with the `es-UY` locale. | `sha256:ebc2b82704cb4d1be4d3dcfad933978ceb3daa8077cf6cadf560d8c33d6f4334` |
+| `es-ve` | Container image with the `es-VE` locale. | `sha256:33931d7b35f8e7a05822aa7052fb89e8de3124311e70ff567a7f9ca158223f27` |
+| `et-ee` | Container image with the `et-EE` locale. | `sha256:cd0a9c661b4645763d73a947e933b9d4e817485f4b9d6d0ac173195693a29f33` |
+| `fi-fi` | Container image with the `fi-FI` locale. | `sha256:06e90396c307396ef395c23efc3157f75c207f230fb048d73ece407edd24c7b4` |
+| `fr-ca` | Container image with the `fr-CA` locale. | `sha256:d9be6bca9c3abf839796d8f89bf43d2646080150057f6eb343c66042bc98ccfc` |
+| `fr-fr` | Container image with the `fr-FR` locale. | `sha256:1c3ffb5730c401124edbb7b347569ca3bebd33412a24b32802f4d41401e911dc` |
+| `ga-ie` | Container image with the `ga-IE` locale. | `sha256:218d319b2835da7b09ab4536e5d8301ede2bcd3bc023606d05d7294c534982cf` |
+| `gu-in` | Container image with the `gu-IN` locale. | `sha256:dea03196c1ad06cb1bf9914b5c5d1a631aafbaa5bd74a4d53d08dec982f545fe` |
+| `hi-in` | Container image with the `hi-IN` locale. | `sha256:5f33b06d0f77fd3c5d351284b2aff41681927cfa7fbda00ead338f7bd54f6575` |
+| `hr-hr` | Container image with the `hr-HR` locale. | `sha256:2b7e558abb94a74e6b5a7f467289ba5cb32970967cd7409db2c150290ed9844d` |
+| `hu-hu` | Container image with the `hu-HU` locale. | `sha256:05619049274edcd572d1ac6fabf11e0bdd2e95a9145e99065f46d2f26a2dc960` |
+| `it-it` | Container image with the `it-IT` locale. | `sha256:75253c7bb0ef67b50767593e36129dc98c8d9de60a31b2a7069d07a0cb6b6400` |
+| `ja-jp` | Container image with the `ja-JP` locale. | `sha256:46bce0ab6a09f0837a4f884e29a69d38591e513e157d334fd39a2c6f1f08bb06` |
+| `ko-kr` | Container image with the `ko-KR` locale. | `sha256:747bfeb07d354b848f7ffbd292c16befc00586d62b958fbb42f8b497a0dec87c` |
+| `lt-lt` | Container image with the `lt-LT` locale. | `sha256:eab3cf2323ec4d86b923693595e16724dd6090d60a1a93a9d65f73c55b684448` |
+| `lv-lv` | Container image with the `lv-LV` locale. | `sha256:1c5085250bcdbde6b619594b2f920c307b3d97672f01f03608618bd52a4374a7` |
+| `mr-in` | Container image with the `mr-IN` locale. | `sha256:b35274995b93587b8957101e8139598011d760df1f4c36f966114a4352b865cf` |
+| `mt-mt` | Container image with the `mt-MT` locale. | `sha256:59b5088fef6b8ba41eed98dd738159e914c292ce790a3b8a934aa0ac6c161cca` |
+| `nb-no` | Container image with the `nb-NO` locale. | `sha256:a0074f10622c8ccc7d288cfa131786a02fe2c98e2cbe22caa0d07690c436f8b3` |
+| `nl-nl` | Container image with the `nl-NL` locale. | `sha256:a6fc1ad6ea87c5f6282f3d10f724358e30f0f05c91084d52fd665e356bd6119b` |
+| `pl-pl` | Container image with the `pl-PL` locale. | `sha256:9fc1363f4466d4e0bba3f2fb74efc54ff24fe43a55fe7703aa75da2b42e563c3` |
+| `pt-br` | Container image with the `pt-BR` locale. | `sha256:e3ec228d0eb76f91cd1fe723607eb0b96b9e1dc8874c40d1307f2b3585ab1912` |
+| `pt-pt` | Container image with the `pt-PT` locale. | `sha256:9e6bdf31a80cb8a97b495ce39144d4957d9608e541aae9be6c5c35456476d4af` |
+| `ro-ro` | Container image with the `ro-RO` locale. | `sha256:240baf152c419caeee33c7f18285d930af15d14ce784967305accf6541722a22` |
+| `ru-ru` | Container image with the `ru-RU` locale. | `sha256:53eff9f8eb08bba90efb30d8fdb2c9760bb0d8ae60cda967b72f0433ae18f524` |
+| `sk-sk` | Container image with the `sk-SK` locale. | `sha256:39ff9f4f25ed4953cd5db2d0083339d712ab1ff2adfdcf3e8cd461da94cb1c97` |
+| `sl-si` | Container image with the `sl-SI` locale. | `sha256:a4747493c498b85448de88e4a2b9f967a33886e256c5b7b257c0cebe41963245` |
+| `sv-se` | Container image with the `sv-SE` locale. | `sha256:f49c20ffe5a816f929d0231f7bbd8ddfec37b74b0de992012401b6ff1f0d7b92` |
+| `ta-in` | Container image with the `ta-IN` locale. | `sha256:d56c941c25964d6eca44fa033f12e4bfdc1e34df24bcad03ea35ba687fd91a4a` |
+| `te-in` | Container image with the `te-IN` locale. | `sha256:18cec69b7f443140755c55cdc3593a4be7decbf774420e7aeeb38eff92b7b880` |
+| `th-th` | Container image with the `th-TH` locale. | `sha256:60f1de16c63c4b1d1450c1b58f06b9ae6f33547d133b07e6f9e57035188a82f6` |
+| `tr-tr` | Container image with the `tr-TR` locale. | `sha256:b314044779cd4296cca629d1e5cd01c0c1caebccfb32603b32c07e0374b2832c` |
+| `zh-cn` | Container image with the `zh-CN` locale. | `sha256:5819f0f4fb50e4fb8f0485dfdd134ebac74b2376371a0b8f6c915a3e15873d6d` |
+| `zh-hk` | Container image with the `zh-HK` locale. | `sha256:c2346a98f8d17ee50da4ced6d4cccf7d36a4e9589c571237b3f4850a411d66e0` |
+| `zh-tw` | Container image with the `zh-TW` locale. | `sha256:3accfe8f947359764e92831bdfb5d33ac8add29e8c43ef0af3dfe1c3ff004783` |
+ | Locale for v2.11.0 | Notes | Digest | |--|:--|:--| | `ar-ae` | Container image with the `ar-AE` locale. | `sha256:32c26ed8370d1f30098811fda382e68aceccabc671570365f15ead37c3d84304` |
This container image has the following tags available. You can also find a full
# [Latest version](#tab/current)
-Release note for `1.14.0-amd64-<locale-and-voice>`:
+Release note for `1.14.1-amd64-<locale-and-voice>`:
**Feature** * Upgrade to latest models.
Release note for `1.14.0-amd64-<locale-and-voice>`:
| Image Tags | Notes | ||:--| | `latest` | Container image with the `en-US` locale and `en-US-AriaRUS` voice. |
-| `1.14.0-amd64-<locale-and-voice>` | Replace `<locale>` with one of the available locales, listed below. For example `1.14.0-amd64-en-us-ariarus`. |
+| `1.14.1-amd64-<locale-and-voice>` | Replace `<locale>` with one of the available locales, listed below. For example `1.14.1-amd64-en-us-ariarus`. |
-| Locales for v1.14.0 | Notes | Digest |
+| Locales for v1.14.1 | Notes | Digest |
||:|:-|
-| `ar-eg-hoda` | Container image with the `ar-EG` locale and `ar-EG-Hoda` voice. | `sha256:51042fcb326406ae8fc436ad1b33727767c6240f441bd9e0d92b3fe8cb9a0f71` |
-| `ar-sa-naayf` | Container image with the `ar-SA` locale and `ar-SA-Naayf` voice. | `sha256:568eabb3cb2de77a44945837d04c065d8b6401e703ce9280d956dcced9df6651` |
-| `bg-bg-ivan` | Container image with the `bg-BG` locale and `bg-BG-Ivan` voice. | `sha256:4c093284e6df02d7738e5c009f36ab13655c680bff4c00b3a4a2bd99bfa39a8b` |
-| `ca-es-herenarus` | Container image with the `ca-ES` locale and `ca-ES-HerenaRUS` voice. | `sha256:168f1431f162465bc4ece78bbe7f3a3687d9dba7f008a809cc3b5823c8d002c8` |
-| `cs-cz-jakub` | Container image with the `cs-CZ` locale and `cs-CZ-Jakub` voice. | `sha256:ee8d7392a81a0ba98537816ba5ceee0c6db2017ea49b33d7eace62a92967a6e8` |
-| `da-dk-hellerus` | Container image with the `da-DK` locale and `da-DK-HelleRUS` voice. | `sha256:36e90323b657d8e525d3b9c047522dc9837d582adf09b4761de9f191680f9a96` |
-| `de-at-michael` | Container image with the `de-AT` locale and `de-AT-Michael` voice. | `sha256:0b5a63f842ddfe0f67c9abc22caa749c6710b978d854bec605e1c0591160645b` |
-| `de-ch-karsten` | Container image with the `de-CH` locale and `de-CH-Karsten` voice. | `sha256:9a95dfc74a5f5f05ba12cb148ad31b7c02ea858faeb4a776fd65b5cc51643a9f` |
-| `de-de-heddarus` | Container image with the `de-DE` locale and `de-DE-Hedda` voice. | `sha256:6302ea75b945fe1772b096dbd2b29d3ec1cd98b13365031f2064b7b6ab43fe6e` |
-| `de-de-hedda` | Container image with the `de-DE` locale and `de-DE-Hedda` voice. | `sha256:6302ea75b945fe1772b096dbd2b29d3ec1cd98b13365031f2064b7b6ab43fe6e` |
-| `de-de-stefan-apollo` | Container image with the `de-DE` locale and `de-DE-Stefan-Apollo` voice. | `sha256:dea531d183eb4e6b6fdf7c09afe1b83f6af39f612f543975358b273b9a725297` |
-| `el-gr-stefanos` | Container image with the `el-GR` locale and `el-GR-Stefanos` voice. | `sha256:fe132ffc0c3688c9602d5d75038ce31a87fd3f98efe18dc05f55f16cbbaebc4a` |
-| `en-au-catherine` | Container image with the `en-AU` locale and `en-AU-Catherine` voice. | `sha256:47149b26fbdb4dabd6e605302ddbcb6682576d25e4f0d6cd35d55f264c22d8e9` |
-| `en-au-hayleyrus` | Container image with the `en-AU` locale and `en-AU-HayleyRUS` voice. | `sha256:0b817be772baba1cedcfa77a75d38c5eff6c846868f85eb0fe7504e4bd6cde92` |
-| `en-ca-heatherrus` | Container image with the `en-CA` locale and `en-CA-HeatherRUS` voice. | `sha256:d59bb06fed865ca7850c419612a4485379a59a1f8631284047654b763e1678b7` |
-| `en-ca-linda` | Container image with the `en-CA` locale and `en-CA-Linda` voice. | `sha256:bf2e142ab852622562e77135a5ef3b52ed0b5a23a62f8104d6f299a4f741b3f7` |
-| `en-gb-george-apollo` | Container image with the `en-GB` locale and `en-GB-George-Apollo` voice. | `sha256:1e66a01f064f860879296173e69f9390c9d4e3a85ee303990df4b6fd9d3874ba` |
-| `en-gb-hazelrus` | Container image with the `en-GB` locale and `en-GB-HazelRUS` voice. | `sha256:19e76f8b8b85262ad4dc5892a03cb973f48ed9914324e68985b66201726bb400` |
-| `en-gb-susan-apollo` | Container image with the `en-GB` locale and `en-GB-Susan-Apollo` voice. | `sha256:4c4e2e5faf74cc0f55b7081f68c24d88206eb989e0ca4c416d0d9c6b24bbd1bc` |
-| `en-ie-sean` | Container image with the `en-IE` locale and `en-IE-Sean` voice. | `sha256:d771436bd543bd5500a94205cd047e084cb43081829fcc22ee67c285b0ac06f0` |
-| `en-in-heera-apollo` | Container image with the `en-IN` locale and `en-IN-Heera-Apollo` voice. | `sha256:bdbb8fedfb129cb5822f1442f9b6c3ccc1054660d33aba29caf464a2b8174423` |
-| `en-in-priyarus` | Container image with the `en-IN` locale and `en-IN-PriyaRUS` voice. | `sha256:b16a0f8e7af04af2f6c849cbcd8f7de75b105fce9d68c98e3038c9d93ab07767` |
-| `en-in-ravi-apollo` | Container image with the `en-IN` locale and `en-IN-Ravi-Apollo` voice. | `sha256:72a6cd4dee54518a1fdb02998861ca5b6c3cda74ceffce0929d911de98fa054b` |
-| `en-us-aria24krus` | Container image with the `en-US` locale and `en-US-Aria24kRUS` voice. | `sha256:21be092ed49a687b86dec15349201b9cfab323a68879cfee4a70d063368c06d9` |
-| `en-us-ariarus` | Container image with the `en-US` locale and `en-US-AriaRUS` voice. | `sha256:21be092ed49a687b86dec15349201b9cfab323a68879cfee4a70d063368c06d9` |
-| `en-us-benjaminrus` | Container image with the `en-US` locale and `en-US-BenjaminRUS` voice. | `sha256:64aa702fdb963721dfbef0b425d400f2e10159b8e261048f7a81c962ed80acdc` |
-| `en-us-guy24krus` | Container image with the `en-US` locale and `en-US-Guy24kRUS` voice. | `sha256:fefd0b03bc10493e99c2bd4a65b50aed0b585714fa3169dfe6ecfd63e2f41605` |
-| `en-us-zirarus` | Container image with the `en-US` locale and `en-US-ZiraRUS` voice. | `sha256:65d8cc26d1b514a04adaf17d603edfa81fead9b456a6f5bef3cec80f09bef2f4` |
-| `es-es-helenarus` | Container image with the `es-ES` locale and `es-ES-HelenaRUS` voice. | `sha256:5e894da2609c367d97782c2e3cf0248dc83758bcebf2114106ba2465638e1beb` |
-| `es-es-laura-apollo` | Container image with the `es-ES` locale and `es-ES-Laura-Apollo` voice. | `sha256:6224461121515e5fa5668a93601b790a784c9ea049feae56c6ce4241a6ba9f5e` |
-| `es-es-pablo-apollo` | Container image with the `es-ES` locale and `es-ES-Pablo-Apollo` voice. | `sha256:1a15fac1dfcbca48381882e9b77c0728d080f48ca05eb441c92efb22f1b539e0` |
-| `es-mx-hildarus` | Container image with the `es-MX` locale and `es-MX-HildaRUS` voice. | `sha256:857d8d3c3f2117f7088b232413eecd188feb6d61cabfc068573c884de0c36cc4` |
-| `es-mx-raul-apollo` | Container image with the `es-MX` locale and `es-MX-Raul-Apollo` voice. | `sha256:4aabd28e70e24fe40c3957b62b8f303f29d9e314c2dab8e622b7488ff74965ee` |
-| `fi-fi-heidirus` | Container image with the `fi-FI` locale and `fi-FI-HeidiRUS` voice. | `sha256:191f7e12c71b6080d9e8bbd556cda66d2c41ac1f6cd795607e04d4f562978345` |
-| `fr-ca-caroline` | Container image with the `fr-CA` locale and `fr-CA-Caroline` voice. | `sha256:76203efca3906dc2a1e11382446b4f043ff522c43914fc45b67bb47266d924a0` |
-| `fr-ca-harmonierus` | Container image with the `fr-CA` locale and `fr-CA-HarmonieRUS` voice. | `sha256:6755c93fd4a71417884561089e8e3d1a0ea5162ff2b07cbe66c588040e6dd5bd` |
-| `fr-ch-guillaume` | Container image with the `fr-CH` locale and `fr-CH-Guillaume` voice. | `sha256:8fb69cd140aa39a93d0fd80dc714f00864b04be3179d5b48012bec5484465f11` |
-| `fr-fr-hortenserus` | Container image with the `fr-FR` locale and `fr-FR-HortenseRUS` voice. | `sha256:37117f9c814bb4f1cb4e112bed9fbf9f1146e94043e51576fa0b05aa15601573` |
-| `fr-fr-julie-apollo` | Container image with the `fr-FR` locale and `fr-FR-Julie-Apollo` voice. | `sha256:75978e6959445e02127505ec7972cc54aa504234326888a1bbff48d12e7672cb` |
-| `fr-fr-paul-apollo` | Container image with the `fr-FR` locale and `fr-FR-Paul-Apollo` voice. | `sha256:e003ac4732053ee049c1429b149591499dcd4716d3aad23e2732355beb5a3058` |
-| `he-il-asaf` | Container image with the `he-IL` locale and `he-IL-Asaf` voice. | `sha256:8eb007717e34e47f812569893333d5a3e97a7fad53498432d4979a0e3824c1c3` |
-| `hi-in-hemant` | Container image with the `hi-IN` locale and `hi-IN-Hemant` voice. | `sha256:533b3d9a9f15419d906e78b92c9e6e2ec442c12e8e3d012e0801422d04b63709` |
-| `hi-in-kalpana-apollo` | Container image with the `hi-IN` locale and `hi-IN-Kalpana-Apollo` voice. | `sha256:2287a4963f0db435e7f4a0f85bc68ac17d8923bb6acd568153bb4e3181aa155a` |
-| `hi-in-kalpana` | Container image with the `hi-IN` locale and `hi-IN-Kalpana` voice. | `sha256:2287a4963f0db435e7f4a0f85bc68ac17d8923bb6acd568153bb4e3181aa155a` |
-| `hr-hr-matej` | Container image with the `hr-HR` locale and `hr-HR-Matej` voice. | `sha256:6ad69e9f8de0d76b7c899ed0524129aaa66c6227a8b4eb3fe1d2a42ce4e10515` |
-| `hu-hu-szabolcs` | Container image with the `hu-HU` locale and `hu-HU-Szabolcs` voice. | `sha256:a60f64d59b54fc1070db76ceaf583fa914cbc5a2806ba98f6d4fb2055c5a11b4` |
-| `id-id-andika` | Container image with the `id-ID` locale and `id-ID-Andika` voice. | `sha256:4ceb3fdb5ae32845b5d8d512b5042c54e83c00ab3eec0a605668c0dc03cadcd5` |
-| `it-it-cosimo-apollo` | Container image with the `it-IT` locale and `it-IT-Cosimo-Apollo` voice. | `sha256:7498b4a7b5eb2cd1a626e4adece8469b8eefc6b5f1efc43e7cd4f207938fca1f` |
-| `it-it-luciarus` | Container image with the `it-IT` locale and `it-IT-LuciaRUS` voice. | `sha256:8b4143c9d639aab14e000271cba0d1be87a0fb7f19b4c6cdcb37104d329f59c6` |
-| `ja-jp-ayumi-apollo` | Container image with the `ja-JP` locale and `ja-JP-Ayumi-Apollo` voice. | `sha256:aa3d365e1e5f4cdb52002589599d3e88b3298db8652b6cd9e63c7095838460ae` |
-| `ja-jp-harukarus` | Container image with the `ja-JP` locale and `ja-JP-HarukaRUS` voice. | `sha256:8c5f06028f97934a2022af3b30a8691038d3ad9173a5cb2298bb461b46c8a58a` |
-| `ja-jp-ichiro-apollo` | Container image with the `ja-JP` locale and `ja-JP-Ichiro-Apollo` voice. | `sha256:a1d84e27829a5e9f22c244ec181f6eda39db1ffeec0d78e5bcb128a012c0ab54` |
-| `ko-kr-heamirus` | Container image with the `ko-KR` locale and `ko-KR-HeamiRUS` voice. | `sha256:0ab1b70a226517a2d5547912a9d34865914b1271e9c7489e32aec5cf3d46489d` |
-| `ms-my-rizwan` | Container image with the `ms-MY` locale and `ms-MY-Rizwan` voice. | `sha256:95cea6795eb02919f742f09f591e5c670852ea4175e108f3c6c3b33cb2742694` |
-| `nb-no-huldarus` | Container image with the `nb-NO` locale and `nb-NO-HuldaRUS` voice. | `sha256:a179563ef1d0c562323e22cd9bdfcb932728f418beecc05207b0df2b8e95bad6` |
-| `nl-nl-hannarus` | Container image with the `nl-NL` locale and `nl-NL-HannaRUS` voice. | `sha256:d8932c474fd8b78a0c87a9827ae50eff2329c155e2dd33f52dfba582292ba1d2` |
-| `pl-pl-paulinarus` | Container image with the `pl-PL` locale and `pl-PL-PaulinaRUS` voice. | `sha256:5035ac81ee98cf5df695dbde623d5d7957d64cfaba9d0f3acd77204ef4b441ab` |
-| `pt-br-daniel-apollo` | Container image with the `pt-BR` locale and `pt-BR-Daniel-Apollo` voice. | `sha256:762463e1d6e51624558ca663702a92126f6d7faf2091b4af12ad0d3bbf703044` |
-| `pt-br-heloisarus` | Container image with the `pt-BR` locale and `pt-BR-HeloisaRUS` voice. | `sha256:c34ef2b1d489d9c695073884bfb59ae1e7c54944bfc1fb9b3a05476b9ca9f60a` |
-| `pt-pt-heliarus` | Container image with the `pt-PT` locale and `pt-PT-HeliaRUS` voice. | `sha256:88fb5d5c2f90bb07fe49dfa7779f4b559e5a738fe9819728ed4b01e03f029bd1` |
-| `ro-ro-andrei` | Container image with the `ro-RO` locale and `ro-RO-Andrei` voice. | `sha256:d24def1774d8cd5f2faaa223ce35e005c5ba664636b2cc7699e8ad490b3316b7` |
-| `ru-ru-ekaterinarus` | Container image with the `ru-RU` locale and `ru-RU-EkaterinaRUS` voice. | `sha256:d177af9d804bc956d2b7a9de707330cecb7895f5a32ade4d201e48477a479936` |
-| `ru-ru-irina-apollo` | Container image with the `ru-RU` locale and `ru-RU-Irina-Apollo` voice. | `sha256:12fe246c090bfc789b4622613a5835edc9e1c06b48c248252b0da4dbf996e864` |
-| `ru-ru-pavel-apollo` | Container image with the `ru-RU` locale and `ru-RU-Pavel-Apollo` voice. | `sha256:35418d54084bbd25101e1a7f0a6f4280b6d4aa2e8c1ba562b9a3c0a6acfa0410` |
-| `sk-sk-filip` | Container image with the `sk-SK` locale and `sk-SK-Filip` voice. | `sha256:256a25e505bda3c2f392471b3996a5f2d3cf2eb9d14421322c56223095bffd91` |
-| `sl-si-lado` | Container image with the `sl-SI` locale and `sl-SI-Lado` voice. | `sha256:8085a021a30be2e30d51a76b18e0f31be083deb0fb19883f7668ce56a5bcddb1` |
-| `sv-se-hedvigrus` | Container image with the `sv-SE` locale and `sv-SE-HedvigRUS` voice. | `sha256:1db0e26b958662ca2db3cc8129130d55f1ad289ab9a10d41ffac3ababc3bd7b4` |
-| `ta-in-valluvar` | Container image with the `ta-IN` locale and `ta-IN-Valluvar` voice. | `sha256:d1ed46e3db9888aad0a3399404ecba46738c4583d76b3522406e4f36d9065615` |
-| `te-in-chitra` | Container image with the `te-IN` locale and `te-IN-Chitra` voice. | `sha256:d927aed4c64e093f913471352df0d036c30eb7f72f743df75d7293e9eba88bef` |
-| `th-th-pattara` | Container image with the `th-TH` locale and `th-TH-Pattara` voice. | `sha256:2d830fe71c4f00642e62245b84849bda947d6702ddbab45e69c8f94c985e0c92` |
-| `tr-tr-sedarus` | Container image with the `tr-TR` locale and `tr-TR-SedaRUS` voice. | `sha256:6aa7fd59cff4b43ddaa8437d319f3e56ba8a8c24f9363c783aa6a7454d382a68` |
-| `vi-vn-an` | Container image with the `vi-VN` locale and `vi-VN-An` voice. | `sha256:612963bbe3fb81907c6eac34ead489430a07d5c6389f30be5fc5c59143e228dd` |
-| `zh-cn-huihuirus` | Container image with the `zh-CN` locale and `zh-CN-HuihuiRUS` voice. | `sha256:54a32e8ef08d57f841be6ee4c700a448bf80033e9931a6c7560e4f3fdb0ab6d0` |
-| `zh-cn-kangkang-apollo` | Container image with the `zh-CN` locale and `zh-CN-Kangkang-Apollo` voice. | `sha256:e9d8f52eae02bedbd0cbfdf2da02cf8dc63d4cf04bfea7d76c15fffe40d120a7` |
-| `zh-cn-yaoyao-apollo` | Container image with the `zh-CN` locale and `zh-CN-Yaoyao-Apollo` voice. | `sha256:2c4a86a91913edd06eaf01d4b1145eeb429616ccb7496b0b4197d5a8f0b3793a` |
-| `zh-hk-danny-apollo` | Container image with the `zh-HK` locale and `zh-HK-Danny-Apollo` voice. | `sha256:140d2cc1a4ffe7b1911254c39870727916c1544776bb7c406a7b6d8d9fed0ad6` |
-| `zh-hk-tracy-apollo` | Container image with the `zh-HK` locale and `zh-HK-Tracy-Apollo` voice. | `sha256:98025d5a58b1b7c367d7be4c285b4b602eb2819a203b090f48a6869aa7367ce4` |
-| `zh-hk-tracyrus` | Container image with the `zh-HK` locale and `zh-HK-TracyRUS` voice. | `sha256:98025d5a58b1b7c367d7be4c285b4b602eb2819a203b090f48a6869aa7367ce4` |
-| `zh-tw-hanhanrus` | Container image with the `zh-TW` locale and `zh-TW-HanHanRUS` voice. | `sha256:fc3ff023277fdc04cc879ba66e3daf9fdc4affcfdb79503597893e8227105c1a` |
-| `zh-tw-yating-apollo` | Container image with the `zh-TW` locale and `zh-TW-Yating-Apollo` voice. | `sha256:365693135e6fcc62f68d7bfc92e1dca1662dce31901e5833f7062f517b8bd2b9` |
-| `zh-tw-zhiwei-apollo` | Container image with the `zh-TW` locale and `zh-TW-Zhiwei-Apollo` voice. | `sha256:1a01b3470bd1298a6c323a121f4776de07e3747e6fe8e42af4be4845ab0a9b10` |
+| `ar-eg-hoda` | Container image with the `ar-EG` locale and `ar-EG-Hoda` voice. | `sha256:506c4694cb4628aab870d81b53885c4b63f7d167fcc3407dd7a203ab3da6bd9b` |
+| `ar-sa-naayf` | Container image with the `ar-SA` locale and `ar-SA-Naayf` voice. | `sha256:ec6963d01458464eff3ed2be965cbe782c11bd751022ead9d4dad39caa7db4a1` |
+| `bg-bg-ivan` | Container image with the `bg-BG` locale and `bg-BG-Ivan` voice. | `sha256:d296080e707bb20eba7db2473c8caa76c17ded594b8a82e0932a71694ee0f2a9` |
+| `ca-es-herenarus` | Container image with the `ca-ES` locale and `ca-ES-HerenaRUS` voice. | `sha256:80545662ec2dce6949c902351dd29be9778749ee980efc0c78be5074a9e126a8` |
+| `cs-cz-jakub` | Container image with the `cs-CZ` locale and `cs-CZ-Jakub` voice. | `sha256:206773547eadde8e5e396ebac9f7a17e0e20ba6c8a453f7c03c8723689224384` |
+| `da-dk-hellerus` | Container image with the `da-DK` locale and `da-DK-HelleRUS` voice. | `sha256:b5636a23d0d0a9c6f5c93885a1033730bf1f0c12335769fc544bb23f1697ae21` |
+| `de-at-michael` | Container image with the `de-AT` locale and `de-AT-Michael` voice. | `sha256:df6d494145125b1945626834084f8f8d91d7b996edf417e33ec8d9441665cc16` |
+| `de-ch-karsten` | Container image with the `de-CH` locale and `de-CH-Karsten` voice. | `sha256:65a088fa6dc97d60c2d35214af0c90a6e9a33ae2f4082270dcc7961a64e38bfd` |
+| `de-de-heddarus` | Container image with the `de-DE` locale and `de-DE-Hedda` voice. | `sha256:acd5c459d0447aa39e4bf5ed74c7f4fdfa275c3ca0cabc24ee4f110f6500e743` |
+| `de-de-hedda` | Container image with the `de-DE` locale and `de-DE-Hedda` voice. | `sha256:acd5c459d0447aa39e4bf5ed74c7f4fdfa275c3ca0cabc24ee4f110f6500e743` |
+| `de-de-stefan-apollo` | Container image with the `de-DE` locale and `de-DE-Stefan-Apollo` voice. | `sha256:a879c3dff58420b8af5fb955e8cb5727c76f7acddfe89dde298ca0934d72f1aa` |
+| `el-gr-stefanos` | Container image with the `el-GR` locale and `el-GR-Stefanos` voice. | `sha256:50422aa0cd5b58a5e1c4e334e7098f7590f02fbfb392a5d08fde2018577a6cac` |
+| `en-au-catherine` | Container image with the `en-AU` locale and `en-AU-Catherine` voice. | `sha256:68ee93b7e541836fb4df93a6925edc9734a8390765fd10b9541eddb94788128d` |
+| `en-au-hayleyrus` | Container image with the `en-AU` locale and `en-AU-HayleyRUS` voice. | `sha256:b4c6a1580faf6466238060c9e26b2c9bf17da2ee8492f856fceb96e927722c70` |
+| `en-ca-heatherrus` | Container image with the `en-CA` locale and `en-CA-HeatherRUS` voice. | `sha256:1ada3a373ae2e3475c8e1ee9b2a5966ae126376bb5ac0c01e07591b53de5c2e4` |
+| `en-ca-linda` | Container image with the `en-CA` locale and `en-CA-Linda` voice. | `sha256:4989ac096aa8923ef16c823cd3767730dcbea633827d269a1e5dc9206325edcc` |
+| `en-gb-george-apollo` | Container image with the `en-GB` locale and `en-GB-George-Apollo` voice. | `sha256:1fc5a152d99e61823a8d0253ba1c04a79c1a846b5c135e1638695f47d21b936c` |
+| `en-gb-hazelrus` | Container image with the `en-GB` locale and `en-GB-HazelRUS` voice. | `sha256:8814ea674f531e12e0d502cc542afbabf5123107f05792215c81f68a259cd5e8` |
+| `en-gb-susan-apollo` | Container image with the `en-GB` locale and `en-GB-Susan-Apollo` voice. | `sha256:3dd9b566fb592009693159d2c1eeebb034e22124746ee4d20f7b904a04e90a5b` |
+| `en-ie-sean` | Container image with the `en-IE` locale and `en-IE-Sean` voice. | `sha256:a1cddb74a6f14c3f9e3514dbcd64d05406f36e79089ef8217fcb724f8126a3e9` |
+| `en-in-heera-apollo` | Container image with the `en-IN` locale and `en-IN-Heera-Apollo` voice. | `sha256:1f5e27a078dc61d558864b29e060e963fe1cd4e56d5a5c33e943088803f3b3fd` |
+| `en-in-priyarus` | Container image with the `en-IN` locale and `en-IN-PriyaRUS` voice. | `sha256:0f2873c0a80159624960b1d7c3dafa1e60be69f94aa1939bac37bdb941240ba1` |
+| `en-in-ravi-apollo` | Container image with the `en-IN` locale and `en-IN-Ravi-Apollo` voice. | `sha256:338a4c2b0923d44895ebba1d3aed13eef8ec775c911e39ee9acd33b304831db0` |
+| `en-us-aria24krus` | Container image with the `en-US` locale and `en-US-Aria24kRUS` voice. | `sha256:ab856028f3ab7c7af881b4e53fe957bc89d3f8bb1daf7b3376593f845cac1fad` |
+| `en-us-ariarus` | Container image with the `en-US` locale and `en-US-AriaRUS` voice. | `sha256:ab856028f3ab7c7af881b4e53fe957bc89d3f8bb1daf7b3376593f845cac1fad` |
+| `en-us-benjaminrus` | Container image with the `en-US` locale and `en-US-BenjaminRUS` voice. | `sha256:0e4862eb77acb3b3f5c08984ce3605d06e12876b72d5c48dcd86e05461aecff7` |
+| `en-us-guy24krus` | Container image with the `en-US` locale and `en-US-Guy24kRUS` voice. | `sha256:bde0c632722de7093c787c076e73cfcc84ce6afa282fc269a7fb5e3edc5e986a` |
+| `en-us-zirarus` | Container image with the `en-US` locale and `en-US-ZiraRUS` voice. | `sha256:feebe5f990e6713c2a8e3759059553c9b9ec59505449686896bd7ef25d2d4bd8` |
+| `es-es-helenarus` | Container image with the `es-ES` locale and `es-ES-HelenaRUS` voice. | `sha256:84b9517218281c7660f2851e819dc79a003cd2c06adf50341a46293dab3754db` |
+| `es-es-laura-apollo` | Container image with the `es-ES` locale and `es-ES-Laura-Apollo` voice. | `sha256:fbcdd314a1c94b60a338c9a3b352fdb19bc0d64d1e698ae8ca9b30eeb0cc89b0` |
+| `es-es-pablo-apollo` | Container image with the `es-ES` locale and `es-ES-Pablo-Apollo` voice. | `sha256:4d0a3a6f789acbee3cf52e26ce4f2bc7f15a1d51bd4a4187262fbd432a7a0512` |
+| `es-mx-hildarus` | Container image with the `es-MX` locale and `es-MX-HildaRUS` voice. | `sha256:232730b6b1732a6169b024f9513527a01f515b5534ffbe5e6b0ec816c452333b` |
+| `es-mx-raul-apollo` | Container image with the `es-MX` locale and `es-MX-Raul-Apollo` voice. | `sha256:a24417b4e2d2f22c17a6a2ea6ae8acd67386881c1c10e7cb4988a4fc93e06b72` |
+| `fi-fi-heidirus` | Container image with the `fi-FI` locale and `fi-FI-HeidiRUS` voice. | `sha256:24178c994f15ef135453b6417c3866e5cc6e0db4767a0ed70a446fe67d2124de` |
+| `fr-ca-caroline` | Container image with the `fr-CA` locale and `fr-CA-Caroline` voice. | `sha256:3e9b860513a1f0ebfe4280fa7994348305c78fccf00906e1983e1e557b44d455` |
+| `fr-ca-harmonierus` | Container image with the `fr-CA` locale and `fr-CA-HarmonieRUS` voice. | `sha256:3b5a7a1e8a01782e12a1b39f9f2981a3f1798751351251e6d477f4df1b5f4997` |
+| `fr-ch-guillaume` | Container image with the `fr-CH` locale and `fr-CH-Guillaume` voice. | `sha256:b2cbd6b417b42e11d6d64d8a1f26b2f00f398ec2225207dd89043b859712b261` |
+| `fr-fr-hortenserus` | Container image with the `fr-FR` locale and `fr-FR-HortenseRUS` voice. | `sha256:dc2b98bb93526bc95bff551a3dc3869afff041a904022bc3bd2d30b0b7ce1993` |
+| `fr-fr-julie-apollo` | Container image with the `fr-FR` locale and `fr-FR-Julie-Apollo` voice. | `sha256:1af6a1807b4d4d48a1f7229e6e03360d9bb979113bbe4f4590975f9e98f09af1` |
+| `fr-fr-paul-apollo` | Container image with the `fr-FR` locale and `fr-FR-Paul-Apollo` voice. | `sha256:0b5ed83a9a48cba741b5e491926bb5a1e3022eda8660b573e3abb231f3f81b73` |
+| `he-il-asaf` | Container image with the `he-IL` locale and `he-IL-Asaf` voice. | `sha256:5f2307252f16876be05545581f1698c8a8834c4b462db76c151400c538f1aff4` |
+| `hi-in-hemant` | Container image with the `hi-IN` locale and `hi-IN-Hemant` voice. | `sha256:a86d04e0ae19a1ca30ba14a4951e8f8d78c4c27a78378f07e5f37a753e282ea9` |
+| `hi-in-kalpana-apollo` | Container image with the `hi-IN` locale and `hi-IN-Kalpana-Apollo` voice. | `sha256:1e56c468fae9c07c76581a7c7430d9bcc02eeaee5e4657830a2c59649cdfd80c` |
+| `hi-in-kalpana` | Container image with the `hi-IN` locale and `hi-IN-Kalpana` voice. | `sha256:1e56c468fae9c07c76581a7c7430d9bcc02eeaee5e4657830a2c59649cdfd80c` |
+| `hr-hr-matej` | Container image with the `hr-HR` locale and `hr-HR-Matej` voice. | `sha256:7445bc7d1d73c5bb4775de73253b4733fbe53caae93a7bd5093f2cf61dc7f7cd` |
+| `hu-hu-szabolcs` | Container image with the `hu-HU` locale and `hu-HU-Szabolcs` voice. | `sha256:96050684a66cede45f5a757dc6faa45663efcae1739abc820a77a7e171b7733a` |
+| `id-id-andika` | Container image with the `id-ID` locale and `id-ID-Andika` voice. | `sha256:28065b6532a04912cb59104e7d6d1904be3b71b8f45427082825c752c3f1737e` |
+| `it-it-cosimo-apollo` | Container image with the `it-IT` locale and `it-IT-Cosimo-Apollo` voice. | `sha256:ee465ab38a0b9331fdf7a1baeda62b6a368b2aceb10754158e3f14a45b473dfd` |
+| `it-it-luciarus` | Container image with the `it-IT` locale and `it-IT-LuciaRUS` voice. | `sha256:b15a06df122dac510aa9327aa623147435ce2e576ebbe0be1c28ecf19b4f9717` |
+| `ja-jp-ayumi-apollo` | Container image with the `ja-JP` locale and `ja-JP-Ayumi-Apollo` voice. | `sha256:cbced8cfbd556c8a169bfd2da35446787c5f5acd1607083155cf2f8e7ad8b2a2` |
+| `ja-jp-harukarus` | Container image with the `ja-JP` locale and `ja-JP-HarukaRUS` voice. | `sha256:1dda74d78c7227c45720e6aac912053160a65957b43b0b528376dc3f7a8570f6` |
+| `ja-jp-ichiro-apollo` | Container image with the `ja-JP` locale and `ja-JP-Ichiro-Apollo` voice. | `sha256:ffa25c2702b5156e97eb9457085341d035add070d43638e78b0ae9f2f23fe76b` |
+| `ko-kr-heamirus` | Container image with the `ko-KR` locale and `ko-KR-HeamiRUS` voice. | `sha256:f4955991abb31d5814913e49c17535f79b618f3376de75af1feac74ff9430cd5` |
+| `ms-my-rizwan` | Container image with the `ms-MY` locale and `ms-MY-Rizwan` voice. | `sha256:4c4fdfc2c70ae624d69c1435433068efacccd96809e9112a4fcb1f4e52802d00` |
+| `nb-no-huldarus` | Container image with the `nb-NO` locale and `nb-NO-HuldaRUS` voice. | `sha256:080902d1f8f67d018746d3099d2739fc203cf87959912e45352a7525c7b95bb9` |
+| `nl-nl-hannarus` | Container image with the `nl-NL` locale and `nl-NL-HannaRUS` voice. | `sha256:b3c808f060b29485c8a18f5b717f96f4f1d5c724811012cf9ad4654b658b08f6` |
+| `pl-pl-paulinarus` | Container image with the `pl-PL` locale and `pl-PL-PaulinaRUS` voice. | `sha256:f95ded0a8f5dc9bf53f469fcd8c9608fa53ab45b5fdc915f132fff3cb6fcb8e0` |
+| `pt-br-daniel-apollo` | Container image with the `pt-BR` locale and `pt-BR-Daniel-Apollo` voice. | `sha256:da85762763f2a4cf6de112244138aee57235bbfab807e5dd80b76e9fc6703e44` |
+| `pt-br-heloisarus` | Container image with the `pt-BR` locale and `pt-BR-HeloisaRUS` voice. | `sha256:085dd402f070660f2a0a9139b2b09ec7699191533e4b442260364715fd83ff38` |
+| `pt-pt-heliarus` | Container image with the `pt-PT` locale and `pt-PT-HeliaRUS` voice. | `sha256:4cf8270fb836dda947580886891c79d07ccd9cca7cfb19d328fafba9f61d5303` |
+| `ro-ro-andrei` | Container image with the `ro-RO` locale and `ro-RO-Andrei` voice. | `sha256:a11f8da57c87b49145293b1c91e2073f96a70301b839e9d9848fdd1a2a164aed` |
+| `ru-ru-ekaterinarus` | Container image with the `ru-RU` locale and `ru-RU-EkaterinaRUS` voice. | `sha256:e6619b9518029ba9e19d6b98dbe1b79c676c135248c32c9a3c3c2e3edb56efc7` |
+| `ru-ru-irina-apollo` | Container image with the `ru-RU` locale and `ru-RU-Irina-Apollo` voice. | `sha256:04ecb7975978c004fbe2960e74d71b9d1fdfbaea904f1104f519f43351dc77e5` |
+| `ru-ru-pavel-apollo` | Container image with the `ru-RU` locale and `ru-RU-Pavel-Apollo` voice. | `sha256:c7fe3fc2fd40891e51fe00c3bbbf5386b7400cee6091956ad08fa974fe7518d7` |
+| `sk-sk-filip` | Container image with the `sk-SK` locale and `sk-SK-Filip` voice. | `sha256:e7624a3f3521a663bfd96f30904f722b16c6b2523fa2d150a578311c2abfe7b1` |
+| `sl-si-lado` | Container image with the `sl-SI` locale and `sl-SI-Lado` voice. | `sha256:898ab51ca3e6697b39391fdc34d76f79cea6a40dc53f9fb16ae9241e09eeaec1` |
+| `sv-se-hedvigrus` | Container image with the `sv-SE` locale and `sv-SE-HedvigRUS` voice. | `sha256:7aba595a1b4994dfb2002bc7c56e1dc94d92bb3e49ba9024ef2ebd8614deb24d` |
+| `ta-in-valluvar` | Container image with the `ta-IN` locale and `ta-IN-Valluvar` voice. | `sha256:850f8b7e23434c01fd3c901549bf00e541f0e86f96e75ed22531036acc899418` |
+| `te-in-chitra` | Container image with the `te-IN` locale and `te-IN-Chitra` voice. | `sha256:cc155a9aba2e1f4786702b570608c4aa344fddaba9bd6f3d705a2cc8d5990b37` |
+| `th-th-pattara` | Container image with the `th-TH` locale and `th-TH-Pattara` voice. | `sha256:3c0c5b6ea14b697219420730f195553ac691ff69cb65a7aecb3df2e35de2f3b8` |
+| `tr-tr-sedarus` | Container image with the `tr-TR` locale and `tr-TR-SedaRUS` voice. | `sha256:ee98a8a4e5ccd68ca0fe7c485a7595f4b62930ee2a13cc85e3c5486954a18c4c` |
+| `vi-vn-an` | Container image with the `vi-VN` locale and `vi-VN-An` voice. | `sha256:2bfa898d787863b7ec55421b8d21db7b2ba89c904a95705573a02bb43b2226de` |
+| `zh-cn-huihuirus` | Container image with the `zh-CN` locale and `zh-CN-HuihuiRUS` voice. | `sha256:f5afefbd54a45418fbffa6f272e2dc8651fbd06276ce7d4ecf2e50ea1b947b12` |
+| `zh-cn-kangkang-apollo` | Container image with the `zh-CN` locale and `zh-CN-Kangkang-Apollo` voice. | `sha256:fc314d3e4729ec77b2cfdb1408d3aeed7f6d17b7e3c353e4cfc31fc9712eccd3` |
+| `zh-cn-yaoyao-apollo` | Container image with the `zh-CN` locale and `zh-CN-Yaoyao-Apollo` voice. | `sha256:102c47ff3b91c7106cf116f86dad5814a2d893672fa833d082d30ae500df8112` |
+| `zh-hk-danny-apollo` | Container image with the `zh-HK` locale and `zh-HK-Danny-Apollo` voice. | `sha256:75892d547cc35964fe079efd077e83825c38f43179bee4486e672113ff56d612` |
+| `zh-hk-tracy-apollo` | Container image with the `zh-HK` locale and `zh-HK-Tracy-Apollo` voice. | `sha256:e7cf6d4d0d7509c829a39cceac03f1f97e2f0f496bc1193d2291cac6ce08a007` |
+| `zh-hk-tracyrus` | Container image with the `zh-HK` locale and `zh-HK-TracyRUS` voice. | `sha256:e7cf6d4d0d7509c829a39cceac03f1f97e2f0f496bc1193d2291cac6ce08a007` |
+| `zh-tw-hanhanrus` | Container image with the `zh-TW` locale and `zh-TW-HanHanRUS` voice. | `sha256:6d9c790d7a322dd6dc56512d008055e72863b9fa5c01a5bd074de79227d45093` |
+| `zh-tw-yating-apollo` | Container image with the `zh-TW` locale and `zh-TW-Yating-Apollo` voice. | `sha256:acf24aca14e04a4120f9fd71c5eadd9e1f61e61c835e5482249dae2a1546ee02` |
+| `zh-tw-zhiwei-apollo` | Container image with the `zh-TW` locale and `zh-TW-Zhiwei-Apollo` voice. | `sha256:90767a1712dc74a9a3d1c73d5613c088d2d28034a2d8430e4cfd7062478dbd29` |
# [Previous version](#tab/previous)
This container image has the following tags available. You can also find a full
# [Latest version](#tab/current)
-Release notes for `v1.6.0`:
-* Upgrade to latest models with quality improvements and bug fixes
+Release notes for `v1.8.0`:
+Regular monthly release
| Image Tags | Notes | ||:| | `latest` | Container image with the `en-US` locale and `en-US-AriaNeural` voice. |
-| `1.6.0-amd64-<locale-and-voice>` | Replace `<locale>` with one of the available locales, listed below. For example `1.6.0-amd64-en-us-arianeural`. |
+| `1.8.0-amd64-<locale-and-voice>` | Replace `<locale>` with one of the available locales, listed below. For example `1.8.0-amd64-en-us-arianeural`. |
-| v1.5.0 Locales and voices | Notes |
+| v1.8.0 Locales and voices | Notes |
|-|:| | `de-de-conradneural` | Container image with the `de-DE` locale and `de-DE-ConradNeural` voice. | | `de-de-katjaneural` | Container image with the `de-DE` locale and `de-DE-KatjaNeural` voice. |
Release notes for `v1.6.0`:
# [Previous version](#tab/previous)
+Release notes for `v1.7.0`:
+* Upgrade to latest models with quality improvements and bug fixes
+
+Release notes for `v1.6.0`:
+* Upgrade to latest models with quality improvements and bug fixes
+ Release notes for `v1.5.0`: * Upgrade to latest models with quality improvements and bug fixes * Support up to 38 neural voices
Release notes for `v1.3.0`:
| `1.3.0-amd64-<locale-and-voice>-preview` | Replace `<locale>` with one of the available locales, listed below. For example `1.3.0-amd64-en-us-arianeural-preview`. | | `1.2.0-amd64-<locale-and-voice>-preview` | Replace `<locale>` with one of the available locales, listed below. For example `1.2.0-amd64-en-us-arianeural-preview`. |
+| v1.7.0 Locales and voices | Notes |
+|-|:|
+| `de-de-conradneural` | Container image with the `de-DE` locale and `de-DE-ConradNeural` voice. |
+| `de-de-katjaneural` | Container image with the `de-DE` locale and `de-DE-KatjaNeural` voice. |
+| `en-au-natashaneural` | Container image with the `en-AU` locale and `en-AU-NatashaNeural` voice. |
+| `en-au-williamneural` | Container image with the `en-AU` locale and `en-AU-WilliamNeural` voice. |
+| `en-ca-claraneural` | Container image with the `en-CA` locale and `en-CA-ClaraNeural` voice. |
+| `en-ca-liamneural` | Container image with the `en-CA` locale and `en-CA-LiamNeural` voice. |
+| `en-gb-libbyneural` | Container image with the `en-GB` locale and `en-GB-LibbyNeural` voice. |
+| `en-gb-mianeural` | Container image with the `en-GB` locale and `en-GB-MiaNeural` voice. |
+| `en-gb-ryanneural` | Container image with the `en-GB` locale and `en-GB-RyanNeural` voice. |
+| `en-us-arianeural` | Container image with the `en-US` locale and `en-US-AriaNeural` voice. |
+| `en-us-guyneural` | Container image with the `en-US` locale and `en-US-GuyNeural` voice. |
+| `en-us-jennyneural` | Container image with the `en-US` locale and `en-US-JennyNeural` voice. |
+| `es-es-alvaroneural` | Container image with the `es-ES` locale and `es-ES-AlvaroNeural` voice. |
+| `es-es-elviraneural` | Container image with the `es-ES` locale and `es-ES-ElviraNeural` voice. |
+| `es-mx-dalianeural` | Container image with the `es-MX` locale and `es-MX-DaliaNeural` voice. |
+| `es-mx-jorgeneural` | Container image with the `es-MX` locale and `es-MX-JorgeNeural` voice. |
+| `fr-ca-antoineneural` | Container image with the `fr-CA` locale and `fr-CA-AntoineNeural` voice. |
+| `fr-ca-jeanneural` | Container image with the `fr-CA` locale and `fr-CA-JeanNeural` voice. |
+| `fr-ca-sylvieneural` | Container image with the `fr-CA` locale and `fr-CA-SylvieNeural` voice. |
+| `fr-fr-deniseneural` | Container image with the `fr-FR` locale and `fr-FR-DeniseNeural` voice. |
+| `fr-fr-henrineural` | Container image with the `fr-FR` locale and `fr-FR-HenriNeural` voice. |
+| `hi-in-madhurneural` | Container image with the `hi-IN` locale and `hi-IN-MadhurNeural` voice. |
+| `hi-in-swaraneural` | Container image with the `hi-IN` locale and `hi-IN-Swaraneural` voice. |
+| `it-it-diegoneural` | Container image with the `it-IT` locale and `it-IT-DiegoNeural` voice. |
+| `it-it-elsaneural` | Container image with the `it-IT` locale and `it-IT-ElsaNeural` voice. |
+| `it-it-isabellaneural` | Container image with the `it-IT` locale and `it-IT-IsabellaNeural` voice. |
+| `ja-jp-keitaneural` | Container image with the `ja-JP` locale and `ja-JP-KeitaNeural` voice. |
+| `ja-jp-nanamineural` | Container image with the `ja-JP` locale and `ja-JP-NanamiNeural` voice. |
+| `ko-kr-injoonneural` | Container image with the `ko-KR` locale and `ko-KR-InJoonNeural` voice. |
+| `ko-kr-sunhineural` | Container image with the `ko-KR` locale and `ko-KR-SunHiNeural` voice. |
+| `pt-br-antonioneural` | Container image with the `pt-BR` locale and `pt-BR-AntonioNeural` voice. |
+| `pt-br-franciscaneural` | Container image with the `pt-BR` locale and `pt-BR-FranciscaNeural` voice. |
+| `tr-tr-ahmetneural` | Container image with the `tr-TR` locale and `tr-TR-AhmetNeural` voice. |
+| `tr-tr-emelneural` | Container image with the `tr-TR` locale and `tr-TR-EmelNeural` voice. |
+| `zh-cn-xiaoxiaoneural` | Container image with the `zh-CN` locale and `zh-CN-XiaoxiaoNeural` voice. |
+| `zh-cn-xiaoyouneural` | Container image with the `zh-CN` locale and `zh-CN-XiaoYouNeural` voice. |
+| `zh-cn-yunyangneural` | Container image with the `zh-CN` locale and `zh-CN-YunYangNeural` voice. |
+| `zh-cn-yunyeneural` | Container image with the `zh-CN` locale and `zh-CN-YunYeNeural` voice. |
+
+| v1.6.0 Locales and voices | Notes |
+|-|:|
+| `de-de-conradneural` | Container image with the `de-DE` locale and `de-DE-ConradNeural` voice. |
+| `de-de-katjaneural` | Container image with the `de-DE` locale and `de-DE-KatjaNeural` voice. |
+| `en-au-natashaneural` | Container image with the `en-AU` locale and `en-AU-NatashaNeural` voice. |
+| `en-au-williamneural` | Container image with the `en-AU` locale and `en-AU-WilliamNeural` voice. |
+| `en-ca-claraneural` | Container image with the `en-CA` locale and `en-CA-ClaraNeural` voice. |
+| `en-ca-liamneural` | Container image with the `en-CA` locale and `en-CA-LiamNeural` voice. |
+| `en-gb-libbyneural` | Container image with the `en-GB` locale and `en-GB-LibbyNeural` voice. |
+| `en-gb-mianeural` | Container image with the `en-GB` locale and `en-GB-MiaNeural` voice. |
+| `en-gb-ryanneural` | Container image with the `en-GB` locale and `en-GB-RyanNeural` voice. |
+| `en-us-arianeural` | Container image with the `en-US` locale and `en-US-AriaNeural` voice. |
+| `en-us-guyneural` | Container image with the `en-US` locale and `en-US-GuyNeural` voice. |
+| `en-us-jennyneural` | Container image with the `en-US` locale and `en-US-JennyNeural` voice. |
+| `es-es-alvaroneural` | Container image with the `es-ES` locale and `es-ES-AlvaroNeural` voice. |
+| `es-es-elviraneural` | Container image with the `es-ES` locale and `es-ES-ElviraNeural` voice. |
+| `es-mx-dalianeural` | Container image with the `es-MX` locale and `es-MX-DaliaNeural` voice. |
+| `es-mx-jorgeneural` | Container image with the `es-MX` locale and `es-MX-JorgeNeural` voice. |
+| `fr-ca-antoineneural` | Container image with the `fr-CA` locale and `fr-CA-AntoineNeural` voice. |
+| `fr-ca-jeanneural` | Container image with the `fr-CA` locale and `fr-CA-JeanNeural` voice. |
+| `fr-ca-sylvieneural` | Container image with the `fr-CA` locale and `fr-CA-SylvieNeural` voice. |
+| `fr-fr-deniseneural` | Container image with the `fr-FR` locale and `fr-FR-DeniseNeural` voice. |
+| `fr-fr-henrineural` | Container image with the `fr-FR` locale and `fr-FR-HenriNeural` voice. |
+| `hi-in-madhurneural` | Container image with the `hi-IN` locale and `hi-IN-MadhurNeural` voice. |
+| `hi-in-swaraneural` | Container image with the `hi-IN` locale and `hi-IN-Swaraneural` voice. |
+| `it-it-diegoneural` | Container image with the `it-IT` locale and `it-IT-DiegoNeural` voice. |
+| `it-it-elsaneural` | Container image with the `it-IT` locale and `it-IT-ElsaNeural` voice. |
+| `it-it-isabellaneural` | Container image with the `it-IT` locale and `it-IT-IsabellaNeural` voice. |
+| `ja-jp-keitaneural` | Container image with the `ja-JP` locale and `ja-JP-KeitaNeural` voice. |
+| `ja-jp-nanamineural` | Container image with the `ja-JP` locale and `ja-JP-NanamiNeural` voice. |
+| `ko-kr-injoonneural` | Container image with the `ko-KR` locale and `ko-KR-InJoonNeural` voice. |
+| `ko-kr-sunhineural` | Container image with the `ko-KR` locale and `ko-KR-SunHiNeural` voice. |
+| `pt-br-antonioneural` | Container image with the `pt-BR` locale and `pt-BR-AntonioNeural` voice. |
+| `pt-br-franciscaneural` | Container image with the `pt-BR` locale and `pt-BR-FranciscaNeural` voice. |
+| `tr-tr-ahmetneural` | Container image with the `tr-TR` locale and `tr-TR-AhmetNeural` voice. |
+| `tr-tr-emelneural` | Container image with the `tr-TR` locale and `tr-TR-EmelNeural` voice. |
+| `zh-cn-xiaoxiaoneural` | Container image with the `zh-CN` locale and `zh-CN-XiaoxiaoNeural` voice. |
+| `zh-cn-xiaoyouneural` | Container image with the `zh-CN` locale and `zh-CN-XiaoYouNeural` voice. |
+| `zh-cn-yunyangneural` | Container image with the `zh-CN` locale and `zh-CN-YunYangNeural` voice. |
+| `zh-cn-yunyeneural` | Container image with the `zh-CN` locale and `zh-CN-YunYeNeural` voice. |
+ | v1.5.0 Locales and voices | Notes | |-|:| | `de-de-conradneural` | Container image with the `de-DE` locale and `de-DE-ConradNeural` voice. |
cognitive-services Text Analytics How To Keyword Extraction https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cognitive-services/text-analytics/how-tos/text-analytics-how-to-keyword-extraction.md
Previously updated : 07/06/2021 Last updated : 08/04/2021
Key phrase extraction works best when you give it bigger amounts of text to work
You must have JSON documents in this format: ID, text, language
-Document size must be 5,120 or fewer characters per document, and you can have up to 1,000 items (IDs) per collection. The collection is submitted in the body of the request. The following example is an illustration of content you might submit for key phrase extraction.
+Document size must be 5,120 or fewer characters per document, and you can have up to 10 items (IDs) per collection. The collection is submitted in the body of the request. The following example is an illustration of content you might submit for key phrase extraction.
See [How to call the Text Analytics API](text-analytics-how-to-call-api.md) for more information on request and response objects.
communication-services Certified Session Border Controllers https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/communication-services/concepts/telephony-sms/certified-session-border-controllers.md
If you have any questions about the SBC certification program for Communication
|Vendor|Product|Software version| |: |: |:
+|AudioCodes|Mediant SBC|7.40A
|Metaswitch|Perimeta SBC|4.9| - Note the certification granted to a major version. That means that firmware with any number in the SBC firmware following the major version is supported. ## Next steps
connectors Connectors Native Reqres https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/connectors/connectors-native-reqres.md
Title: Receive and respond to calls by using HTTPS
description: Handle inbound HTTPS requests from external services by using Azure Logic Apps ms.suite: integration
-ms.reviewers: jonfan, logicappspm
+ms.reviewers: estfan, azla
Previously updated : 11/19/2020 Last updated : 08/04/2021 tags: connectors
Your logic app keeps an inbound request open only for a [limited time](../logic-
1. To check that the inbound call has a request body that matches your specified schema, follow these steps:
+ 1. To enforce the inbound message to have the same exact fields that your schema describes, in your schema, add the `required` property and specify the required fields. Add the `addtionalProperties` and set the value to `false`.
+
+ For example, the following schema specifies that the inbound message must have the `msg` field and not any other fields:
+
+ ```json
+ {
+ "properties": {
+ "msg": {
+ "type": "string"
+ }
+ },
+ "type": "object",
+ "required": ["msg"],
+ "additionalProperties": false
+ }
+ ```
+ 1. In the Request trigger's title bar, select the ellipses button (**...**). 1. In the trigger's settings, turn on **Schema Validation**, and select **Done**.
cosmos-db Continuous Backup Restore Introduction https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/continuous-backup-restore-introduction.md
Currently the point in time restore functionality has the following limitations:
* Only Azure Cosmos DB APIs for SQL and MongoDB are supported for continuous backup. Cassandra, Table, and Gremlin APIs are not yet supported.
-* An existing account with default periodic backup policy cannot be converted to use continuous backup mode.
- * Azure sovereign and Azure Government cloud regions not yet supported. * Accounts with customer-managed keys are not supported to use continuous backup.
cosmos-db Migrate Continuous Backup https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/cosmos-db/migrate-continuous-backup.md
The following are the key reasons to migrate into continuous mode:
> * If the account is of type SQL API or API for MongoDB. > * If the account has a single write region. > * If the account isn't enabled with customer managed keys(CMK).
-> * If the account isn't enabled wit analytical store.
+> * If the account isn't enabled with analytical store.
## Permissions
To learn more about continuous backup mode, see the following articles:
* [Continuous backup mode resource model.](continuous-backup-restore-resource-model.md)
-* Restore an account using [Azure portal](restore-account-continuous-backup.md#restore-account-portal), [PowerShell](restore-account-continuous-backup.md#restore-account-powershell), [CLI](restore-account-continuous-backup.md#restore-account-cli), or [Azure Resource Manager](restore-account-continuous-backup.md#restore-arm-template).
+* Restore an account using [Azure portal](restore-account-continuous-backup.md#restore-account-portal), [PowerShell](restore-account-continuous-backup.md#restore-account-powershell), [CLI](restore-account-continuous-backup.md#restore-account-cli), or [Azure Resource Manager](restore-account-continuous-backup.md#restore-arm-template).
data-factory Whats New https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/whats-new.md
Title: What's New in Azure Data Factory
-description: This What's New page highlights new features and improvements for Azure Data Factory.
+ Title: What's new in Azure Data Factory
+description: This page highlights new features and recent improvements for Azure Data Factory. Azure Data Factory is a managed cloud service that's built for complex hybrid extract-transform-load (ETL), extract-load-transform (ELT), and data integration projects.
- Last updated 07/14/2021
-# What's New in Azure Data Factory
+# What's new in Azure Data Factory
-Azure Data Factory receives improvements on an ongoing basis. To stay up to date with the most recent developments, this article provides you with information about:
+The Azure Data Factory service is improved on an ongoing basis. To stay up to date with the most recent developments, this article provides you with information about:
- The latest releases - Known issues
Azure Data Factory receives improvements on an ongoing basis. To stay up to date
- Deprecated functionality - Plans for changes
-This page will be updated monthly, so revisit it regularly.
+This page is updated monthly, so revisit it regularly.
+
+## July 2021
+<br>
+<table>
+<tr><td><b>Service Category</b></td><td><b>Service improvements</b></td><td><b>Details</b></td></tr>
+<tr><td><b>Data Movement</b></td><td>Get metadata driven data ingestion pipelines on ADF Copy Data Tool within 10 minutes (Public Preview)</td><td>With this, you can build large-scale data copy pipelines with metadata-driven approach on copy data tool(Public Preview) within 10 minutes.<br><a href="https://techcommunity.microsoft.com/t5/azure-data-factory/get-metadata-driven-data-ingestion-pipelines-on-adf-within-10/ba-p/2528219">Learn more</a></td></tr>
+<tr><td><b>Data Flow</b></td><td>New map functions added in data flow transformation functions</td><td>A new set of data flow transformation functions has been added to enable data engineers to easily generate, read, and update map data types and complex map structures.<br><a href="data-flow-expression-functions.md#map-functions">Learn more</a></td></tr>
+<tr><td><b>Integration Runtime</b></td><td>5 new regions available in Azure Data Factory Managed VNET (Public Preview)</td><td>These 5 new regions(China East2, China North2, US Gov Arizona, US Gov Texas, US Gov Virginia) are available in Azure Data Factory managed virtual network (Public Preview).<br><a href="managed-virtual-network-private-endpoint.md#azure-data-factory-managed-virtual-network-is-available-in-the-following-azure-regions">Learn more</a></td></tr>
+<tr><td rowspan=2><b>Developer Productivity</b></td><td>ADF homepage redesigned with a few sessions added</td><td>The Data Factory home page has been redesigned with better contrast and reflow capabilities. Additionally, a few sections have been introduced on the homepage to help you improve productivity in your data integration journey.<br><a href="https://techcommunity.microsoft.com/t5/azure-data-factory/the-new-and-refreshing-data-factory-home-page/ba-p/2515076">Learn more</a></td></tr>
+<tr><td>New landing page for Azure Data Factory Studio</td><td>The landing page for Data Factory blade in the Azure portal.<br><a href="https://techcommunity.microsoft.com/t5/azure-data-factory/the-new-and-refreshing-data-factory-home-page/ba-p/2515076">Learn more</a></td></tr>
+</table>
## June 2021 <br>
This page will be updated monthly, so revisit it regularly.
<tr><td>Power Query activity in ADF public preview</td><td>You can now build complex field mappings to your Power Query sink using Azure Data Factory data wrangling. The sink is now configured in the pipeline in the Power Query (Preview) activity to accommodate this update.<br><a href="wrangling-tutorial.md">Learn more</a></td></tr> <tr><td>Updated data flows monitoring UI in Azure Data Factory</td><td>Azure Data Factory has a new update for the monitoring UI to make it easier to view your data flow ETL job executions and quickly identify areas for performance tuning.<br><a href="https://techcommunity.microsoft.com/t5/azure-data-factory/updated-data-flows-monitoring-ui-in-adf-amp-synapse/ba-p/2432199">Learn more</a></td></tr> <tr><td><b>SQL Server Integration Services (SSIS)</b></td><td>Run any SQL anywhere in 3 simple steps with SSIS in Azure Data Factory</td><td>This post provides 3 simple steps to run any SQL statements/scripts anywhere with SSIS in Azure Data Factory.<ol><li>Prepare your Self-Hosted Integration Runtime/SSIS Integration Runtime.</li><li>Prepare an Execute SSIS Package activity in Azure Data Factory pipeline.</li><li>Run the Execute SSIS Package activity on your Self-Hosted Integration Runtime/SSIS Integration Runtime.</li></ol><a href="https://techcommunity.microsoft.com/t5/sql-server-integration-services/run-any-sql-anywhere-in-3-easy-steps-with-ssis-in-azure-data/ba-p/2457244">Learn more</a></td></tr>-
-</table>
-
-## July 2021
-<br>
-<table>
-<tr><td><b>Service Category</b></td><td><b>Service improvements</b></td><td><b>Details</b></td></tr>
-<tr><td><b>Data Movement</b></td><td>Get metadata driven data ingestion pipelines on ADF Copy Data Tool within 10 minutes (Public Preview)</td><td>With this, you can build large-scale data copy pipelines with metadata-driven approach on copy data tool(Public Preview) within 10 minutes.<br><a href="https://techcommunity.microsoft.com/t5/azure-data-factory/get-metadata-driven-data-ingestion-pipelines-on-adf-within-10/ba-p/2528219">Learn more</a></td></tr>
-<tr><td><b>Data Flow</b></td><td>New map functions added in data flow transformation functions</td><td>A new set of data flow transformation functions has been added to enable data engineers to easily generate, read, and update map data types and complex map structures.<br><a href="data-flow-expression-functions.md#map-functions">Learn more</a></td></tr>
-<tr><td><b>Integration Runtime</b></td><td>5 new regions available in Azure Data Factory Managed VNET (Public Preview)</td><td>These 5 new regions(China East2, China North2, US Gov Arizona, US Gov Texas, US Gov Virginia) are available in Azure Data Factory managed virtual network (Public Preview).<br><a href="managed-virtual-network-private-endpoint.md#azure-data-factory-managed-virtual-network-is-available-in-the-following-azure-regions">Learn more</a></td></tr>
-<tr><td rowspan=2><b>Developer Productivity</b></td><td>ADF homepage redesigned with a few sessions added</td><td>The Data Factory home page has been redesigned with better contrast and reflow capabilities. Additionally, a few sections have been introduced on the homepage to help you improve productivity in your data integration journey.<br><a href="https://techcommunity.microsoft.com/t5/azure-data-factory/the-new-and-refreshing-data-factory-home-page/ba-p/2515076">Learn more</a></td></tr>
-<tr><td>New landing page for Azure Data Factory Studio</td><td>The landing page for Data Factory blade in the Azure Portal<br><a href="https://techcommunity.microsoft.com/t5/azure-data-factory/the-new-and-refreshing-data-factory-home-page/ba-p/2515076">Learn more</a></td></tr>
</table> ## More information
This page will be updated monthly, so revisit it regularly.
- [Stack Overflow forum](https://stackoverflow.com/questions/tagged/azure-data-factory) - [Twitter](https://twitter.com/AzDataFactory?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) - [Videos](https://www.youtube.com/channel/UC2S0k7NeLcEm5_IhHUwpN0g/featured)-----
ddos-protection Ddos Protection Reference Architectures https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/ddos-protection/ddos-protection-reference-architectures.md
You can leverage the scale, capacity, and efficiency of Azure DDoS Protection St
![Protecting on-prem resources](./media/reference-architectures/ddos-on-prem.png)
-If you have a web application that receives traffic from the Internet, you can host the web application behind Application Gateway, then protect it with WAF against Layer 7 web attacks such as SQL injection and Slowloris. The backend origins of your application will be in your on-premises environment, which is connected over the VPN.
+If you have a web application that receives traffic from the Internet, you can host the web application behind Application Gateway, then protect it with WAF against Layer 7 web attacks such as SQL injection. The backend origins of your application will be in your on-premises environment, which is connected over the VPN.
The backend resources in the on-premises environment will not be exposed to the public internet. Only the AppGW/WAF public IP is exposed to the internet and the DNS name of your application maps to that public IP address.
documentation.
## Next steps -- Learn how to [create a DDoS protection plan](manage-ddos-protection.md).
+- Learn how to [create a DDoS protection plan](manage-ddos-protection.md).
defender-for-iot Getting Started https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/defender-for-iot/organizations/getting-started.md
The following table describes user access permissions to Azure Defender for IoT
|--|--|--|--|--| | View details and access software, activation files and threat intelligence packages | Γ£ô | Γ£ô | Γ£ô | Γ£ô | | Onboard a sensor | | Γ£ô | Γ£ô | Γ£ô |
-| Update pricing | | Γ£ô | Γ£ô | Γ£ô |
+| Update pricing | | | Γ£ô | Γ£ô |
| Recover password | Γ£ô | Γ£ô | Γ£ô | Γ£ô | ## Identify the solution infrastructure
defender-for-iot Integration Splunk https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/defender-for-iot/organizations/integration-splunk.md
- Title: About the Splunk integration
-description: To address a lack of visibility into the security and resiliency of OT networks, Defender for IoT developed the Defender for IoT, IIoT, and ICS threat monitoring application for Splunk, a native integration between Defender for IoT and Splunk that enables a unified approach to IT and OT security.
Previously updated : 1/4/2021---
-# Defender for IoT and ICS threat monitoring application for Splunk
-
-Defender for IoT mitigates IIoT, ICS, and SCADA risk with patented, ICS-aware self-learning engines that deliver immediate insights about ICS devices, vulnerabilities, and threats in less than an image hour and without relying on agents, rules or signatures, specialized skills, or prior knowledge of the environment.
-
-To address a lack of visibility into the security and resiliency of OT networks, Defender for IoT developed the Defender for IoT, IIoT, and ICS threat monitoring application for Splunk, a native integration between Defender for IoT and Splunk that enables a unified approach to IT and OT security.
-
-> [!Note]
-> References to CyberX refer to Azure Defender for IoT.
-
-## About the Splunk application
-
-The application provides SOC analysts with multidimensional visibility into the specialized OT protocols and IIoT devices deployed in industrial environments, along with ICS-aware behavioral analytics to rapidly detect suspicious or anomalous behavior. The application also enables both IT and OT incident response from within one corporate SOC. This is an important evolution given the ongoing convergence of IT and OT to support new IIoT initiatives, such as smart machines and real-time intelligence.
-
-Splunk application can be installed locally or run on a cloud. The integration with Defender for IoT supports both deployments.
-
-## About the integration
-
-The integration of Defender for IoT and Splunk via the native application lets users:
--- Reduce the time required for industrial and critical infrastructure organizations to detect, investigate, and act on cyber threats.--- Obtain real-time intelligence about OT risks.--- Correlate Defender for IoT alerts with Splunk Enterprise Security Threat Intelligence repositories.--- Monitor and respond from a single-pane-of-glass.-
-[:::image type="content" source="media/integration-splunk/splunk-mainpage-v2.png" alt-text="Main page of the splunk tool.":::](media/integration-splunk/splunk-mainpage-v2.png#lightbox)
--
-The application allows Splunk administrators to analyze OT alerts that Defender for IoT sends, and monitor the entire OT security deployment, including details such as:
--- Which of the five analytics engines detected the alert.--- Which protocol generated the alert.--- Which Defender for IoT sensor generated the alert.--- The severity level of the alert.--- The source and destination of the communication.-
-## Requirements
-
-### Version requirements
-
-The following versions are requirements.
--- Defender for IoT version 2.4 and above.--- Splunkbase version 11 and above.--- Splunk Enterprise version 7.2 and above.
-
-## Download the application
-
-Download the *CyberX ICS Threat Monitoring for Splunk Application* from the [Splunkbase](https://splunkbase.splunk.com/app/4313/).
-
-## Splunk permission requirements
-
-The following Splunk permission is required:
--- Any user with *admin* user role permissions.-
-## Send Defender for IoT alerts to Splunk
-
-Defender for IoT alerts provides information about an extensive range of security events, including:
--- Deviations from learned baseline network activity.--- Malware detections.--- Detections based on suspicious operational changes.--- Network anomalies.--- Protocol deviations from protocol specifications.--
-You can configure Defender for IoT to send alerts to the Splunk server, where alert information is displayed in the Splunk Enterprise dashboard.
--
-The following alert information is sent to the Splunk server.
--- The date and time of the alert.--- The Defender for IoT engine that detected the event: Protocol Violation, Policy Violation, Malware, Anomaly, or Operational engine.--- The alert title.--- The alert message.--- The severity of the alert: Warning, Minor, Major or Critical.--- The source device name.--- The source device IP address.--- The destination device name.--- The destination device IP address.--- The Defender for IoT platform IP address (Host).--- The name of the Defender for IoT platform appliance (source type).-
-Sample output is shown below:
-
-| Time | Event |
-|--|--|
-| 7/23/15<br />9:28:31.000 PM | **Defender for IoT platform Alert**: A device was stopped by a PLC Command<br /><br />**Type**: Operational Violation <br /><br />**Severity**: Major <br /><br />**Source name**: my_device1 <br /><br />**Source IP**: 192.168.110.131 <br /><br />**Destination name**: my_device2<br /><br /> **Destination IP**: 10.140.33.238 <br /><br />**Message**: A network device was stopped using a Stop PLC command. This device will not operate until a Start command is sent. 192.168.110.131 was stopped by 10.140.33.238 (a Siemens S7 device), using a PLC Stop command.<br /><br />**Host**: 192.168.90.43 <br /><br />**Sourcetype**: Sensor_Agent |
-
-## Define alert forwarding rules
-
-Use Defender for IoT *Forwarding Rules* to send alert information to Splunk servers.
-
-Options are available to customize the alert rules based on the:
--- Specific protocols detected.--- Severity of the event.--- Defender for IoT engine that detects events.-
-To create a forwarding rule:
-
-1. From the sensor or on-premises management console left pane, select **Forwarding.**
-
- :::image type="content" source="media/integration-splunk/forwarding.png" alt-text="Select the blue button Create Forwarding Alert.":::
-
-1. Select **Create Forwarding Rules**. In the **Create Forwarding Rule** window, define the rule parameters.
-
- :::image type="content" source="media/integration-splunk/forwarding-rule.png" alt-text="Create the rules for your forwarding rule.":::
-
- | Parameter | Description |
- |--|--|
- | **Name** | The forwarding rule name. |
- | **Select Severity** | The minimal security level incident to forward. For example, if Minor is selected, minor alerts and any alert above this severity level will be forwarded. |
- | **Protocols** | By default, all the protocols are selected. To select a specific protocol, select **Specific** and select the protocol for which this rule is applied. |
- | **Engines** | By default, all the security engines are involved. To select a specific security engine for which this rule is applied, select **Specific** and select the engine. |
- | **System Notifications** | Forward sensor online/offline status. This option is only available if you have logged into the Central Manager. |
-
-1. To instruct Defender for IoT to send asset information to Splunk, select **Action**, and then select **Send to Splunk Server**.
-
-1. Enter the following Splunk parameters.
-
- :::image type="content" source="media/integration-splunk/parameters.png" alt-text="The Splunk parameters you should enter on this screen.":::
-
- | Parameter | Description |
- |--|--|
- | **Host** | Splunk server address |
- | **Port** | 8089 |
- | **Username** | Splunk server username |
- | **Password** | Splunk server password |
-
-1. Select **Submit**
-
-## Next steps
-
-Learn how to [Forward alert information](how-to-forward-alert-information-to-partners.md).
defender-for-iot Tutorial Splunk https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/defender-for-iot/organizations/tutorial-splunk.md
+
+ Title: Integrate Splunk with Azure Defender for IoT
+description: In this tutorial, learn how to integrate Splunk with Azure Defender for IoT.
+++ Last updated : 08/03/2021+++
+# Tutorial: Integrate Splunk with Azure Defender for IoT
+
+This tutorial will help you learn how to integrate, and use Splunk with Azure Defender for IoT.
+
+Defender for IoT mitigates IIoT, ICS, and SCADA risk with patented, ICS-aware self-learning engines that deliver immediate insights about ICS devices, vulnerabilities, and threats in less than an image hour and without relying on agents, rules or signatures, specialized skills, or prior knowledge of the environment.
+
+To address a lack of visibility into the security and resiliency of OT networks, Defender for IoT developed the Defender for IoT, IIoT, and ICS threat monitoring application for Splunk, a native integration between Defender for IoT and Splunk that enables a unified approach to IT and OT security.
+
+The application provides SOC analysts with multidimensional visibility into the specialized OT protocols and IIoT devices deployed in industrial environments, along with ICS-aware behavioral analytics to rapidly detect suspicious or anomalous behavior. The application also enables both IT, and OT incident response from within one corporate SOC. This is an important evolution given the ongoing convergence of IT and OT to support new IIoT initiatives, such as smart machines and real-time intelligence.
+
+The Splunk application can be installed locally or run on a cloud. The Splunk integration along with Defender for IoT supports both deployments.
+
+> [!Note]
+> References to CyberX refer to Azure Defender for IoT.
+
+In this tutorial, you learn how to:
+
+> [!div class="checklist"]
+> * Download the Defender for IoT application in Splunk
+> * Send Defender for IoT alerts to Splunk
+
+## Prerequisites
+
+### Version requirements
+
+The following versions are required for the application to run.
+
+- Defender for IoT version 2.4 and above.
+
+- Splunkbase version 11 and above.
+
+- Splunk Enterprise version 7.2 and above.
+
+### Splunk permission requirements
+
+The following Splunk permission is required:
+
+- Any user with an *Admin* level user role.
+
+## Download the Defender for IoT application in Splunk
+
+To access the Defender for IoT application within Splunk, you will need to download the application form the Splunkbase application store.
+
+**To access the Defender for IoT application in Splunk**:
+
+1. Navigate to the [Splunkbase](https://splunkbase.splunk.com/) application store.
+
+1. Search for `CyberX ICS Threat Monitoring for Splunk`.
+
+1. Select the CyberX ICS Threat Monitoring for Splunk application.
+
+1. Select the **LOGIN TO DOWNLOAD BUTTON**.
+
+## Send Defender for IoT alerts to Splunk
+
+The Defender for IoT alerts provides information about an extensive range of security events. These events include:
+
+- Deviations from the learned baseline network activity.
+
+- Malware detections.
+
+- Detections based on suspicious operational changes.
+
+- Network anomalies.
+
+- Protocol deviations from protocol specifications.
+
+ :::image type="content" source="media/tutorial-splunk/address-scan.png" alt-text="The detections screen.":::
+
+You can also configure Defender for IoT to send alerts to the Splunk server, where alert information is displayed in the Splunk Enterprise dashboard.
++
+To send alert information to the Splunk servers from Defender for IoT, you will need to create a Forwarding Rule.
+
+**To create the forwarding rule**:
+
+1. Sign in to the sensor, and select **Forwarding** from the left side pane.
+
+ :::image type="content" source="media/tutorial-splunk/forwarding.png" alt-text="Select the blue button Create Forwarding Alert.":::
+
+1. Select **Create Forwarding Rules**.
+
+1. In the **Create Forwarding Rule** window, define the rule parameters.
+
+ :::image type="content" source="media/tutorial-splunk/forwarding-rule.png" alt-text="Create the rules for your forwarding rule." lightbox="media/tutorial-splunk/forwarding-rule-expanded.png":::
+
+ | Parameter | Description |
+ |--|--|
+ | **Name** | The forwarding rule name. |
+ | **Select Severity** | The minimal security level incident to forward. For example, if Minor is selected, minor alerts and any alert above this severity level will be forwarded. |
+ | **Protocols** | By default, all the protocols are selected. To select a specific protocol, select **Specific** and select the protocol for which this rule is applied. |
+ | **Engines** | By default, all the security engines are involved. To select a specific security engine for which this rule is applied, select **Specific** and select the engine. |
+ | **System Notifications** | Forward sensor online/offline status. This option is only available if you have logged into the Central Manager. |
+
+1. Select **Action**, and then select **Send to Splunk Server**.
+
+1. Enter the following Splunk parameters.
+
+ :::image type="content" source="media/tutorial-splunk/parameters.png" alt-text="The Splunk parameters you should enter on this screen." lightbox="media/tutorial-splunk/parameters-expanded.png":::
+
+ | Parameter | Description |
+ |--|--|
+ | **Host** | Splunk server address |
+ | **Port** | 8089 |
+ | **Username** | Splunk server username |
+ | **Password** | Splunk server password |
+
+1. Select **Submit**.
+
+## Next steps
+
+In this tutorial, you learned how to get started with the Splunk integration. Continue on to learn how to [Integrate ServiceNow with Azure Defender for IoT](tutorial-servicenow.md).
+
+> [!div class="nextstepaction"]
+> [Integrate ServiceNow with Azure Defender for IoT](tutorial-servicenow.md)
event-hubs Event Hubs Event Processor Host https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/event-hubs/event-hubs-event-processor-host.md
Title: Receive events using Event Processor Host - Azure Event Hubs | Microsoft Docs description: This article describes the Event Processor Host in Azure Event Hubs, which simplifies the management of checkpointing, leasing, and reading events ion parallel. Previously updated : 06/23/2020 Last updated : 08/04/2021
Next, instantiate an [EventProcessorHost](/dotnet/api/microsoft.azure.eventhubs.
- **eventHubConnectionString:** The connection string to the event hub, which can be retrieved from the Azure portal. This connection string should have **Listen** permissions on the event hub. - **storageConnectionString:** The storage account used for internal resource management.
+> [!IMPORTANT]
+> Don't enable the soft delete feature on the storage account that's used as a checkpoint store.
+ Finally, consumers register the [EventProcessorHost](/dotnet/api/microsoft.azure.eventhubs.processor.eventprocessorhost) instance with the Event Hubs service. Registering an event processor class with an instance of EventProcessorHost starts event processing. Registering instructs the Event Hubs service to expect that the consumer app consumes events from some of its partitions, and to invoke the [IEventProcessor](/dotnet/api/microsoft.azure.eventhubs.processor.ieventprocessor) implementation code whenever it pushes events to consume. > [!NOTE]
expressroute Expressroute About Virtual Network Gateways https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/expressroute/expressroute-about-virtual-network-gateways.md
The following table shows the features supported across each gateway type.
|**Gateway SKU**|**VPN Gateway and ExpressRoute coexistence**|**FastPath**|**Max Number of Circuit Connections**| | | | | |
-|**Standard SKU/ERGw1Az**|No|No|4|
+|**Standard SKU/ERGw1Az**|Yes|No|4|
|**High Perf SKU/ERGw2Az**|Yes|No|8 |**Ultra Performance SKU/ErGw3Az**|Yes|Yes|16
The following table shows the features supported across each gateway type.
The following table shows the gateway types and the estimated performance scale numbers. These numbers are derived from the following testing conditions and represent the max support limits. Actual performance may vary, depending on how closely traffic replicates the testing conditions. ### Testing conditions
-##### **Standard** #####
+##### **Standard/ERGw1Az** #####
- Circuit bandwidth: 1Gbps - Number of routes advertises by the Gateway: 500 - Number of routes learned: 4,000
-##### **High Performance** #####
+##### **High Performance/ERGw2Az** #####
- Circuit bandwidth: 1Gbps - Number of routes advertises by the Gateway: 500 - Number of routes learned: 9,500
-##### **Ultra Performance** #####
+##### **Ultra Performance/ErGw3Az** #####
- Circuit bandwidth: 1Gbps - Number of routes advertises by the Gateway: 500
The following table shows the gateway types and the estimated performance scale
|**Gateway SKU**|**Connections per second**|**Mega-Bits per second**|**Packets per second**|**Supported number of VMs in the Virtual Network**| | | | | | |
-|**Standard**|7,000|1,000|100,000|2,000|
-|**High Performance**|14,000|2,000|250,000|4,500|
-|**Ultra Performance**|16,000|10,000|1,000,000|11,000|
+|**Standard/ERGw1Az**|7,000|1,000|100,000|2,000|
+|**High Performance/ERGw2Az**|14,000|2,000|250,000|4,500|
+|**Ultra Performance/ErGw3Az**|16,000|10,000|1,000,000|11,000|
+ > [!IMPORTANT] > Application performance depends on multiple factors, such as the end-to-end latency, and the number of traffic flows the application opens. The numbers in the table represent the upper limit that the application can theoretically achieve in an ideal environment.
governance Effects https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/policy/concepts/effects.md
related resources to match and the template deployment to execute.
- This property should include the full template deployment as it would be passed to the `Microsoft.Resources/deployments` PUT API. For more information, see the [Deployments REST API](/rest/api/resources/deployments).
+ - Nested `Microsoft.Resources/deployments` within the template should use unique names to avoid contention between multiple policy evaluations. The parent deployment's name can be used as part of the nested deployment name via `[concat('NestedDeploymentName-', uniqueString(deployment().name))]`.
> [!NOTE] > All functions inside the **Deployment** property are evaluated as components of the template,
governance Built In Packages https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/governance/policy/samples/built-in-packages.md
+
+ Title: List of built-in built-in packages for guest configuration
+description: List of all built-in packages for guest configuration mapped to each policy definition and the PowerShell modules that are used by each package.
Last updated : 08/04/2021+++
+# Azure Policy built-in packages for guest configuration
+
+This page is an index of Azure Policy built-in packages for the guest
+configuration feature.
+
+## Guest configuration package details
+
+Each row represents a package used by a built-in policy definition. The text in
+the **Definition** column links to the policy definition in the Azure portal.
+The **Configuration** column links to the `.mof` file in the
+[Azure Policy GitHub repo](https://github.com/Azure/azure-policy)
+containing the configuration that is used to audit and/or remediate
+machines. Finally, the **Required modules** column links to sample
+[PowerShell Desired State Configuration (DSC)](/powershell/scripting/dsc/overview/overview)
+modules used by each configuration. The resource modules contain the script
+logic used to evaluate each setting in the configuration.
+
+The table doesn't include details of packages used to evaluate baseline
+configurations. Baselines are written in C++ rather than PowerShell Desired
+State Configuration.
+
+|Policy definition|Configuration|Required DSC modules|
+|-|-|-|
+|[Audit Windows machines that have extra accounts in the Administrators group](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F3d2a3320-2a72-4c67-ac5f-caa40fbee2b2)|[AdministratorsGroupMembers](https://github.com/Azure/azure-policy/blob/master/samples/GuestConfiguration/package-samples/configurations/AdministratorsGroupMembers/AdministratorsGroupMembers.mof)|[LocalGroup](https://github.com/Azure/azure-policy/tree/master/samples/GuestConfiguration/package-samples/resource-modules/LocalGroup)|
+|[Audit Windows machines that have the specified members in the Administrators group](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f)|[AdministratorsGroupMembersToExclude](https://github.com/Azure/azure-policy/blob/master/samples/GuestConfiguration/package-samples/configurations/AdministratorsGroupMembersToExclude/AdministratorsGroupMembersToExclude.mof)|[LocalGroup](https://github.com/Azure/azure-policy/tree/master/samples/GuestConfiguration/package-samples/resource-modules/LocalGroup)|
+|[Audit Windows machines missing any of specified members in the Administrators group](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7)|[AdministratorsGroupMembersToInclude](https://github.com/Azure/azure-policy/blob/master/samples/GuestConfiguration/package-samples/configurations/AdministratorsGroupMembersToInclude/AdministratorsGroupMembersToInclude.mof)|[LocalGroup](https://github.com/Azure/azure-policy/tree/master/samples/GuestConfiguration/package-samples/resource-modules/LocalGroup)|
+|[Windows web servers should be configured to use secure communication protocols](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F5752e6d6-1206-46d8-8ab1-ecc2f71a8112)|[AuditSecureProtocol](https://github.com/Azure/azure-policy/blob/master/samples/GuestConfiguration/package-samples/configurations/AuditSecureProtocol/AuditSecureProtocol.mof)|[SecureProtocolWebServer](https://github.com/Azure/azure-policy/tree/master/samples/GuestConfiguration/package-samples/resource-modules/SecureProtocolWebServer)|
+|[\[Preview\]: Linux machines should meet requirements for the Azure compute security baseline](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Ffc9b3da7-8347-4380-8e70-0a0361d8dedd)|[AzureLinuxBaseline](https://github.com/Azure/azure-policy/blob/master/samples/GuestConfiguration/package-samples/configurations/AzureLinuxBaseline/AzureLinuxBaseline.mof)||
+|[\[Preview\]: Windows machines should meet requirements of the Azure compute security baseline](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F72650e9f-97bc-4b2a-ab5f-9781a9fcecbc)|[AzureWindowsBaseline](https://github.com/Azure/azure-policy/blob/master/samples/GuestConfiguration/package-samples/configurations/AzureWindowsBaseline/AzureWindowsBaseline.mof)||
+|[Audit Windows machines that contain certificates expiring within the specified number of days](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F1417908b-4bff-46ee-a2a6-4acc899320ab)|[CertificateExpiration](https://github.com/Azure/azure-policy/blob/master/samples/GuestConfiguration/package-samples/configurations/CertificateExpiration/CertificateExpiration.mof)|[CertificateManagement](https://github.com/Azure/azure-policy/tree/master/samples/GuestConfiguration/package-samples/resource-modules/CertificateManagement)|
+|[Audit Windows machines that allow re-use of the previous 24 passwords](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F5b054a0d-39e2-4d53-bea3-9734cad2c69b)|[EnforcePasswordHistory](https://github.com/Azure/azure-policy/blob/master/samples/GuestConfiguration/package-samples/configurations/EnforcePasswordHistory/EnforcePasswordHistory.mof)|[SecurityPolicyDsc](https://www.powershellgallery.com/packages/SecurityPolicyDsc/)|
+|[Linux machines should only have local accounts that are allowed](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F73db37c4-f180-4b0f-ab2c-8ee96467686b)|[LocalUsers_Linux](https://github.com/Azure/azure-policy/blob/master/samples/GuestConfiguration/package-samples/configurations/LocalUsers_Linux/LocalUsers_Linux.mof)|[LocalUser](https://github.com/Azure/azure-policy/tree/master/samples/GuestConfiguration/package-samples/resource-modules/LocalUser)|
+|[Windows machines should only have local accounts that are allowed](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Ff79fef0d-0050-4c18-a303-5babb9c14ac7)|[LocalUsers_Windows](https://github.com/Azure/azure-policy/blob/master/samples/GuestConfiguration/package-samples/configurations/LocalUsers_Windows/LocalUsers_Windows.mof)|[LocalUser](https://github.com/Azure/azure-policy/tree/master/samples/GuestConfiguration/package-samples/resource-modules/LocalUser)|
+|[Audit Windows machines that have not restarted within the specified number of days](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fbeb6ccee-b6b8-4e91-9801-a5fa4260a104)|[MachineLastBootUpTime](https://github.com/Azure/azure-policy/blob/master/samples/GuestConfiguration/package-samples/configurations/MachineLastBootUpTime/MachineLastBootUpTime.mof)|[MachineUpTime](https://github.com/Azure/azure-policy/tree/master/samples/GuestConfiguration/package-samples/resource-modules/MachineUpTime)|
+|[Audit Windows machines that do not have a maximum password age of 70 days](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F4ceb8dc2-559c-478b-a15b-733fbf1e3738)|[MaximumPasswordAge](https://github.com/Azure/azure-policy/blob/master/samples/GuestConfiguration/package-samples/configurations/MaximumPasswordAge/MaximumPasswordAge.mof)|[SecurityPolicyDsc](https://www.powershellgallery.com/packages/SecurityPolicyDsc/)|
+|[Audit Windows machines that do not have a minimum password age of 1 day](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F237b38db-ca4d-4259-9e47-7882441ca2c0)|[MinimumPasswordAge](https://github.com/Azure/azure-policy/blob/master/samples/GuestConfiguration/package-samples/configurations/MinimumPasswordAge/MinimumPasswordAge.mof)|[SecurityPolicyDsc](https://www.powershellgallery.com/packages/SecurityPolicyDsc/)|
+|[Audit Windows machines that do not restrict the minimum password length to 14 characters](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fa2d0e922-65d0-40c4-8f87-ea6da2d307a2)|[MinimumPasswordLength](https://github.com/Azure/azure-policy/blob/master/samples/GuestConfiguration/package-samples/configurations/MinimumPasswordLength/MinimumPasswordLength.mof)|[SecurityPolicyDsc](https://www.powershellgallery.com/packages/SecurityPolicyDsc/)|
+|[Audit Windows machines that do not have the password complexity setting enabled](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fbf16e0bb-31e1-4646-8202-60a235cc7e74)|[PasswordMustMeetComplexityRequirements](https://github.com/Azure/azure-policy/blob/master/samples/GuestConfiguration/package-samples/configurations/PasswordMustMeetComplexityRequirements/PasswordMustMeetComplexityRequirements.mof)|[SecurityPolicyDsc](https://www.powershellgallery.com/packages/SecurityPolicyDsc/)|
+|[Configure time zone on Windows machines.](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F6141c932-9384-44c6-a395-59e4c057d7c9)|[SetWindowsTimeZone](https://github.com/Azure/azure-policy/blob/master/samples/GuestConfiguration/package-samples/configurations/SetWindowsTimeZone/SetWindowsTimeZone.mof)|[WindowsTimeZone](https://github.com/Azure/azure-policy/tree/master/samples/GuestConfiguration/package-samples/resource-modules/WindowsTimeZone)|
+|[Audit Windows machines that do not store passwords using reversible encryption](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fda0f98fe-a24b-4ad5-af69-bd0400233661)|[StorePasswordsUsingReversibleEncryption](https://github.com/Azure/azure-policy/blob/master/samples/GuestConfiguration/package-samples/configurations/StorePasswordsUsingReversibleEncryption/StorePasswordsUsingReversibleEncryption.mof)|[SecurityPolicyDsc](https://www.powershellgallery.com/packages/SecurityPolicyDsc/)|
+|[Audit Windows machines that don't have the specified applications installed](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Febb67efd-3c46-49b0-adfe-5599eb944998)|[WhitelistedApplication](https://github.com/Azure/azure-policy/blob/master/samples/GuestConfiguration/package-samples/configurations/WhitelistedApplication/WhitelistedApplication.mof)|[UserApplication](https://github.com/Azure/azure-policy/tree/master/samples/GuestConfiguration/package-samples/resource-modules/UserApplication)|
+|[Audit Windows machines that do not contain the specified certificates in Trusted Root](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F934345e1-4dfb-4c70-90d7-41990dc9608b)|[WindowsCertificateInTrustedRoot](https://github.com/Azure/azure-policy/blob/master/samples/GuestConfiguration/package-samples/configurations/WindowsCertificateInTrustedRoot/WindowsCertificateInTrustedRoot.mof)|[CertificateManagement](https://github.com/Azure/azure-policy/tree/master/samples/GuestConfiguration/package-samples/resource-modules/CertificateManagement)|
+|[Windows Defender Exploit Guard should be enabled on your machines](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fbed48b13-6647-468e-aa2f-1af1d3f4dd40)|[WindowsDefenderExploitGuard](https://github.com/Azure/azure-policy/blob/master/samples/GuestConfiguration/package-samples/configurations/WindowsDefenderExploitGuard/WindowsDefenderExploitGuard.mof)|[WindowsDefender](https://github.com/Azure/azure-policy/tree/master/samples/GuestConfiguration/package-samples/resource-modules/WindowsDefender)|
+|[Audit Windows machines that are not joined to the specified domain](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F84662df4-0e37-44a6-9ce1-c9d2150db18c)|[WindowsDomainMembership](https://github.com/Azure/azure-policy/blob/master/samples/GuestConfiguration/package-samples/configurations/WindowsDomainMembership/WindowsDomainMembership.mof)|[DomainMembership](https://github.com/Azure/azure-policy/tree/master/samples/GuestConfiguration/package-samples/resource-modules/DomainMembership)|
+|[Audit Windows machines on which the DSC configuration is not compliant](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F08a2f2d2-94b2-4a7b-aa3b-bb3f523ee6fd)|[WindowsDscConfiguration](https://github.com/Azure/azure-policy/blob/master/samples/GuestConfiguration/package-samples/configurations/WindowsDscConfiguration/WindowsDscConfiguration.mof)|[WindowsDscConfiguration](https://github.com/Azure/azure-policy/tree/master/samples/GuestConfiguration/package-samples/resource-modules/WindowsDscConfiguration)|
+|[Audit Windows machines on which the Log Analytics agent is not connected as expected](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F6265018c-d7e2-432f-a75d-094d5f6f4465)|[WindowsLogAnalyticsAgentConnection](https://github.com/Azure/azure-policy/blob/master/samples/GuestConfiguration/package-samples/configurations/WindowsLogAnalyticsAgentConnection/WindowsLogAnalyticsAgentConnection.mof)|[LogAnalyticsAgent](https://github.com/Azure/azure-policy/tree/master/samples/GuestConfiguration/package-samples/resource-modules/LogAnalyticsAgent)|
+|[Audit Windows VMs with a pending reboot](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F4221adbc-5c0f-474f-88b7-037a99e6114c)|[WindowsPendingReboot](https://github.com/Azure/azure-policy/blob/master/samples/GuestConfiguration/package-samples/configurations/WindowsPendingReboot/WindowsPendingReboot.mof)|[WindowsPendingReboot](https://github.com/Azure/azure-policy/tree/master/samples/GuestConfiguration/package-samples/resource-modules/WindowsPendingReboot)|
+|[Audit Windows machines that do not have the specified Windows PowerShell execution policy](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fc648fbbb-591c-4acd-b465-ce9b176ca173)|[WindowsPowerShellExecutionPolicy](https://github.com/Azure/azure-policy/blob/master/samples/GuestConfiguration/package-samples/configurations/WindowsPowerShellExecutionPolicy/WindowsPowerShellExecutionPolicy.mof)|[PowerShellExecutionPolicy](https://github.com/Azure/azure-policy/tree/master/samples/GuestConfiguration/package-samples/resource-modules/PowerShellExecutionPolicy)|
+|[Audit Windows machines that do not have the specified Windows PowerShell modules installed](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F3e4e2bd5-15a2-4628-b3e1-58977e9793f3)|[WindowsPowerShellModules](https://github.com/Azure/azure-policy/blob/master/samples/GuestConfiguration/package-samples/configurations/WindowsPowerShellModules/WindowsPowerShellModules.mof)|[PowerShellModules](https://github.com/Azure/azure-policy/tree/master/samples/GuestConfiguration/package-samples/resource-modules/PowerShellModules)|
+|[Audit Windows machines network connectivity](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F630ac30f-a234-4533-ac2d-e0df77acda51)|[WindowsRemoteConnection](https://github.com/Azure/azure-policy/blob/master/samples/GuestConfiguration/package-samples/configurations/WindowsRemoteConnection/WindowsRemoteConnection.mof)|[WindowsRemoteConnection](https://github.com/Azure/azure-policy/tree/master/samples/GuestConfiguration/package-samples/resource-modules/WindowsRemoteConnection)|
+|[Audit Windows machines on which Windows Serial Console is not enabled](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F58c460e9-7573-4bb2-9676-339c2f2486bb)|[WindowsSerialConsole](https://github.com/Azure/azure-policy/blob/master/samples/GuestConfiguration/package-samples/configurations/WindowsSerialConsole/WindowsSerialConsole.mof)|[WindowsSerialConsole](https://github.com/Azure/azure-policy/tree/master/samples/GuestConfiguration/package-samples/resource-modules/WindowsSerialConsole)|
+|[Audit Windows machines on which the specified services are not installed and 'Running'](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fe6ebf138-3d71-4935-a13b-9c7fdddd94df)|[WindowsServiceStatus](https://github.com/Azure/azure-policy/blob/master/samples/GuestConfiguration/package-samples/configurations/WindowsServiceStatus/WindowsServiceStatus.mof)|[WindowsServiceStatus](https://github.com/Azure/azure-policy/tree/master/samples/GuestConfiguration/package-samples/resource-modules/WindowsServiceStatus)|
+|[Audit Windows machines that are not set to the specified time zone](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fc633f6a2-7f8b-4d9e-9456-02f0f04f5505)|[WindowsTimeZone](https://github.com/Azure/azure-policy/blob/master/samples/GuestConfiguration/package-samples/configurations/WindowsTimeZone/WindowsTimeZone.mof)|[WindowsTimeZone](https://github.com/Azure/azure-policy/tree/master/samples/GuestConfiguration/package-samples/resource-modules/WindowsTimeZone)|
+
+## Next steps
+
+- See the built-ins on the [Azure Policy GitHub repo](https://github.com/Azure/azure-policy).
+- Review the [Azure Policy definition structure](../concepts/definition-structure.md).
+- Review [Understanding policy effects](../concepts/effects.md).
hdinsight Log Analytics Migration https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/hdinsight/log-analytics-migration.md
Considering customer feedback, the Azure HDInsight team invested in integration
- Faster log delivery - Resource-based table grouping and default queries ++
+> [!NOTE]
+> New Azure Montitor integration is in Public Preview. It is only available in East US and West Europe regions.
++ ## Benefits of the new Azure Monitor integration This document outlines the changes to the Azure Monitor integration and provides best-practices for using the new tables.
The following charts show the table mappings from the classic Azure Monitoring I
| HDInsightOozieLogs | <ul><li>**Description**: This table contains all logs generated from the Oozie framework.</li><li>**Old table**: Log\_oozie\_CL</li></ul>| ## Next steps
-[Query Azure Monitor logs to monitor HDInsight clusters](hdinsight-hadoop-oms-log-analytics-use-queries.md)
+[Query Azure Monitor logs to monitor HDInsight clusters](hdinsight-hadoop-oms-log-analytics-use-queries.md)
healthcare-apis Healthcare Apis Faqs https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/healthcare-apis/healthcare-apis-faqs.md
During the public preview phase, Azure Healthcare APIs is available for you to u
### What regions are Healthcare APIs available? Please refer to the [Products by region](https://azure.microsoft.com/global-infrastructure/services/?products=azure-api-for-fhir) page for the most current information.
-### Can you use IoT Central with IoT Connector for FHIR?
-Health data can be sent to Event Hubs, Azure IoT Hub or Azure IoT Central, and is converted to FHIR resources, which enables care teams to view patient data captured from IoT devices in context with clinical records in FHIR.
+### What are the subscription quota limits for the Azure Healthcare APIs?
+
+#### Workspace (logical container):
+* 200 instances per Subscription (not adjustable)
+
+#### DICOM Server:
+* 800 instances per Subscription (not adjustable)
+* 10 DICOM instances per Workspace (not adjustable)
+
+#### FHIR Server:
+* 25 instances per Subscription (not adjustable)
+* 10 FHIR instances per Workspace (not adjustable)
+
+#### IoT Connector:
+* 25 IoT Connectors per Subscription (not adjustable)
+* 10 IoT Connectors per Workspace (not adjustable)
+* 1 FHIR Destination* per IoT Connector (not adjustable)
## More frequently asked questions [FAQs about Azure Healthcare APIs FHIR service](./fhir/fhir-faq.md)
iot-develop Quickstart Send Telemetry Iot Hub https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/iot-develop/quickstart-send-telemetry-iot-hub.md
Previously updated : 05/04/2021 Last updated : 08/03/2021 zone_pivot_groups: iot-develop-set1
zone_pivot_groups: iot-develop-set1
[!INCLUDE [iot-develop-send-telemetry-iot-hub-python](../../includes/iot-develop-send-telemetry-iot-hub-python.md)] :::zone-end-
-## View telemetry
-After the simulated device connects to IoT Hub, it begins sending telemetry. You can view the telemetry metrics and other details about your Iot hub and devices in the Azure portal.
-
-1. Sign in to the [Azure portal](https://portal.azure.com).
-
-1. Click your IoT hub to open it. You can find your IoT hub under **Recent resources** or in the left navigation, you can find it in **All resources**.
-
-1. On the **Overview** page scroll to view the overview metrics for your hub.
- :::image type="content" source="media/quickstart-send-telemetry-iot-hub/iot-hub-metrics.png" alt-text="IoT Hub device metrics overview":::
-
-1. Optionally, to review more metrics and build custom views, on the left navigation in **Monitoring**, select **Metric**s.
## Clean up resources If you no longer need the Azure resources created in this quickstart, you can use the Azure CLI to delete them.
iot-edge How To Auto Provision Tpm Linux On Windows https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/iot-edge/how-to-auto-provision-tpm-linux-on-windows.md
To provision your device, you need to gather information from your TPM chip and
First, you need to determine the **Endorsement key**, which is unique to each TPM chip and is obtained from the TPM chip manufacturer associated with it. Then, you need to provide a **Registration ID** for your device. You can derive a unique registration ID for your TPM device by, for example, creating an SHA-256 hash of the endorsement key.
-IoT Edge for Linux on Windows provides a PowerShell script to help retrieve this information from your TPM. To use the script, follow these steps on your device:
+IoT Edge for Linux on Windows provides a PowerShell fucntion to help retrieve this information from your TPM. To use the script, follow these steps on your device:
1. Open PowerShell in an elevated session.
-1. Clone the [iotedge-eflow](https://github.com/Azure/iotedge-eflow) repository.
-
- ```powershell
- git clone https://github.com/Azure/iotedge-eflow.git
- ```
-
-1. Import the downloaded module.
-
- ```powershell
- Import-Module <path>\iotedge-eflow\samples\scripts\EflowTpmProvisioningInfo.ps1
- ```
- 1. Run the command. ```powershell
- Get-EflowVmTpmProvisioningInformation
+ Get-EflowVmTpmProvisioningInfo
``` ### Simulate a TPM (optional)
iot-edge How To Create Virtual Switch https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/iot-edge/how-to-create-virtual-switch.md
+
+ Title: Create virtual switch for Azure IoT Edge for Linux on Windows | Microsoft Docs
+description: Installations for creating a virtual switch for Azure IoT Edge for Linux on Windows
++++++ Last updated : 07/12/2021+
+monikerRange: "=iotedge-2018-06"
++
+# Azure IoT Edge for Linux on Windows virtual switch creation
+Azure IoT Edge for Linux on Windows uses a virtual switch on the host machine to communicate with the virtual machine. Windows desktop versions come with a default switch that can be used, but Windows Server does not. Before you can deploy IoT Edge for Linux on Windows to a Windows Server device, you need to create a virtual switch. Furthermore, you can use this guide to create your custom virtual switch, if needed.
+
+This article shows you how to create a virtual switch on a Windows device to install IoT Edge for Linux on Windows with the following steps:
+- Create a virtual switch
+- Create a NAT table
+- Install and set up a DHCP server
+
+## Prerequisites
+- A Windows device. For supported Windows versions, see [Operating Systems](support.md#operating-systems).
+- Hyper-V role installed on the Windows device. For more information on how to enable Hyper-V, see [Install and provision Azure IoT Edge for Linux on a Windows device](/azure/iot-edge/how-to-install-iot-edge-on-windows?tabs=powershell#prerequisites).
+
+## Create virtual switch
+The following steps in this section are a generic guide for a virtual switch creation. Ensure that the virtual switch configuration aligns with your networking environment.
+
+1. Open PowerShell in an elevated session.
+
+2. Check the virtual switches on the Windows host, and make sure you don't have a virtual switch that can be used. Check [Get-VMSwitch (Hyper-V)](/powershell/module/hyper-v/get-vmswitch) for full details.
+
+ ```powershell
+ Get-VMSwitch
+ ```
+
+ If a virtual switch named **Default Switch** is already created and you don't need a custom virtual switch, you should be able to install IoT Edge for Linux on Windows without following the rest of the steps in this guide.
+
+3. Create a new VM switch with a name and type **Internal** or **Private**. To create an **External** virtual switch, specify either the **NetAdapterInterfaceDescription** or the **NetAdapterName** parameter, which implicitly set the type of the virtual switch to **External**. Check [New-VMSwitch (Hyper-V)](/powershell/module/hyper-v/new-vmswitch) and [Create a virtual switch for Hyper-V virtual machines](/windows-server/virtualization/hyper-v/get-started/create-a-virtual-switch-for-hyper-v-virtual-machines) for full details and further instructions.
+ ```powershell
+ New-VMSwitch -Name "{switchName}" -SwitchType {switchType}
+ ```
+
+4. Get the interface index of the created switch. Check [Get-NetAdapter (NetAdapter)](/powershell/module/netadapter/get-netadapter) for full details.
+ ```powershell
+ (Get-NetAdapter -Name '*{switchName}*').ifIndex
+ ```
+
+5. Using the interface index from previous step, get the IP address octet of the created switch network adapter. Check [Get-NetIPAddress (NetTCPIP)](/powershell/module/nettcpip/get-netipaddress) for full details.
+ ```powershell
+ Get-NetIPAddress -AddressFamily IPv4 -InterfaceIndex {ifIndex}
+ ```
+
+6. Using the IP address family and interface index from previous steps, create and set the new gateway IP address. For example, If the IPv4 address of the virtual network switch adapter is xxx.xxx.xxx.yyy, you can set the gatewayIp as following xxx.xxx.xxx.1. Check [New-NetIPAddress (NetTCPIP)](/powershell/module/nettcpip/new-netipaddress) for full details.
+ ```powershell
+ New-NetIPAddress -IPAddress {gatewayIp} -PrefixLength 24 -InterfaceIndex {ifIndex}
+ ```
+
+7. Create a Network Address Translation (NAT) object that translates an internal network address to an external network. Use the same IPv4 family address from previous steps. For example, if the IPv4 address of the virtual network switch adapter is xxx.xxx.xxx.yyy, you can set the natIp as following xxx.xxx.xxx.0. Check [New-NetNat (NetNat)](/powershell/module/netnat/new-netnat) for full details.
+ ```powershell
+ New-NetNat -Name "{switchName}" -InternalIPInterfaceAddressPrefix "{natIp}/24"
+ ```
+
+## Create DHCP Server
+
+>[!WARNING]
+>Authorization might be required to deploy a DHCP server in a corporate network environment. Check if the virtual switch configuration complies with your corporate network's policies. For further information, check the [Deploy DHCP Using Windows PowerShell](/windows-server/networking/technologies/dhcp/dhcp-deploy-wps) guide.
+
+1. Check if the DHCP Server feature is installed in the device. Look for the **Install State** column.
+ ```powershell
+ Get-WindowsFeature -Name 'DHCP'
+ ```
+
+2. If not installed, install it by using the following command.
+ ```powershell
+ Install-WindowsFeature -Name 'DHCP' -IncludeManagementTools
+ ```
+
+3. Add the DHCP Server to the default local security groups and restart the server.
+ ```powershell
+ netsh dhcp add securitygroups
+ Restart-Service dhcpserver
+ ```
+
+4. Configure the DHCP Server scope. Check [Add-DhcpServerv4Scope (DhcpServer)](/powershell/module/dhcpserver/add-dhcpserverv4scope) for full details. The DHCP server range of IPs is determined by the **startIp** and the **endIp**. For example, if 100 addresses want to be available, following the xxx.xxx.xxx.yyy IPv4 address of the virtual network switch adapter from Step 5, startIp = xxx.xxx.xxx.100, endIp = xxx.xxx.xxx.200 and subnetMask = 255.255.255.0.
+ ```powershell
+ Add-DhcpServerV4Scope -Name "AzureIoTEdgeScope" -StartRange {startIp} -EndRange {endIp} -SubnetMask {subnetMask} -State Active
+ ```
+
+5. Finally, assign the NAT object and gatewayIp to the DHCP server, and restart the server to load the configuration.
+ ```powershell
+ Set-DhcpServerV4OptionValue -ScopeID {natIp} -Router {gatewayIp}
+ Restart-service dhcpserver
+ ```
+
+## Next steps
+Follow the steps in [Install and provision Azure IoT Edge for Linux on a Windows device](how-to-install-iot-edge-on-windows.md) to set up a device with IoT Edge for Linux on Windows.
iot-edge How To Install Iot Edge On Windows https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/iot-edge/how-to-install-iot-edge-on-windows.md
This article lists the steps to set up IoT Edge on a Windows device. These steps
* On Windows 10, enable Hyper-V. For more information, see [Install Hyper-V on Windows 10](/virtualization/hyper-v-on-windows/quick-start/enable-hyper-v). * On Windows Server, install the Hyper-V role and create a default network switch. For more information, see [Nested virtualization for Azure IoT Edge for Linux on Windows](nested-virtualization.md). * On a virtual machine, configure nested virtualization. For more information, see [nested virtualization](nested-virtualization.md).
+ * Networking support
+ * Windows Server does not come with a default switch. Before you can deploy EFLOW to a Windows Server device, you need to create a virtual switch. For more information, see [Create virtual switch for Linux on Windows](how-to-create-virtual-switch.md).
+ * Windows Desktop versions come with a default switch that can be used for EFLOW installation. If needed, you can create your own custom virtual switch.
* If you want to install and manage IoT Edge device using Windows Admin Center, make sure you have access to Windows Admin Center and have the Azure IoT Edge extension installed:
iot-edge How To Update Iot Edge https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/iot-edge/how-to-update-iot-edge.md
If you want to update to the most recent version of IoT Edge, use the following
> >To find out if you're currently using the public preview version, navigate to **Settings** > **Apps** on your Windows device. Find **Azure IoT Edge** in the list of apps and features. If your listed version is 1.0.x, you are running the public preview version. Uninstall the app and then [Install and provision IoT Edge for Linux on Windows](how-to-install-iot-edge-on-windows.md) again. If your listed version is 1.1.x, you are running the generally available version and can receive updates through Microsoft Update.
-With IoT Edge for Linux on Windows, IoT Edge runs in a Linux virtual machine hosted on a Windows device. This virtual machine is pre-installed with IoT Edge, and you cannot manually update or change the IoT Edge components. Instead, the virtual machine is managed with Microsoft Update to keep the components up to date automatically.
+With IoT Edge for Linux on Windows, IoT Edge runs in a Linux virtual machine hosted on a Windows device. This virtual machine is pre-installed with IoT Edge, and you cannot manually update or change the IoT Edge components. Instead, the virtual machine is managed with Microsoft Update to keep the components up to date automatically.
+
+To find the latest version of Azure IoT Edge for Linux on Windows, see [EFLOW releases](https://aka.ms/AzEFLOW-Releases).
+ To receive IoT Edge for Linux on Windows updates, the Windows host should be configured to receive updates for other Microsoft products. You can turn this option with the following steps:
iot-edge Nested Virtualization https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/iot-edge/nested-virtualization.md
If you are using Windows Server, make sure you [install the Hyper-V role](/windo
## Deployment on Azure VMs
-Azure IoT Edge for Linux on Windows is not compatible on an Azure VM running the Server SKU unless a script is executed that brings up a default switch. For more information on how to bring up a default switch, see the [Windows Server section](#windows-server) below.
+Azure IoT Edge for Linux on Windows is not compatible on an Azure VM running the Server SKU unless a script is executed that brings up a default switch. For more information on how to bring up a default switch, see [Create virtual switch for Linux on Windows](how-to-create-virtual-switch.md).
> [!NOTE] > > Any Azure VMs that is supposed to host EFLOW must be a VM that [supports nested virtualization](../virtual-machines/acu.md)-
-## Windows Server
-
-For Windows Server users, note that Azure IoT Edge for Linux on Windows does not automatically support the default switch. Before you can deploy IoT Edge for Linux on Windows you must set up an internal switch on the server.
-
-Our deployment functionality does not create the default switch automatically because that requires IP configuration for the internal switch, a NAT configuration, and installing and configuring a DHCP server. Our deployment functionality states that it does not fiddle around with these settings in order to not affect network configurations on productive deployments.
-
-* For information about setting up the default switch manually, see [How to enable nested virtualization in Azure Virtual Machines](/virtualization/hyper-v-on-windows/user-guide/nested-virtualization)
-* For information about setting up a DHCP server for this scenario, see [Deploy DHCP using Windows PowerShell](/windows-server/networking/technologies/dhcp/dhcp-deploy-wps)
iot-edge Reference Iot Edge For Linux On Windows Functions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/iot-edge/reference-iot-edge-for-linux-on-windows-functions.md
The **Deploy-Eflow** command is the main deployment method. The deployment comma
| cpuCount | Integer value between 1 and the device's CPU cores | Number of CPU cores for the VM.<br><br>**Default value**: 1 vCore. | | memoryInMB | Integer value between 1024 and the maximum amount of free memory of the device |Memory allocated for the VM.<br><br>**Default value**: 1024 MB. | | vmDiskSize | Between 8 GB and 256 GB | Maximum disk size of the dynamically expanding virtual hard disk.<br><br>**Default value**: 16 GB. |
+| vswitchName | Name of the virtual switch | Name of the virtual switch assigned to the EFLOW VM. |
+| vswitchType | **Internal** or **External** | Type of the virtual switch assigned to the EFLOW VM. |
+| ip4Address | IPv4 Address in the range of the DCHP Server Scope | Static Ipv4 address of the EFLOW VM. _NOTE: Only supported with ICS Default Switch_. |
+| ip4PrefixLength | IPv4 Prefix Length of the subnet | Ipv4 subnet prefix length, only valid when static Ipv4 address is specified. _NOTE: Only supported with ICS Default Switch_. |
+| ip4GatewayAddress | IPv4 Address of the subnet gateway | Gateway Ipv4 address, only valid when static Ipv4 address is specified. _NOTE: Only supported with ICS Default Switch_. |
| gpuName | GPU Device name | Name of GPU device to be used for passthrough. | | gpuPassthroughType | **DirectDeviceAssignment**, **ParaVirtualization**, or none (CPU only) | GPU Passthrough type | | gpuCount | Integer value between 1 and the number of the device's GPU cores | Number of GPU devices for the VM. <br><br>**Note**: If using ParaVirtualization, make sure to set gpuCount = 1 | For more information, use the command `Get-Help Deploy-Eflow -full`.
+## Get-EflowHostConfiguration
+
+The **Get-EflowHostConfiguration** command returns the host configuration. This command takes no parameters. It returns an object that contains four properties:
+
+* FreePhysicalMemoryInMB
+* NumberOfLogicalProcessors
+* DiskInfo
+* GpuInfo
+
+For more information, use the command `Get-Help Get-EflowHostConfiguration -full`.
++ ## Get-EflowLogs The **Get-EflowLogs** command collects and bundles logs from the IoT Edge for Linux on Windows deployment and installation. It outputs the bundled logs in the form of a `.zip` folder.
The **Get-EflowVmTelemetryOption** command displays the status of the telemetry
For more information, use the command `Get-Help Get-EflowVmTelemetryOption -full`. +
+## Get-EflowVmTpmProvisioningInfo
+
+The **Get-EflowVmTpmProvisioningInfo** command returns the TPM provisioning information. This command takes no parameters. It returns an object that contains two properties:
+
+* Endorsement Key
+* Registration Id
+
+For more information, use the command `Get-Help Get-EflowVmTpmProvisioningInfo -full`.
+++ ## Invoke-EflowVmCommand The **Invoke-EflowVMCommand** command executes a Linux command inside the virtual machine and returns the output. This command only works for Linux commands that return a finite output. It cannot be used for Linux commands that require user interaction or that run indefinitely.
iot-hub Iot Hub Distributed Tracing https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/iot-hub/iot-hub-distributed-tracing.md
These instructions are for building the sample on Windows. For other environment
[!code-c[](~/samples-iot-distributed-tracing/iothub_ll_telemetry_sample-c/iothub_ll_telemetry_sample.c?name=snippet_config&highlight=2)]
- Replace the value of the `connectionString` constant with the device connection string you made a note of in the [register a device](../iot-develop/quickstart-send-telemetry-iot-hub.md?pivots=programming-language-ansi-c#create-a-simulated-device) section of the [Send telemetry C Quickstart](../iot-develop/quickstart-send-telemetry-iot-hub.md?pivots=programming-language-ansi-c).
+ Replace the value of the `connectionString` constant with the device connection string you made a note of in the [register a device](../iot-develop/quickstart-send-telemetry-iot-hub.md?pivots=programming-language-ansi-c#register-a-device) section of the [Send telemetry C Quickstart](../iot-develop/quickstart-send-telemetry-iot-hub.md?pivots=programming-language-ansi-c).
1. Change the `MESSAGE_COUNT` define to `5000`:
logic-apps Connect Virtual Network Vnet Isolated Environment https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/logic-apps/connect-virtual-network-vnet-isolated-environment.md
ms.suite: integration Previously updated : 07/13/2021 Last updated : 08/04/2021 # Connect to Azure virtual networks from Azure Logic Apps using an integration service environment (ISE)
If you don't permit access for these dependencies, your ISE deployment fails and
* User-defined routes To prevent asymmetric routing, you must define a route for each and every IP address that's listed below with **Internet** as the next hop.
-
- * [App Service Environment management addresses](../app-service/environment/management-addresses.md)
+
+ * [Logic Apps inbound and outbound addresses for the ISE region](../logic-apps/logic-apps-limits-and-config.md#firewall-configuration-ip-addresses-and-service-tags)
* [Azure IP addresses for connectors in the ISE region, available in this download file](https://www.microsoft.com/download/details.aspx?id=56519)
+ * [App Service Environment management addresses](../app-service/environment/management-addresses.md)
* [Azure Traffic Manager management addresses](https://azuretrafficmanagerdata.blob.core.windows.net/probes/azure/probe-ip-ranges.json)
- * [Logic Apps inbound and outbound addresses for the ISE region](../logic-apps/logic-apps-limits-and-config.md#firewall-configuration-ip-addresses-and-service-tags)
- * [Azure IP addresses for connectors in the ISE region, which are in this download file](https://www.microsoft.com/download/details.aspx?id=56519)
+ * [Azure API Management Control Plane IP addresses](../api-management/api-management-using-with-vnet.md#control-plane-ips)
* Service endpoints
logic-apps Logic Apps Deploy Azure Resource Manager Templates https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/logic-apps/logic-apps-deploy-azure-resource-manager-templates.md
ms.suite: integration Previously updated : 07/20/2021 Last updated : 08/04/2021
After deployment, your logic app works end-to-end with valid parameters, but to
Here are a few suggestions to handle authorizing connections:
+* Manually authorize OAuth connections by opening your logic app in Logic App Designer, either in the Azure portal or in Visual Studio. When you authorize your connection, a confirmation page might appear for you to allow access.
+ * Preauthorize and share API connection resources across logic apps that are in the same region. API connections exist as Azure resources independently from logic apps. While logic apps have dependencies on API connection resources, API connection resources don't have dependencies on logic apps and remain after you delete the dependent logic apps. Also, logic apps can use API connections that exist in other resource groups. However, the Logic App Designer supports creating API connections only in the same resource group as your logic apps. > [!NOTE]
Here are a few suggestions to handle authorizing connections:
* Unless your scenario involves services and systems that require multi-factor authentication, you can use a PowerShell script to provide consent for each OAuth connection by running a continuous integration worker as a normal user account on a virtual machine that has active browser sessions with the authorizations and consent already provided. For example, you can repurpose the sample script provided by the [LogicAppConnectionAuth project in the Logic Apps GitHub repo](https://github.com/logicappsio/LogicAppConnectionAuth).
-* Manually authorize OAuth connections by opening your logic app in Logic App Designer, either in the Azure portal or in Visual Studio.
- * If you use an Azure Active Directory (Azure AD) [service principal](../active-directory/develop/app-objects-and-service-principals.md) instead to authorize connections, learn how to [specify service principal parameters in your logic app template](../logic-apps/logic-apps-azure-resource-manager-templates-overview.md#authenticate-connections). ## Next steps
logic-apps Logic Apps Enterprise Integration Maps https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/logic-apps/logic-apps-enterprise-integration-maps.md
Previously updated : 07/20/2021 Last updated : 08/04/2021 # Transform XML with maps in Azure Logic Apps with Enterprise Integration Pack
-To transfer XML data between formats for enterprise integration scenarios
-in Azure Logic Apps, your logic app can use maps, or more specifically,
-Extensible Stylesheet Language Transformation (XSLT) maps. A map is an XML
-document that describes how to convert data from an XML document into another format.
+To transfer XML data between formats for enterprise integration scenarios in Azure Logic Apps, your logic app can use maps, or more specifically, Extensible Stylesheet Language Transformation (XSLT) maps. A map is an XML
+document that describes how to convert data from an XML document into another format.
-For example, suppose you regularly receive B2B orders or invoices from
-a customer who uses the YYYMMDD date format. However, your organization
-uses the MMDDYYY date format. You can define and use a map that transforms
-the YYYMMDD date format to the MMDDYYY format before storing the order or
-invoice details in your customer activity database.
+For example, suppose you regularly receive B2B orders or invoices from a customer who uses the YYYMMDD date format. However, your organization uses the MMDDYYY date format. You can define and use a map that transforms
+the YYYMMDD date format to the MMDDYYY format before storing the order or invoice details in your customer activity database.
> [!NOTE] > The Azure Logic Apps service allocates finite memory for processing XML transformations. If you
invoice details in your customer activity database.
> for compute and memory resources. For more information, review the following documentation: > > * [What is Azure Logic Apps - Resource type and host environments](logic-apps-overview.md#resource-type-and-host-environment-differences)
+> * [Create an integration workflow with single-tenant Azure Logic Apps (Standard)](create-single-tenant-workflows-azure-portal.md)
> * [Single-tenant versus multi-tenant and integration service environment for Azure Logic Apps](single-tenant-overview-compare.md) > * [Usage metering, billing, and pricing models for Azure Logic Apps](logic-apps-pricing.md)
For limits related to integration accounts and artifacts such as maps, review [L
* An Azure subscription. If you don't have a subscription, [sign up for a free Azure account](https://azure.microsoft.com/free/). * An [integration account](../logic-apps/logic-apps-enterprise-integration-create-integration-account.md)
-where you store your maps and other artifacts for enterprise
-integration and business-to-business (B2B) solutions.
+where you store your maps and other artifacts for enterprise integration and business-to-business (B2B) solutions.
* If your map references an external assembly, you need a 64-bit assembly. The transform service runs a 64-bit process, so 32-bit assemblies aren't supported. If you have the source code for a 32-bit assembly, recompile the code into a 64-bit assembly. If you don't have the source code, but you obtained the binary from a third-party provider, get the 64-bit version from that provider. For example, some vendors provide assemblies in packages that have both 32-bit and 64-bit versions. If you have the option, use the 64-bit version instead.
-* If your map references an external assembly, you have to upload
-*both the assembly and the map* to your integration account.
-Make sure you [*upload your assembly first*](#add-assembly), and then upload the
-map that references the assembly.
+* If your map references an external assembly, you have to upload *both the assembly and the map* to your integration account. Make sure you [*upload your assembly first*](#add-assembly), and then upload the map that references the assembly.
- If your assembly is 2 MB or smaller, you can add
- your assembly to your integration account *directly*
- from the Azure portal. However, if your assembly or
- map is bigger than 2 MB but not bigger than the
- [size limit for assemblies or maps](../logic-apps/logic-apps-limits-and-config.md#artifact-capacity-limits),
- you have these options:
+ If your assembly is 2 MB or smaller, you can add your assembly to your integration account *directly* from the Azure portal. However, if your assembly or map is bigger than 2 MB but not bigger than the [size limit for assemblies or maps](../logic-apps/logic-apps-limits-and-config.md#artifact-capacity-limits), you have these options:
- * For assemblies, you need an Azure blob container
- where you can upload your assembly and that container's
- location. That way, you can provide that location later
- when you add the assembly to your integration account.
- For this task, you need these items:
+ * For assemblies, you need an Azure blob container where you can upload your assembly and that container's location. That way, you can provide that location later when you add the assembly to your integration account. For this task, you need these items:
| Item | Description | ||-|
map that references the assembly.
* For maps, you can currently add larger maps by using the [Azure Logic Apps REST API - Maps](/rest/api/logic/maps/createorupdate).
-You don't need a logic app when creating and adding maps.
-However, to use a map, your logic app needs linking to
-an integration account where you store that map. Learn
-[how to link logic apps to integration accounts](../logic-apps/logic-apps-enterprise-integration-create-integration-account.md#link-account).
-If you don't have a logic app yet, learn [how to create logic apps](../logic-apps/quickstart-create-first-logic-app-workflow.md).
+You don't need a logic app when creating and adding maps. However, to use a map, your logic app needs linking to an integration account where you store that map. Learn [how to link logic apps to integration accounts](../logic-apps/logic-apps-enterprise-integration-create-integration-account.md#link-account). If you don't have a logic app yet, learn [how to create logic apps](../logic-apps/quickstart-create-first-logic-app-workflow.md).
<a name="add-assembly"></a> ## Add referenced assemblies
-1. Sign in to the [Azure portal](https://portal.azure.com)
- with your Azure account credentials.
+1. In the [Azure portal](https://portal.azure.com), sign in with your Azure account credentials.
-1. To find and open your integration account,
- on the main Azure menu, select **All services**.
- In the search box, enter "integration account".
- Select **Integration accounts**.
+1. In the main Azure search box, enter `integration accounts`, and select **Integration accounts**.
- ![Find integration account](./media/logic-apps-enterprise-integration-maps/find-integration-account.png)
+1. Select the integration account where you want to add your assembly, for example:
-1. Select the integration account where you want to
- add your assembly, for example:
+1. On your integration account's menu, select **Overview**. Under **Settings**, select **Assemblies**.
- ![Select integration account](./media/logic-apps-enterprise-integration-maps/select-integration-account.png)
+1. On the **Assemblies** pane toolbar, select **Add**.
-1. On your integration account's **Overview** page,
- under **Components**, select the **Assemblies** tile.
-
- ![Select "Assemblies"](./media/logic-apps-enterprise-integration-maps/select-assemblies.png)
-
-1. After the **Assemblies** page opens, choose **Add**.
-
- ![Screenshot that highlights the Add button on the Assemblies page.](./media/logic-apps-enterprise-integration-maps/add-assembly.png)
-
-Based on your assembly file's size, follow the
-steps for uploading an assembly that's either
-[up to 2 MB](#smaller-assembly) or
-[more than 2 MB but only up to 8 MB](#larger-assembly).
-For limits on assembly quantities in integration accounts, see
-[Limits and configuration for Azure Logic Apps](../logic-apps/logic-apps-limits-and-config.md#artifact-number-limits).
+Based on your assembly file's size, follow the steps for uploading an assembly that's either [up to 2 MB](#smaller-assembly) or [more than 2 MB but only up to 8 MB](#larger-assembly). For limits on assembly quantities in integration accounts, review [Limits and configuration for Azure Logic Apps](../logic-apps/logic-apps-limits-and-config.md#artifact-number-limits).
> [!NOTE] > If you change your assembly, you must also update your map whether or not the map has changes.
For limits on assembly quantities in integration accounts, see
### Add assemblies up to 2 MB
-1. Under **Add Assembly**, enter a name for your assembly.
-Keep **Small file** selected. Next to the **Assembly** box,
-choose the folder icon. Find and select the assembly
-you're uploading, for example:
-
- ![Upload smaller assembly](./media/logic-apps-enterprise-integration-maps/upload-assembly-file.png)
+1. Under **Add Assembly**, enter a name for your assembly. Keep **Small file** selected. Next to the **Assembly** box, select the folder icon. Find and select the assembly you're uploading.
- In the **Assembly Name** property, the assembly's file
- name appears automatically after you select the assembly.
+ After you select the assembly, the **Assembly Name** property automatically shows the assembly's file name.
-1. When you're ready, choose **OK**.
+1. When you're ready, select **OK**.
- After your assembly file finishes uploading,
- the assembly appears in the **Assemblies** list.
-
- ![Uploaded assemblies list](./media/logic-apps-enterprise-integration-maps/uploaded-assemblies-list.png)
-
- On your integration account's **Overview** page,
- under **Components**, the **Assemblies** tile now
- shows the number of uploaded assemblies, for example:
-
- ![Uploaded assemblies](./media/logic-apps-enterprise-integration-maps/uploaded-assemblies.png)
+ After your assembly file finishes uploading, the assembly appears in the **Assemblies** list. On your integration account's **Overview** pane, under **Artifacts**, your uploaded assembly also appears.
<a name="larger-assembly"></a> ### Add assemblies more than 2 MB
-To add larger assemblies, you can upload your assembly to
-an Azure blob container in your Azure storage account.
-Your steps for adding assemblies differ based whether
-your blob container has public read access. So first,
-check whether or not your blob container has public
-read access by following these steps:
-[Set public access level for blob container](../vs-azure-tools-storage-explorer-blobs.md#set-the-public-access-level-for-a-blob-container)
+To add larger assemblies, you can upload your assembly to an Azure blob container in your Azure storage account. Your steps for adding assemblies differ based whether your blob container has public read access. So first, check whether or not your blob container has public read access by following these steps: [Set public access level for blob container](../vs-azure-tools-storage-explorer-blobs.md#set-the-public-access-level-for-a-blob-container)
#### Check container access level
-1. Open Azure Storage Explorer. In the Explorer window,
- expand your Azure subscription if not already expanded.
+1. Open Azure Storage Explorer. In the Explorer window, expand your Azure subscription if not already expanded.
-1. Expand **Storage Accounts** > {*your-storage-account*} >
- **Blob Containers**. Select your blob container.
+1. Expand **Storage Accounts** > {*your-storage-account*} > **Blob Containers**. Select your blob container.
-1. From your blob container's shortcut menu,
- select **Set Public Access Level**.
+1. From your blob container's shortcut menu, select **Set Public Access Level**.
- * If your blob container has at least public access, choose **Cancel**,
- and follow these steps later on this page:
- [Upload to containers with public access](#public-access-assemblies)
+ * If your blob container has at least public access, select **Cancel**, and follow these steps later on this page: [Upload to containers with public access](#public-access-assemblies)
![Public access](media/logic-apps-enterprise-integration-schemas/azure-blob-container-public-access.png)
- * If your blob container doesn't have public access, choose **Cancel**,
- and follow these steps later on this page:
- [Upload to containers without public access](#no-public-access-assemblies)
+ * If your blob container doesn't have public access, select **Cancel**, and follow these steps later on this page: [Upload to containers without public access](#no-public-access-assemblies)
![No public access](media/logic-apps-enterprise-integration-schemas/azure-blob-container-no-public-access.png)
read access by following these steps:
#### Upload to containers with public access
-1. Upload the assembly to your storage account.
- In the right-hand window, choose **Upload**.
+1. Upload the assembly to your storage account. In the right-side window, select **Upload**.
-1. After you finish uploading, select your
- uploaded assembly. On the toolbar, choose **Copy URL**
- so that you copy the assembly's URL.
+1. After you finish uploading, select your uploaded assembly. On the toolbar, select **Copy URL** so that you copy the assembly's URL.
-1. Return to the Azure portal where the
- **Add Assembly** pane is open.
- Enter a name for your assembly.
- Choose **Large file (larger than 2 MB)**.
+1. Return to the Azure portal where the **Add Assembly** pane is open. Enter a name for your assembly. Select **Large file (larger than 2 MB)**.
- The **Content URI** box now appears,
- rather than the **Assembly** box.
+ The **Content URI** box now appears, rather than the **Assembly** box.
-1. In the **Content URI** box, paste your assembly's URL.
- Finish adding your assembly.
+1. In the **Content URI** box, paste your assembly's URL. Finish adding your assembly.
-After your assembly finishes uploading,
-the schema appears in the **Assemblies** list.
-On your integration account's **Overview** page,
-under **Components**, the **Assemblies** tile now
-shows the number of uploaded assemblies.
+ After your assembly finishes uploading, the schema appears in the **Assemblies** list. On your integration account's **Overview** pane, under **Artifacts**, your uploaded assembly also appears.
<a name="no-public-access-assemblies"></a> #### Upload to containers without public access
-1. Upload the assembly to your storage account.
- In the right-hand window, choose **Upload**.
+1. Upload the assembly to your storage account. In the right-side window, select **Upload**.
-1. After you finish uploading, generate a
- shared access signature (SAS) for your assembly.
- From your assembly's shortcut menu,
- select **Get Shared Access Signature**.
+1. After you finish uploading, generate a shared access signature (SAS) for your assembly. From your assembly's shortcut menu, select **Get Shared Access Signature**.
-1. In the **Shared Access Signature** pane, select
- **Generate container-level shared access signature URI** > **Create**.
- After the SAS URL gets generated, next to the **URL** box, choose **Copy**.
+1. In the **Shared Access Signature** pane, select **Generate container-level shared access signature URI** > **Create**. After the SAS URL gets generated, next to the **URL** box, select **Copy**.
-1. Return to the Azure portal where the
- **Add Assembly** pane is open.
- Enter a name for your assembly.
- Choose **Large file (larger than 2 MB)**.
+1. Return to the Azure portal where the **Add Assembly** pane is open. Enter a name for your assembly. Select **Large file (larger than 2 MB)**.
- The **Content URI** box now appears,
- rather than the **Assembly** box.
+ The **Content URI** box now appears, rather than the **Assembly** box.
-1. In the **Content URI** box, paste the SAS URI
- you previously generated. Finish adding your assembly.
+1. In the **Content URI** box, paste the SAS URI that you previously generated. Finish adding your assembly.
-After your assembly finishes uploading,
-the assembly appears in the **Schemas** list.
-On your integration account's **Overview** page,
-under **Components**, the **Assemblies** tile now
-shows the number of uploaded assemblies.
+After your assembly finishes uploading, the assembly appears in the **Schemas** list. On your integration account's **Overview** page, under **Artifacts**, your uploaded assembly also appears.
## Create maps
-To create an Extensible Stylesheet Language Transformation (XSLT) document you can use as a map,
-you can use Visual Studio 2015 for creating a
-BizTalk Integration project by using the
-[Enterprise Integration Pack](logic-apps-enterprise-integration-overview.md).
-In this project, you can build an integration map file,
-which lets you visually map items between two XML schema files.
-After you build this project, you get an XSLT document.
-For limits on map quantities in integration accounts, see
-[Limits and configuration for Azure Logic Apps](../logic-apps/logic-apps-limits-and-config.md#artifact-number-limits).
+To create an Extensible Stylesheet Language Transformation (XSLT) document that you can use as a map, you can use Visual Studio 2015 or 2019 to create an integration project by using the [Enterprise Integration Pack](logic-apps-enterprise-integration-overview.md). In this project, you can build an integration map file, which lets you visually map items between two XML schema files. After you build this project, you get an XSLT document. For limits on map quantities in integration accounts, review [Limits and configuration for Azure Logic Apps](../logic-apps/logic-apps-limits-and-config.md#artifact-number-limits).
## Add maps
-After you upload any assemblies that your map references,
-you can now upload your map.
-
-1. If you haven't signed in already, sign in to the
- [Azure portal](https://portal.azure.com)
- with your Azure account credentials.
-
-1. If your integration account isn't already open,
- on the main Azure menu, select **All services**.
- In the search box, enter "integration account".
- Select **Integration accounts**.
+After you upload any assemblies that your map references, you can now upload your map.
- ![Find integration account](./media/logic-apps-enterprise-integration-maps/find-integration-account.png)
+1. If you haven't signed in already, sign in to the [Azure portal](https://portal.azure.com) with your Azure account credentials.
-1. Select the integration account where you want to add your map,
- for example:
+1. If your integration account isn't already open, in the main Azure search box, enter `integration accounts`, and select **Integration accounts**.
- ![Select integration account](./media/logic-apps-enterprise-integration-maps/select-integration-account.png)
+1. Select the integration account where you want to add your map.
-1. On your integration account's **Overview** page,
- under **Components**, select the **Maps** tile.
+1. On your integration account's menu, select **Overview**. Under **Settings**, select **Maps**.
- ![Select "Maps"](./media/logic-apps-enterprise-integration-maps/select-maps.png)
+1. On the **Maps** pane toolbar, select **Add**.
-1. After the **Maps** page opens, choose **Add**.
-
- ![Choose "Add"](./media/logic-apps-enterprise-integration-maps/add-map.png)
+1. Continue to add either a map [up to 2 MB](#smaller-map) or [more than 2 MB](#larger-map).
<a name="smaller-map"></a> ### Add maps up to 2 MB
-1. Under **Add Map**, enter a name for your map.
-
-1. Under **Map type**, select the type, for example:
- **Liquid**, **XSLT**, **XSLT 2.0**, or **XSLT 3.0**.
+1. Under **Add Map**, enter a unique name for your map.
-1. Keep **Small file** selected. Next to the **Map** box,
- choose the folder icon. Find and select the map
- you're uploading, for example:
+1. Under **Map type**, select the type, for example: **Liquid**, **XSLT**, **XSLT 2.0**, or **XSLT 3.0**.
- ![Upload map](./media/logic-apps-enterprise-integration-maps/upload-map-file.png)
+1. Next to the **Map** box, select the folder icon. Find and select the map you're uploading, for example:
- If you left the **Name** property empty, the map's file name automatically
- appears in that property automatically after you select the map file.
- However, you can use any unique name.
+ If you left the **Name** property empty, the map's file name automatically appears in that property after you select the map file.
-1. When you're ready, choose **OK**.
- After your map file finishes uploading,
- the map appears in the **Maps** list.
+1. When you're ready, select **OK**.
- ![Uploaded maps list](./media/logic-apps-enterprise-integration-maps/uploaded-maps-list.png)
+ After your map file finishes uploading, the map appears in the **Maps** list.
- On your integration account's **Overview** page,
- under **Components**, the **Maps** tile now
- shows the number of uploaded maps, for example:
-
- ![Uploaded maps](./media/logic-apps-enterprise-integration-maps/uploaded-maps.png)
+ On your integration account's **Overview** page, under **Artifacts**, your uploaded map also appears.
<a name="larger-map"></a>
access by following these steps:
### Add maps to containers with public access 1. Upload the map to your storage account.
- In the right-hand window, choose **Upload**.
+ In the right-side window, choose **Upload**.
1. After you finish uploading, select your uploaded map. On the toolbar, choose **Copy URL**
the map appears in the **Maps** list.
### Add maps to containers with no public access 1. Upload the map to your storage account.
- In the right-hand window, choose **Upload**.
+ In the right-side window, choose **Upload**.
1. After you finish uploading, generate a shared access signature (SAS) for your schema.
the map appears in the **Maps** list.
## Edit maps
-To update an existing map, you have to upload a new
-map file that has the changes you want. However,
-you can first download the existing map for editing.
-
-1. In the [Azure portal](https://portal.azure.com),
-find and open your integration account, if not already open.
+To update an existing map, you have to upload a new map file that has the changes you want. However, you can first download the existing map for editing.
-1. On the main Azure menu, select **All services**.
-In the search box, enter "integration account".
-Select **Integration accounts**.
+1. In the [Azure portal](https://portal.azure.com), open your integration account, if not already open.
-1. Select the integration account where you want to update your map.
+1. On your integration account's menu, under **Settings**, select **Maps**.
-1. On your integration account's **Overview** page,
- under **Components**, select the **Maps** tile.
+1. After the **Maps** pane opens, select your map. To download and edit the map first, on the **Maps** pane toolbar, select **Download**, and save the map.
-1. After the **Maps** page opens, select your map.
- To download and edit the map first, choose **Download**,
- and save the map.
+1. When you're ready to upload the updated map, on the **Maps** pane, select the map that you want to update. On the **Maps** pane toolbar, select **Update**.
-1. When you're ready to upload the updated map, on the **Maps** page,
- select the map you want to update, and choose **Update**.
+1. Find and select the updated map you want to upload.
-1. Find and select the updated map you want to upload.
- After your map file finishes uploading,
- the updated map appears in the **Maps** list.
+ After your map file finishes uploading, the updated map appears in the **Maps** list.
## Delete maps
-1. In the [Azure portal](https://portal.azure.com),
- find and open your integration account, if not already open.
-
-1. On the main Azure menu, select **All services**.
- In the search box, enter "integration account".
- Select **Integration accounts**.
-
-1. Select the integration account where you
- want to delete your map.
+1. In the [Azure portal](https://portal.azure.com), find and open your integration account, if not already open.
-1. On your integration account's **Overview** page,
- under **Components**, select the **Maps** tile.
+1. On your integration account's menu, under **Settings**, select **Maps**.
-1. After the **Maps** page opens, select your map, and choose **Delete**.
+1. After the **Maps** pane opens, select your map, and select **Delete**.
-1. To confirm you want to delete the map, choose **Yes**.
+1. To confirm you want to delete the map, select **Yes**.
## Next steps
logic-apps Logic Apps Limits And Config https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/logic-apps/logic-apps-limits-and-config.md
ms.suite: integration Previously updated : 07/29/2021 Last updated : 08/02/2021 # Limits and configuration reference for Azure Logic Apps
The following table lists the values for an **Until** loop:
The following table lists the values for a single workflow definition:
-### Multi-tenant & single-tenant
-
-| Name | Limit | Notes |
-| - | -- | -- |
-| Action - Executions per 5-minute rolling interval | - Default: 100,000 executions <p><p>- High throughput mode: 300,000 executions | To raise the default value to the maximum value for your workflow, see [Run in high throughput mode](#run-high-throughput-mode), which is in preview. Or, you can [distribute the workload across more than one workflow](handle-throttling-problems-429-errors.md#logic-app-throttling) as necessary. |
-| Action - Concurrent outbound calls | ~2,500 calls | You can reduce the number of concurrent requests or reduce the duration as necessary. |
-| Managed connector throttling | - Multi-tenant: Throttling limit varies based on connector <p><p>- Single-tenant: 50 requests per minute per connection | For multi-tenant, review [each managed connector's technical reference page](/connectors/connector-reference/connector-reference-logicapps-connectors). <p><p>For more information about handling connector throttling, review [Handle throttling problems ("429 - Too many requests" errors)](handle-throttling-problems-429-errors.md#connector-throttling). |
-| Runtime endpoint - Concurrent inbound calls | ~1,000 calls | You can reduce the number of concurrent requests or reduce the duration as necessary. |
-| Runtime endpoint - Read calls per 5 min | 60,000 read calls | This limit applies to calls that get the raw inputs and outputs from a workflow's run history. You can distribute the workload across more than one workflow as necessary. |
-| Runtime endpoint - Invoke calls per 5 min | 45,000 invoke calls | You can distribute workload across more than one workflow as necessary. |
-| Content throughput per 5 min | 600 MB | You can distribute workload across more than one workflow as necessary. |
-||||
+| Name | Multi-tenant | Single-tenant | Notes |
+||--||-|
+| Action - Executions per 5-minute rolling interval | Default: 100,000 executions <br>- High throughput mode: 300,000 executions | None | You can raise the default value to the maximum value for your workflow. For more information, see [Run in high throughput mode](#run-high-throughput-mode), which is in preview. Or, you can [distribute the workload across more than one workflow](handle-throttling-problems-429-errors.md#logic-app-throttling) as necessary. |
+| Action - Concurrent outbound calls | ~2,500 calls | None | You can reduce the number of concurrent requests or reduce the duration as necessary. |
+| Managed connector throttling | Throttling limit varies based on connector | Throttling limit varies based on connector | For multi-tenant, review [each managed connector's technical reference page](/connectors/connector-reference/connector-reference-logicapps-connectors). <p><p>For more information about handling connector throttling, review [Handle throttling problems ("429 - Too many requests" errors)](handle-throttling-problems-429-errors.md#connector-throttling). |
+| Runtime endpoint - Concurrent inbound calls | ~1,000 calls | None | You can reduce the number of concurrent requests or reduce the duration as necessary. |
+| Runtime endpoint - Read calls per 5 min | 60,000 read calls | None | This limit applies to calls that get the raw inputs and outputs from a workflow's run history. You can distribute the workload across more than one workflow as necessary. |
+| Runtime endpoint - Invoke calls per 5 min | 45,000 invoke calls | None | You can distribute workload across more than one workflow as necessary. |
+| Content throughput per 5 min | 600 MB | None | You can distribute workload across more than one workflow as necessary. |
+|||||
<a name="run-high-throughput-mode"></a>
machine-learning How To Configure Auto Features https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/machine-learning/how-to-configure-auto-features.md
def print_model(model, prefix=""):
for step in model.steps: print(prefix + step[0]) if hasattr(step[1], 'estimators') and hasattr(step[1], 'weights'):
- pprint({'estimators': list(
- e[0] for e in step[1].estimators), 'weights': step[1].weights})
+ pprint({'estimators': list(e[0] for e in step[1].estimators), 'weights': step[1].weights})
print() for estimator in step[1].estimators:
- print_model(estimator[1], estimator[0] + ' - ')
+ print_model(estimator[1], estimator[0]+ ' - ')
+ elif hasattr(step[1], '_base_learners') and hasattr(step[1], '_meta_learner'):
+ print("\nMeta Learner")
+ pprint(step[1]._meta_learner)
+ print()
+ for estimator in step[1]._base_learners:
+ print_model(estimator[1], estimator[0]+ ' - ')
else: pprint(step[1].get_params())
- print()
-
-print_model(model)
+ print()
``` This helper function returns the following output for a particular run using `LogisticRegression with RobustScalar` as the specific algorithm.
machine-learning How To Create Labeling Projects https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/machine-learning/how-to-create-labeling-projects.md
Learn how to create and run projects to label images or label text data in Azure
> [!Important] > Data images or text must be available in an Azure blob datastore. (If you do not have an existing datastore, you may upload files during project creation.)
-Image data can be files with any of these types: ".jpg", ".jpeg", ".png", ".jpe", ".jfif", ".bmp", ".tif", ".tiff", ".dcm", ".dicom". Each file is an item to be labeled.
+Image data can be files with any of these types: ".jpg", ".jpeg", ".png", ".jpe", ".jfif", ".bmp", ".tif", ".tiff", ".dcm", ".dicom". Each file is an item to be labeled.
Text data can be either ".txt" or ".csv" files.
To create a dataset from data that you've already stored in Azure Blob storage:
1. Select **Create a dataset** > **From datastore**. 1. Assign a **Name** to your dataset.
-1. Choose the **Dataset type**. Only file dataset types are supported for images. File and tabular types are available for text labeling.
+1. Choose the **Dataset type**. Only file dataset types are supported for images. For a text labeling project:
+ * Select **Tabular** if you are using a .csv file, where each row is a response.
+ * Select **File** if you are using separate .txt files for each response.
1. Select the datastore. 1. If your data is in a subfolder within your blob storage, choose **Browse** to select the path. * Append "/**" to the path to include all the files in subfolders of the selected path.
To directly upload your data:
1. Select **Create a dataset** > **From local files**. 1. Assign a **Name** to your dataset.
-1. Choose the **Dataset type**. Only file dataset types are supported for images. File and tabular types are available for text labeling.
+1. Choose the **Dataset type**. Only file dataset types are supported for images. For a text labeling project:
+ * Select **Tabular** if you are using a .csv file, where each row is a response.
+ * Select **File** if you are using separate .txt files for each response.
1. *Optional:* Select **Advanced settings** to customize the datastore, container, and path to your data. 1. Select **Browse** to select the local files to upload. 1. Provide a description of your dataset.
Use these steps to add one or more labels to a project:
Use the **Export** button on the **Project details** page of your labeling project. You can export the label data for Machine Learning experimentation at any time. * Text labels can be exported as:
- * AvCSV file. The CSV file is created in the default blob store of the Azure Machine Learning workspace in a folder within *Labeling/export/csv*.
+ * A CSV file. The CSV file is created in the default blob store of the Azure Machine Learning workspace in a folder within *Labeling/export/csv*.
* An [Azure Machine Learning dataset with labels](how-to-use-labeled-dataset.md). * Image labels can be exported as:
machine-learning How To Secure Training Vnet https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/machine-learning/how-to-secure-training-vnet.md
Previously updated : 07/20/2021 Last updated : 08/04/2021
In this article you learn how to secure the following training compute resources
### Azure Databricks * In addition to the __databricks-private__ and __databricks-public__ subnets used by Azure Databricks, the __default__ subnet created for the virtual network is also required.
+* Azure Databricks does not use a private endpoint to communicate with the virtual network.
+
+For more information on using Azure Databricks in a virtual network, see [Deploy Azure Databricks in your Azure Virtual Network](/azure/databricks/administration-guide/cloud-configurations/azure/vnet-inject).
### Azure HDInsight or virtual machine
machine-learning How To Secure Workspace Vnet https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/machine-learning/how-to-secure-workspace-vnet.md
Previously updated : 06/11/2021 Last updated : 08/04/2021
In this article you learn how to enable the following workspaces resources in a
* Your Azure Machine Learning workspace must contain an [Azure Machine Learning compute cluster](how-to-create-attach-compute-cluster.md).
-* Your Azure Container Registry must have [admin user enabled](/azure/container-registry/container-registry-authentication?tabs=azure-cli#admin-account).
- ## Limitations ### Azure Container Registry
Azure Machine Learning uses an associated Key Vault instance to store the follow
* Passwords to Azure Container Repository instances * Connection strings to data stores
-To use Azure Machine Learning experimentation capabilities with Azure Key Vault behind a virtual network, use the following steps:
+Azure key vault can be configured to use either service endpoints or private endpoints. To use Azure Machine Learning experimentation capabilities with Azure Key Vault behind a virtual network, use the following steps:
1. Go to the Key Vault that's associated with the workspace.
To use Azure Machine Learning experimentation capabilities with Azure Key Vault
> [!TIP] > If you did not use an existing Azure Container Registry when creating the workspace, one may not exist. By default, the workspace will not create an ACR instance until it needs one. To force the creation of one, train or deploy a model using your workspace before using the steps in this section.
+Azure Container Registry can configured to use either service endpoints or private endpoints. Use the following steps to configure your workspace to use ACR when it is in the virtual network:
+ 1. Find the name of the Azure Container Registry for your workspace, using one of the following methods: __Azure portal__
machine-learning Overview What Is Azure Machine Learning https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/machine-learning/overview-what-is-azure-machine-learning.md
You can create a model in Azure Machine Learning or use a model built from an op
Azure Machine Learning is for individuals and teams implementing MLOps within their organization to bring machine learning models into production in a secure and auditable production environment.
-Data scientists and ML engineers will find tools to accelerate and automate their day-to-day workflows. Application developers will find tools for integrating models into applications or services. Platform developers will find a robust set of tools, backed by durable Azure Resource Manager (ARM) APIs, for building advanced ML tooling.
+Data scientists and ML engineers will find tools to accelerate and automate their day-to-day workflows. Application developers will find tools for integrating models into applications or services. Platform developers will find a robust set of tools, backed by durable Azure Resource Manager APIs, for building advanced ML tooling.
Enterprises working in the Microsoft Azure cloud will find familiar security and role-based access control (RBAC) for infrastructure. You can set up a project to deny access to protected data and select operations.
Machine learning projects often require a team with varied skillsets to build an
Developers find familiar interfaces in Azure Machine Learning, such as: - [Python SDK](/python/api/overview/azure/ml/)-- [Azure Resource Manager (ARM) REST APIs (preview)](/rest/api/azureml/)
+- [Azure Resource Manager REST APIs (preview)](/rest/api/azureml/)
- [CLI v2 (preview)](/cli/azure/ml) ### Studio UI
Other integrations with Azure services support a machine learning project from e
Typically models are developed as part of a project with an objective and goals. Projects often involve more than one person. When experimenting with data, algorithms, and models, development is iterative.
-While the project lifecycle will vary by project, it may often look like this:
+### Project lifecycle
-![Machine learning project lifecycle diagram](./media/overview-what-is-azure-machine-learning/placeholder-ml-development-cycle.png)
+While the project lifecycle can vary by project, it will often look like this:
+
+![Machine learning project lifecycle diagram](./media/overview-what-is-azure-machine-learning/overview-ml-development-lifecycle.png)
A workspace organizes a project and allows for collaboration for many users all working toward a common objective. Users in a workspace can easily share the results of their runs from experimentation in the studio user interface or use versioned assets for jobs like environments and storage references.
When a project is ready for operationalization, users' work can be automated in
Models can be deployed to the managed inferencing solution, for both real-time and batch deployments, abstracting away the infrastructure management typically required for deploying models. -- ## Train models In Azure Machine Learning, you can run your training script in the cloud or build a model from scratch. Customers often bring models they've built and trained in open-source frameworks, so they can operationalize them in the cloud.
postgresql Concepts Hyperscale Audit https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/postgresql/concepts-hyperscale-audit.md
Previously updated : 01/29/2021 Last updated : 08/03/2021 # Audit logging in Azure Database for PostgreSQL - Hyperscale (Citus)
-Audit logging of database activities in Azure Database for PostgreSQL - Hyperscale (Citus) is available through the PostgreSQL Audit extension: [pgAudit](https://www.pgaudit.org/). pgAudit provides detailed session and/or object audit logging.
- > [!IMPORTANT]
-> pgAudit is in preview on Azure Database for PostgreSQL - Hyperscale (Citus)
+> The pgAudit extension in Hyperscale (Citus) is currently in preview. This
+> preview version is provided without a service level agreement, and it's not
+> recommended for production workloads. Certain features might not be supported
+> or might have constrained capabilities.
+>
+> You can see a complete list of other new features in [preview features for
+> Hyperscale (Citus)](hyperscale-preview-features.md).
+
+Audit logging of database activities in Azure Database for PostgreSQL - Hyperscale (Citus) is available through the PostgreSQL Audit extension: [pgAudit](https://www.pgaudit.org/). pgAudit provides detailed session or object audit logging.
If you want Azure resource-level logs for operations like compute and storage scaling, see the [Azure Activity Log](../azure-monitor/essentials/platform-logs-overview.md). ## Usage considerations
-By default, pgAudit log statements are emitted along with your regular log statements by using Postgres's standard logging facility. In Azure Database for PostgreSQL - Hyperscale (Citus), you can configure all logs to be sent to Azure Monitor Log store for later analytics in Log Analytics. If you enable Azure Monitor resource logging, your logs will be automatically sent (in JSON format) to Azure Storage, Event Hubs, and/or Azure Monitor logs, depending on your choice.
+By default, pgAudit log statements are emitted along with your regular log statements by using Postgres's standard logging facility. In Azure Database for PostgreSQL - Hyperscale (Citus), you can configure all logs to be sent to Azure Monitor Log store for later analytics in Log Analytics. If you enable Azure Monitor resource logging, your logs will be automatically sent (in JSON format) to Azure Storage, Event Hubs, or Azure Monitor logs, depending on your choice.
## Enabling pgAudit
-The pgAudit extension is pre-installed and enabled on all Hyperscale (Citus)
-server group nodes. No action is required to enable it.
+The pgAudit extension is pre-installed and enabled on most Hyperscale (Citus)
+server group nodes. If it isn't enabled on your nodes, please open a [support
+request](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/newsupportrequest).
## pgAudit settings
pgAudit allows you to configure session or object audit logging. [Session audit
> > Also, pgAudit settings are specified per-node in a server group. To make a change on all nodes, you must apply it to each node individually.
-You must configure pgAudit parameters to start logging. The [pgAudit documentation](https://github.com/pgaudit/pgaudit/blob/master/README.md#settings) provides the definition of each parameter. Test the parameters first and confirm that you are getting the expected behavior.
+You must configure pgAudit parameters to start logging. The [pgAudit documentation](https://github.com/pgaudit/pgaudit/blob/master/README.md#settings) provides the definition of each parameter. Test the parameters first and confirm that you're getting the expected behavior.
> [!NOTE] > Setting `pgaudit.log_client` to ON will redirect logs to a client process (like psql) instead of being written to file. This setting should generally be left disabled. <br> <br>
AzureDiagnostics
## Next steps -- [Learn how to setup logging in Azure Database for PostgreSQL - Hyperscale (Citus) and how to access logs](howto-hyperscale-logging.md)
+- [Learn how to setup logging in Azure Database for PostgreSQL - Hyperscale (Citus) and how to access logs](howto-hyperscale-logging.md)
postgresql Concepts Hyperscale Columnar https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/postgresql/concepts-hyperscale-columnar.md
Title: Columnar table storage preview - Hyperscale (Citus) - Azure Database for PostgreSQL
-description: Compressing data using columnar storage (preview)
+ Title: Columnar table storage - Hyperscale (Citus) - Azure Database for PostgreSQL
+description: Compressing data using columnar storage
Previously updated : 05/04/2021 Last updated : 08/03/2021
-# Columnar table storage (preview)
-
-> [!IMPORTANT]
-> Columnar table storage in Hyperscale (Citus) is currently in preview. This
-> preview version is provided without a service level agreement, and it's not
-> recommended for production workloads. Certain features might not be supported
-> or might have constrained capabilities.
->
-> You can see a complete list of other new features in [preview features for
-> Hyperscale (Citus)](hyperscale-preview-features.md).
+# Columnar table storage
Azure Database for PostgreSQL - Hyperscale (Citus) supports append-only columnar table storage for analytic and data warehousing workloads. When
postgresql Concepts Hyperscale Configuration Options https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/postgresql/concepts-hyperscale-configuration-options.md
Previously updated : 04/29/2021 Last updated : 08/03/2021 # Azure Database for PostgreSQL ΓÇô Hyperscale (Citus) configuration options
following values:
| 19 | 29,184 | 58,368 | 116,812 | | 20 | 30,720 | 61,440 | 122,960 |
-### Basic tier (preview)
-
-> [!IMPORTANT]
-> The Hyperscale (Citus) basic tier is currently in preview. This preview
-> version is provided without a service level agreement, and it's not
-> recommended for production workloads. Certain features might not be supported
-> or might have constrained capabilities.
->
-> You can see a complete list of other new features in [preview features for
-> Hyperscale (Citus)](hyperscale-preview-features.md).
+### Basic tier
The Hyperscale (Citus) [basic tier](concepts-hyperscale-tiers.md) is a server group with just one node. Because there isn't a distinction between
Hyperscale (Citus) server groups are available in the following Azure regions:
* Brazil South * Canada Central * Central US
- * East US *
+ * East US
* East US 2 * North Central US * West US 2
Hyperscale (Citus) server groups are available in the following Azure regions:
* Southeast Asia * Europe: * France Central
+ * Germany West Central
* North Europe * Switzerland North * UK South * West Europe
-(\* = supports [preview features](hyperscale-preview-features.md))
- Some of these regions may not be initially activated on all Azure subscriptions. If you want to use a region from the list above and don't see it in your subscription, or if you want to use a region not on this list, open a
postgresql Concepts Hyperscale Connection Pool https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/postgresql/concepts-hyperscale-connection-pool.md
Previously updated : 04/07/2021 Last updated : 08/03/2021 # Azure Database for PostgreSQL ΓÇô Hyperscale (Citus) connection pooling
post](https://techcommunity.microsoft.com/t5/azure-database-for-postgresql/not-a
You can run your own connection pooler, or use PgBouncer managed by Azure.
-## Managed PgBouncer (preview)
-
-> [!IMPORTANT]
-> The managed PgBouncer connection pooler in Hyperscale (Citus) is currently in
-> preview. This preview version is provided without a service level agreement,
-> and it's not recommended for production workloads. Certain features might not
-> be supported or might have constrained capabilities.
->
-> You can see a complete list of other new features in [preview features for
-> Hyperscale (Citus)](hyperscale-preview-features.md).
+## Managed PgBouncer
Connection poolers such as PgBouncer allow more clients to connect to the coordinator node at once. Applications connect to the pooler, and the pooler
actively run in the database doesn't change. Instead, PgBouncer queues excess
connections and runs them when the database is ready. Hyperscale (Citus) is now offering a managed instance of PgBouncer for server
-groups (in preview). It supports up to 2,000 simultaneous client connections.
-To connect through PgBouncer, follow these steps:
+groups. It supports up to 2,000 simultaneous client connections. To connect
+through PgBouncer, follow these steps:
1. Go to the **Connection strings** page for your server group in the Azure portal.
postgresql Concepts Hyperscale Extensions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/postgresql/concepts-hyperscale-extensions.md
Previously updated : 07/09/2021 Last updated : 08/03/2021 # PostgreSQL extensions in Azure Database for PostgreSQL ΓÇô Hyperscale (Citus)
PostgreSQL extensions must be installed in your database before you can use them
> ```sql > SELECT create_extension('postgis'); > ```
->
-> This function is currently in preview, and isn't available on all server
-> groups.
Azure Database for PostgreSQL - Hyperscale (Citus) currently supports a subset of key extensions as listed here. Extensions other than the ones listed aren't supported. You can't create your own extension with Azure Database for PostgreSQL.
The versions of each extension installed in a server group sometimes differ base
> [!div class="mx-tableFixed"] > | **Extension** | **Description** | **PG 11** | **PG 12** | **PG 13** | > ||||||
-> | [citus](https://github.com/citusdata/citus) | Citus distributed database. | 9.5-1 | 9.5-1 | 10.0-2 |
+> | [citus](https://github.com/citusdata/citus) | Citus distributed database. | 9.5-2 | 10.0-3 | 10.0-3 |
### Data types extensions
The versions of each extension installed in a server group sometimes differ base
> |||||| > | [citext](https://www.postgresql.org/docs/current/static/citext.html) | Provides a case-insensitive character string type. | 1.5 | 1.6 | 1.6 | > | [cube](https://www.postgresql.org/docs/current/static/cube.html) | Provides a data type for multidimensional cubes. | 1.4 | 1.4 | 1.4 |
-> | [hll](https://github.com/citusdata/postgresql-hll) | Provides a HyperLogLog data structure. | 2.14 | 2.15 | 2.15 |
+> | [hll](https://github.com/citusdata/postgresql-hll) | Provides a HyperLogLog data structure. | 2.15 | 2.15 | 2.15 |
> | [hstore](https://www.postgresql.org/docs/current/static/hstore.html) | Provides a data type for storing sets of key-value pairs. | 1.5 | 1.6 | 1.7 | > | [isn](https://www.postgresql.org/docs/current/static/isn.html) | Provides data types for international product numbering standards. | 1.2 | 1.2 | 1.2 | > | [lo](https://www.postgresql.org/docs/current/lo.html) | Large Object maintenance. | 1.1 | 1.1 | 1.1 | > | [ltree](https://www.postgresql.org/docs/current/static/ltree.html) | Provides a data type for hierarchical tree-like structures. | 1.1 | 1.1 | 1.2 | > | [seg](https://www.postgresql.org/docs/current/seg.html) | Data type for representing line segments or floating-point intervals. | 1.3 | 1.3 | 1.3 | > | [tdigest](https://github.com/tvondra/tdigest) | Data type for on-line accumulation of rank-based statistics such as quantiles and trimmed means. | 1.0 | 1.0 | 1.0 |
-> | [topn](https://github.com/citusdata/postgresql-topn/) | Type for top-n JSONB. | 2.2.2 | 2.3.1 | 2.3.1 |
+> | [topn](https://github.com/citusdata/postgresql-topn/) | Type for top-n JSONB. | 2.3.1 | 2.3.1 | 2.3.1 |
### Full-text search extensions
The versions of each extension installed in a server group sometimes differ base
> | [intagg](https://www.postgresql.org/docs/current/intagg.html) | Integer aggregator and enumerator (obsolete). | 1.1 | 1.1 | 1.1 | > | [intarray](https://www.postgresql.org/docs/current/static/intarray.html) | Provides functions and operators for manipulating null-free arrays of integers. | 1.2 | 1.2 | 1.3 | > | [moddatetime](https://www.postgresql.org/docs/current/contrib-spi.html#id-1.11.7.45.9) | Functions for tracking last modification time. | 1.0 | 1.0 | 1.0 |
-> | [pg\_partman](https://pgxn.org/dist/pg_partman/doc/pg_partman.html) | Manages partitioned tables by time or ID. | 4.1 | 4.4.1 | 4.4.1 |
+> | [pg\_partman](https://pgxn.org/dist/pg_partman/doc/pg_partman.html) | Manages partitioned tables by time or ID. | 4.5.1 | 4.5.1 | 4.5.1 |
> | [pg\_trgm](https://www.postgresql.org/docs/current/static/pgtrgm.html) | Provides functions and operators for determining the similarity of alphanumeric text based on trigram matching. | 1.4 | 1.4 | 1.5 | > | [pgcrypto](https://www.postgresql.org/docs/current/static/pgcrypto.html) | Provides cryptographic functions. | 1.3 | 1.3 | 1.3 | > | [refint](https://www.postgresql.org/docs/current/contrib-spi.html#id-1.11.7.45.5) | Functions for implementing referential integrity (obsolete). | 1.0 | 1.0 | 1.0 |
-> | session\_analytics | Functions for querying hstore arrays. | | | |
> | [tablefunc](https://www.postgresql.org/docs/current/static/tablefunc.html) | Provides functions that manipulate whole tables, including crosstab. | 1.0 | 1.0 | 1.0 | > | [tcn](https://www.postgresql.org/docs/current/tcn.html) | Triggered change notifications. | 1.0 | 1.0 | 1.0 | > | [timetravel](https://www.postgresql.org/docs/current/contrib-spi.html#id-1.11.7.45.6) | Functions for implementing time travel. | 1.0 | | |
The versions of each extension installed in a server group sometimes differ base
> | [file\_fdw](https://www.postgresql.org/docs/current/file-fdw.html) | Foreign-data wrapper for flat file access. | 1.0 | 1.0 | 1.0 | > | [pageinspect](https://www.postgresql.org/docs/current/pageinspect.html) | Inspect the contents of database pages at a low level. | 1.7 | 1.7 | 1.8 | > | [pg\_buffercache](https://www.postgresql.org/docs/current/static/pgbuffercache.html) | Provides a means for examining what's happening in the shared buffer cache in real time. | 1.3 | 1.3 | 1.3 |
-> | [pg\_cron](https://github.com/citusdata/pg_cron) | Job scheduler for PostgreSQL. | 1.1 | 1.3 | 1.3 |
+> | [pg\_cron](https://github.com/citusdata/pg_cron) | Job scheduler for PostgreSQL. | 1.3 | 1.3 | 1.3 |
> | [pg\_freespacemap](https://www.postgresql.org/docs/current/pgfreespacemap.html) | Examine the free space map (FSM). | 1.2 | 1.2 | 1.2 | > | [pg\_prewarm](https://www.postgresql.org/docs/current/static/pgprewarm.html) | Provides a way to load relation data into the buffer cache. | 1.2 | 1.2 | 1.2 | > | [pg\_stat\_statements](https://www.postgresql.org/docs/current/static/pgstatstatements.html) | Provides a means for tracking execution statistics of all SQL statements executed by a server. See the "pg_stat_statements" section for information about this extension. | 1.6 | 1.7 | 1.8 |
The versions of each extension installed in a server group sometimes differ base
> [!div class="mx-tableFixed"] > | **Extension** | **Description** | **PG 11** | **PG 12** | **PG 13** | > ||||||
-> | [PostGIS](https://www.postgis.net/), postgis\_topology, postgis\_tiger\_geocoder, postgis\_sfcgal | Spatial and geographic objects for PostgreSQL. | 2.5.1 | 3.0.3 | 3.0.3 |
-> | address\_standardizer, address\_standardizer\_data\_us | Used to parse an address into constituent elements. Used to support geocoding address normalization step. | 2.5.1 | 3.0.3 | 3.0.3 |
-> | postgis\_sfcgal | PostGIS SFCGAL functions. | 2.5.1 | 3.0.3 | 3.0.3 |
-> | postgis\_tiger\_geocoder | PostGIS tiger geocoder and reverse geocoder. | 2.5.1 | 3.0.3 | 3.0.3 |
-> | postgis\_topology | PostGIS topology spatial types and functions. | 2.5.1 | 3.0.3 | 3.0.3 |
+> | [PostGIS](https://www.postgis.net/), postgis\_topology, postgis\_tiger\_geocoder, postgis\_sfcgal | Spatial and geographic objects for PostgreSQL. | 2.5.5 | 3.0.3 | 3.0.3 |
+> | address\_standardizer, address\_standardizer\_data\_us | Used to parse an address into constituent elements. Used to support geocoding address normalization step. | 2.5.5 | 3.0.3 | 3.0.3 |
+> | postgis\_sfcgal | PostGIS SFCGAL functions. | 2.5.5 | 3.0.3 | 3.0.3 |
+> | postgis\_tiger\_geocoder | PostGIS tiger geocoder and reverse geocoder. | 2.5.5 | 3.0.3 | 3.0.3 |
+> | postgis\_topology | PostGIS topology spatial types and functions. | 2.5.5 | 3.0.3 | 3.0.3 |
## pg_stat_statements
postgresql Concepts Hyperscale Limits https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/postgresql/concepts-hyperscale-limits.md
Previously updated : 07/20/2021 Last updated : 08/03/2021 # Azure Database for PostgreSQL ΓÇô Hyperscale (Citus) limits and limitations
it's important to limit simultaneous connections. Here are the limits we chose
to keep nodes healthy: * Coordinator node
- * Maximum connections: 300
- * Maximum user connections: 297
+ * Maximum connections
+ * 300 for 0-3 vCores
+ * 500 for 4-15 vCores
+ * 1000 for 16+ vCores
+ * Maximum user connections
+ * 297 for 0-3 vCores
+ * 497 for 4-15 vCores
+ * 997 for 16+ vCores
* Worker node
- * Maximum connections: 600
- * Maximum user connections: 597
-
-> [!NOTE]
-> In a server group with [preview features](hyperscale-preview-features.md)
-> enabled, the connection limits to the coordinator are slightly different:
->
-> * Coordinator node max connections
-> * 300 for 0-3 vCores
-> * 500 for 4-15 vCores
-> * 1000 for 16+ vCores
+ * Maximum connections
+ * 600
Attempts to connect beyond these limits will fail with an error. The system reserves three connections for monitoring nodes, which is why there are three
postgresql Concepts Hyperscale Read Replicas https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/postgresql/concepts-hyperscale-read-replicas.md
Previously updated : 04/07/2021 Last updated : 08/03/2021 # Read replicas in Azure Database for PostgreSQL - Hyperscale (Citus)
-> [!IMPORTANT]
-> Read replicas in Hyperscale (Citus) are currently in preview. This preview
-> version is provided without a service level agreement, and it's not
-> recommended for production workloads. Certain features might not be supported
-> or might have constrained capabilities.
->
-> You can see a complete list of other new features in [preview features for
-> Hyperscale (Citus)](hyperscale-preview-features.md).
- The read replica feature allows you to replicate data from a Hyperscale (Citus) server group to a read-only server group. Replicas are updated **asynchronously** with PostgreSQL physical replication technology. You can
postgresql Concepts Hyperscale Tiers https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/postgresql/concepts-hyperscale-tiers.md
Title: Basic tier preview - Hyperscale (Citus) - Azure Database for PostgreSQL
+ Title: Basic tier - Hyperscale (Citus) - Azure Database for PostgreSQL
description: The single node basic tier for Azure Database for PostgreSQL - Hyperscale (Citus) Previously updated : 04/07/2021 Last updated : 08/03/2021
-# Basic tier (preview)
-
-> [!IMPORTANT]
-> The Hyperscale (Citus) basic tier is currently in preview. This preview
-> version is provided without a service level agreement, and it's not
-> recommended for production workloads. Certain features might not be supported
-> or might have constrained capabilities.
->
-> You can see a complete list of other new features in [preview features for
-> Hyperscale (Citus)](hyperscale-preview-features.md).
+# Basic tier
The basic tier in Azure Database for PostgreSQL - Hyperscale (Citus) is a simple way to create a small server group that you can scale later. While
applications with the basic tier and later [graduate to the standard
tier](howto-hyperscale-scale-grow.md#add-worker-nodes) with confidence that the interface remains the same.
-The basic tier is also appropriate for smaller workloads in production (once it
-emerges from preview into general availability). There is room to scale
-vertically *within* the basic tier by increasing the number of server vCores.
+The basic tier is also appropriate for smaller workloads in production. There
+is room to scale vertically *within* the basic tier by increasing the number of
+server vCores.
When greater scale is required right away, use the standard tier. Its smallest allowed server group has one coordinator node and two workers. You can choose
postgresql Concepts Hyperscale Versions https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/postgresql/concepts-hyperscale-versions.md
Previously updated : 04/07/2021 Last updated : 08/03/2021 # Supported database versions in Azure Database for PostgreSQL ΓÇô Hyperscale (Citus) ## PostgreSQL versions
-> [!IMPORTANT]
-> Customizable PostgreSQL versions in Hyperscale (Citus) is currently in
-> preview. This preview is provided without a service level agreement, and
-> it's not recommended for production workloads. Certain features might not be
-> supported or might have constrained capabilities.
->
-> You can see a complete list of other new features in [preview features for
-> Hyperscale (Citus)](hyperscale-preview-features.md).
- The version of PostgreSQL running in a Hyperscale (Citus) server group is
-customizable during creation. Choosing anything other than version 11 is
-currently a preview feature.
-
-Hyperscale (Citus) currently supports the following major versions:
+customizable during creation. Hyperscale (Citus) currently supports the
+following major versions:
-### PostgreSQL version 13 (preview)
+### PostgreSQL version 13
-The current minor release is 13.2. Refer to the [PostgreSQL
+The current minor release is 13.3. Refer to the [PostgreSQL
documentation](https://www.postgresql.org/docs/13/static/release-13-2.html) to learn more about improvements and fixes in this minor release.
-### PostgreSQL version 12 (preview)
+### PostgreSQL version 12
-The current minor release is 12.6. Refer to the [PostgreSQL
+The current minor release is 12.7. Refer to the [PostgreSQL
documentation](https://www.postgresql.org/docs/12/static/release-12-6.html) to learn more about improvements and fixes in this minor release. ### PostgreSQL version 11
-The current minor release is 11.11. Refer to the [PostgreSQL
+The current minor release is 11.12. Refer to the [PostgreSQL
documentation](https://www.postgresql.org/docs/11/static/release-11-11.html) to learn more about improvements and fixes in this minor release. ### PostgreSQL version 10 and older
-We do not support PostgreSQL version 10 and older for Azure Database for
+We don't support PostgreSQL version 10 and older for Azure Database for
PostgreSQL - Hyperscale (Citus). ## Citus and other extension versions
postgresql Concepts Version Policy https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/postgresql/concepts-version-policy.md
Previously updated : 05/25/2020 Last updated : 08/03/2020 # Azure Database for PostgreSQL versioning policy
Azure Database for PostgreSQL supports the following database versions.
| Version | Single Server | Flexible Server (Preview) | Hyperscale (Citus) | | -- | :: | :-: | :-: |
-| PostgreSQL 13 | | X | X\* |
-| PostgreSQL 12 | | X | X\* |
+| PostgreSQL 13 | | X | X |
+| PostgreSQL 12 | | X | X |
| PostgreSQL 11 | X | X | X | | PostgreSQL 10 | X | | | | PostgreSQL 9.6 | X | | | | *PostgreSQL 9.5 (retired)* | X | | |
-(\* PostgreSQL 12 and 13 are available as a preview feature in Hyperscale (Citus).)
- ## Major version support Each major version of PostgreSQL will be supported by Azure Database for PostgreSQL from the date on which Azure begins supporting the version until the version is retired by the PostgreSQL community, as provided in the [PostgreSQL community versioning policy](https://www.postgresql.org/support/versioning/).
postgresql Howto Configure Server Parameters Using Portal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/postgresql/flexible-server/howto-configure-server-parameters-using-portal.md
Title: Configure server parameters - Azure portal - Azure Database for PostgreSQL - Flexible Server
-description: This article describes how to configure the Postgres parameters in Azure Database for PostgreSQL Flexible Server through the Azure portal.
--
+description: This article describes how to configure the Postgres parameters in Azure Database for PostgreSQL - Flexible Server through the Azure portal.
++ Previously updated : 09/22/2020 Last updated : 08/04/2021 # Configure server parameters in Azure Database for PostgreSQL - Flexible Server via the Azure portal -
-You can list, show, and update configuration parameters for an Azure Database for PostgreSQL flexible server through the Azure portal.
+You can list, show, and update configuration parameters for an Azure Database for PostgreSQL server through the Azure portal.
## Prerequisites- To step through this how-to guide you need:-- [Azure Database for PostgreSQL flexible server](quickstart-create-server-portal.md)
+- [Azure Database for PostgreSQL - Flexible server](quickstart-create-server-portal.md)
## Viewing and editing parameters- 1. Open the [Azure portal](https://portal.azure.com).
-2. Select your flexible server.
+2. Select your Azure Database for PostgreSQL server.
3. Under the **SETTINGS** section, select **Server parameters**. The page shows a list of parameters, their values, and descriptions.
-![Overview Page for Parameters](./media/howto-configure-server-parameters-in-portal/3-overview-of-parameters.png)
4. Select the **drop down** button to see the possible values for enumerated-type parameters like client_min_messages.
-![Enumerate drop down](./media/howto-configure-server-parameters-in-portal/4-enum-drop-down.png)
5. Select or hover over the **i** (information) button to see the range of possible values for numeric parameters like cpu_index_tuple_cost.
-![information button](./media/howto-configure-server-parameters-in-portal/4-information-button.png)
6. If needed, use the **search box** to narrow down to a specific parameter. The search is on the name and description of the parameters.
-![Search results](./media/howto-configure-server-parameters-in-portal/5-search.png)
7. Change the parameter values you would like to adjust. All changes you make in a session are highlighted in purple. Once you have changed the values, you can select **Save**. Or you can **Discard** your changes.
-![Save or Discard changes](./media/howto-configure-server-parameters-in-portal/6-save-and-discard-buttons.png)
8. If you have saved new values for the parameters, you can always revert everything back to the default values by selecting **Reset all to default**.
-![Reset all to default](./media/howto-configure-server-parameters-in-portal/7-reset-to-default-button.png)
-## Next steps
+## Working with time zone parameters
+If you plan to work with date and time data in PostgreSQL, youΓÇÖll want to ensure that youΓÇÖve set the correct time zone for your location. All timezone-aware dates and times are stored internally in Postgres in UTC. They are converted to local time in the zone specified by the **TimeZone** server parameter before being displayed to the client. This parameter can be edited on **Server parameters** page as explained above.
+## Next steps
Learn about:--- [Overview of server parameters in Azure Database for PostgreSQL](concepts-servers.md)-- [Configuring parameters using the Azure CLI](howto-configure-server-parameters-using-cli.md)
+- [Overview of server parameters in Azure Database for PostgreSQL](concepts-server-parameters.md)
+- [Configure Azure Database for PostgreSQL - Flexible Server parameters via CLI](howto-configure-server-parameters-using-cli.md)
+
postgresql Howto Hyperscale Read Replicas Portal https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/postgresql/howto-hyperscale-read-replicas-portal.md
Previously updated : 04/07/2021 Last updated : 08/03/2021 # Create and manage read replicas in Azure Database for PostgreSQL - Hyperscale (Citus) from the Azure portal
-> [!IMPORTANT]
-> Read replicas in Hyperscale (Citus) are currently in preview. This preview
-> version is provided without a service level agreement, and it's not
-> recommended for production workloads. Certain features might not be supported
-> or might have constrained capabilities.
->
-> You can see a complete list of other new features in [preview features for
-> Hyperscale (Citus)](hyperscale-preview-features.md).
- In this article, you learn how to create and manage read replicas in Hyperscale (Citus) from the Azure portal. To learn more about read replicas, see the [overview](concepts-hyperscale-read-replicas.md).
postgresql Howto Hyperscale Scale Grow https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/postgresql/howto-hyperscale-scale-grow.md
Previously updated : 07/20/2021 Last updated : 08/03/2021 # Scale a Hyperscale (Citus) server group
group. Dragging the slider for **Worker node count** changes the value.
> [!NOTE] >
-> A Hyperscale (Citus) server group created with the [basic tier
-> (preview)](concepts-hyperscale-tiers.md) has no workers. Increasing the
-> worker count automatically graduates the server group to the standard tier.
-> After graduating a server group to the standard tier, you can't downgrade it
-> back to the basic tier.
+> A Hyperscale (Citus) server group created with the [basic
+> tier](concepts-hyperscale-tiers.md) has no workers. Increasing the worker
+> count automatically graduates the server group to the standard tier. After
+> graduating a server group to the standard tier, you can't downgrade it back
+> to the basic tier.
:::image type="content" source="./media/howto-hyperscale-scaling/01-sliders-workers.png" alt-text="Resource sliders":::
postgresql Howto Hyperscale Scale Initial https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/postgresql/howto-hyperscale-scale-initial.md
Previously updated : 04/07/2021 Last updated : 08/03/2021 # Pick initial size for Hyperscale (Citus) server group
options](concepts-hyperscale-configuration-options.md) article.
## Choosing a Hyperscale (Citus) tier
-> [!IMPORTANT]
-> The Hyperscale (Citus) basic tier is currently in preview. This preview
-> version is provided without a service level agreement, and it's not
-> recommended for production workloads. Certain features might not be supported
-> or might have constrained capabilities.
->
-> You can see a complete list of other new features in [preview features for
-> Hyperscale (Citus)](hyperscale-preview-features.md).
- The sections above give an idea how many vCores and how much RAM are needed for each use case. You can meet these demands through a choice between two Hyperscale (Citus) tiers: the basic tier and the standard tier.
postgresql Howto Hyperscale Troubleshoot Read Only https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/postgresql/howto-hyperscale-troubleshoot-read-only.md
Previously updated : 6/23/2021 Last updated : 08/03/2021 # Troubleshoot read-only access to Azure Database for PostgreSQL - Hyperscale (Citus)
continue to work.
on the worker nodes, and/or * [Rebalance data](howto-hyperscale-scale-rebalance.md) to other nodes, or drop some data.
- * You'll need to set the worker node as read-write temporarily. Submit a
- support request to do this. Alternately, if you're running a preview
- Hyperscale (Citus) server group you can connect directly to worker nodes
- and use `SET SESSION CHARACTERISTICS` as described above for the
- coordinator node.
+ * You'll need to set the worker node as read-write temporarily. You can
+ connect directly to worker nodes and use `SET SESSION CHARACTERISTICS` as
+ described above for the coordinator node.
## Prevention
postgresql Hyperscale Preview Features https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/postgresql/hyperscale-preview-features.md
Previously updated : 07/09/2021 Last updated : 08/03/2021 # Preview features for PostgreSQL - Hyperscale (Citus)
Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/)
Here are the features currently available for preview:
-* **[Basic tier](concepts-hyperscale-tiers.md)**. Run a server
- group using only a coordinator node and no worker nodes. An
- economical way to do initial testing and development, and
- handle small production workloads.
-* **[PostgreSQL 12 and 13](concepts-hyperscale-versions.md)**.
- Use the latest database version in your server group.
-* **[Citus
- 10](concepts-hyperscale-versions.md#citus-and-other-extension-versions)**.
- Installed automatically on server groups running PostgreSQL 13.
-* **[Columnar storage](concepts-hyperscale-columnar.md)**.
- Store selected tables' columns (rather than rows) contiguously
- on disk. Supports on-disk compression. Good for analytic and
- data warehousing workloads.
-* **[Read replicas](howto-hyperscale-read-replicas-portal.md)**
- (currently same-region only). Any changes that happen to the
- primary server group get reflected in its replica, and queries
- against the replica cause no extra load on the original.
- Replicas are a useful tool to improve performance for
- read-only workloads.
-* **[Managed
- PgBouncer](concepts-hyperscale-connection-pool.md)**.
- A connection pooler that allows many clients to connect to
- the server group at once, while limiting the number of active
- connections. It satisfies connection requests while keeping
- the coordinator node running smoothly.
* **[pgAudit](concepts-hyperscale-audit.md)**. Provides detailed session and object audit logging via the standard PostgreSQL logging facility. It produces audit logs required to pass certain government, financial, or ISO certification audits.
-* **[create_extension()
- UDF](concepts-hyperscale-extensions.md#use-postgresql-extensions)**.
- Allows you to create extensions whose installation requires
- administrative access.
-
-### Available regions for preview features
-
-The pgAudit extension is available in all [regions supported by
-Hyperscale
-(Citus)](concepts-hyperscale-configuration-options.md#regions).
-The other preview features are available in **East US** only.
-
-## Does my server group have access to preview features?
-
-To determine if your Hyperscale (Citus) server group has preview features
-enabled, navigate to the server group's **Overview** page in the Azure portal.
-If you see the property **Tier: Basic (preview)** or **Tier: Standard
-(preview)** then your server group has access to preview features.
-
-### How to get access
-
-When creating a new Hyperscale (Citus) server group, check
-the box **Enable preview features.**
## Contact us
postgresql Quickstart Create Hyperscale Basic Tier https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/postgresql/quickstart-create-hyperscale-basic-tier.md
Previously updated : 04/07/2021 Last updated : 08/03/2021 #Customer intent: As a developer, I want to provision a hyperscale server group so that I can run queries quickly on large datasets.
This quickstart shows you how to create a Hyperscale (Citus) basic tier
server group using the Azure portal. You'll provision the server group and verify that you can connect to it to run queries.
-> [!IMPORTANT]
-> The Hyperscale (Citus) basic tier is currently in preview. This preview
-> version is provided without a service level agreement, and it's not
-> recommended for production workloads. Certain features might not be supported
-> or might have constrained capabilities.
->
-> You can see a complete list of other new features in [preview features for
-> Hyperscale (Citus)](hyperscale-preview-features.md).
- [!INCLUDE [azure-postgresql-hyperscale-create-basic-tier](../../includes/azure-postgresql-hyperscale-create-basic-tier.md)] ## Next steps
purview Create A Custom Classification And Classification Rule https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/purview/create-a-custom-classification-and-classification-rule.md
To create a custom classification rule:
|Data Pattern |Optional. A regular expression that represents the data that's stored in the data field. The limit is very large. In the previous example, the data patterns test for an employee ID that's literally the word `Employee{GUID}`. | |Column Pattern |Optional. A regular expression that represents the column names that you want to match. The limit is very large. |
-1. Under **Data Pattern** you can use the **Minimum match threshold** to set the minimum percentage of the distinct data value matches in a column that must be found by the scanner for the classification to be applied. The suggested value is 60%. You need to be careful with this setting. If you reduce the level below 60%, you might introduce false-positive classifications into your catalog. If you specify multiple data patterns, this setting is disabled and the value is fixed at 60%.
+1. Under **Data Pattern** you can use the **Minimum match threshold** to set the minimum percentage of the distinct data value matches in a column that must be found by the scanner for the classification to be applied. The suggested value is 60%. If you specify multiple data patterns, this setting is disabled and the value is fixed at 60%.
> [!Note] > The Minimum match threshold must be at least 1%.
purview Register Scan Synapse Workspace https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/purview/register-scan-synapse-workspace.md
You can set up authentication for an Azure Synapse source in either of two ways:
- Use a managed identity - Use a service principal
+> [!IMPORTANT]
+> These steps for serverless databases **do not** apply to replicated databases. Currently in Synapse, serverless databases that are replicated from Spark databases are read-only. For more information, go [here](../synapse-analytics/sql/resources-self-help-sql-on-demand.md#operation-is-not-allowed-for-a-replicated-database).
+ > [!NOTE] > You must set up authentication on each dedicated SQL database in your Azure Synapse workspace that you intend to register and scan. The permissions that are mentioned in the following sections for serverless SQL database apply to all databases within your workspace. That is, you'll have to set up authentication only once.
purview Sources And Scans https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/purview/sources-and-scans.md
For all structured file formats, Purview scanner samples files in the following
- For structured file types, it samples 128 rows in each column or 1 MB, whichever is lower. - For document file formats, it samples 20 MB of each file. - If a document file is larger than 20 MB, then it is not subject to a deep scan (subject to classification). In that case, Purview captures only basic meta data like file name and fully qualified name.
+- For **tabular data sources(SQL, CosmosDB)**, it samples the top 128 rows.
## Resource set file sampling
security-center Release Notes https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/security-center/release-notes.md
Previously updated : 08/03/2021 Last updated : 08/04/2021
To learn about *planned* changes that are coming soon to Security Center, see [I
Updates in August include: - [Microsoft Defender for Endpoint for Linux now supported by Azure Defender for servers (in preview)](#microsoft-defender-for-endpoint-for-linux-now-supported-by-azure-defender-for-servers-in-preview)
+- [Two new recommendations for managing endpoint protection solutions (in preview)](#two-new-recommendations-for-managing-endpoint-protection-solutions-in-preview)
### Microsoft Defender for Endpoint for Linux now supported by Azure Defender for servers (in preview)
During the preview period, you'll deploy the [Defender for Endpoint for Linux](/
Learn more in [Protect your endpoints with Security Center's integrated EDR solution: Microsoft Defender for Endpoint](security-center-wdatp.md).
+### Two new recommendations for managing endpoint protection solutions (in preview)
+
+We've added two **preview** recommendations to deploy and maintain the endpoint protection solutions on your machines. Both recommendations include support for Azure virtual machines and machines connected to Azure Arc enabled servers.
+
+|Recommendation |Description |Severity |
+||||
+|[Endpoint protection should be installed on your machines](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/4fb67663-9ab9-475d-b026-8c544cced439) |To protect your machines from threats and vulnerabilities, install a supported endpoint protection solution. <br> <a href="/azure/security-center/security-center-endpoint-protection">Learn more about how Endpoint Protection for machines is evaluated.</a><br />(Related policy: [Monitor missing Endpoint Protection in Azure Security Center](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2fproviders%2fMicrosoft.Authorization%2fpolicyDefinitions%2faf6cd1bd-1635-48cb-bde7-5b15693900b9)) |High |
+|[Endpoint protection health issues should be resolved on your machines](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/37a3689a-818e-4a0e-82ac-b1392b9bb000) |Resolve endpoint protection health issues on your virtual machines to protect them from latest threats and vulnerabilities. Azure Security Center supported endpoint protection solutions are documented [here](/azure/security-center/security-center-services?tabs=features-windows#supported-endpoint-protection-solutions). Endpoint protection assessment is documented <a href='/azure/security-center/security-center-endpoint-protection'>here</a>.<br />(Related policy: [Monitor missing Endpoint Protection in Azure Security Center](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2fproviders%2fMicrosoft.Authorization%2fpolicyDefinitions%2faf6cd1bd-1635-48cb-bde7-5b15693900b9)) |Medium |
+|||
+
+> [!NOTE]
+> The recommendations show their freshness interval as 8 hours, but there are some scenarios in which this might take significantly longer. For example, when an on premises machine is deleted, it takes 24 hours for Security Center to identify the deletion. After that, the assessment will take up to 8 hours to return the information. In that specific situation therefore, it may take 32 hours for the machine to be removed from the list of afffected resources.
+>
+> :::image type="content" source="media/release-notes/freshness-interval.png" alt-text="Freshness interval indicator for these two new Security Center recommendations":::
+- [Microsoft Defender for Endpoint for Linux now supported by Azure Defender for servers (in preview)](#microsoft-defender-for-endpoint-for-linux-now-supported-by-azure-defender-for-servers-in-preview)
+ ## July 2021
security-center Upcoming Changes https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/security-center/upcoming-changes.md
Previously updated : 07/30/2021 Last updated : 08/04/2021
If you're looking for the latest release notes, you'll find them in the [What's
| Planned change | Estimated date for change | |||
-| [Legacy implementation of ISO 27001 is being replaced with new ISO 27001:2013](#legacy-implementation-of-iso-27001-is-being-replaced-with-new-iso-270012013) | July 2021 |
-| [Deprecating recommendation 'Log Analytics agent health issues should be resolved on your machines'](#deprecating-recommendation-log-analytics-agent-health-issues-should-be-resolved-on-your-machines) | July 2021 |
+| [Legacy implementation of ISO 27001 is being replaced with new ISO 27001:2013](#legacy-implementation-of-iso-27001-is-being-replaced-with-new-iso-270012013) | August 2021 |
+| [Deprecating recommendation 'Log Analytics agent health issues should be resolved on your machines'](#deprecating-recommendation-log-analytics-agent-health-issues-should-be-resolved-on-your-machines) | August 2021 |
| [CSV exports to be limited to 20 MB](#csv-exports-to-be-limited-to-20-mb) | August 2021 | | [Enable Azure Defender security control to be included in secure score](#enable-azure-defender-security-control-to-be-included-in-secure-score) | Q3 2021 |
+| [Changes to recommendations for managing endpoint protection solutions](#changes-to-recommendations-for-managing-endpoint-protection-solutions) | Q4 2021 |
| [Enhancements to recommendation to classify sensitive data in SQL databases](#enhancements-to-recommendation-to-classify-sensitive-data-in-sql-databases) | Q1 2022 || | | ### Legacy implementation of ISO 27001 is being replaced with new ISO 27001:2013
-**Estimated date for change:** July 2021
+**Estimated date for change:** August 2021
The legacy implementation of ISO 27001 will be removed from Security Center's regulatory compliance dashboard. If you're tracking your ISO 27001 compliance with Security Center, onboard the new ISO 27001:2013 standard for all relevant management groups or subscriptions, and the current legacy ISO 27001 will soon be removed from the dashboard.
The legacy implementation of ISO 27001 will be removed from Security Center's re
### Deprecating recommendation 'Log Analytics agent health issues should be resolved on your machines'
-**Estimated date for change:** July 2021
+**Estimated date for change:** August 2021
We've found that recommendation **Log Analytics agent health issues should be resolved on your machines** impacts secure scores in ways that are inconsistent with Security Center's Cloud Security Posture Management (CSPM) focus. Typically, CSPM relates to identifying security misconfigurations. Agent health issues don't fit into this category of issues.
With this change, there will be an impact on the secure score of any subscriptio
Learn more in [Quickstart: Enable Azure Defender](enable-azure-defender.md).
+### Changes to recommendations for managing endpoint protection solutions
+
+**Estimated date for change:** Q4 2021
+
+In August 2021, we added two new **preview** recommendations to deploy and maintain the endpoint protection solutions on your machines. For full details, see [the release note](release-notes.md#two-new-recommendations-for-managing-endpoint-protection-solutions-in-preview).
+
+When the recommendations are released to general availability, they will replace the following existing recommendations:
+
+- **Endpoint protection should be installed on your machines** will replace:
+ - [Install endpoint protection solution on virtual machines](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/83f577bd-a1b6-b7e1-0891-12ca19d1e6df)
+ - [Install endpoint protection solution on your machines](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/383cf3bc-fdf9-4a02-120a-3e7e36c6bfee)
+
+- **Endpoint protection health issues should be resolved on your machines** will replace the existing recommendation that has the same name. The two recommendations have different assessment keys:
+ - Assessment key for the **preview** recommendation: 37a3689a-818e-4a0e-82ac-b1392b9bb000
+ - Assessment key for the **GA** recommendation: 3bcd234d-c9c7-c2a2-89e0-c01f419c1a8a
+
+Learn more:
+- [Security Center's supported endpoint protection solutions](security-center-services.md#endpoint-supported)
+- [How these recommendations assess the status of your deployed solutions](security-center-endpoint-protection.md)
+ ### Enhancements to recommendation to classify sensitive data in SQL databases **Estimated date for change:** Q1 2022
The recommendation **Sensitive data in your SQL databases should be classified**
## Next steps
-For all recent changes to the product, see [What's new in Azure Security Center?](release-notes.md).
+For all recent changes to Security Center, see [What's new in Azure Security Center?](release-notes.md)
sentinel File Event Normalization Schema https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/sentinel/file-event-normalization-schema.md
Event fields are common to all schemas and describe the activity itself and the
-### File Event-specific fields
+### File event specific fields
The fields listed in the table below are specific to File events, but are similar to fields in other schemas and follow similar naming conventions.
For example: `JohnDoe` (**Actor**) uses `Windows File Explorer` (**Acting proces
| **TargetFileSHA512**| Optional| SHA512|The SHA-512 hash of the source file. | |**Hash**|Alias | |Alias to the best available Target File hash. | |**TargetFileSize** |Optional | Integer|The size of the target file in bytes. |
-| **TargetUrl**|Optional | String|When the operation is initiated using HTTP or HTTPS, the URL used. <br><br>Example: `https://console.aws.amazon.com/console/home?...` |
+| **TargetUrl**|Optional | String|When the operation is initiated using HTTP or HTTPS, the URL used. <br><br>Example: `https://onedrive.live.com/?authkey=...` |
| | | | |
sentinel Whats New https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/sentinel/whats-new.md
If you're looking for items older than six months, you'll find them in the [Arch
> You can also contribute! Join us in the [Azure Sentinel Threat Hunters GitHub community](https://github.com/Azure/Azure-Sentinel/wiki). >
+## August 2021
+
+- [File event normalization schema (Public preview)](#file-event-normalization-schema-public-preview)
+- [New in docs: Best practice guidance](#new-in-docs-best-practice-guidance)
+
+### File Event normalization schema (Public preview)
+
+The Azure Sentinel Information Model (ASIM) now supports a File Event normalization schema, which is used to describe file activity, such as creating, modifying, or deleting files or documents. File events are reported by operating systems, file storage systems such as Azure Files, and document management systems such as Microsoft SharePoint.
+
+For more information, see:
+
+- [Azure Sentinel File Event normalization schema reference (Public preview)](file-event-normalization-schema.md)
+- [Normalization and the Azure Sentinel Information Model (ASIM)](normalization.md)
++
+### New in docs: Best practice guidance
+
+In response to multiple requests from customers and our support teams, we've added a series of best practice guidance to our documentation.
+
+For more information, see:
+
+- [Prerequisites for deploying Azure Sentinel](prerequisites.md)
+- [Best practices for Azure Sentinel](best-practices.md)
+- [Azure Sentinel workspace architecture best practices](best-practices-workspace-architecture.md)
+- [Design your Azure Sentinel workspace architecture](design-your-workspace-architecture.md)
+- [Azure Sentinel sample workspace designs](sample-workspace-designs.md)
+- [Data collection best practices](best-practices-data.md)
+
+> [!TIP]
+> You can find more guidance added across our documentation in relevant conceptual and how-to articles. For more information, see [Additional best practice references](best-practices.md#additional-best-practice-references).
+>
+ ## July 2021 - [Microsoft Threat Intelligence Matching Analytics (Public preview)](#microsoft-threat-intelligence-matching-analytics-public-preview)
static-web-apps Authentication Custom https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/static-web-apps/authentication-custom.md
To avoid putting secrets in source control, the configuration looks into [applic
### Configuration
-The following tables contain the different configuration options for each provider.
+Setting up custom authentication requires that you reference a few secrets stored as [application settings](./application-settings.md).
# [Azure Active Directory](#tab/aad)
-| Field Path | Description |
-| -- | - |
-| `registration.openIdIssuer` | The endpoint for the OpenID configuration of the AAD tenant. |
-| `registration.clientIdSettingName` | The name of the application setting containing the Application (client) ID for the Azure AD app registration. |
-| `registration.clientSecretSettingName` | The name of the application setting containing the client secret for the Azure AD app registration. |
+Azure Active Directory providers are available in two different versions. Version 1 explicitly defines the `userDetailsClaim`, which allows the payload to return user information. By contrast, version 2 returns user information by default, and is designated by `v2.0` in the `openIdIssuer` URL.
+
+To create the registration, begin by creating the following application settings:
+
+| Setting Name | Value |
+| | |
+| `AAD_CLIENT_ID` | The Application (client) ID for the Azure AD app registration. |
+| `AAD_CLIENT_SECRET` | The client secret for the Azure AD app registration. |
+
+#### Azure Active Directory Version 1
```json { "auth": { "identityProviders": { "azureActiveDirectory": {
+ "userDetailsClaim": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
"registration": { "openIdIssuer": "https://login.microsoftonline.com/<TENANT_ID>",
- "clientIdSettingName": "<AAD_CLIENT_ID>",
- "clientSecretSettingName": "<AAD_CLIENT_SECRET>"
+ "clientIdSettingName": "AAD_CLIENT_ID",
+ "clientSecretSettingName": "AAD_CLIENT_SECRET"
} } }
The following tables contain the different configuration options for each provid
} ```
-Azure Active Directory features versioned endpoints which affect how your registration is configured. If you are using AAD v1 (the issuer endpoint does not end with "/v2.0"), then you need to add the following `userDetailsClaim` entry to your configuration in the `"azureActiveDirectory"` object.
+Make sure to replace `<TENANT_ID>` with your Azure Active Directory tenant ID.
+
+#### Azure Active Directory Version 2
```json
-"azureActiveDirectory": {
- "registration": { ... },
- "userDetailsClaim": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
+{
+ "auth": {
+ "identityProviders": {
+ "azureActiveDirectory": {
+ "registration": {
+ "openIdIssuer": "https://login.microsoftonline.com/<TENANT_ID>/v2.0",
+ "clientIdSettingName": "AAD_CLIENT_ID",
+ "clientSecretSettingName": "AAD_CLIENT_SECRET"
+ }
+ }
+ }
+ }
} ```
+Make sure to replace `<TENANT_ID>` with your Azure Active Directory tenant ID.
+ For more information on how to configure Azure Active Directory, see the [App Service Authentication/Authorization documentation](../app-service/configure-authentication-provider-aad.md). # [Apple](#tab/apple)
-| Field Path | Description |
-| -- | -- |
-| `registration.clientIdSettingName` | The name of the application setting containing the Client ID. |
-| `registration.clientSecretSettingName` | The name of the application setting containing the Client Secret. |
+To create the registration, begin by creating the following application settings:
+
+| Setting Name | Value |
+| | |
+| `APPLE_CLIENT_ID` | The Apple client ID. |
+| `APPLE_CLIENT_SECRET` | The Apple client secret. |
+
+Next, use the following sample to configure the provider.
```json {
For more information on how to configure Azure Active Directory, see the [App Se
"identityProviders": { "apple": { "registration": {
- "clientIdSettingName": "<APPLE_CLIENT_ID>",
- "clientSecretSettingName": "<APPLE_CLIENT_SECRET>"
+ "clientIdSettingName": "APPLE_CLIENT_ID",
+ "clientSecretSettingName": "APPLE_CLIENT_SECRET"
} } }
For more information on how to configure Apple as an authentication provider, se
# [Facebook](#tab/facebook)
-| Field Path | Description |
-| -- | -- |
-| `registration.appIdSettingName` | The name of the application setting containing the App ID. |
-| `registration.appSecretSettingName` | The name of the application setting containing the App Secret. |
+To create the registration, begin by creating the following application settings:
+
+| Setting Name | Value |
+| | |
+| `FACEBOOK_APP_ID` | The Facebook application ID. |
+| `FACEBOOK_APP_SECRET` | The Facebook application secret. |
+
+Next, use the following sample to configure the provider.
```json {
For more information on how to configure Apple as an authentication provider, se
"identityProviders": { "facebook": { "registration": {
- "appIdSettingName": "<FACEBOOK_APP_ID>",
- "appSecretSettingName": "<FACEBOOK_APP_SECRET>"
+ "appIdSettingName": "FACEBOOK_APP_ID",
+ "appSecretSettingName": "FACEBOOK_APP_SECRET"
} } }
For more information on how to configure Facebook as an authentication provider,
# [GitHub](#tab/github)
-| Field Path | Description |
-| -- | -- |
-| `registration.clientIdSettingName` | The name of the application setting containing the Client ID. |
-| `registration.clientSecretSettingName` | The name of the application setting containing the Client Secret. |
+
+To create the registration, begin by creating the following application settings:
+
+| Setting Name | Value |
+| | |
+| `GITHUB_CLIENT_ID` | The GitHub client ID. |
+| `GITHUB_CLIENT_SECRET` | The GitHub client secret. |
+
+Next, use the following sample to configure the provider.
```json {
For more information on how to configure Facebook as an authentication provider,
"identityProviders": { "github": { "registration": {
- "clientIdSettingName": "<GITHUB_CLIENT_ID>",
- "clientSecretSettingName": "<GITHUB_CLIENT_SECRET>"
+ "clientIdSettingName": "GITHUB_CLIENT_ID",
+ "clientSecretSettingName": "GITHUB_CLIENT_SECRET"
} } }
For more information on how to configure Facebook as an authentication provider,
# [Google](#tab/google)
-| Field Path | Description |
-| -- | -- |
-| `registration.clientIdSettingName` | The name of the application setting containing the Client ID. |
-| `registration.clientSecretSettingName` | The name of the application setting containing the Client Secret. |
+
+To create the registration, begin by creating the following application settings:
+
+| Setting Name | Value |
+| | |
+| `GOOGLE_CLIENT_ID` | The Google client ID. |
+| `GOOGLE_CLIENT_SECRET` | The Google client secret. |
+
+Next, use the following sample to configure the provider.
```json {
For more information on how to configure Facebook as an authentication provider,
"identityProviders": { "google": { "registration": {
- "clientIdSettingName": "<GOOGLE_CLIENT_ID>",
- "clientSecretSettingName": "<GOOGLE_CLIENT_SECRET>"
+ "clientIdSettingName": "GOOGLE_CLIENT_ID",
+ "clientSecretSettingName": "GOOGLE_CLIENT_SECRET"
} } }
For more information on how to configure Google as an authentication provider, s
# [Twitter](#tab/twitter)
-| Field Path | Description |
-| - | -- |
-| `registration.consumerKeySettingName` | The name of the application setting containing the Consumer Key. |
-| `registration.consumerSecretSettingName` | The name of the application setting containing the Consumer Secret. |
+To create the registration, begin by creating the following application settings:
+
+| Setting Name | Value |
+| | |
+| `TWITTER_CONSUMER_KEY` | The Twitter consumer key. |
+| `TWITTER_CONSUMER_SECRET` | The Twitter consumer secret. |
+
+Next, use the following sample to configure the provider.
```json {
For more information on how to configure Google as an authentication provider, s
"identityProviders": { "twitter": { "registration": {
- "consumerKeySettingName": "<TWITTER_CONSUMER_KEY>",
- "consumerSecretSettingName": "<TWITTER_CONSUMER_SECRET>"
+ "consumerKeySettingName": "TWITTER_CONSUMER_KEY",
+ "consumerSecretSettingName": "TWITTER_CONSUMER_SECRET"
} } }
This section shows you how to configure Azure Static Web Apps to use a custom au
You're required to register your application's details with an identity provider. Check with the provider regarding the steps needed to generate a **client ID** and **client secret** for your application.
+Once the application is registered with the identity provider, create the following application secrets in the [application settings](application-settings.md) of the Static Web App:
+
+| Setting Name | Value |
+| | |
+| `MY_PROVIDER_CLIENT_ID` | The client ID generated by the authentication provider for your static web app. |
+| `MY_PROVIDER_CLIENT_SECRET` | The client secret generated by the authentication provider's custom registration for your static web app. |
+
+If you register additional providers, each one needs an associated client ID and client secret store in application settings.
+ > [!IMPORTANT] > Application secrets are sensitive security credentials. Do not share this secret with anyone, distribute it within a client application, or check into source control. Once you have the registration credentials, use the following steps to create a custom registration.
-1. Add the client ID and client secret as [application settings](application-settings.md) for the app, using setting names of your choice. Make note of these names for later. Alternatively, the client ID can be included in the configuration file.
- 1. You need the OpenID Connect metadata for the provider. This information is often exposed via a [configuration metadata document](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig), which is the provider's _Issuer URL_ suffixed with `/.well-known/openid-configuration`. Gather this configuration URL. 1. Add an `auth` section of the [configuration file](configuration.md) with a configuration block for the OIDC providers, and your provider definition.
Once you have the registration credentials, use the following steps to create a
"customOpenIdConnectProviders": { "myProvider": { "registration": {
- "clientIdSettingName": "<MY_PROVIDER_CLIENT_ID_SETTING_NAME>",
+ "clientIdSettingName": "MY_PROVIDER_CLIENT_ID",
"clientCredential": {
- "clientSecretSettingName": "<MY_PROVIDER_CLIENT_SECRET_SETTING_NAME>"
+ "clientSecretSettingName": "MY_PROVIDER_CLIENT_SECRET"
}, "openIdConnectConfiguration": { "wellKnownOpenIdConfiguration": "https://<PROVIDER_ISSUER_URL>/.well-known/openid-configuration"
Once you have the registration credentials, use the following steps to create a
} ```
- Change the following replacement tokens in the code with your values.
-
- | Replace this... | with... |
- | | |
- | `<MY_PROVIDER_CLIENT_ID_SETTING_NAME>` | The application setting name associated with the client ID generated from your custom registration. |
- | `<MY_PROVIDER_CLIENT_SECRET_SETTING_NAME>` | The application setting name associated with the client secret generated from your custom registration. |
- | `<PROVIDER_ISSUER_URL>` | The path to the _Issuer URL_ of the provider. |
--- The provider name, `myProvider` in this example, is the unique identifier used by Azure Static Web Apps.-- The `login` object allows you to provide values for: custom scopes, login parameters, or custom claims.
+ - The provider name, `myProvider` in this example, is the unique identifier used by Azure Static Web Apps.
+ - Make sure to replace `<PROVIDER_ISSUER_URL>` with the path to the _Issuer URL_ of the provider.
+ - The `login` object allows you to provide values for: custom scopes, login parameters, or custom claims.
### Login, logout, and purging user details
static-web-apps Plans https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/static-web-apps/plans.md
Azure Static Web Apps is available through two different plans, Free and Standar
| Custom domains | 2 per app | 5 per app | | APIs via Azure Functions | Managed | Managed or<br>[Bring your own Functions app](functions-bring-your-own.md) | | Authentication provider integration | [Pre-configured](authentication-authorization.md)<br>(Service defined) | [Custom registrations](authentication-custom.md) |
+| Private endpoints | - | Γ£ö |
| [Service Level Agreement (SLA)](https://azure.microsoft.com/support/legal/sla/app-service-static/v1_0/) | None | Γ£ö | ## Selecting a plan
storage Network File System Protocol Support How To https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/storage/blobs/network-file-system-protocol-support-how-to.md
As you configure the account, choose these values:
|Location|All available regions |All available regions |Performance|Premium| Standard |Account kind|BlockBlobStorage| General-purpose V2
-|Replication|Locally-redundant storage (LRS)| Locally-redundant storage (LRS), Zone-redundant storage (ZRS)
+|Replication|Locally-redundant storage (LRS), Zone-redundant storage (ZRS)| Locally-redundant storage (LRS), Zone-redundant storage (ZRS)
|Connectivity method|Public endpoint (selected networks) or Private endpoint |Public endpoint (selected networks) or Private endpoint |Hierarchical namespace|Enabled|Enabled |NFS V3|Enabled |Enabled
storage Storage Files How To Create Nfs Shares https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/storage/files/storage-files-how-to-create-nfs-shares.md
Now that you have created a FileStorage account and configured the networking, y
1. Navigate to your storage account and select **File shares**. 1. Select **+ File share** to create a new file share. 1. Name your file share, select a provisioned capacity.
-1. For **Protocol** select **NFS (preview)**.
+1. For **Protocol** select **NFS**.
1. For **Root Squash** make a selection. - Root squash (default) - Access for the remote superuser (root) is mapped to UID (65534) and GID (65534).
storage Storage Files Netapp Comparison https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/storage/files/storage-files-netapp-comparison.md
Most workloads that require cloud file storage work well on either Azure Files o
| Category | Azure Files | Azure NetApp Files | ||-|| | Description | [Azure Files](https://azure.microsoft.com/services/storage/files/) is a fully managed, highly available, enterprise-grade service that is optimized for random access workloads with in-place data updates.<br><br> Azure Files is built on the same Azure storage platform as other services like Azure Blobs. | [Azure NetApp Files](https://azure.microsoft.com/services/netapp/) is a fully managed, highly available, enterprise-grade NAS service that can handle the most demanding, high-performance, low-latency workloads requiring advanced data management capabilities. It enables the migration of workloads, which are deemed ΓÇ£un-migratableΓÇ¥ without.<br><br> ANF is built on NetAppΓÇÖs bare metal with ONTAP storage OS running inside the Azure datacenter for a consistent Azure experience and an on-premises like performance. |
-| Protocols | Premium<br><ul><li>SMB 2.1, 3.0, 3.1.1</li><li>NFS 4.1 (preview)</li><li>REST</li></ul><br>Standard<br><ul><li>SMB 2.1, 3.0, 3.1.1</li><li>REST</li></ul><br> To learn more, see [available file share protocols](./storage-files-planning.md#available-protocols). | All tiers<br><ul><li>SMB 1, 2.x, 3.x</li><li>NFS 3.0, 4.1</li><li>Dual protocol access (NFSv3/SMB)</li></ul><br> To learn more, see how to create [NFS](../../azure-netapp-files/azure-netapp-files-create-volumes.md), [SMB](../../azure-netapp-files/azure-netapp-files-create-volumes-smb.md), or [dual-protocol](../../azure-netapp-files/create-volumes-dual-protocol.md) volumes. |
+| Protocols | Premium<br><ul><li>SMB 2.1, 3.0, 3.1.1</li><li>NFS 4.1 (preview)</li><li>REST</li></ul><br>Standard<br><ul><li>SMB 2.1, 3.0, 3.1.1</li><li>REST</li></ul><br> To learn more, see [available file share protocols](./storage-files-planning.md#available-protocols). | All tiers<br><ul><li>SMB 2.x, 3.x</li><li>NFS 3.0, 4.1</li><li>Dual protocol access (NFSv3/SMB)</li></ul><br> To learn more, see how to create [NFS](../../azure-netapp-files/azure-netapp-files-create-volumes.md), [SMB](../../azure-netapp-files/azure-netapp-files-create-volumes-smb.md), or [dual-protocol](../../azure-netapp-files/create-volumes-dual-protocol.md) volumes. |
| Region Availability | Premium<br><ul><li>30+ Regions</li></ul><br>Standard<br><ul><li>All regions</li></ul><br> To learn more, see [Products available by region](https://azure.microsoft.com/global-infrastructure/services/?products=storage). | All tiers<br><ul><li>25+ Regions</li></ul><br> To learn more, see [Products available by region](https://azure.microsoft.com/global-infrastructure/services/?products=storage). | | Redundancy | Premium<br><ul><li>LRS</li><li>ZRS</li></ul><br>Standard<br><ul><li>LRS</li><li>ZRS</li><li>GRS</li><li>GZRS</li></ul><br> To learn more, see [redundancy](./storage-files-planning.md#redundancy). | All tiers<br><ul><li>Built-in local HA</li><li>[Cross-region replication](../../azure-netapp-files/cross-region-replication-introduction.md)</li></ul> | | Service-Level Agreement (SLA)<br><br> Note that SLAs for Azure Files and Azure NetApp Files are calculated differently. | [SLA for Azure Files](https://azure.microsoft.com/support/legal/sla/storage/) | [SLA for Azure NetApp Files](https://azure.microsoft.com/support/legal/sla/netapp) |
stream-analytics Quick Create Azure Cli https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/quick-create-azure-cli.md
The following Azure CLI code blocks are commands that prepare the input data req
az iot hub show-connection-string --hub-name "MyASAIoTHub" ```
-2. Add a device to IoT Hub using the [az iothub device-identity create](../iot-develop/quickstart-send-telemetry-iot-hub.md?pivots=programming-language-ansi-c#create-a-simulated-device) command. This example creates a device called **MyASAIoTDevice**.
+2. Add a device to IoT Hub using the [az iothub device-identity create](/cli/azure/iot/hub/device-identity#az_iot_hub_device_identity_create) command. This example creates a device called **MyASAIoTDevice**.
```azurecli az iot hub device-identity create --hub-name "MyASAIoTHub" --device-id "MyASAIoTDevice"
stream-analytics Stream Analytics Quick Create Powershell https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/stream-analytics/stream-analytics-quick-create-powershell.md
The following Azure CLI code block does many commands to prepare the input data
az iot hub show-connection-string --hub-name "MyASAIoTHub" ```
-3. Add a device to IoT Hub using the [az iothub device-identity create](../iot-develop/quickstart-send-telemetry-iot-hub.md?pivots=programming-language-ansi-c#create-a-simulated-device) command. This example creates a device called **MyASAIoTDevice**.
+3. Add a device to IoT Hub using the [az iot hub device-identity create](/cli/azure/iot/hub/device-identity#az_iot_hub_device_identity_create) command. This example creates a device called **MyASAIoTDevice**.
```azurecli az iot hub device-identity create --hub-name "MyASAIoTHub" --device-id "MyASAIoTDevice"
synapse-analytics Query Delta Lake Format https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/synapse-analytics/sql/query-delta-lake-format.md
The [OPENROWSET](develop-openrowset.md) function enables you to read the content
The easiest way to see to the content of your `DELTA` file is to provide the file URL to the [OPENROWSET](develop-openrowset.md) function and specify `DELTA` format. If the file is publicly available or if your Azure AD identity can access this file, you should be able to see the content of the file using a query like the one shown in the following example: ```sql
-select top 10 *
-from openrowset(
- bulk 'https://sqlondemandstorage.blob.core.windows.net/delta-lake/covid/',
- format = 'delta') as rows
+SELECT TOP 10 *
+FROM OPENROWSET(
+ BULK 'https://sqlondemandstorage.blob.core.windows.net/delta-lake/covid/',
+ FORMAT = 'delta') as rows;
``` Column names and data types are automatically read from Delta Lake files. The `OPENROWSET` function uses best guess types like VARCHAR(1000) for the string columns.
If you created your database, and switched the context to your database (using `
your external data source containing the root URI to your data set and use it to query Delta Lake files: ```sql
-create external data source DeltaLakeStorage
-with ( location = 'https://sqlondemandstorage.blob.core.windows.net/delta-lake/' );
-go
-
-select top 10 *
-from openrowset(
- bulk 'covid',
- data_source = 'DeltaLakeStorage',
- format = 'delta'
- ) as rows
+CREATE EXTERNAL DATA SOURCE DeltaLakeStorage
+WITH ( LOCATION = 'https://sqlondemandstorage.blob.core.windows.net/delta-lake/' );
+GO
+
+SELECT TOP 10 *
+FROM OPENROWSET(
+ BULK 'covid',
+ DATA_SOURCE = 'DeltaLakeStorage',
+ FORMAT = 'delta'
+ ) as rows;
``` If a data source is protected with SAS key or custom identity, you can configure [data source with database scoped credential](develop-storage-files-storage-access-control.md?tabs=shared-access-signature#database-scoped-credential).
If a data source is protected with SAS key or custom identity, you can configure
`OPENROWSET` enables you to explicitly specify what columns you want to read from the file using `WITH` clause: ```sql
-select top 10 *
-from openrowset(
- bulk 'covid',
- data_source = 'DeltaLakeStorage',
- format = 'delta'
+SELECT TOP 10 *
+FROM OPENROWSET(
+ BULK 'covid',
+ DATA_SOURCE = 'DeltaLakeStorage',
+ FORMAT = 'delta'
)
- with ( date_rep date,
+ WITH ( date_rep date,
cases int, geo_id varchar(6)
- ) as rows
+ ) as rows;
``` With the explicit specification of the result set schema, you can minimize the type sizes and use the more precise types VARCHAR(6) for string columns instead of pessimistic VARCHAR(1000). Minimization of types might significantly improve performance of your queries.
virtual-desktop Whats New https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/virtual-desktop/whats-new.md
The Azure Virtual Desktop agent updates at least once per month.
Here's what's changed in the Azure Virtual Desktop Agent: -- Version 1.0.3130.1200: This update was released May 2021 for validation pools and has the following changes:
+- Version 1.0.3130.2900: This update was released July 2021 and has the following changes:
- General improvements and bug fixes. - Fixes an issue with getting the host pool path for Intune registration. - Added logging to better diagnose agent issues.-- Version 1.0.3050.1200: This update was released May 2021 for validation pools and has the following changes:
+ - Fixes an issue with orchestration timeouts.
+- Version 1.0.3050.2500: This update was released July 2021 and has the following changes:
- Updated internal monitors for agent health. - Updated retry logic for stack health. - Version 1.0.2990.1500: This update was released April 2021 and has the following changes:
To learn more, see [our blog post](https://azure.microsoft.com/updates/windows-v
## Next steps
-Learn about future plans at the [Microsoft 365 Azure Virtual Desktop roadmap](https://www.microsoft.com/microsoft-365/roadmap?filters=Windows%20Virtual%20Desktop).
+Learn about future plans at the [Microsoft 365 Azure Virtual Desktop roadmap](https://www.microsoft.com/microsoft-365/roadmap?filters=Windows%20Virtual%20Desktop).
virtual-machines Storage Performance https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/virtual-machines/linux/storage-performance.md
The design of the Lsv2-series Virtual Machines (VMs) maximizes the AMD EPYCΓäó 7
This article provides tips and suggestions to ensure your workloads and applications achieve the maximum performance designed into the VMs. The information on this page will be continuously updated as more Lsv2 optimized images are added to the Azure Marketplace.
-## AMD EYPCΓäó chipset architecture
+## AMD EPYCΓäó chipset architecture
Lsv2-series VMs use AMD EYPCΓäó server processors based on the Zen microarchitecture. AMD developed Infinity Fabric (IF) for EYPCΓäó as scalable interconnect for its NUMA model that could be used for on-die, on-package, and multi-package communications. Compared with QPI (Quick-Path Interconnect) and UPI (Ultra-Path Interconnect) used on Intel modern monolithic-die processors, AMDΓÇÖs many-NUMA small-die architecture may bring both performance benefits as well as challenges. The actual impact of memory bandwidth and latency constraints could vary depending on the type of workloads running.
virtual-machines Image Builder Gallery https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/virtual-machines/windows/image-builder-gallery.md
To distribute the image to a Shared Image Gallery, the template uses [sharedImag
Azure Image Builder automatically runs sysprep to generalize the image, this is a generic sysprep command, which you can [override](../linux/image-builder-troubleshoot.md#vms-created-from-aib-images-do-not-create-successfully) if needed.
-Be aware how many times you layer customizations. You can run the Sysprep command up to 8 times on a single Windows image. After running Sysprep 8 times, you must recreate your Windows image. For more information, see [Limits on how many times you can run Sysprep](/windows-hardware/manufacture/desktop/sysprep--generalize--a-windows-installation#limits-on-how-many-times-you-can-run-sysprep).
+Be aware how many times you layer customizations. You can run the Sysprep command a limited number times on a single Windows image. After reaching the Sysprep limit, you must recreate your Windows image. For more information, see [Limits on how many times you can run Sysprep](/windows-hardware/manufacture/desktop/sysprep--generalize--a-windows-installation#limits-on-how-many-times-you-can-run-sysprep).
## Register the features
virtual-machines Windows Desktop Multitenant Hosting Deployment https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/virtual-machines/windows/windows-desktop-multitenant-hosting-deployment.md
For more information, see [Multitenant Hosting for Windows 10](https://www.micro
Using the [Microsoft admin center](/microsoft-365/admin/admin-overview/about-the-admin-center), you can confirm if a user has been assigned a Windows 10 supported license. > [!IMPORTANT]
-> Users must have one of the below subscription licenses in order to use Windows 10 images in Azure. If you do not have one of these subscription licenses, they can be purchased through your [Cloud Service Partner](https://azure.microsoft.com/overview/choosing-a-cloud-service-provider/) or directly through [Microsoft](https://www.microsoft.com/microsoft-365?rtc=1).
+> Users **must** have one of the below subscription licenses in order to use Windows 10 images in Azure for any production workload. If you do not have one of these subscription licenses, they can be purchased through your [Cloud Service Partner](https://azure.microsoft.com/overview/choosing-a-cloud-service-provider/) or directly through [Microsoft](https://www.microsoft.com/microsoft-365?rtc=1).
**Eligible subscription licenses:**
virtual-machines Get Started https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/virtual-machines/workloads/sap/get-started.md
In this section, you can find information in how to configure SSO with most of t
In this section, you find documents about Microsoft Power BI integration into SAP data sources as well as Azure Data Factory integration into SAP BW. ## Change Log
+- August 02, 2021: Change in [HA for SAP NW on Azure VMs on RHEL for SAP applications](./high-availability-guide-rhel.md), [HA for SAP NW on Azure VMs on RHEL with ANF](./high-availability-guide-rhel-netapp-files.md) and [HA for SAP NW on Azure VMs on RHEL multi-SID guide](./high-availability-guide-rhel-multi-sid.md) to adjust cluster resources stickiness, migration thresholds and order constraints
- August 02, 2021: Release of [SAP BW-Near Line Storage (NLS) implementation guide with SAP IQ on Azure](./sap-iq-deployment-guide.md) - July 26, 2021: Change in [Setting up Pacemaker on RHEL in Azure](./high-availability-guide-rhel-pacemaker.md) and [Setting up Pacemaker on SLES in Azure](./high-availability-guide-suse-pacemaker.md) to replace role assignment instructions with links to the RBAC documentation in the sections describing the set up for Azure Fence Agent - July 22, 2021: Change in [HA for SAP NW on Azure VMs on RHEL for SAP applications](./high-availability-guide-rhel.md), [HA for SAP NW on Azure VMs on RHEL with ANF](./high-availability-guide-rhel-netapp-files.md) and [HA for SAP NW on Azure VMs on RHEL multi-SID guide](./high-availability-guide-rhel-multi-sid.md) to remove `failure-timeout` for the ASCS cluster resource (ENSA2 only)
virtual-machines High Availability Guide Rhel Multi Sid https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/virtual-machines/workloads/sap/high-availability-guide-rhel-multi-sid.md
vm-windows Previously updated : 07/22/2021 Last updated : 08/03/2021
This documentation assumes that:
op start interval=0 timeout=600 op stop interval=0 timeout=600 \ --group g-NW2_ASCS
+ sudo pcs resource meta g-NW2_ASCS resource-stickiness=3000
+ sudo pcs resource create rsc_sap_NW2_ERS12 SAPInstance \ InstanceName=NW2_ERS12_msnw2ers START_PROFILE="/sapmnt/NW2/profile/NW2_ERS12_msnw2ers" \ AUTOMATIC_RECOVER=false IS_ERS=true \
This documentation assumes that:
sudo pcs constraint colocation add g-NW2_AERS with g-NW2_ASCS -5000 sudo pcs constraint location rsc_sap_NW2_ASCS10 rule score=2000 runs_ers_NW2 eq 1
- sudo pcs constraint order g-NW2_ASCS then g-NW2_AERS kind=Optional symmetrical=false
+ sudo pcs constraint order start g-NW2_ASCS then stop g-NW2_AERS kind=Optional symmetrical=false
sudo pcs resource create rsc_sap_NW3_ASCS20 SAPInstance \ InstanceName=NW3_ASCS20_msnw3ascs START_PROFILE="/sapmnt/NW3/profile/NW3_ASCS20_msnw3ascs" \
This documentation assumes that:
op start interval=0 timeout=600 op stop interval=0 timeout=600 \ --group g-NW3_ASCS
+ sudo pcs resource meta g-NW3_ASCS resource-stickiness=3000
+ sudo pcs resource create rsc_sap_NW3_ERS22 SAPInstance \ InstanceName=NW3_ERS22_msnw3ers START_PROFILE="/sapmnt/NW3/profile/NW2_ERS22_msnw3ers" \ AUTOMATIC_RECOVER=false IS_ERS=true \
This documentation assumes that:
sudo pcs constraint colocation add g-NW3_AERS with g-NW3_ASCS -5000 sudo pcs constraint location rsc_sap_NW3_ASCS20 rule score=2000 runs_ers_NW3 eq 1
- sudo pcs constraint order g-NW3_ASCS then g-NW3_AERS kind=Optional symmetrical=false
+ sudo pcs constraint order start g-NW3_ASCS then stop g-NW3_AERS kind=Optional symmetrical=false
sudo pcs property set maintenance-mode=false ```
This documentation assumes that:
sudo pcs resource create rsc_sap_NW2_ASCS10 SAPInstance \ InstanceName=NW2_ASCS10_msnw2ascs START_PROFILE="/sapmnt/NW2/profile/NW2_ASCS10_msnw2ascs" \ AUTOMATIC_RECOVER=false \
- meta resource-stickiness=5000 migration-threshold=1 \
+ meta resource-stickiness=5000 \
op monitor interval=20 on-fail=restart timeout=60 \ op start interval=0 timeout=600 op stop interval=0 timeout=600 \ --group g-NW2_ASCS
+ sudo pcs resource meta g-NW2_ASCS resource-stickiness=3000
+ sudo pcs resource create rsc_sap_NW2_ERS12 SAPInstance \ InstanceName=NW2_ERS12_msnw2ers START_PROFILE="/sapmnt/NW2/profile/NW2_ERS12_msnw2ers" \ AUTOMATIC_RECOVER=false IS_ERS=true \ op monitor interval=20 on-fail=restart timeout=60 op start interval=0 timeout=600 op stop interval=0 timeout=600 \ --group g-NW2_AERS
+ sudo pcs resource meta rsc_sap_NW2_ERS12 resource-stickiness=3000
+ sudo pcs constraint colocation add g-NW2_AERS with g-NW2_ASCS -5000
- sudo pcs constraint order g-NW2_ASCS then g-NW2_AERS kind=Optional symmetrical=false
- sudo pcs constraint order start g-NW2_ASCS then stop g-NW2_AERS symmetrical=false
+ sudo pcs constraint order start g-NW2_ASCS then start g-NW2_AERS kind=Optional symmetrical=false
+ sudo pcs constraint order start g-NW2_ASCS then stop g-NW2_AERS kind=Optional symmetrical=false
sudo pcs resource create rsc_sap_NW3_ASCS20 SAPInstance \ InstanceName=NW3_ASCS20_msnw3ascs START_PROFILE="/sapmnt/NW3/profile/NW3_ASCS20_msnw3ascs" \ AUTOMATIC_RECOVER=false \
- meta resource-stickiness=5000 migration-threshold=1 \
+ meta resource-stickiness=5000 \
op monitor interval=20 on-fail=restart timeout=60 \ op start interval=0 timeout=600 op stop interval=0 timeout=600 \ --group g-NW3_ASCS
+ sudo pcs resource meta g-NW3_ASCS resource-stickiness=3000
+ sudo pcs resource create rsc_sap_NW3_ERS22 SAPInstance \ InstanceName=NW3_ERS22_msnw3ers START_PROFILE="/sapmnt/NW3/profile/NW2_ERS22_msnw3ers" \ AUTOMATIC_RECOVER=false IS_ERS=true \ op monitor interval=20 on-fail=restart timeout=60 op start interval=0 timeout=600 op stop interval=0 timeout=600 \ --group g-NW3_AERS
+ sudo pcs resource meta rsc_sap_NW3_ERS22 resource-stickiness=3000
+ sudo pcs constraint colocation add g-NW3_AERS with g-NW3_ASCS -5000
- sudo pcs constraint order g-NW3_ASCS then g-NW3_AERS kind=Optional symmetrical=false
- sudo pcs constraint order start g-NW3_ASCS then stop g-NW3_AERS symmetrical=false
+ sudo pcs constraint order start g-NW3_ASCS then start g-NW3_AERS kind=Optional symmetrical=false
+ sudo pcs constraint order start g-NW3_ASCS then stop g-NW3_AERS kind=Optional symmetrical=false
sudo pcs property set maintenance-mode=false ```
virtual-machines High Availability Guide Rhel Netapp Files https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/virtual-machines/workloads/sap/high-availability-guide-rhel-netapp-files.md
vm-windows Previously updated : 07/22/2021 Last updated : 08/03/2021
The following items are prefixed with either **[A]** - applicable to all nodes,
### Installing SAP NetWeaver ASCS/ERS
+1. **[1]** Configure cluster default properties
+
+ ```
+ pcs resource defaults resource-stickiness=1
+ pcs resource defaults migration-threshold=3
+ ```
+ 1. **[1]** Create a virtual IP resource and health-probe for the ASCS instance ```
The following items are prefixed with either **[A]** - applicable to all nodes,
op start interval=0 timeout=600 op stop interval=0 timeout=600 \ --group g-QAS_ASCS
+ sudo pcs resource meta g-QAS_ASCS resource-stickiness=3000
+ sudo pcs resource create rsc_sap_QAS_ERS01 SAPInstance \ InstanceName=QAS_ERS01_anftstsapers START_PROFILE="/sapmnt/QAS/profile/QAS_ERS01_anftstsapers" \ AUTOMATIC_RECOVER=false IS_ERS=true \ op monitor interval=20 on-fail=restart timeout=60 op start interval=0 timeout=600 op stop interval=0 timeout=600 \ --group g-QAS_AERS
-
+
sudo pcs constraint colocation add g-QAS_AERS with g-QAS_ASCS -5000 sudo pcs constraint location rsc_sap_QAS_ASCS00 rule score=2000 runs_ers_QAS eq 1
- sudo pcs constraint order g-QAS_ASCS then g-QAS_AERS kind=Optional symmetrical=false
+ sudo pcs constraint order start g-QAS_ASCS then stop g-QAS_AERS kind=Optional symmetrical=false
sudo pcs node unstandby anftstsapcl1 sudo pcs property set maintenance-mode=false
The following items are prefixed with either **[A]** - applicable to all nodes,
sudo pcs resource create rsc_sap_QAS_ASCS00 SAPInstance \ InstanceName=QAS_ASCS00_anftstsapvh START_PROFILE="/sapmnt/QAS/profile/QAS_ASCS00_anftstsapvh" \ AUTOMATIC_RECOVER=false \
- meta resource-stickiness=5000 migration-threshold=1 \
+ meta resource-stickiness=5000 \
op monitor interval=20 on-fail=restart timeout=60 \ op start interval=0 timeout=600 op stop interval=0 timeout=600 \ --group g-QAS_ASCS
+ sudo pcs resource meta g-QAS_ASCS resource-stickiness=3000
+ sudo pcs resource create rsc_sap_QAS_ERS01 SAPInstance \ InstanceName=QAS_ERS01_anftstsapers START_PROFILE="/sapmnt/QAS/profile/QAS_ERS01_anftstsapers" \ AUTOMATIC_RECOVER=false IS_ERS=true \ op monitor interval=20 on-fail=restart timeout=60 op start interval=0 timeout=600 op stop interval=0 timeout=600 \ --group g-QAS_AERS
+ sudo pcs resource meta rsc_sap_QAS_ERS01 resource-stickiness=3000
+ sudo pcs constraint colocation add g-QAS_AERS with g-QAS_ASCS -5000
- sudo pcs constraint order g-QAS_ASCS then g-QAS_AERS kind=Optional symmetrical=false
- sudo pcs constraint order start g-QAS_ASCS then stop g-QAS_AERS symmetrical=false
+ sudo pcs constraint order start g-QAS_ASCS then start g-QAS_AERS kind=Optional symmetrical=false
+ sudo pcs constraint order start g-QAS_ASCS then stop g-QAS_AERS kind=Optional symmetrical=false
sudo pcs node unstandby anftstsapcl1 sudo pcs property set maintenance-mode=false
Follow these steps to install an SAP application server.
[root@anftstsapcl2 ~]# pgrep -f enq.sapQAS | xargs kill -9 ```
- The ASCS instance should immediately fail over to the other node. The ERS instance should also fail over after the ASCS instance is started. Run the following commands as root to clean up the resource state of the ASCS and ERS instance after the test.
+ The ASCS instance should immediately fail over to the other node, in the case of ENSA2. The ERS instance should also fail over after the ASCS instance is started. Run the following commands as root to clean up the resource state of the ASCS and ERS instance after the test.
``` [root@anftstsapcl2 ~]# pcs resource cleanup rsc_sap_QAS_ASCS00
virtual-machines High Availability Guide Rhel https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/virtual-machines/workloads/sap/high-availability-guide-rhel.md
vm-windows Previously updated : 07/22/2021 Last updated : 08/03/2021
The following items are prefixed with either **[A]** - applicable to all nodes,
### Installing SAP NetWeaver ASCS/ERS
+1. **[1]** Configure cluster default properties
+
+ ```
+ pcs resource defaults resource-stickiness=1
+ pcs resource defaults migration-threshold=3
+ ```
+ 1. **[1]** Create a virtual IP resource and health-probe for the ASCS instance <pre><code>sudo pcs node standby <b>nw1-cl-1</b>
The following items are prefixed with either **[A]** - applicable to all nodes,
op start interval=0 timeout=600 op stop interval=0 timeout=600 \ --group g-<b>NW1</b>_ASCS
+ sudo pcs resource meta g-<b>NW1</b>_ASCS resource-stickiness=3000
+ sudo pcs resource create rsc_sap_<b>NW1</b>_ERS<b>02</b> SAPInstance \ InstanceName=<b>NW1</b>_ERS02_<b>nw1-aers</b> START_PROFILE="/sapmnt/<b>NW1</b>/profile/<b>NW1</b>_ERS02_<b>nw1-aers</b>" \ AUTOMATIC_RECOVER=false IS_ERS=true \
The following items are prefixed with either **[A]** - applicable to all nodes,
sudo pcs resource create rsc_sap_<b>NW1</b>_ASCS00 SAPInstance \ InstanceName=<b>NW1</b>_ASCS00_<b>nw1-ascs</b> START_PROFILE="/sapmnt/<b>NW1</b>/profile/<b>NW1</b>_ASCS00_<b>nw1-ascs</b>" \ AUTOMATIC_RECOVER=false \
- meta resource-stickiness=5000 migration-threshold=1 \
+ meta resource-stickiness=5000 \
op monitor interval=20 on-fail=restart timeout=60 \ op start interval=0 timeout=600 op stop interval=0 timeout=600 \ --group g-<b>NW1</b>_ASCS+
+ sudo pcs resource meta g-<b>NW1</b>_ASCS resource-stickiness=3000
sudo pcs resource create rsc_sap_<b>NW1</b>_ERS<b>02</b> SAPInstance \ InstanceName=<b>NW1</b>_ERS02_<b>nw1-aers</b> START_PROFILE="/sapmnt/<b>NW1</b>/profile/<b>NW1</b>_ERS02_<b>nw1-aers</b>" \ AUTOMATIC_RECOVER=false IS_ERS=true \ op monitor interval=20 on-fail=restart timeout=60 op start interval=0 timeout=600 op stop interval=0 timeout=600 \ --group g-<b>NW1</b>_AERS+
+ sudo pcs resource meta rsc_sap_<b>NW1</b>_<b>ERS02</b> resource-stickiness=3000
sudo pcs constraint colocation add g-<b>NW1</b>_AERS with g-<b>NW1</b>_ASCS -5000
- sudo pcs constraint order g-<b>NW1</b>_ASCS then g-<b>NW1</b>_AERS kind=Optional symmetrical=false
+ sudo pcs constraint order start g-<b>NW1</b>_ASCS then start g-<b>NW1</b>_AERS kind=Optional symmetrical=false
sudo pcs constraint order start g-<b>NW1</b>_ASCS then stop g-<b>NW1</b>_AERS kind=Optional symmetrical=false sudo pcs node unstandby <b>nw1-cl-0</b>
Follow these steps to install an SAP application server.
[root@nw1-cl-1 ~]# pgrep -f enq.sapNW1 | xargs kill -9 </code></pre>
- The ASCS instance should immediately fail over to the other node. The ERS instance should also fail over after the ASCS instance is started. Run the following commands as root to clean up the resource state of the ASCS and ERS instance after the test.
+ The ASCS instance should immediately fail over to the other node, in the case of ENSA2. The ERS instance should also fail over after the ASCS instance is started. Run the following commands as root to clean up the resource state of the ASCS and ERS instance after the test.
<pre><code>[root@nw1-cl-0 ~]# pcs resource cleanup rsc_sap_NW1_ASCS00 [root@nw1-cl-0 ~]# pcs resource cleanup rsc_sap_NW1_ERS02
virtual-network Application Security Groups https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/virtual-network/application-security-groups.md
The rules that specify an application security group as the source or destinatio
Application security groups have the following constraints: - There are limits to the number of application security groups you can have in a subscription, as well as other limits related to application security groups. For details, see [Azure limits](../azure-resource-manager/management/azure-subscription-service-limits.md?toc=%2fazure%2fvirtual-network%2ftoc.json#azure-resource-manager-virtual-networking-limits).-- In the Azure portal, you can specify only one application security group as the source and destination in a security rule. In the REST API (including PowerShell/Azure CLI), you can specify multiple application security groups in the source or destination. - All network interfaces assigned to an application security group have to exist in the same virtual network that the first network interface assigned to the application security group is in. For example, if the first network interface assigned to an application security group named *AsgWeb* is in the virtual network named *VNet1*, then all subsequent network interfaces assigned to *ASGWeb* must exist in *VNet1*. You cannot add network interfaces from different virtual networks to the same application security group. - If you specify an application security group as the source and destination in a security rule, the network interfaces in both application security groups must exist in the same virtual network. For example, if *AsgLogic* contained network interfaces from *VNet1*, and *AsgDb* contained network interfaces from *VNet2*, you could not assign *AsgLogic* as the source and *AsgDb* as the destination in a rule. All network interfaces for both the source and destination application security groups need to exist in the same virtual network.
virtual-network Virtual Network Scenario Udr Gw Nva https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/virtual-network/virtual-network-scenario-udr-gw-nva.md
AZF1 represents an Azure virtual appliance containing the following rules:
### AZF2 AZF2 represents an Azure virtual appliance containing the following rules:
-* **Route**: All traffic to 10.0.0.0/16 (**onpremvnet**) must be sent to the Azure gateway IP address (i.e. 10.0.0.1) through **port1**.
* **Policy**: Allow all bidirectional traffic between **port1** and **port2**.
+### AZF3
+AZF3 represents an Azure virtual appliance containing the following rules:
+
+* **Route**: All traffic to 192.168.0.0/16 (**onpremvnet**) must be sent to the Azure gateway IP address (i.e., 10.0.0.1) through **port1**.
+ ## Network Security Groups (NSGs) In this scenario, NSGs are not being used. However, you could apply NSGs to each subnet to restrict incoming and outgoing traffic. For instance, you could apply the following NSG rules to the external FW subnet.
To deploy this scenario, follow the high level steps below.
3. Provision the resources that are part of **AZURERG**. 4. Provision the tunnel from **onpremvnet** to **azurevnet**. 5. Once all resources are provisioned, sign in to **onpremvm2** and ping 10.0.3.101 to test connectivity between **onpremsn2** and **azsn3**.-
virtual-wan Virtual Wan About https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/virtual-wan/virtual-wan-about.md
To configure an end-to-end virtual WAN, you create the following resources:
* **virtualWAN:** The virtualWAN resource represents a virtual overlay of your Azure network and is a collection of multiple resources. It contains links to all your virtual hubs that you would like to have within the virtual WAN. Virtual WAN resources are isolated from each other and cannot contain a common hub. Virtual hubs across Virtual WAN do not communicate with each other.
-* **Hub:** A virtual hub is a Microsoft-managed virtual network. The hub contains various service endpoints to enable connectivity. From your on-premises network (vpnsite), you can connect to a VPN Gateway inside the virtual hub, connect ExpressRoute circuits to a virtual hub, or even connect mobile users to a Point-to-site gateway in the virtual hub. The hub is the core of your network in a region. There can only be one hub per Azure region.
+* **Hub:** A virtual hub is a Microsoft-managed virtual network. The hub contains various service endpoints to enable connectivity. From your on-premises network (vpnsite), you can connect to a VPN Gateway inside the virtual hub, connect ExpressRoute circuits to a virtual hub, or even connect mobile users to a Point-to-site gateway in the virtual hub. The hub is the core of your network in a region. Multiple virtual hubs can be created in the same region.
A hub gateway is not the same as a virtual network gateway that you use for ExpressRoute and VPN Gateway. For example, when using Virtual WAN, you don't create a site-to-site connection from your on-premises site directly to your VNet. Instead, you create a site-to-site connection to the hub. The traffic always goes through the hub gateway. This means that your VNets do not need their own virtual network gateway. Virtual WAN lets your VNets take advantage of scaling easily through the virtual hub and the virtual hub gateway.
virtual-wan Virtual Wan Faq https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/virtual-wan/virtual-wan-faq.md
Yes. For a list of Managed Service Provider (MSP) solutions enabled via Azure Ma
Azure Route Server provides a Border Gateway Protocol (BGP) peering service that can be used by NVAs (Network Virtual Appliance) to learn routes from the route server in a DIY hub VNet. Virtual WAN routing provides multiple capabilities including VNet-to-VNet transit routing, custom routing, custom route association and propagation, and a zero-touch fully meshed hub service along with connectivity services of ExpressRoute, Site VPN, Remote User/Large Scale P2S VPN, and Secure hub (Azure Firewall) capabilities. When you establish a BGP peering between your NVA and Azure Route Server, you can advertise IP addresses from your NVA to your virtual network. For all advanced routing capabilities such as transit routing, custom routing, etc., you can use Virtual WAN routing.
+### If I am using a third-party security provider (ZScalar, iBoss or Checkpoint) to secure my internet traffic why don't I see the VPN site associated to the third-party security provider in Azure Portal?
+
+When you choose to deploy a security partner provider to protect Internet access for your users, the third-party security provider creates a VPN site on your behalf. Because the third-party security provider is created automatically by the provider and is not a user-created VPN site, this VPN site will not show up in Azure Portal.
+
+For more information regarding the available options third-party security providers and how to set this up, please review this [document](../firewall-manager/deploy-trusted-security-partner.md)
+ ## Next steps * For more information about Virtual WAN, see [About Virtual WAN](virtual-wan-about.md).