+The revoked client certificate flow shows a client presenting a revoked certificate to the frontend of Application Gateway for Containers. Application Gateway for Containers determines the certificate isn't valid and prevents the request from being proxied to the client. The client will receive an HTTP 400 bad request and corresponding reason.

+For this example, we'll create a root certificate and issue a client certificate from the root. If you already have a root certificate and client certificate, you may skip these steps.

+ name: listener-tls-secret

+ name: listener-tls-secret

+ - name: echo

+ port: 80

+Create a Kubernetes secret using kubectl that contains the certificate chain to the client certificate.

+```bash

+kubectl create secret generic ca.bundle -n test-infra --from-file=ca.crt=root.crt

+```

+Curling the FQDN of your frontend without the client certificate.

+```bash

+curl --insecure https://$fqdn/

+```

+Note the response alerts a certificate is required.

+```

+curl: (56) OpenSSL SSL_read: OpenSSL/1.1.1k: error:1409445C:SSL routines:ssl3_read_bytes:tlsv13 alert certificate required, errno 0

+```

+Curl the FQDN presenting the client certificate generated.

+Note the response is from the backend service behind Application Gateway for Containers.

+Congratulations, you installed ALB Controller, deployed a backend application, authenticated via client certificate, and returned traffic from your backend service via Application Gateway for Containers.

+You can use variants to override the enabled state of a feature flag. This gives variants an opportunity to extend the evaluation of a feature flag. When calling `IsEnabled` on a flag with variants, the feature manager will check if the variant assigned to the current user is configured to override the result. This is done using the optional variant property `status_override`. By default, this property is set to `None`, which means the variant doesn't affect whether the flag is considered enabled or disabled. Setting `status_override` to `Enabled` allows the variant, when chosen, to override a flag to be enabled. Setting `status_override` to `Disabled` provides the opposite functionality, therefore disabling the flag when the variant is chosen. A feature with an `enabled` state of `false` can't be overridden.

+> [Run experiments with variant feature flags](./howto-feature-filters.md)

+| Linux | .NET 9 Preview 7^{1, 2} |

+² .NET 9 is not yet supported on the Flex Consumption SKU.

+ <AzureFunctionsVersion>v4</AzureFunctionsVersion>

+ 'interpolate',

+ 24, ['*', radiusMeters, 214.34637593279402]

+* Spain Central

+ Title: Reserved capacity for Azure NetApp Files

+description: Learn how to optimize total cost of ownership (TCO) with Azure NetApp Files reservations.

+documentationcenter: ''

+editor: ''

+ms.assetid:

+ na

+# Reserved capacity for Azure NetApp Files

+You can save money on the storage costs for Azure NetApp Files with reservations. Azure NetApp Files reservations offer a discount on capacity for storage costs when you commit to a reservation for one or three years, optimizing your total cost of ownership (TCO). A reservation provides a fixed amount of storage capacity for the term of the reservation.

+Azure NetApp Files reservations can significantly reduce your capacity costs for storing data in your Azure NetApp Files volumes. How much you save depends on the total capacity you choose to reserve, and the [service level](azure-netapp-files-service-levels.md) chosen.

+For pricing information about reservations in Azure NetApp Files, see [Azure NetApp Files pricing](https://azure.microsoft.com/pricing/details/netapp/).

+## Reservation terms for Azure NetApp Files

+This section describes the terms of an Azure NetApp Files reservation.

+>[!NOTE]

+>Azure NetApp Files reservations cover matching capacity pools in the selected service level and region. When using capacity pools configured with [cool access](manage-cool-access.md), only "hot" tier consumption is covered by the reservation benefit.

+### Reservation quantity

+You can purchase a reservation in 100-TiB and 1-PiB units per month for a one- or three-year term for a particular service level within a region.

+### Reservation scope

+A reservation applies to your usage within the purchased scope. It can't be limited to a specific NetApp account, capacity pool, container, or object within the subscription.

+When you purchase the reservation, you choose the subscription scope. You can change the scope after the purchase. The scope options are:

+- **Single resource group scope:** The reservation discount applies to the selected resource group only.

+- **Single subscription scope:** The reservation discount applies to the matching resources in the selected subscription.

+- **Shared scope:** The reservation discount applies to matching resources in eligible subscriptions in the billing context. If a subscription moves to a different billing context, the benefit no longer applies to the subscription. The benefit continues to apply to other subscription in the billing context.

+ - If you're an enterprise customer, the billing context is the EA enrollment. The reservation shared scope includes multiple Microsoft Entra tenants in an enrollment.

+ - If you're a Microsoft Customer Agreement customer, the billing scope is the billing profile.

+ - If you're a pay-as-you-go customer, the shared scope is all pay-as-you-go subscriptions created by the account administrator.

+- **Management group:** the reservation discount applies to the matching resource in the list of subscriptions that are a part of both the management group and billing scope. The management group scope applies to all subscriptions throughout the entire management group hierarchy. To buy a reservation for a management group, you must have read permission on the management group and be a reservation owner or reservation purchaser on the billing subscription.

+Any reservation for Azure NetApp Files covers only the capacity pools within the service level selected. Add-on features such as cross-region replication and backup aren't included in the reservation. As soon as you buy a reservation, the capacity charges that match the reservation attributes are charged at the discount rates instead of the pay-as-you go rates.

+For more information on Azure reservations, see [What are Azure Reservations](../cost-management-billing/reservations/save-compute-costs-reservations.md).

+### Supported service level options

+Azure NetApp Files reservations are available for Standard, Premium, and Ultra service levels in units of 100 TiB and 1 PiB.

+### Requirements for purchase

+To purchase a reservation:

+* You must be in the **Owner** role for at least one Enterprise or individual subscription with pay-as-you-go rates.

+* For Enterprise subscriptions, **Add Reserved Instances** must be enabled in the EA portal. Or, if that setting is disabled, you must be an EA Admin on the subscription.

+* For the Cloud Solution Provider (CSP) program, only admin agents or sales agents can buy Azure NetApp Files reservations.

+## Determine required capacity before purchase

+When you purchase an Azure NetApp Files reservation, you must choose the region and tier for the reservation. Your reservation is valid only for data stored in that region and tier. For example, suppose you purchase a reservation for Azure NetApp Files *Premium* service level in US East. That reservation applies to neither *Premium* capacity pools for that subscription in US West nor capacity pools for other service levels (for example, *Ultra* service level in US East). Additional reservations can be purchased.

+Reservations are available in 100-TiB or 1-PiB increments; higher discounts are available for 1-PiB increments. When you purchase a reservation in the Azure portal, Microsoft might provide you with recommendations based on your previous usage to help determine which reservation you should purchase.

+Purchasing an Azure NetApp Files reservation doesn't automatically increase your regional capacity. Azure NetApp Files reservations aren't an on-demand capacity guarantee. If your reservation requires a quota increase, it's recommended you complete that before making the reservation. For more information, see [Regional capacity in Azure NetApp Files](regional-capacity-quota.md).

+## Purchase an Azure NetApp Files reservation

+You can purchase Azure NetApp Files reservation through the [Azure portal](https://portal.azure.com/). You can pay for the reservation up front or with monthly payments. For more information about purchasing with monthly payments, see [Purchase Azure reservations with up front or monthly payments](../cost-management-billing/reservations/prepare-buy-reservation.md).

+To purchase a reservation:

+1. Log in to the Azure portal.

+1. To buy a new reservation, select **All services** > **Reservations** then **Azure NetApp Files**.

+ :::image type="content" source="./media/reservations/reservations-services.png" alt-text="Screenshot of the reservations services menu." lightbox="./media/reservations/reservations-services.png":::

+

+1. Select a subscription. Use the subscription list to choose the subscription used to pay for the reservation. The payment method of the subscription is charged the cost of the reservation. The subscription type must be an enterprise agreement (offer numbers MS-AZR-0017P or MS-AZR-0148P), Microsoft Customer Agreement, or pay-as-you-go (offer numbers MS-AZR-0003P or MS-AZR-0023P).

+ 1. For an enterprise subscription, the charges are deducted from the enrollment's Azure Prepayment (previously known as monetary commitment) balance or charged as overage.

+ 1. For a pay-as-you-go subscription, the charges are billed to the credit card or invoice payment method on the subscription.

+1. Select a scope.

+1. Select the Azure region to be covered by the reservation.

+ :::image type="content" source="./media/reservations/subscription-scope.png" alt-text="Screenshot of the subscription choices." lightbox="./media/reservations/subscription-scope.png":::

+1. Select **Add to cart**.

+1. In the cart, choose the quantity of provisioned throughput units you want to purchase. For example, choosing 64 covers up to 64 deployed provisioned throughput units every hour.

+1. Select **Next: Review + Buy** to review your purchase choices and their prices.

+1. Select **Buy now**.

+1. After purchase, you can select **View this reservation** to review your purchase status.

+After you purchase a reservation, it's automatically applied to any existing [Azure NetApp Files capacity pools](azure-netapp-files-set-up-capacity-pool.md) that match the terms of the reservation. If you haven't created any Azure NetApp Files capacity pools, the reservation applies when you create a resource that matches the terms of the reservation. In either case, the term of the reservation begins immediately after a successful purchase.

+## Exchange or refund a reservation

+You can exchange or refund a reservation, with certain limitations. For more information about Azure Reservations policies, see [Self-service exchanges and refunds for Azure Reservations](../cost-management-billing/reservations/exchange-and-refund-azure-reservations.md).

+## Expiration of a reservation

+When a reservation expires, any Azure NetApp Files capacity you're using under that reservation is billed at the pay-as-you go rate. By default, reservations are set to renew automatically at time of purchase. You can modify the renewal option at the time or purchase or after.

+An email notification is sent 30 days prior to the expiration of the reservation, and again on the expiration date. To continue taking advantage of the cost savings that a reservation provides, renew it no later than the expiration date.

+## Need help? Contact us

+If you have questions or need help, [create a support request](https://go.microsoft.com/fwlink/?linkid=2083458).

+## Next steps

+* [What are Azure Reservations?](../cost-management-billing/reservations/save-compute-costs-reservations.md)

+* [Understand how reservation discounts are applied to Azure storage services](../cost-management-billing/reservations/understand-storage-charges.md)

+## September 2024

+* [Reserved capacity](reservations.md) is now generally available (GA)

+ Pay-as-you-go pricing is the most convenient way to purchase cloud storage when your workloads are dynamic or changing over time. However, some workloads are more predictable with stable capacity usage over an extended period. These workloads can benefit from savings in exchange for a longer-term commitment. With a one-year or three-year commitment of an Azure NetApp Files reservation, you can save up to 34% on sustained usage of Azure NetApp Files. Reservations are available in stackable increments of 100 TiB and 1 PiB on Standard, Premium and Ultra service levels in a given region. Azure NetApp Files reservations benefits are automatically applied to existing Azure NetApp Files capacity pools in the matching region and service level. Azure NetApp Files reservations provide cost savings and financial predictability and stability, allowing for more effective budgeting. Additional usage is conveniently billed at the regular pay-as-you-go rate.

+ For more detail, see the [Azure NetApp Files reserved capacity](reserved-capacity.md) or see reservations in the Azure portal.

+* [Volume enhancement: Azure NetApp Files now supports 50 GiB minimum volume sizes](azure-netapp-files-create-volumes.md#50-gib) (preview)

+ You can now create an Azure NetApp Files volume as small as [50 GiB](azure-netapp-files-resource-limits.md)--a reduction from the initial minimum size of 100 GiB. 50 GiB volumes save costs for workloads that require volumes smaller than 100 GiB, allowing you to appropriately size storage volumes. 50 GiB volumes are supported for all protocols with Azure NetApp Files: [NFS](azure-netapp-files-create-volumes.md#50-gib), [SMB](azure-netapp-files-create-volumes-smb.md#50-gib), and [dual-protocol](create-volumes-dual-protocol.md#50-gib). You must register for the feature before creating a volume smaller than 100 GiB.

+There's a limitation of 5000 disk encryption sets per region, per subscription. For more

+This article describes the steps to move App Service resources between resource groups or Azure subscriptions. There are specific requirements for moving App Service resources to a new subscription. Unless otherwise noted, these steps apply to both App Service Web Apps and Azure Functions.

+If you want to move your app to a new region, see the Relocate to another region guidance for either [App Service](/azure/operational-excellence/relocation-app-service) or [Azure Functions](/azure/operational-excellence/relocation-functions).

+When you move an app across subscriptions, the following guidance applies:

+ - Web apps

+ - You can move an app and plan hosted on an App Service Environment to a new subscription without moving the App Service Environment. The app and plan that you move are always associated with your initial App Service Environment. You can't move an app/plan to a different App Service Environment.

+ - If you need to move an app and plan to a new App Service Environment, you'll need to recreate these resources in your new App Service Environment. Consider using the [backup and restore feature](../../../app-service/manage-backup.md) as way of recreating your resources in a different App Service Environment.

+- Apps with private endpoints cannot be moved. Delete the private endpoint(s) and recreate it after the move.

+- Apps with virtual network integration can't be moved. Remove the virtual network integration and reconnect it after the move.

+- When you move an app to a different resource group or subscription, the location of the app remains the same, but its policy is changed. For example, consider a case where your app runs in `Subscription1` (Central US) and has `Policy1` and `Subscription2` (UK South) that has `Policy2`. If you move your app to Subscription2, the location of the app remains the same (Central US); however, it falls under the new policy `Policy2`.

+If you don't remember the original resource group, you can find it through diagnostics. In your app page in the [Azure portal](https://portal.azure.com), select **Diagnose and solve problems**. Then, select **Configuration and Management**.

+Select the option for recommended steps to move the app.

+This tutorial shows you how to build and modify a Blazor Server app. You learn how to:

+Beginning in Visual Studio 2019 version 16.2.0, Azure SignalR Service is built into the web application publish process to make managing the dependencies between the web app and SignalR service much more convenient. You can work without any code changes at the same time:

+* in a local SignalR instance, in a local development environment.

+* in Azure SignalR Service for Azure App Service.

+1. To implement the SignalR client, create a new [Razor component](/aspnet/core/blazor/components/) called `ChatRoom.razor` under the `Pages` folder. Use the [ChatRoom.razor](https://github.com/aspnet/AzureSignalR-samples/tree/master/samples/BlazorChat/Pages/ChatRoom.razor) file or perform the following steps:

+1. To run the app, press <kbd>F5</kbd>. Now, you can initiate the chat:

+> In a Blazor Server app, UI states are maintained on the server side, which means a sticky server session is required to preserve state. If there is a single app server, sticky sessions are ensured by design. However, if multiple app servers are in use, the client negotiation and connection may be redirected to different servers, which may lead to an inconsistent UI state management in a Blazor app. Hence, it is recommended to enable sticky server sessions as shown in *appsettings.json*:

+ The service dependency carries out the following activities to enable your app to automatically switch to Azure SignalR Service when on Azure:

+1. Add a call to `AddAzureSignalR()` in `Startup.ConfigureServices()` as shown in the following example:

+> "ConnectionString": <your-connection-string>

+ >[!Caution]

+ >Microsoft recommends that you use the most secure authentication flow available. The authentication flow described in this procedure requires a very high degree of trust in the application, and carries risks that are not present in other flows. Ensure that you delete the **MABSSetup.ini** file once the installation is complete.

+ Title: Embed Azure Communication Services Chat in a custom Microsoft Teams app

+description: Learn how to use an Azure Communication Services Chat app from within Teams, without using interoperability linkage.

+# Embed chat in a Microsoft Teams custom app

+This article describes how to create a Microsoft Teams custom app to interact with an Azure Communication Services instance. This chat app enables interwork functions between the two systems while maintaining separated backend environments and identity configurations.

+## Use cases

+- **Point-of-sales and post-sales support**

+

+ Consumer websites can provide a quick access to a chat channel, either to automated bots or sales associate or both. We recommend using an isolated Azure Communication Service instance.

+ Similarly, post-sales support and coordination benefit from the ability to use chat independently while incorporated within Teams.

+- **Secured remote consultation services**

+

+ For medical telepresence applications, banking services, and other privacy-sensitive scenarios, the encryption and security provided by Azure Communication Services enables these use cases without needing the remote participants to use Teams. You can brand the solution as needed and employees of your organization can access the consults from their existing Teams installation.

+- **Data separation requirement scenarios**

+

+ For some areas, you might need to ensure geographical quarantining of data to specific jurisdictions. A companyΓÇÖs legal data storage area might be different from the location required to store customer data. You can configure such a scenario using the Azure Communications Services storage location at instance creation. The location can be different from the [TeamsΓÇÖ storage location](/microsoftteams/privacy/location-of-data-in-teams).

+ :::image type="content" source="media/chat-app-teams-instance-details.png" alt-text="Screen capture of selecting an Azure Communications Services storage location at instance creation." lightbox="media/chat-app-teams-instance-details.png":::

+## Architecture

+The following diagram shows the overall view of the Teams extensibility chat app.

+1. An Azure Communications Services instance enables the solution.

+2. The Web API provides server-side function for the solution, for both internal and external facing applications.

+3. Contoso customers use client (web or mobile) applications to interface with employees. This example shows a web app used to host the content.

+4. Contoso employees use the Teams app within their Teams client. The Teams client is a web app hosted within a Teams custom app and deployed to Teams through an iframe inside the Teams client.

+ The Azure Communication Services instance isn't directly connected to the Teams environment. The Communications Services environment is surfaced through the Teams custom app.

+ The Teams custom app gains TeamsΓÇÖ single sign-on (SSO), which provides the Teams user ID to the app. The custom messaging app uses the Teams user ID to map to the communication service user ID.

+## Build the Solution

+You need the following components to create the chat app.

+1. An Azure Communication Services instance.

+ - For more information, see [Quickstart: Create and manage Communication Services resources](../quickstarts/create-communication-resource.md).

+ - Configure the storage area for the instance during creation.

+2. An API server to host the backend components. The API server provides the backend logic required. Common use cases include user authentication and chat thread management APIs.

+3. A Web app instance to host the frontend components. The frontend components for both the customer-facing web and potentially for driving the Teams custom app layout via embedded iframe.

+4. A Teams custom app configured Teams to enable this app installation. To provide the experience for employees, Set up the Teams custom app to use web content driven from a web app or through a Teams custom app deployment.

+## Design the app

+You can design the customer-facing portal site as needed to meet your business needs. A simple call / chat web app usually requires two features:

+- Authentication (sign up / sign-on)

+- Primary chat (and call) user interface

+Teams single sign-on (SSO) provides authentication in the employee-facing Teams custom app. In this case, the employee needs to see a further list of customers before the main chat (and call) experience.

+Some other considerations for the design work within teams include guidelines to ensure a cohesive, inclusive, and accessible experience. For more information, see [Designing your Microsoft Teams app](/microsoftteams/platform/concepts/design/design-teams-app-overview).

+## Implement the Teams custom app

+Start your dedicated journey at [Get started > Build your first Teams app](/microsoftteams/platform/get-started/get-started-overview#build-your-first-teams-app).

+To get the development toolkit for Visual Studio Code, a quick reference to learning materials, code samples, and project templates, see [Microsoft Teams Toolkit Overview](/microsoftteams/platform/toolkit/teams-toolkit-fundamentals).

+In the Microsoft Teams Toolkit, select **New Project** > **Tab**.

+A Tab app provides the simplest framework, which you can further refine to use React with Fluent UI.

+You can quickly create an app skeleton and try it locally in Teams using a Microsoft 365 developer account. Use the React with Fluent UI capability and follow the basic install in Visual Studio Code.

+This project has a templated API implementation through Azure Functions. At this point, you need to create the complete backend implementation for a chat platform. The Basic Tab option provides the web app frontend structure. It also enables SSO for the app as described in [Develop single sign on experience in Teams | GitHub](https://github.com/OfficeDev/teams-toolkit/wiki/Develop-single-sign-on-experience-in-Teams).

+### Other ways to implement the Teams custom app

+You can create a Tab app that links each of the tabs through to an external app using the Teams app `manifest.json` file. For more information, see [Sample app manifest](/microsoftteams/platform/resources/schema/manifest-schema#sample-app-manifest).

+You can also use an existing Microsoft Entra app, as described in [Use existing Microsoft Entra app in TeamsFx project](/microsoftteams/platform/toolkit/use-existing-aad-app).

+For more information about Tabs capabilities, see [Configure Tab capability within your Teams app | GitHub](https://github.com/OfficeDev/teams-toolkit/wiki/How-to-configure-Tab-capability-within-your-Teams-app).

+## Build the chat app

+To build a fully featured chat app, you need some key functions.

+You need an Azure Communication Services instance to host the chats and provide the function to send and receive messages (and other communication types). Within this system, each communication ID represents a user, provided by the API service for the app. The user receives a communication ID once the user authentication flow is complete.

+### Authentication flow

+Azure Communication Services endpoints require authentication, provided in the form of a bearer token. The authentication service provides one token per communication ID.

+Depending upon your requirements, you might need to provide a means for users to sign up, sign-on, or resolve some other form of one-time authentication link.

+You need to create identities and issue authentication tokens within a backend service for security. For more information, see [Quickstart: Create and manage access tokens](../quickstarts/identity/access-tokens.md).

+### Chat UI

+The quickest method to provide a chat pane with message entry for the web UI is to use the React Web UI Library composites, from the Azure communication-react package. The Storybook documentation explains the integration of these and also direct usage within the Storybook environment.

+### Chat composite with the participants list

+The chat composite component requires the user identifier and token from the authentication flow, the Communication Services endpoint, and the thread ID to which it must be attached.

+Thread IDs represent conversations between groups of communication identifiers. Before a conversation, you need to create the thread and add users to that thread. You can automate this procedure or provide the function from a Tab in the Teams app for the employees to configure.

+### Chat bots

+You can add bots to your chat app. For more information, see [Quickstart: Add a bot to your chat app](..//quickstarts/chat/quickstart-botframework-integration.md).

+## Distribute the Teams app

+To use a Teams app in an organization, The Teams admin must approve it. You can [build a Teams custom app](/microsoftteams/platform/concepts/build-and-test/apps-package) and install the app package via the [Teams admin center](https://admin.teams.microsoft.com/). For more information, see [Manage custom apps in Microsoft Teams admin center](/microsoftteams/teams-custom-app-policies-and-settings).

+## Next steps

+- [Quickstart: Add a bot to your chat app](../quickstarts/chat/quickstart-botframework-integration.md)

+- [Enable file sharing using UI Library in Teams Interoperability Chat](../tutorials/file-sharing-tutorial-interop-chat.md)

+## Related articles

+- For more information about building an app with Teams interop, see [Contact center](./contact-center.md).

+ - Management group

+

+ - Subscription

+ - Resource group

+

+- **Azure NetApp Files** - A capacity reservation covers matching capacity pools in the selected service level and region. When using capacity pools configured with [cool access](../../azure-netapp-files/manage-cool-access.md), only "hot" tier consumption is covered by the reservation benefit.

+If you have questions or need help, [create a support request](https://go.microsoft.com/fwlink/?linkid=2083458).

+- Learn more about reservations for software plans:

+Enterprise Agreement customers can limit savings plan purchases to only Enterprise Agreement admins by disabling the **Add Savings Plan** option in the [Azure portal](https://portal.azure.com). To change settings, go to the **Policies** menu.

+If the **Add Savings Plan** option is disabled in the [Azure portal](https://portal.azure.com), then no user can purchase the Savings Plan. Go to the **Policies** menu to change settings to purchase the Savings Plan.

+## Overview

+| Connector|Release stage |End of Support Date |Disabled Date |

+|:-- |:-- |:-- | :-- |

+| [Google BigQuery (legacy)](connector-google-bigquery-legacy.md)  | End of support announced and new version available | October 31, 2024 | January 10, 2024 |

+| [MariaDB (legacy driver version)](connector-mariadb.md)  | End of support announced and new version available | October 31, 2024 | January 10, 2024 |

+| [MySQL (legacy driver version)](connector-mysql.md)  | End of support announced and new version available | October 31, 2024| January 10, 2024|

+| [Salesforce (legacy)](connector-salesforce-legacy.md)   | End of support announced and new version available | October 11, 2024 | January 10, 2024 |

+| [Salesforce Service Cloud (legacy)](connector-salesforce-service-cloud-legacy.md)   | End of support announced and new version available | October 11, 2024 |January 10, 2024 |

+| [PostgreSQL (legacy)](connector-postgresql-legacy.md)   | End of support announced and new version available |October 31, 2024 | January 10, 2024 |

+| [Snowflake (legacy)](connector-snowflake-legacy.md)   | End of support announced and new version available | October 31, 2024 | January 10, 2024 |

+| [Azure Database for MariaDB](connector-azure-database-for-mariadb.md) | End of support announced |December 31, 2024 | December 31, 2024 |

+| [Concur (Preview)](connector-concur.md) | End of support announced | December 31, 2024 | December 31, 2024 |

+| [Drill](connector-drill.md) | End of support announced | December 31, 2024 | December 31, 2024 |

+| [Hbase](connector-hbase.md) | End of support announced | December 31, 2024 | December 31, 2024 |

+| [Magento (Preview)](connector-magento.md) | End of support announced | December 31, 2024 | December 31, 2024 |

+| [Marketo (Preview)](connector-marketo.md) | End of support announced | December 31, 2024| December 31, 2024 |

+| [Oracle Responsys (Preview)](connector-oracle-responsys.md) | End of support announced | December 31, 2024 | December 31, 2024 |

+| [Paypal (Preview)](connector-paypal.md) | End of support announced |December 31, 2024 | December 31, 2024|

+| [Phoenix](connector-phoenix.md) | End of support announced | December 31, 2024 | December 31, 2024 |

+| [Amazon Marketplace Web Service](connector-amazon-marketplace-web-service.md)| Disabled |/ |/ |

+## Release stages and support

+This section describes the different release stages and support for each stage.

+| Release stage |Notes |

+|:-- |:-- |

+| End of Support announcement | Before the end of the lifecycle at any stage, an end of support announcement is performed.<br><br>Support Service Level Agreements (SLAs) are applicable for End of Support announced connectors, but all customers must upgrade to a new version of the connector no later than the End of Support date.<br><br>During this stage, the existing connectors function as expected, but objects such as linked service can be created only on the new version of the connector. |

+| End of Support | At this stage, the connector is considered as deprecated, and no longer supported.<br>&nbsp;&nbsp;ΓÇó No plan to fix bugs. <br>&nbsp;&nbsp;ΓÇó No plan to add any new features. <br><br> If necessary due to outstanding security issues, or other factors, **Microsoft might expedite moving into the final disabled stage at any time, at Microsoft's discretion**.|

+|Disabled |All pipelines that are running on legacy version connectors will no longer be able to execute.|

+- [PostgreSQL](connector-postgresql.md#upgrade-the-postgresql-linked-service)

+ > [!IMPORTANT]

+ > Powershell ISE is not supported for the Data Box Disk Tools

+

+ > [!NOTE]

+ > Powershell ISE is not supported for the Data Box Disk Tools

+

+ "id": "/subscriptions/00001111-aaaa-2222-bbbb-3333cccc4444/resourceGroups/CrossConnection-EUAPTest/providers/Microsoft.Network/expressRouteCrossConnections/<ProviderManagementSubscription>",

+ Azure-AsyncOperation: https://management.azure.com/subscriptions/00001111-aaaa-2222-bbbb-3333cccc4444/providers/Microsoft.Network/locations/eastus2euap/operations/0a8d458b-8fe3-44e6-89c9-1b156b946693?api-version=2018-02-01

+ C:\Users\Admin\Documents\Expressroute\Partner APIs\ARMClient-master\ARMClient-master>armclient get https://management.azure.com/subscriptions/<ProviderManagementSubscription>/providers/Microsoft.Network/locations/eastus2euap/operations/0a8d458b-8fe3-44e6-89c9-1b156b946693?api-version=2018-02-01

+ "primaryPeerAddressPrefix": "203.0.113.0/30",

+ "secondaryPeerAddressPrefix": "203.0.113.4/30",

+ "203.0.113.128/25"

+ Azure-AsyncOperation: https://management.azure.com/subscriptions/00001111-aaaa-2222-bbbb-3333cccc4444/providers/Microsoft.Network/locations/eastus2euap/operations/e3aa0bbd-4709-4092-a1f1-aa78080929d0?api-version=2018-02-01

+ "primaryPeerAddressPrefix": "203.0.113.0/30",

+ "secondaryPeerAddressPrefix": "203.0.113.4/30",

+ "203.0.113.128/25"

+ C:\Users\Admin\Documents\Expressroute\Partner APIs\ARMClient-master\ARMClient-master>armclient get https://management.azure.com/subscriptions/<ProviderManagementSubscription>/providers/Microsoft.Network/locations/eastus2euap/operations/e3aa0bbd-4709-4092-a1f1-aa78080929d0?api-version=2018-02-01

+| **Queretaro (Mexico)** | [KIO Networks QR01](https://www.kionetworks.com/es-mx/) | 4 | &cross; | &check; | Cirion Technologies<br/>Equinix<br/>KIO<br/>MCM Telecom<br/>Megaport<br/>Transtelco |

+| **[KIO](https://www.kio.tech/es-mx/microsoft-expressroute)** | &check; | &check; | Queretaro (Mexico) |

+az network lb inbound-nat-rule create -g MyResourceGroup --lb-name MyLoadBalancer -n MyNatRule --protocol Tcp --frontend-port-range-start 201 --frontend-port-range-end 500 --backend-port 22 --backend-address-pool MybackendPool

+az network lb inbound-nat-rule create -g MyResourceGroup --lb-name MyLoadBalancer -n MyNatRule --protocol Tcp --frontend-port-range-start 201 --frontend-port-range-end 500 --backend-port 22 --backend-address-pool MybackendPool

+| UK South | 51.140.79.109, 51.140.78.71, 51.140.84.39, 51.140.155.81, 20.108.102.180, 20.90.204.232, 20.108.148.173, 20.254.10.157, 4.159.25.35, 4.159.25.50, 4.250.87.43, 4.158.106.183, 4.250.53.153, 4.159.26.160, 4.159.25.103, 4.159.59.224, 4.158.138.59, 85.210.163.36, 85.210.34.209, 85.210.36.40, 85.210.185.43 |

+| UK South | 51.140.74.14, 51.140.73.85, 51.140.78.44, 51.140.137.190, 51.140.153.135, 51.140.28.225, 51.140.142.28, 51.140.158.24, 20.108.102.142, 20.108.102.123, 20.90.204.228, 20.90.204.188, 20.108.146.132, 20.90.223.4, 20.26.15.70, 20.26.13.151, 4.159.24.241, 4.250.55.134, 4.159.24.255, 4.250.55.217, 172.165.88.82, 4.250.82.111, 4.158.106.101, 4.158.105.106, 4.250.51.127, 4.250.49.230, 4.159.26.128, 172.166.86.30, 4.159.26.151, 4.159.26.77, 4.159.59.140, 4.159.59.13, 85.210.65.206, 85.210.120.102, 4.159.57.40, 85.210.66.97, 20.117.192.192 |

+ Title: Migrate to Azure Monitor Agent from Log Analytics agent

+description: Procedure to migrate to Azure Monitor Agent from MMA

+# Customer intent: As an azure administrator, I want to understand the process of migrating from the MMA agent to the AMA agent.

+# Agent-based dependency analysis using Azure monitor agent (AMA)

+Dependency analysis helps you to identify and understand dependencies across servers that you want to assess and migrate to Azure. We currently perform agent-based dependency analysis by downloading the [MMA agent and associating a Log Analytics workspace](concepts-dependency-visualization.md) with the Azure Migrate project.

+[Azure Monitor Agent (AMA)](/azure/azure-monitor/agents/azure-monitor-agent-overview) replaces the Log Analytics agent, also known as Microsoft Monitor Agent (MMA) and OMS, for Windows and Linux machines, in Azure and non-Azure environments, on-premises, and other clouds.

+This article describes the impact on agent-based dependency analysis because of Azure Monitor Agent (AMA) replacing the Log Analytics agent (also known as Microsoft Monitor agent (MMA)) and provides guidance to migrate from the Log Analytics agent to Azure Monitor Agent.

+> [!IMPORTANT]

+> The Log Analytics agent will be [retired on **August 31, 2024**](https://azure.microsoft.com/updates/were-retiring-the-log-analytics-agent-in-azure-monitor-on-31-august-2024/). You can expect the following when you use the MMA or OMS agent after this date.

+> - **Data upload:** Cloud ingestion services will gradually reduce support for MMA agents, which may result in decreased support and potential compatibility issues for MMA agents over time. Ingestion for MMA will be unchanged until February 1 2025.

+> - **Installation:** The ability to install the legacy agents will be removed from the Azure portal and installation policies for legacy agents will be removed. You can still install the MMA agents extension as well as perform offline installations.

+> - **Customer Support:** You will not be able to get support for legacy agent issues.

+> - **OS Support:** Support for new Linux or Windows distros, including service packs, won't be added after the deprecation of the legacy agents.

+> [!Note]

+> Starting July 1, 2024, [Standard Log Analytics charges](https://go.microsoft.com/fwlink/?linkid=2278207) are applicable for Agent-based dependency visualization. We suggest moving to [agentless dependency analysis](how-to-create-group-machine-dependencies-agentless.md) for a seamless experience.

+> [!Note]

+> The pricing estimation has been covered in [Estimate the price change](#estimate-the-price-change) section.

+## Migrate from Log analytics agent (MMA) to Azure Monitor agent (AMA)

+If you already set up MMA and the associated Log Analytics workspace with your Azure Migrate project, you can migrate from the existing Log analytics agent to Azure Monitor agent without breaking/changing the association of the Log Analytics workspace with the Azure Migrate project by following these steps.

+1. To deploy the Azure Monitor agent, it's recommended to first clean up the existing Service Map to avoid duplicates.ΓÇ»[Learn more](/azure/azure-monitor/vm/vminsights-migrate-from-service-map#remove-the-service-map-solution-from-the-workspace).

+1. Review the [prerequisites](/azure/azure-monitor/agents/azure-monitor-agent-manage#prerequisites) to install the Azure Monitor Agent.

+1. Download and run the script on the host machine as detailed in [Installation options](/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal#installation-options). To get the Azure Monitor agent and the Dependency agent deployed on the guest machine, create the [Data collection rule (DCR)](/azure/azure-monitor/agents/azure-monitor-agent-data-collection) that maps to the Log analytics workspace ID.

+In the transition scenario, the Log analytics workspace would be the same as the one that was configured for Service Map agent. DCR allows you to enable the collection of Processes and Dependencies. By default, it's disabled.

+## Estimate the price change

+You'll now be charged for associating a Log Analytics workspace with Azure Migrate project. This was earlier free for the first 180 days.

+As per the pricing change, you'll be billed against the volume of data gathered by the AMA agent and transmitted to the workspace. To review the volume of data you're gathering, follow these steps:

+1. Sign in to the Log analytics workspace.

+1. Navigate to the **Logs** section and run the following query:

+

+ ```

+ let AzureMigrateDataTables = dynamic(["ServiceMapProcess_CL","ServiceMapComputer_CL","VMBoundPort","VMConnection","VMComputer","VMProcess","InsightsMetrics"]); Usage

+ | where StartTime >= startofday(ago(30d)) and StartTime < startofday(now())

+ | where DataType in (AzureMigrateDataTables)

+ | summarize AzureMigateGBperMonth=sum(Quantity)/1000

+ ```

+## Support for Azure Monitor agent in Azure Migrate

+Install and manage Azure Monitor agent as mentioned [here](/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal). Currently, you can download the Log Analytics agent through the Azure Migrate portal.

+## Next steps

+[Learn](how-to-create-group-machine-dependencies.md) how to create dependencies for a group.

+|4.12|January 2023| August 19 2023|January 17 2025|

+The Azure resources that host your function app are region-specific and can't be moved across regions. Instead, you must create a copy of your existing function app resources in the target region, and then redeploy your functions code over to the new app.

+You can move these same resources to another resource group or subscription, as long as they remain in the same region. For more information, see [Move App Service resources to a new resource group or subscription](/azure/azure-resource-manager/management/move-limitations/app-service-move-limitations).

+description: Learn about Azure Operator Service Manager, an Azure orchestration service used to managed network service in large scale operator environments.

+Azure Operator Service Manager is a cloud orchestration service designed to simplify management of complex edge network services hosted on the Azure Operator Nexus platform. It provides persona-based capabilities to onboard, compose, deploy and update multi-vendor applications across one-to-many Azure sites and regions. Azure Operator Service Manager caters to the needs of large scale operator environments, helping to accelerate the migration of workloads to Azure cloud, while utilizing trusted Azure safe practices, to ensure service resiliency and reliability.

+Managing complex network services efficiently and reliably can be a challenge. Azure Operator Service ManagerΓÇÖs unique approach introduces curated experiences for publishers, designers, and operators. The following diagram illustrates the Azure Operator Service Manager (AOSM) deployment workflow.

+Consolidate service management tasks into a single set of end-to-end Azure operations to seamlessly manage infrastructure, software and configuration for complex multi-vendor multi-region services. Model network services using Azure Resource Manager (ARM), just like other Azure resources and drive run-time operations via any Azure interfaces, such as portal, CLI, API, or SDK.

+### Hybrid operations at scale

+### Operator grade security

+By unifying service management, facilitating deployments at fleet-wide scale and ensuring service consistency, operators can achieve accelerated service velocity, improved service reliability, and optimize service cost. Harness the power of Microsoft Azure through Azure Operator Service Manager to drive network services forward.

+description: AOSM NFO extension command reference and examples.

+#### Side Loading

+`--config global.networkfunctionextension.enableLocalRegistry=`

+* This configuration allows artifacts to be delivered to edge via hardware drive.

+* Accepted values: false, true.

+* Default value: false.

+#### Cluster Registry

+> [!NOTE]

+> * When managing a NAKS cluster with AOSM, the default parameter values enable HA as the recommended configuration.

+> * When managing a AKS cluster with AOSM, HA must be disabled using the following configuration options:

+>

+>```

+> --config global.networkfunctionextension.clusterRegistry.highAvailability.enabled=false

+> --config global.networkfunctionextension.webhook.highAvailability.enabled=false

+> --config global.networkfunctionextension.clusterRegistry.storageClassName=managed-csi

+>```

+* Release Notes for Version 2.0.2810-144

+

+* ## Release 2.0.2810-144

+Document Revision 1.1

+### Release Summary

+Azure Operator Service Manager is a cloud orchestration service that enables automation of operator network-intensive workloads, and mission critical applications hosted on Azure Operator Nexus. Azure Operator Service Manager unifies infrastructure, software, and configuration management with a common model into a single interface, both based on trusted Azure industry standards. This Septemer 13, 2024 Azure Operator Service Manager release includes updating the NFO version to 2.0.2810-144, the details of which are further outlined in the remainder of this document.

+### Release Details

+* Release Version: Version 2.0.2810-144

+* Release Date: September 13, 2024

+* Is NFO update required: YES, Update only

+* Dependency Versions: Go/1.22.4 - Helm/3.15.2

+### Release Installation

+This release can be installed with as an update on top of release 2.0.2788-144. Please see the following [learn documentation](manage-network-function-operator.md) for additional installation guidance.

+### Issues Resolved in This Release

+#### Bugfix Related Updates

+The following bug fixes, or other defect resolutions, are delivered with this release, for either Network Function Operator (NFO) or resource provider (RP) components.

+* NFO - Prevent the cluster registry certificate from being invalidated during Arc extension controller reconciliation.

+#### Security Related Updates

+None

+> | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments |

+> | [Microsoft.ContainerService](../permissions/containers.md#microsoftcontainerservice)/locations/* | Read locations available to ContainerService resources |

+> | [Microsoft.ContainerService](../permissions/containers.md#microsoftcontainerservice)/managedClusters/* | Create and manage a managed cluster |

+> | [Microsoft.ContainerService](../permissions/containers.md#microsoftcontainerservice)/managedclustersnapshots/* | Create and manage a managed cluster snapshot |

+> | [Microsoft.ContainerService](../permissions/containers.md#microsoftcontainerservice)/snapshots/* | Create and manage a snapshot |

+> | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert |

+> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. |

+ "Microsoft.Authorization/*/read",

+ "Microsoft.ContainerService/locations/*",

+ "Microsoft.ContainerService/managedClusters/*",

+ "Microsoft.ContainerService/managedclustersnapshots/*",

+ "Microsoft.ContainerService/snapshots/*",

+ "Microsoft.Insights/alertRules/*",

+ "Microsoft.Resources/deployments/*",

+ "Microsoft.Resources/subscriptions/resourceGroups/read"

+# Configure and manage Azure Route Server

+# Microsoft Sentinel incidents in Copilot for Security

+## September 2024

+- [Log Analytics agent retirement](#log-analytics-agent-retirement)

+### Log Analytics agent retirement

+As of August 31, 2024, the [Log Analytics Agent (MMA/OMS) is retired](https://azure.microsoft.com/updates/were-retiring-the-log-analytics-agent-in-azure-monitor-on-31-august-2024/).

+Log collection from many appliances and devices is now supported by the Common Event Format (CEF) via AMA, Syslog via AMA, or Custom Logs via AMA data connector in Microsoft Sentinel. If you've been using the Log Analytics agent in your Microsoft Sentinel deployment, we recommend that you migrate to the Azure Monitor Agent (AMA).

+For more information, see:

+- [Find your Microsoft Sentinel data connector](data-connectors-reference.md)

+- [Migrate to Azure Monitor Agent from Log Analytics agent](/azure/azure-monitor/agents/azure-monitor-agent-migration)

+- [AMA migration for Microsoft Sentinel](ama-migrate.md)

+- Blogs:

+ - [Revolutionizing log collection with Azure Monitor Agent](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/revolutionizing-log-collection-with-azure-monitor-agent/ba-p/4218129)

+ - [The power of Data Collection Rules: Collecting events for advanced use cases in Microsoft USOP](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/the-power-of-data-collection-rules-collecting-events-for/ba-p/4236486)

+1. First, the security principalΓÇÖs identity is authenticated, and an OAuth 2.0 token is returned. The resource name to request a token is `https://servicebus.azure.net`.

+When an Azure role is assigned to a Microsoft Entra security principal, Azure grants access to those resources for that security principal. Access can be scoped to the level of subscription, the resource group, the Service Bus namespace or entity (queue, topic or subscription). A Microsoft Entra security principal can be a user, a group, an application service principal, or a [managed identity for Azure resources](../active-directory/managed-identities-azure-resources/overview.md).

+- **Queue**, **topic**, or **subscription**: Role assignment applies to the specific Service Bus entity. Currently, the Azure portal doesn't support assigning users/groups/managed identities to Service Bus Azure roles at the topic subscription level.

+- **Service Bus namespace**: Role assignment spans the entire topology of Service Bus under the namespace and to the queue or topic subscription associated with it.

+- **Azure Subscription**: Role assignment applies to all the Service Bus resources in all of the resource groups in the subscription.

+Assign one of the [Service Bus roles](#azure-built-in-roles-for-azure-service-bus) to the application's service principal at the desired scope (entity, Service Bus namespace, resource group, Azure subscription). For detailed steps, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.yml).

+All the data stored in the storage subsystem is encrypted using Microsoft-managed keys. If you use your own key (also referred to as customer managed key), the data is still encrypted using the Microsoft-managed key, but in addition the Microsoft-managed key is encrypted using the customer-managed key. This feature enables you to create, rotate, disable, and revoke access to customer-managed keys that are used for encrypting Microsoft-managed keys. Enabling the customer-managed key feature is a one time setup process on your namespace. For more information, see [Encrypting Azure Service Bus data at rest](configure-customer-managed-key.md).

+# About networking in Azure virtual machine disaster recovery

+This article provides networking guidance for platform connectivity when you're replicating Azure virtual machines from one region to another, using [Azure Site Recovery](site-recovery-overview.md).

+The following diagram depicts a typical Azure environment, for applications running on Azure virtual machines:

+

+*.blob.core.windows.net | Required so that data can be written to the cache storage account in the source region from the virtual machine. If you know all the cache storage accounts for your virtual machines, you can allow access to the specific storage account URLs (Ex: cache1.blob.core.windows.net and cache2.blob.core.windows.net) instead of *.blob.core.windows.net

+*.hypervrecoverymanager.windowsazure.com | Required so that the Site Recovery service communication can occur from the virtual machine.

+*.servicebus.windows.net | Required so that the Site Recovery monitoring and diagnostics data can be written from the virtual machine.

+The advantages of using service tags to control connectivity, when compared to controlling connectivity using IP addresses, is that there's no hard dependency on a particular IP address to stay connected to our services. In such a scenario, if the IP address of one of our services changes, then the ongoing replication isn't impacted for your machines. Whereas, a dependency on hard coded IP addresses causes the replication status to become critical and put your systems at risk. Moreover, service tags ensure better security, stability and resiliency than hard coded IP addresses.

+ - Allow these addresses so that data can be written to the cache storage account, from the virtual machine.

+This example shows how to configure NSG rules for a virtual machine to replicate.

+- The example presumes that the virtual machine source location is "East US" and the target location is "Central US".

+If you're using network virtual appliances (NVAs) to control outbound network traffic from virtual machines, the appliance might get throttled if all the replication traffic passes through the NVA. We recommend creating a network service endpoint in your virtual network for "Storage" so that the replication traffic doesn't go to the NVA.

+- Select your Azure virtual network and select **Service endpoints**.

+- Select **Add** and **Add service endpoints** tab opens.

+- Select *Microsoft.Storage* under **Service** and the required subnets under 'Subnets' field and select **Add**.

+[Learn more about](azure-to-azure-network-mapping.md#set-up-ip-addressing-for-target-virtual-machines) setting up network mapping and IP addressing for virtual networks.

+description: Learn about mapping virtual networks between two Azure regions for Azure virtual machine disaster recovery with Azure Site Recovery.

+3. In **Add network mapping**, select the source and target locations. In our example, the source virtual machine is running in the East Asia region, and replicates to the Southeast Asia region.

+3. Now create a network mapping in the opposite direction. In our example, the source is now Southeast Asia, and the target is East Asia.

+If you haven't prepared network mapping before you configure disaster recovery for Azure virtual machines, you can specify a target network when you [set up and enable replication](azure-to-azure-how-to-enable-replication.md). When you do this, the following happens:

+So, if the source network name was "contoso-vnet", then the target network name is `contoso-vnet-asr`. Source network's name won't be edited by Azure Site Recovery.

+- If network mapping has already occurred for a source network, the mapped target network is always the default at the time of enabling replications for more virtual machines. You can choose to change the target virtual network by choosing other available options from the dropdown.

+>* Modifying the network mapping only changes the defaults for new virtual machine replications. It does not impact the target virtual network selections for existing replications.

+The subnet of the target virtual machine is selected based on the name of the subnet of the source virtual machine.

+- If a subnet with the same name as the source virtual machine subnet is available in the target network, that subnet is set for the target virtual machine.

+- You can modify the target subnet in the **Network** settings for the virtual machine.

+## Set up IP addressing for target virtual machines

+- **DHCP**: If the NIC of the source virtual machine uses DHCP, the NIC of the target virtual machine is also set to use DHCP.

+- **Static IP address**: If the NIC of the source virtual machine uses static IP addressing, the target virtual machine NIC also uses a static IP address.

+>The following approach is used to assign IP address to the target virtual machine, irrespective of the NIC settings.

+Same address space | IP address of the source virtual machine NIC is set as the target virtual machine NIC IP address.<br/><br/> If the address isn't available, the next available IP address is set as the target.

+Different address space | The next available IP address in the target subnet is set as the target virtual machine NIC address.

+Target network is the failover VNet | - Target IP address is static with the same IP address. <br/><br/> - If the same IP address is already assigned, then the IP address is the next one available at the end of the subnet range. For example: If the source IP address is `10.0.0.19` and failover network uses range `10.0.0.0/24`, then the next IP address assigned to the target virtual machine is `10.0.0.254`.

+Target network isn't the failover VNet | - Target IP address is static with the same IP address, only if it's available in the target virtual network. <br/><br/> - If the same IP address is already assigned, then the IP address is the next one available at the end of the subnet range.<br/><br/> For example: If the source static IP address is `10.0.0.19` and failover is on a network that isn't the failover network, with the range `10.0.0.0/24`, then the target static IP address is `10.0.0.19` if available. Otherwise it is `10.0.0.254`.

+- We recommend that you always use a nonproduction network for test failover.

+- You can modify the target IP address in the **Network** settings of the virtual machine.

+- Review [networking guidance](./azure-to-azure-about-networking.md) for Azure virtual machine disaster recovery.

+- By default, when you enable disaster recovery for Azure VMs, Site Recovery creates target resources based on source resource settings. For Azure VMs configured with static IP addresses, Site Recovery tries to provision the same IP address for the target VM, if it's not in use. For a full explanation of how Site Recovery handles addressing, [review this article](azure-to-azure-network-mapping.md#set-up-ip-addressing-for-target-virtual-machines).

+description: Describes how to set up VMware disaster recovery in a multitenant environment with Azure Site Recovery.

+This article describes how you as a partner can create and manage tenant subscriptions through CSP, for a multitenant VMware replication scenario.

+- For each tenant, create a separate management server that can communicate with the tenant VMs, and your vCenter servers. Only you as a partner should have access rights to this management server. Learn more about [multitenant environments](vmware-azure-multi-tenant-overview.md).

+## Multitenant environments

+There are three major multitenant models:

+By setting up tenant subscriptions as described in this article, you can quickly start enabling customers in any of the relevant multitenant models. You can learn more about the different multitenant models and enabling on-premises access controls [here](vmware-azure-multi-tenant-overview.md).

+Learn more about [multitenant environments](vmware-azure-multi-tenant-overview.md) for replicating VMware VMs to Azure.

+* [Video series: Deploy websites to the cloud with Azure Static Web Apps](https://aka.ms/azure/beginnervideos/learn/swa)

+## Related content

+* [Video series: Deploy websites to the cloud with Azure Static Web Apps](https://aka.ms/azure/beginnervideos/learn/swa)

+## Related content

+* [Video series: Deploy websites to the cloud with Azure Static Web Apps](https://aka.ms/azure/beginnervideos/learn/swa)

+## Related content

+* [Video series: Deploy websites to the cloud with Azure Static Web Apps](https://aka.ms/azure/beginnervideos/learn/swa)

+The Blob Storage client library supports encryption of whole blobs only on upload. For downloads, both complete and range downloads are supported. Client-side encryption v2 chunks data into 4MB buffered authenticated encryption blocks which can only be transformed whole. To adjust the chunk size, ensure you are using the most recent version of the SDK that supports client-side encryption v2.1. The region length is configurable from 16 bytes up to 1 GiB.

+ Title: Release notes for Azure Container Storage

+description: Release notes for Azure Container Storage

+# Release notes for Azure Container Storage

+This article provides the release notes for Azure Container Storage. It's important to note that minor releases introduce new functionalities in a backward-compatible manner (for example, 1.1.0 GA). Patch releases focus on bug fixes, security updates, and smaller improvements (for example, 1.1.1).

+## Supported versions

+The following Azure Container Storage versions are supported:

+| Milestone | Status |

+|-|-|

+|1.1.1- Hotfix | Supported |

+|1.1.0- General Availability| Supported |

+## Unsupported versions

+The following Azure Container Storage versions are no longer supported: 1.0.6-preview, 1.0.3-preview, 1.0.2-preview, 1.0.1-preview, 1.0.0-preview. Please refer to the section ΓÇ£Upgrade a preview installation to GAΓÇ¥ for upgrading guidance.

+## Minor vs. patch versions

+Minor versions introduce small improvements, performance enhancements, or minor new features without breaking existing functionality. For example, version 1.1.0 would move to 1.2.0. Patch versions are released more frequently than minor versions. They focus solely on bug fixes and security updates. For example, version 1.1.1 would be updated to 1.1.2.

+## Version 1.1.1

+### Improvements and issues that are fixed

+- This hotfix release addresses specific issues that some customers experienced during the creation of Azure Elastic SAN storage pools. It resolves exceptions that were causing disruptions in the setup process, ensuring smoother and more reliable storage pool creation.

+- We've also made improvements to cluster restart scenarios. Previously, some corner-case situations caused cluster restarts to fail. This update ensures that cluster restarts are more reliable and resilient.

+## Version 1.1.0

+### Improvements and issues that are fixed

+- **Security Enhancements**: This update addresses vulnerabilities in container environments, enhancing security enforcement to better protect workloads.

+- **Data plane stability**: We've also improved the stability of data-plane components, ensuring more reliable access to Azure Container Storage volumes and storage pools. This also enhances the management of data replication between storage nodes.

+- **Volume management improvements**: The update resolves issues with volume detachment during node drain scenarios, ensuring that volumes are safely and correctly detached, and allowing workloads to migrate smoothly without interruptions or data access issues.

+## Upgrade a preview installation to GA

+If you already have a preview instance of Azure Container Storage running on your cluster, we recommend updating to the latest generally available (GA) version by running the following command:

+```azurecli-interactive

+az k8s-extension update --cluster-type managedClusters --cluster-name <cluster-name> --resource-group <resource-group> --name azurecontainerstorage --version <version> --release-train stable

+```

+Remember to replace `<cluster-name>` and `<resource-group>` with your own values and `<version>` with the desired supported version.

+Please note that preview versions are no longer supported, and customers should promptly upgrade to the GA versions to ensure continued stability and access to the latest features and fixes. If you're installing Azure Container Storage for the first time on the cluster, proceed instead to [Install Azure Container Storage and create a storage pool](container-storage-aks-quickstart.md#install-azure-container-storage-and-create-a-storage-pool). You can also [Install Azure Container Storage on specific node pools](container-storage-aks-quickstart.md#install-azure-container-storage-on-specific-node-pools).

+## Auto-upgrade policy

+To receive the latest features and fixes for Azure Container Storage in future versions, you can enable auto-upgrade. However, please note that this may result in a brief interruption in the I/O operations of applications using PVs with Azure Container Storage during the upgrade process. To minimize potential impact, we recommend setting the auto-upgrade window to a time period with low activity or traffic, ensuring that upgrades occur during less critical times.

+To enable auto-upgrade, run the following command:

+```azurecli-interactive

+az k8s-extension update --cluster-name <cluster name> --resource-group <resource-group> --cluster-type managedClusters --auto-upgrade-minor-version true -n azurecontainerstorage

+```

+If you would like to disable auto-upgrades, run the following command:

+```azurecli-interactive

+az k8s-extension update --cluster-name <cluster name> --resource-group <resource-group> --cluster-type managedClusters --auto-upgrade-minor-version false -n azurecontainerstorage

+```

+Use this sample code to create a private endpoint for your Elastic SAN volume group with PowerShell. Replace the values of `RgName`, `VnetName`, `SubnetName`, `EsanName`, `EsanVgName`, `PLSvcConnectionName`, `EndpointName`, and `Location`(Region) with your own values:

+ Add-AzElasticSanVolumeGroupNetworkRule -ResourceGroupName $RgName -ElasticSanName $EsanName -VolumeGroupName $EsanVgName -NetworkAclsVirtualNetworkRule $rule

+- [Use multiple Windows Defender Application Control Policies (Windows 10)](/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies#deploying-multiple-policies-locally)

+- Need help with the migration: Contact us via:

+ - Support + troubleshooting (on Azure portal)

+ - [Microsoft Q&A](https://learn.microsoft.com/answers/tags/509/trusted-signing) (use the tag **Azure Trusted Signing**)

+ - [Stack Overflow](https://stackoverflow.com/questions/tagged/trusted-signing) (use the tag **trusted-signing**).

+ * Static routes on the Virtual Network connection with "static route propagation" are not applied to the next-hop resource specified in private routing policies. Support for applying static routes on Virtual Network connections to private routing policy next-hop is on the roadmap.

+* Routing intent allows you to configure different next-hop resources for private and internet routing policies. For example, you can set the next hop for private routing policies to Azure Firewall in the hub and the next hop for internet routing policy to a NVA or SaaS solution in the hub. Because SaaS solutions and Firewall NVAs are deployed in the same subnet in the Virtual WAN hub, deploying SaaS solutions with a Firewall NVA in the same hub can impact the horizontal scalability of the SaaS solutions as there are less IP addresses avaialble for horizontal scale-out. Additionally, you can have at most one SaaS solution deployed in each Virtual WAN hub.

+| Phase 2 IPsec Integrity | GCMAES256 |

+| 7| BGP between the Virtual WAN hub router and NVAs deployed in the Virtual WAN hub does not come up if the ASN used for BGP peering is updated post-deployment.|Delete and recreate the NVA with the correct ASN. |

+A Point-to-Site (P2S) VPN gateway connection lets you create a secure connection to your virtual network from an individual client computer. A P2S connection is established by starting it from the client computer. This solution is useful for telecommuters who want to connect to Azure virtual networks from a remote location, such as from home or a conference. P2S VPN is also a useful solution to use instead of site-to-site (S2S) VPN when you have only a few clients that need to connect to a virtual network. Point-to-site configurations require a **route-based** VPN type.

+* [Certificate](#certificate)

+* [Microsoft Entra ID](#entra-id)

+* [RADIUS and Active Directory Domain Server](#active-directory)

+### <a name="certificate"></a>Certificate authentication

+#### <a name='certificate-workflow'></a>Certificate authentication workflow

+#### <a name='entra-workflow'></a>Microsoft Entra ID authentication workflow

+1. If using manual app registration, perform the necessary steps on the Microsoft Entra tenant.

+### <a name='active-directory'></a>RADIUS - Active Directory (AD) Domain Server authentication

+The RADIUS server could be deployed on-premises or in your Azure virtual network. During authentication, the Azure VPN Gateway acts as a pass through and forwards authentication messages back and forth between the RADIUS server and the connecting device. So Gateway reachability to the RADIUS server is important. If the RADIUS server is present on-premises, then a VPN S2S connection from Azure to the on-premises site is required for reachability.

+## What versions of the Azure VPN Client are available?

+For information about available Azure VPN Client versions, release dates, and what's new in each release, see [Azure VPN Client versions](azure-vpn-client-versions.md).

+You can specify a different shared key for your connection.

+1. In the portal, go to the connection.

+1. Change the shared key on the **Authentication** page.

+1. Save your changes.

+1. Update your VPN device with the new shared key as necessary.

+### <a name="resize"></a>Resize or change a gateway SKU

+You can resize a gateway SKU, or you can change the gateway SKU. There are specific rules regarding which option is available, depending on the SKU your gateway is currently using. For more information, see [Resize or change gateway SKUs](about-gateway-skus.md#resizechange).