+[create-azure-ad-tenant]: /azure/active-directory/fundamentals/sign-up-organization.md

+[associate-azure-ad-tenant]: /azure/active-directory/fundamentals/how-subscriptions-associated-directory.md

+[azure-ad-password-sync]: /azure/active-directory/hybrid/connect/how-to-connect-password-hash-synchronization#password-hash-sync-process-for-azure-ad-domain-services

+[azure-support]: /azure/active-directory/fundamentals/how-to-get-support

+[azure-support]: /azure/active-directory/fundamentals/how-to-get-support

+[configure-ldaps]: ./tutorial-configure-ldaps.md

+[Service principals](/azure/active-directory/develop/app-objects-and-service-principals) are applications that the Azure platform uses to manage, update, and maintain a Microsoft Entra Domain Services managed domain. If a service principal is deleted, functionality in the managed domain is impacted.

+[azure-support]: /azure/active-directory/fundamentals/how-to-get-support

+[create-azure-ad-tenant]: /azure/active-directory/fundamentals/sign-up-organization

+[associate-azure-ad-tenant]: /azure/active-directory/fundamentals/how-subscriptions-associated-directory

+1. Sign in to [Microsoft Entra admin center](https://entra.microsoft.com) as a [Global Administrator](/azure/active-directory/roles/permissions-reference#global-administrator).

+[azure-support]: /azure/active-directory/fundamentals/how-to-get-support

+[whatis-azuread]: /azure/active-directory/fundamentals/whatis

+>If you would like to see directory extensions synchronized by Microsoft Entra Connect, click **Enterprise App** and look for the Application ID of the **Tenant Schema Extension App**. For more information, see [Microsoft Entra Connect Sync: Directory extensions](/azure/active-directory/hybrid/connect/how-to-connect-sync-feature-directory-extensions#configuration-changes-in-azure-ad-made-by-the-wizard).

+To configure onPremisesExtensionAttributes or directory extensions for cloud-only users in Microsoft Entra ID, see [Custom data options in Microsoft Graph](/graph/extensibility-overview?tabs=http#custom-data-options-in-microsoft-graph).

+To sync onPremisesExtensionAttributes or directory extensions from on-premises to Microsoft Entra ID, [configure Microsoft Entra Connect](/azure/active-directory/hybrid/connect/how-to-connect-sync-feature-directory-extensions).

+* You need [Application Administrator](/azure/active-directory/roles/permissions-reference#application-administrator) and [Groups Administrator](/azure/active-directory/roles/permissions-reference#groups-administrator) Microsoft Entra roles in your tenant to enable Domain Services.

+* You need [Domain Services Contributor](/azure/role-based-access-control/built-in-roles#contributor) Azure role to create the required Domain Services resources.

+ * [Azure Site-to-Site VPN](/azure/vpn-gateway/vpn-gateway-about-vpngateways).

+ * [Azure ExpressRoute Overview](/azure/expressroute/expressroute-introduction).

+ > To securely connect to your VMs joined to Microsoft Entra Domain Services, you can use the [Azure Bastion Host Service](/azure/bastion/bastion-overview) in supported Azure regions.

+ > To securely connect to your VMs joined to Microsoft Entra Domain Services, you can use the [Azure Bastion Host Service](/azure/bastion/bastion-overview) in supported Azure regions.

+[create-azure-ad-tenant]: /azure/active-directory/fundamentals/sign-up-organization

+[associate-azure-ad-tenant]: /azure/active-directory/fundamentals/how-subscriptions-associated-directory

+[network-peering]: /azure/virtual-network/virtual-network-peering-overview

+[New-AzureADServicePrincipal]: /powershell/module/azuread/new-azureadserviceprincipal

+[create-azure-ad-tenant]: /azure/active-directory/fundamentals/sign-up-organization

+[associate-azure-ad-tenant]: /azure/active-directory/fundamentals/how-subscriptions-associated-directory

+[create-azure-ad-tenant]: /azure/active-directory/fundamentals/sign-up-organization

+[associate-azure-ad-tenant]: /azure/active-directory/fundamentals/how-subscriptions-associated-directory

+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as a [Global Administrator](/azure/active-directory/roles/permissions-reference#global-administrator).

+If you're new to the Microsoft Entra application proxy and want to learn more, see [How to provide secure remote access to internal applications](/azure/active-directory/app-proxy/application-proxy).

+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as a [Global Administrator](/azure/active-directory/roles/permissions-reference#global-administrator).

+ * If connector registration fails, see [Troubleshoot Application Proxy](/azure/active-directory/app-proxy/application-proxy-troubleshoot).

+With the Microsoft Entra application proxy integrated with Domain Services, publish applications for users to access. For more information, see [publish applications using Microsoft Entra application proxy](/azure/active-directory/app-proxy/application-proxy-add-on-premises-application).

+[create-azure-ad-tenant]: /azure/active-directory/fundamentals/sign-up-organization

+[associate-azure-ad-tenant]: /azure/active-directory/fundamentals/how-subscriptions-associated-directory

+[azure-bastion]: /azure/bastion/tutorial-create-host-portal

+[create-azure-ad-tenant]: /azure/active-directory/fundamentals/sign-up-organization

+[associate-azure-ad-tenant]: /azure/active-directory/fundamentals/how-subscriptions-associated-directory

+[create-azure-ad-tenant]: /azure/active-directory/fundamentals/sign-up-organization

+[associate-azure-ad-tenant]: /azure/active-directory/fundamentals/how-subscriptions-associated-directory

+You can configure metric alerts for Domain Services to be notified of possible problems. Metric alerts are one type of alert for Azure Monitor. For more information about other types of alerts, see [What are Azure Monitor Alerts?](/azure/azure-monitor/alerts/alerts-overview).

+To view and manage Azure Monitor alert, a user needs to be assigned [Azure Monitor roles](/azure/azure-monitor/roles-permissions-security).

+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [User Administrator](/azure/active-directory/roles/permissions-reference#user-administrator).

+* [Microsoft Entra admin center](/azure/virtual-machines/linux/quick-create-portal)

+* [Azure CLI](/azure/virtual-machines/linux/quick-create-cli)

+* [Azure PowerShell](/azure/virtual-machines/linux/quick-create-powershell)

+1. Now initialize Kerberos using the `kinit` command. Specify a user that's a part of the managed domain. If needed, [add a user account to a group in Microsoft Entra ID](/azure/active-directory/fundamentals/how-to-manage-groups).

+[create-azure-ad-tenant]: /azure/active-directory/fundamentals/sign-up-organization

+[associate-azure-ad-tenant]: /azure/active-directory/fundamentals/how-subscriptions-associated-directory

+* [Microsoft Entra admin center](/azure/virtual-machines/linux/quick-create-portal)

+* [Azure CLI](/azure/virtual-machines/linux/quick-create-cli)

+* [Azure PowerShell](/azure/virtual-machines/linux/quick-create-powershell)

+1. Now join the VM to the managed domain using the `adcli join` command. Specify a user that's a part of the managed domain. If needed, [add a user account to a group in Microsoft Entra ID](/azure/active-directory/fundamentals/how-to-manage-groups).

+[create-azure-ad-tenant]: /azure/active-directory/fundamentals/sign-up-organization

+[associate-azure-ad-tenant]: /azure/active-directory/fundamentals/how-subscriptions-associated-directory

+* [Microsoft Entra admin center](/azure/virtual-machines/linux/quick-create-portal)

+* [Azure CLI](/azure/virtual-machines/linux/quick-create-cli)

+* [Azure PowerShell](/azure/virtual-machines/linux/quick-create-powershell)

+1. Now initialize Kerberos using the `kinit` command. Specify a user that's a part of the managed domain. If needed, [add a user account to a group in Microsoft Entra ID](/azure/active-directory/fundamentals/how-to-manage-groups).

+[create-azure-ad-tenant]: /azure/active-directory/fundamentals/sign-up-organization

+[associate-azure-ad-tenant]: /azure/active-directory/fundamentals/how-subscriptions-associated-directory

+* [Microsoft Entra admin center](/azure/virtual-machines/linux/quick-create-portal)

+* [Azure CLI](/azure/virtual-machines/linux/quick-create-cli)

+* [Azure PowerShell](/azure/virtual-machines/linux/quick-create-powershell)

+1. In the dialog, specify the *Username* and *Password* of a user that's a part of the managed domain. If needed, [add a user account to a group in Microsoft Entra ID](/azure/active-directory/fundamentals/how-to-manage-groups).

+[create-azure-ad-tenant]: /azure/active-directory/fundamentals/sign-up-organization

+[associate-azure-ad-tenant]: /azure/active-directory/fundamentals/how-subscriptions-associated-directory

+* [Microsoft Entra admin center](/azure/virtual-machines/linux/quick-create-portal)

+* [Azure CLI](/azure/virtual-machines/linux/quick-create-cli)

+* [Azure PowerShell](/azure/virtual-machines/linux/quick-create-powershell)

+1. Now initialize Kerberos using the `kinit` command. Specify a user that's a part of the managed domain. If needed, [add a user account to a group in Microsoft Entra ID](/azure/active-directory/fundamentals/how-to-manage-groups).

+[create-azure-ad-tenant]: /azure/active-directory/fundamentals/sign-up-organization

+[associate-azure-ad-tenant]: /azure/active-directory/fundamentals/how-subscriptions-associated-directory

+[create-azure-ad-tenant]: /azure/active-directory/fundamentals/sign-up-organization

+[associate-azure-ad-tenant]: /azure/active-directory/fundamentals/how-subscriptions-associated-directory

+[template-overview]: /azure/azure-resource-manager/templates/overview

+[deploy-powershell]: /azure/azure-resource-manager/templates/deploy-powershell

+[deploy-cli]: /azure/azure-resource-manager/templates/deploy-cli

+[create-azure-ad-tenant]: /azure/active-directory/fundamentals/sign-up-organization

+[associate-azure-ad-tenant]: /azure/active-directory/fundamentals/how-subscriptions-associated-directory

+[vnet-peering]: /azure/virtual-network/virtual-network-peering-overview

+[azure-bastion]: /azure/bastion/tutorial-create-host-portal

+[create-azure-ad-tenant]: /azure/active-directory/fundamentals/sign-up-organization

+[associate-azure-ad-tenant]: /azure/active-directory/fundamentals/how-subscriptions-associated-directory

+[expressroute]: /azure/expressroute/expressroute-introduction

+[vpn-gateway]: /azure/vpn-gateway/vpn-gateway-about-vpngateways

+[hybrid connected](/azure/azure-arc/servers/overview),

+[guest configuration](/azure/governance/machine-configuration/overview)

+[Azure Policy](/azure/governance/policy/overview).

+[create-azure-ad-tenant]: /azure/active-directory/fundamentals/sign-up-organization

+[associate-azure-ad-tenant]: /azure/active-directory/fundamentals/how-subscriptions-associated-directory

+* [Move the Azure subscription](/azure/cost-management-billing/manage/billing-subscription-transfer) containing the virtual network to the same Microsoft Entra directory as the managed domain.

+For more information, see [Azure virtual network peering overview](/azure/virtual-network/virtual-network-peering-overview).

+For more information on using virtual private networking, read [Configure a VNet-to-VNet VPN gateway connection by using the Microsoft Entra admin center](/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal).

+| Dynamic standard public IP address | Domain Services communicates with the synchronization and management service using a Standard SKU public IP address. For more information about public IP addresses, see [IP address types and allocation methods in Azure](/azure/virtual-network/ip-services/public-ip-addresses). |

+| Azure standard load balancer | Domain Services uses a Standard SKU load balancer for network address translation (NAT) and load balancing (when used with secure LDAP). For more information about Azure load balancers, see [What is Azure Load Balancer?](/azure/load-balancer/load-balancer-overview) |

+A [network security group (NSG)](/azure/virtual-network/network-security-groups-overview) contains a list of rules that allow or deny network traffic in an Azure virtual network. When you deploy a managed domain, a network security group is created with a set of rules that let the service provide authentication and management functions. This default network security group is associated with the virtual network subnet your managed domain is deployed into.

+* [Azure virtual network peering](/azure/virtual-network/virtual-network-peering-overview)

+* [Azure VPN gateways](/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings)

+* [Azure network security groups](/azure/virtual-network/network-security-groups-overview)

+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as a [Global Administrator](/azure/active-directory/roles/permissions-reference#authentication-policy-administrator).

+[azure-ad-connect]: /azure/active-directory/hybrid/connect/whatis-azure-ad-connect

+[password-hash-sync]: /azure/active-directory/hybrid/connect/how-to-connect-password-hash-synchronization

+[availability-zones]: /azure/reliability/availability-zones-overview

+[forest-trusts]: ./concepts-forest-trust.md

+[create-azure-ad-tenant]: /azure/active-directory/fundamentals/sign-up-organization

+[associate-azure-ad-tenant]: /azure/active-directory/fundamentals/how-subscriptions-associated-directory

+[nsg-overview]: /azure/virtual-network/network-security-groups-overview

+[Connect-AzAccount]: /powershell/module/az.accounts/connect-azaccount

+[Connect-AzureAD]: /powershell/module/azuread/connect-azuread

+[New-AzureADGroup]: /powershell/module/azuread/new-azureadgroup

+[Add-AzureADGroupMember]: /powershell/module/azuread/add-azureadgroupmember

+[Get-AzureADGroup]: /powershell/module/azuread/get-azureadgroup

+[Get-AzureADUser]: /powershell/module/azuread/get-azureaduser

+[Register-AzResourceProvider]: /powershell/module/az.resources/register-azresourceprovider

+[New-AzResourceGroup]: /powershell/module/az.resources/new-azresourcegroup

+[New-AzVirtualNetworkSubnetConfig]: /powershell/module/az.network/new-azvirtualnetworksubnetconfig

+[New-AzVirtualNetwork]: /powershell/module/az.network/new-azvirtualnetwork

+[Get-AzSubscription]: /powershell/module/az.accounts/get-azsubscription

+[cloud-shell]: /azure/active-directory/develop/configure-app-multi-instancing

+[availability-zones]: /azure/reliability/availability-zones-overview

+* You need [Application Administrator](/azure/active-directory/roles/permissions-reference#application-administrator) and [Groups Administrator](/azure/active-directory/roles/permissions-reference#groups-administrator) Microsoft Entra roles in your tenant to change the Domain Services synchronization scope.

+[create-azure-ad-tenant]: /azure/active-directory/fundamentals/sign-up-organization

+[associate-azure-ad-tenant]: /azure/active-directory/fundamentals/how-subscriptions-associated-directory

+[hdinsight]: /azure/hdinsight/domain-joined/apache-domain-joined-configure-using-azure-adds

+[sspr]: /azure/active-directory/authentication/overview-authentication#self-service-password-reset

+[azure-ad-connect]: /azure/active-directory/hybrid/connect/whatis-azure-ad-connect

+* You need [Application Administrator](/azure/active-directory/roles/permissions-reference#application-administrator) and [Groups Administrator](/azure/active-directory/roles/permissions-reference#groups-administrator) Microsoft Entra roles in your tenant to change the Domain Services synchronization scope.

+[create-azure-ad-tenant]: /azure/active-directory/fundamentals/sign-up-organization

+[associate-azure-ad-tenant]: /azure/active-directory/fundamentals/how-subscriptions-associated-directory

+[bastion-overview]: /azure/bastion/bastion-overview

+[create-azure-ad-tenant]: /azure/active-directory/fundamentals/sign-up-organization

+[associate-azure-ad-tenant]: /azure/active-directory/fundamentals/how-subscriptions-associated-directory

+[user-mfa-registration]: /azure/active-directory/authentication/howto-mfa-nps-extension#register-users-for-mfa

+[nps-extension]: /azure/active-directory/authentication/howto-mfa-nps-extension

+[azure-mfa-nps-integration]: /azure/active-directory/authentication/howto-mfa-nps-extension-rdg

+[register-nps-ad]:/azure/active-directory/authentication/howto-mfa-nps-extension-rdg#register-server-in-active-directory

+[create-nps-policy]: /azure/active-directory/authentication/howto-mfa-nps-extension-rdg#configure-network-policy

+[concepts-mfa]: /azure/active-directory/authentication/concept-mfa-howitworks

+[create-azure-ad-tenant]: /azure/active-directory/fundamentals/sign-up-organization

+[associate-azure-ad-tenant]: /azure/active-directory/fundamentals/how-subscriptions-associated-directory

+[global-admin]: /azure/role-based-access-control/elevate-access-global-admin

+[Get-AzResource]: /powershell/module/az.resources/get-azresource

+[Set-AzResource]: /powershell/module/az.resources/set-azresource

+|Azure Storage| This target should be used when your primary need is to store security audit events for archival purposes. Other targets can be used for archival purposes, however those targets provide capabilities beyond the primary need of archiving. <br /><br />Before you enable Domain Services security audit events, first [Create an Azure Storage account](/azure/storage/common/storage-account-create).|

+|Azure Event Hubs| This target should be used when your primary need is to share security audit events with additional software such as data analysis software or security information & event management (SIEM) software.<br /><br />Before you enable Domain Services security audit events, [Create an event hub using Microsoft Entra admin center](/azure/event-hubs/event-hubs-create)|

+|Azure Log Analytics Workspace| This target should be used when your primary need is to analyze and review secure audits from the Microsoft Entra admin center directly.<br /><br />Before you enable Domain Services security audit events, [Create a Log Analytics workspace in the Microsoft Entra admin center.](/azure/azure-monitor/logs/quick-create-workspace)|

+ * **Azure Log Analytic workspaces** - [Create a Log Analytics workspace with Azure PowerShell](/azure/azure-monitor/logs/powershell-workspace-configuration).

+ * **Azure storage** - [Create a storage account using Azure PowerShell](/azure/storage/common/storage-account-create?tabs=azure-powershell)

+ * **Azure event hubs** - [Create an event hub using Azure PowerShell](/azure/event-hubs/event-hubs-quickstart-powershell). You may also need to use the [New-AzEventHubAuthorizationRule](/powershell/module/az.eventhub/new-azeventhubauthorizationrule) cmdlet to create an authorization rule that grants Domain Services permissions to the event hub *namespace*. The authorization rule must include the **Manage**, **Listen**, and **Send** rights.

+1. Get the resource ID for your Domain Services managed domain using the [Get-AzResource](/powershell/module/az.resources/get-azresource) cmdlet. Create a variable named *$aadds.ResourceId* to hold the value:

+1. Configure the Azure Diagnostic settings using the [Set-AzDiagnosticSetting](/powershell/module/az.monitor/set-azdiagnosticsetting) cmdlet to use the target resource for Microsoft Entra Domain Services audit events. In the following examples, the variable *$aadds.ResourceId* is used from the previous step.

+* [Azure Monitor documentation](/azure/azure-monitor/)

+* [Get started with Log Analytics in Azure Monitor](/azure/azure-monitor/logs/log-analytics-tutorial)

+* [Get started with log queries in Azure Monitor](/azure/azure-monitor/logs/get-started-queries)

+* [Create and share dashboards of Log Analytics data](/azure/azure-monitor/visualize/tutorial-logs-dashboards)

+* [Overview](/azure/data-explorer/kusto/query/) of the Kusto query language.

+* [Kusto tutorial](/azure/data-explorer/kusto/query/tutorials/learn-common-operators) to familiarize you with query basics.

+* [Sample queries](/azure/data-explorer/kusto/query/tutorials/learn-common-operators) that help you learn new ways to see your data.

+* Kusto [best practices](/azure/data-explorer/kusto/query/best-practices) to optimize your queries for success.

+[azure-support]: /azure/active-directory/fundamentals/how-to-get-support

+For more information on the specifics of password synchronization, see [How password hash synchronization works with Microsoft Entra Connect](/azure/active-directory/hybrid/connect/how-to-connect-password-hash-synchronization?context=/azure/active-directory-domain-services/context/azure-ad-ds-context).

+* You need [Application Administrator](/azure/active-directory/roles/permissions-reference#application-administrator) and [Groups Administrator](/azure/active-directory/roles/permissions-reference#groups-administrator) Microsoft Entra roles in your tenant to enable Domain Services.

+[availability-zones]: /azure/reliability/availability-zones-overview

+[portal-deploy]: /azure/azure-resource-manager/templates/deploy-portal

+[powershell-deploy]: /azure/azure-resource-manager/templates/deploy-powershell

+[resource-forests]: ./concepts-forest-trust.md

+[cloud-shell]: /azure/active-directory/develop/configure-app-multi-instancing

+[New-AzResourceGroupDeployment]: /powershell/module/az.resources/new-azresourcegroupdeployment

+[azure-ad-support]: /azure/active-directory/fundamentals/how-to-get-support

+1. [Create an Azure subscription](/azure/cost-management-billing/manage/create-subscription).

+1. [Renew your Azure subscription](/azure/cost-management-billing/manage/subscription-disabled).

+1. Read about [Azure role-based access control and how to grant access to applications in the Microsoft Entra admin center](/azure/role-based-access-control/role-assignments-portal).

+1. [Renew your Azure subscription](/azure/cost-management-billing/manage/subscription-disabled).

+[azure-support]: /azure/active-directory/fundamentals/how-to-get-support

+[azure-ad-support]: /azure/active-directory/fundamentals/how-to-get-support

+[phs-process]: /azure/active-directory/hybrid/connect/how-to-connect-password-hash-synchronization#password-hash-sync-process-for-azure-ad-domain-services

+[azure-ad-support]: /azure/active-directory/fundamentals/how-to-get-support

+1. In the [Microsoft Entra admin center](https://entra.microsoft.com), search for and select **Enterprise applications**.

+[Remove-MsolUser]: /powershell/module/msonline/remove-msoluser

+[azure-support]: /azure/active-directory/fundamentals/how-to-get-support

+[azure-support]: /azure/active-directory/fundamentals/how-to-get-support

+* You need [Application Administrator](/azure/active-directory/roles/permissions-reference#application-administrator) and [Groups Administrator](/azure/active-directory/roles/permissions-reference#groups-administrator) Microsoft Entra roles in your tenant to enable secure LDAP.

+[create-azure-ad-tenant]: /azure/active-directory/fundamentals/sign-up-organization

+[associate-azure-ad-tenant]: /azure/active-directory/fundamentals/how-subscriptions-associated-directory

+[ldap-query-basics]: /windows/win32/ad/creating-a-query-filter

+* You need [Application Administrator](/azure/active-directory/roles/permissions-reference#application-administrator) and [Groups Administrator](/azure/active-directory/roles/permissions-reference#groups-administrator) Microsoft Entra roles in your tenant to enable Domain Services.

+[create-azure-ad-tenant]: /azure/active-directory/fundamentals/sign-up-organization

+[associate-azure-ad-tenant]: /azure/active-directory/fundamentals/how-subscriptions-associated-directory

+[peering-overview]: /azure/virtual-network/virtual-network-peering-overview

+[create-azure-ad-tenant]: /azure/active-directory/fundamentals/sign-up-organization

+[associate-azure-ad-tenant]: /azure/active-directory/fundamentals/how-subscriptions-associated-directory

+[enable-azure-ad-connect]: /azure/active-directory/hybrid/connect/how-to-connect-install-express

+In this tutorial, you create and configure the outbound forest trust from Domain Services using the Microsoft Entra admin center. To get started, first sign in to the [Microsoft Entra admin center](https://entra.microsoft.com). You need [Application Administrator](/azure/active-directory/roles/permissions-reference#application-administrator) and [Groups Administrator](/azure/active-directory/roles/permissions-reference#groups-administrator) Microsoft Entra roles in your tenant to modify a Domain Services instance.

+1. Connect to the Windows Server VM joined to the Domain Services forest using [Azure Bastion](/azure/bastion/bastion-overview) and your Domain Services administrator credentials.

+1. Connect to the Windows Server VM joined to the Domain Services forest using [Azure Bastion](/azure/bastion/bastion-overview) and your Domain Services administrator credentials.

+[create-azure-ad-tenant]: /azure/active-directory/fundamentals/sign-up-organization

+[associate-azure-ad-tenant]: /azure/active-directory/fundamentals/how-subscriptions-associated-directory

+[vpn-gateway]: /azure/vpn-gateway/vpn-gateway-about-vpngateways

+[expressroute]: /azure/expressroute/expressroute-introduction

+* You need [Application Administrator](/azure/active-directory/roles/permissions-reference#application-administrator) and [Groups Administrator](/azure/active-directory/roles/permissions-reference#groups-administrator) Microsoft Entra roles in your tenant to enable Domain Services.

+* You need [Domain Services Contributor](/azure/role-based-access-control/built-in-roles#domain-services-contributor) Azure role to create the required Domain Services resources.

+[create-azure-ad-tenant]: /azure/active-directory/fundamentals/sign-up-organization

+[associate-azure-ad-tenant]: /azure/active-directory/fundamentals/how-subscriptions-associated-directory

+[create-dedicated-subnet]: /azure/virtual-network/virtual-network-manage-subnet#add-a-subnet

+[configure-sspr]: /azure/active-directory/authentication/tutorial-enable-sspr

+[password-hash-sync-process]: /azure/active-directory/hybrid/connect/how-to-connect-password-hash-synchronization#password-hash-sync-process-for-azure-ad-domain-services

+[resource-forests]: ./concepts-forest-trust.md

+[availability-zones]: /azure/reliability/availability-zones-overview

+* You need [Application Administrator](/azure/active-directory/roles/permissions-reference#application-administrator) and [Groups Administrator](/azure/active-directory/roles/permissions-reference#groups-administrator) Microsoft Entra roles in your tenant to enable Domain Services.

+* You need [Domain Services Contributor](/azure/role-based-access-control/built-in-roles#domain-services-contributor) Azure role to create the required Domain Services resources.

+> [Microsoft Entra Connect Cloud Sync is not supported with Domain Services](/azure/active-directory/hybrid/cloud-sync/what-is-cloud-sync#comparison-between-azure-ad-connect-and-cloud-sync). On-premises users need to be synced using Microsoft Entra Connect in order to be able to access domain-joined VMs. For more information, see [Password hash sync process for Domain Services and Microsoft Entra Connect][password-hash-sync-process].

+[create-azure-ad-tenant]: /azure/active-directory/fundamentals/sign-up-organization

+[associate-azure-ad-tenant]: /azure/active-directory/fundamentals/how-subscriptions-associated-directory

+[create-dedicated-subnet]: /azure/virtual-network/virtual-network-manage-subnet#add-a-subnet

+[configure-sspr]: /azure/active-directory/authentication/tutorial-enable-sspr

+[password-hash-sync-process]: /azure/active-directory/hybrid/connect/how-to-connect-password-hash-synchronization#password-hash-sync-process-for-azure-ad-domain-services

+[resource-forests]: ./concepts-forest-trust.md

+[availability-zones]: /azure/reliability/availability-zones-overview

+[create-azure-ad-tenant]: /azure/active-directory/fundamentals/sign-up-organization

+[associate-azure-ad-tenant]: /azure/active-directory/fundamentals/how-subscriptions-associated-directory

+[azure-bastion]: /azure/bastion/tutorial-create-host-portal

+[create-azure-ad-tenant]: /azure/active-directory/fundamentals/sign-up-organization

+[associate-azure-ad-tenant]: /azure/active-directory/fundamentals/how-subscriptions-associated-directory

+[create-azure-ad-tenant]: /azure/active-directory/fundamentals/sign-up-organization

+[associate-azure-ad-tenant]: /azure/active-directory/fundamentals/how-subscriptions-associated-directory

+For more information about how to edit and manage workbooks, see [Azure Monitor Workbooks overview](/azure/azure-monitor/visualize/workbooks-overview).

+[create-azure-ad-tenant]: /azure/active-directory/fundamentals/sign-up-organization

+[associate-azure-ad-tenant]: /azure/active-directory/fundamentals/how-subscriptions-associated-directory

+[kusto-queries]: /azure/data-explorer/kusto/query/tutorials/learn-common-operators?pivots=azuredataexplorer

+- **Windows Hello for Business** ΓÇô If the user signed in with Windows Hello for Business as their primary authentication method, it can be used to satisfy an authentication strength requirement that includes Windows Hello for Business. However, if the user signed in with another method like password as their primary authenticating method, and the authentication strength requires Windows Hello for Business, they aren't prompted to sign in with Windows Hello for Business. The user needs to restart the session, choose **Sign-in options**, and select a method required by the authentication strength.

+1. Once the user selects certificate-based authentication, the client is redirected to the certauth endpoint, which is [https://certauth.login.microsoftonline.com](https://certauth.login.microsoftonline.com) for Azure Global. For [Azure Government](../../azure-government/compare-azure-government-global-azure.md#guidance-for-developers), the certauth endpoint is [https://certauth.login.microsoftonline.us](https://certauth.login.microsoftonline.us).

+However, with the issue hints feature enabled (coming soon), the new certauth endpoint will change to `https://t{tenantid}.certauth.login.microsoftonline.com`.

+The endpoint performs TLS mutual authentication, and requests the client certificate as part of the TLS handshake. You'll see an entry for this request in the Sign-ins log.

+ >The network administrator should allow access to the User sign-in page and certauth endpoint `*.certauth.login.microsoftonline.com` for the customer's cloud environment. Disable TLS inspection on the certauth endpoint to make sure the client certificate request succeeds as part of the TLS handshake.

+ Customers should make sure their TLS inspection disablement also work for the new url with issuer hints. Our recommendation is not to hardcode the url with tenantId as for B2B users the tenantId might change. Use a regular expression to allow both the old and new URL to work for TLS inspection disablement. For example, use `*.certauth.login.microsoftonline.com` or `*certauth.login.microsoftonline.com`for Azure Global tenants, and `*.certauth.login.microsoftonline.us` or `*certauth.login.microsoftonline.us` for Azure Government tenants, depending on the proxy used.

+ Without this change, certificate-based authentication will fail when you enable Issuer Hints feature.

+ :::image type="content" border="true" source="./media/concept-certificate-based-authentication-technical-deep-dive/sign-in-log.png" alt-text="Screenshot of the Sign-ins log in Microsoft Entra ID." lightbox="./media/concept-certificate-based-authentication-technical-deep-dive/sign-in-log.png":::

+

+ "snoozeDurationInDays": 1,

+ "enforceRegistrationAfterAllowedSnoozes": true,

+ "snoozeDurationInDays": 1,

+ "enforceRegistrationAfterAllowedSnoozes": true,

+ "snoozeDurationInDays": 1,

+ "enforceRegistrationAfterAllowedSnoozes": true,

+ - **Require Re-register MFA** deactivates the user's hardware OATH tokens and deletes the following authentication methods from this user: phone numbers, Microsoft Authenticator apps and software OATH tokens. If needed, the user is requested to set up a new MFA authentication method the next time they sign in.

+If the user is registered for an enabled method that meets the authentication strength, they might need to use another method that isn't available after primary authentication, such as Windows Hello for Business. For more information, see [How each authentication method works](concept-authentication-methods.md#how-each-authentication-method-works). The user needs to restart the session, choose **Sign-in options** , and select a method required by the authentication strength.

+| application | 150,000 per 20 seconds | 35,000 per 5 minutes |

+In the devices overview, you can view the number of total devices, stale devices, noncompliant devices, and unmanaged devices. It provides links to Intune, Conditional Access, BitLocker keys, and basic monitoring.

+If you have rights to manage devices in Intune, you can manage devices for which mobile device management is listed as **Microsoft Intune**. If the device isn't enrolled with Microsoft Intune, the **Manage** option isn't available.

+If a device is managed in another management authority, like Microsoft Intune, be sure it's wiped or retired before you delete it. See [How to manage stale devices](manage-stale-devices.md) before you delete a device.

+You can view and copy BitLocker keys to allow users to recover encrypted drives. These keys are available only for Windows devices that are encrypted and store their keys in Microsoft Entra ID. You can find these keys when you view a device's details by selecting **Show Recovery Key**. Selecting **Show Recovery Key** generates an audit log entry, which you can find in the `KeyManagement` category.

+Global readers, Cloud Device Administrators, Intune Administrators, and Global Administrators can use the **Download devices** option to export a CSV file that lists devices. You can apply filters to determine which devices to list. If you don't apply any filters, all devices are listed. An export task might run for as long as an hour, depending on your selections. If the export task exceeds 1 hour, it fails, and no file is output.

+- **Maximum number of devices**: This setting enables you to select the maximum number of Microsoft Entra joined or Microsoft Entra registered devices that a user can have in Microsoft Entra ID. If users reach this limit, they can't add more devices until one or more of the existing devices are removed. The default value is **50**. You can increase the value up to 100. If you enter a value above 100, Microsoft Entra ID sets it to 100. You can also use **Unlimited** to enforce no limit other than existing quota limits.

+- **Restrict non-admin users from recovering the BitLocker key(s) for their owned devices**: Admins can block self-service BitLocker key access to the registered owner of the device. Default users without the BitLocker read permission are unable to view or copy their BitLocker key(s) for their owned devices. You must be a Global Administrator or Privileged Role Administrator to update this setting.

+- Authentication Policy Administrator

+- Identity Governance Administrator

+## Configure access assignment as part of a lifecycle workflow

+In the Microsoft Entra Lifecycle Workflows feature, you can add a [Request user access package assignment](lifecycle-workflow-tasks.md#request-user-access-package-assignment) task to an onboarding workflow. The task can specify an access package which users should have. When the workflow runs for a user, then an access package assignment request will be created automatically.

+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as a global administrator.

+1. Browse to **Identity governance** > **Lifecycle workflows** > **Workflows**.

+1. Select an employee onboarding or move workflow.

+1. Select **Tasks** and select **Add task**.

+1. Select **Request user access package assignment** and select **Add**.

+1. Select the newly added task.

+1. Select **Select Access package**, and choose the access package that new or moving users should be assigned to.

+1. Select **Select Policy**, and choose the access package assignment policy in that access package.

+1. Select **Save**.

+## Configure assignment removal as part of a lifecycle workflow

+In the Microsoft Entra Lifecycle Workflows feature, you can add a [Remove access package assignment for user](lifecycle-workflow-tasks.md#remove-access-package-assignment-for-user) task to an offboarding workflow. That task can specify an access package the user might be assigned to. When the workflow runs for a user, then their access package assignment will be removed automatically.

+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as a global administrator.

+1. Browse to **Identity governance** > **Lifecycle workflows** > **Workflows**.

+1. Select an employee offboarding workflow.

+1. Select **Tasks** and select **Add task**.

+1. Select **Remove access package assignment for user** and select **Add**.

+1. Select the newly added task.

+1. Select **Select Access packages**, and choose one or more access packages that users being offboarded should be removed from.

+1. Select **Save**.

+You can also have policies for users to be assigned access, either [by an administrator](entitlement-management-access-package-assignments.md#directly-assign-a-user), [automatically based on rules](entitlement-management-access-package-auto-assignment-policy.md), or through lifecycle workflows.

+### Administrator: Assign employees access automatically

+### Administrator: Assign employees access from lifecycle workflows

+1. [Create a new access package](entitlement-management-access-package-create.md#start-the-creation-process)

+1. [Add groups, Teams, applications, or SharePoint sites to access package](entitlement-management-access-package-create.md#select-resource-roles)

+1. [Add a direct assignment policy](entitlement-management-access-package-request-policy.md#none-administrator-direct-assignments-only)

+1. Add a task to [Request user access package assignment](lifecycle-workflow-tasks.md#request-user-access-package-assignment) to a workflow when a user joins

+1. Add a task to [Remove access package assignment for user](lifecycle-workflow-tasks.md#remove-access-package-assignment-for-user) to a workflow when a user leaves

+### Administrator: View the connected organizations that are proposed and configured

+> For information about delays activating the Azure AD Joined Device Local Administrator role, see [How to manage the local administrators group on Microsoft Entra joined devices](../devices/assign-local-admin.md#manage-the-azure-ad-joined-device-local-administrator-role).

+ GET https://graph.microsoft.com/beta/reports/getRelyingPartyDetailedSummary(period='{period}')

+ Title: Microsoft Entra SLA performance

+description: Learn about the Microsoft Entra service level performance and attainment

+# Microsoft Entra SLA performance

+As an identity admin, you may need to track the Microsoft Entra service-level agreement (SLA) performance to make sure Microsoft Entra ID can support your vital apps. This article shows how the Microsoft Entra service has performed according to the [SLA for Microsoft Entra ID](https://azure.microsoft.com/support/legal/sla/active-directory/v1_1/).

+You can use this article in discussions with app or business owners to help them understand the performance they can expect from Microsoft Entra ID.

+## Service availability commitment

+Microsoft offers Premium Microsoft Entra customers the opportunity to get a service credit if Microsoft Entra ID fails to meet the documented SLA. When you request a service credit, Microsoft evaluates the SLA for your specific tenant; however, this global SLA can give you an indication of the general health of Microsoft Entra ID over time.

+The SLA covers the following scenarios that are vital to businesses:

+- **User authentication:** Users are able to sign in to the Microsoft Entra service.

+- **App access:** Microsoft Entra ID successfully emits the authentication and authorization tokens required for users to sign in to applications connected to the service.

+For full details on SLA coverage and instructions on requesting a service credit, see the [SLA for Microsoft Entra ID](https://azure.microsoft.com/support/legal/sla/active-directory/v1_1/).

+## No planned downtime

+You rely on Microsoft Entra ID to provide identity and access management for your vital systems. To ensure Microsoft Entra ID is available when business operations require it, Microsoft doesn't plan downtime for Microsoft Entra system maintenance. Instead, maintenance is performed as the service runs, without customer impact.

+## Recent worldwide SLA performance

+To help you plan for moving workloads to Microsoft Entra ID, we publish past SLA performance. These numbers show the level at which Microsoft Entra ID met the requirements in the [SLA for Microsoft Entra ID](https://azure.microsoft.com/support/legal/sla/active-directory/v1_1/), for all tenants.

+The SLA attainment is truncated at three places after the decimal. Numbers aren't rounded up, so actual SLA attainment is higher than indicated.

+| Month | 2021 | 2022 | 2023 |

+| | | | |

+| January | | 99.998% | 99.998% |

+| February | 99.999% | 99.999% | 99.999% |

+| March | 99.568% | 99.998% | 99.999% |

+| April | 99.999% | 99.999% | 99.999% |

+| May | 99.999% | 99.999% | 99.999% |

+| June | 99.999% | 99.999% | 99.999% |

+| July | 99.999% | 99.999% | 99.999% |

+| August | 99.999% | 99.999% | 99.999% |

+| September | 99.999% | 99.998% | |

+| October | 99.999% | 99.999% | |

+| November | 99.998% | 99.999% | |

+| December | 99.978% | 99.999% | |

+<a name='how-is-azure-ad-sla-measured-'></a>

+### How is Microsoft Entra SLA measured?

+The Microsoft Entra SLA is measured in a way that reflects customer authentication experience, rather than simply reporting on whether the system is available to outside connections. This distinction means that the calculation is based on if:

+- Users can authenticate

+- Microsoft Entra ID successfully issues tokens for target apps after authentication

+

+The numbers in the table are a global total of Microsoft Entra authentications across all customers and geographies.

+

+## Incident history

+All incidents that seriously impact Microsoft Entra performance are documented in the [Azure status history](https://azure.status.microsoft/status/history/). Not all events documented in Azure status history are serious enough to cause Microsoft Entra ID to go below its SLA. You can view information about the impact of incidents, and a root cause analysis of what caused the incident and what steps Microsoft took to prevent future incidents.

+## Tenant-level SLA (preview)

+In addition to providing global SLA performance, Microsoft Entra ID now provides tenant-level SLA performance. This feature is currently in preview.

+To access your tenant-level SLA performance:

+1. Navigate to the [Microsoft Entra admin center](https://entra.microsoft.com) using the Reports Reader role (or higher).

+1. Browse to **Identity** > **Monitoring & health** > **Scenario Health** from the side menu.

+1. Select the **SLA Monitoring** tab.

+1. Hover over the graph to see the SLA performance for that month.

+

+## Next steps

+* [Microsoft Entra monitoring and health overview](overview-monitoring-health.md)

+* [Programmatic access to Microsoft Entra reports](./howto-configure-prerequisites-for-reporting-api.md)

+* [Microsoft Entra ID risk detections](../identity-protection/overview-identity-protection.md)

+ Title: Microsoft Entra SSO integration with GovWin IQ

+description: Learn how to configure single sign-on between Microsoft Entra ID and GovWin IQ.

+# Microsoft Entra SSO integration with GovWin IQ

+In this tutorial, you'll learn how to integrate GovWin IQ with Microsoft Entra ID. GovWin IQ by Deltek is the industry-leading platform providing the most comprehensive market intelligence for U.S. federal, state and local, and Canadian governments. When you integrate GovWin IQ with Microsoft Entra ID, you can:

+* Control in Microsoft Entra ID who has access to GovWin IQ.

+* Enable your users to be automatically signed-in to GovWin IQ with their Microsoft Entra accounts.

+* Manage your accounts in one central location.

+## Prerequisites

+To integrate Microsoft Entra ID with GovWin IQ, you need:

+* A Microsoft Entra subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).

+* An active GovWin IQ Subscription. Single sign-on can be enabled at no cost. Make sure your Customer Success Manager has enabled a user at your organization as a SAML SSO Admin to perform the following steps.

+* All users must have same email address in Azure as provisioned in GovWin IQ.

+## Scenario description

+In this tutorial, you configure and test Microsoft Entra SSO in a test environment.

+* GovWin IQ supports only **SP** initiated SSO.

+> [!NOTE]

+> Identifier of this application is a fixed string value so only one instance can be configured in one tenant.

+## Adding GovWin IQ from the gallery

+To configure the integration of GovWin IQ into Microsoft Entra ID, you need to add GovWin IQ from the gallery to your list of managed SaaS apps.

+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](../roles/permissions-reference.md#cloud-application-administrator).

+1. Browse to **Identity** > **Applications** > **Enterprise applications** > **New application**.

+1. In the **Add from the gallery** section, type **GovWin IQ** in the search box.

+1. Select **GovWin IQ** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.

+Alternatively, you can also use the [Enterprise App Configuration Wizard](https://portal.office.com/AdminPortal/home?Q=Docs#/azureadappintegration). In this wizard, you can add an application to your tenant, add users/groups to the app, assign roles, and walk through the SSO configuration as well. [Learn more about Microsoft 365 wizards.](/microsoft-365/admin/misc/azure-ad-setup-guides)

+## Configure and test Microsoft Entra SSO for GovWin IQ

+Configure and test Microsoft Entra SSO with GovWin IQ using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between a Microsoft Entra user and the related user in GovWin IQ.

+To configure and test Microsoft Entra SSO with GovWin IQ, perform the following steps:

+1. **[Configure Microsoft Entra SSO](#configure-microsoft-entra-sso)** - to enable your users to use this feature.

+ 1. **[Assign the Microsoft Entra ID test user](#assign-the-microsoft-entra-id-test-user)** - to enable B.Simon to use Microsoft Entra single sign-on.

+1. **[Configure GovWin IQ SSO](#configure-govwin-iq-sso)** - to configure the single sign-on settings on application side.

+ 1. **[Assign GovWin IQ test user to SSO](#assign-govwin-iq-test-user-to-sso)** - to have a counterpart of B.Simon in GovWin IQ that is linked to the Microsoft Entra ID representation of user.

+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.

+## Configure Microsoft Entra SSO

+Follow these steps to enable Microsoft Entra SSO in the Microsoft Entra admin center.

+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](../roles/permissions-reference.md#cloud-application-administrator).

+1. Browse to **Identity** > **Applications** > **Enterprise applications** > **GovWin IQ** > **Single sign-on**.

+1. On the **Select a single sign-on method** page, select **SAML**.

+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.

+ 

+1. On the **Basic SAML Configuration** section, perform the following steps:

+ a. In the **Identifier** textbox, type the URL:

+ `https://iq.govwin.com/cas`

+ b. In the **Reply URL** textbox, enter the value from the GovWin IQ Reply URL field.

+

+ Reply URL will be of the following pattern:

+ `https://iq.govwin.com/cas/login?client_name=ORG_<ID>`

+ c. In the **Sign on URL** textbox, enter the value from the GovWIn IQ Sign On URL field.

+ Sign on URL will be of the following pattern:

+ `https://iq.govwin.com/cas/clientredirect?client_name=ORG_<ID>`

+ > [!NOTE]

+ > Update these values with the actual Reply URL and Sign on URL found in the GovWin SAML Single Sign-On Configuration page, accessible by your designated SAML SSO Admin. Reach out to your [Customer Success Manager](mailto:CustomerSuccess@iq.govwin.com) for assistance. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Microsoft Entra admin center.

+1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section, click copy button to copy **App Federation Metadata Url** and save it on your computer.

+ 

+### Assign the Microsoft Entra ID test user

+In this section, you'll enable a test user to use Microsoft Entra single sign-on by granting access to GovWin IQ.

+ > [!Note]

+ > The user selected for testing must have an existing active GovWin IQ account.

+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](../roles/permissions-reference.md#cloud-application-administrator).

+1. Browse to **Identity** > **Applications** > **Enterprise applications** > **GovWin IQ**.

+1. In the app's overview page, select **Users and groups**.

+1. Select **Add user/group**, then select **Users and groups** in the **Add Assignment** dialog.

+ 1. In the **Users and groups** dialog, select a test user from the Users list, then click the **Select** button at the bottom of the screen.

+ 1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.

+ 1. In the **Add Assignment** dialog, click the **Assign** button.

+## Configure GovWin IQ SSO

+1. Log in to GovWin IQ company site as the SAML SSO Admin user.

+1. Navigate to [**SAML Single Sign-On Configuration** page](https://iq.govwin.com/neo/authenticationConfiguration/viewSamlSSOConfig) and perform the following steps:

+ 

+ 1. Select **Azure** from the Identity Provider (IdP) dropdown.

+ 1. Copy **Identifier (EntityID)** value, paste this value into the **Identifier** textbox in the **Basic SAML Configuration** section in Microsoft Entra admin center.

+ 1. Copy **Reply URL** value, paste this value into the **Reply URL** textbox in the **Basic SAML Configuration** section in Microsoft Entra admin center.

+ 1. Copy **Sign On URL** value, paste this value into the **Sign on URL** textbox in the **Basic SAML Configuration** section in Microsoft Entra admin center.

+1. In the **Metadata URL** textbox, paste the **App Federation Metadata Url**, which you have copied from the Microsoft Entra admin center.

+ 

+1. Click **Submit IDP Metadata**.

+### Assign GovWin IQ test user to SSO

+1. In the [**SAML Single Sign-On Configuration** page](https://iq.govwin.com/neo/authenticationConfiguration/viewSamlSSOConfig), navigate to **Excluded Users** tab and click **Select Users to Exclude from SSO**.

+ 

+ > [!Note]

+ > Here you can select users to include or exclude from SSO. If you have a webservices subscription, the webservices user should always be excluded from SSO.

+1. Next, click **Exclude All Users from SSO** for testing purposes. This is to prevent any impact to existing access for users while testing SSO.

+1. Next, select the test user and click Add Selected Users to SSO.

+1. Once testing is successful, add the rest of the users you want to enable for SSO.

+## Test SSO

+In this section, you test your Microsoft Entra single sign-on configuration with following options.

+> [!Note]

+> It may take up to 10 minutes for the configuration to sync.

+* Click on **Test this application** in Microsoft Entra admin center. This will redirect to GovWin IQ Sign-on URL where you can initiate the login flow.

+* Go to GovWin IQ Sign-on URL directly and initiate the login flow from there.

+* You can use Microsoft My Apps. When you click the GovWin IQ tile in the My Apps, this will redirect to GovWin IQ Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).

+## Next Steps

+Add all remaining users to the Microsoft Entra ID GovWin IQ app to enable SSO access. Once you configure GovWin IQ you can enforce session control, which protects exfiltration and infiltration of your organization's sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Defender for Cloud Apps](/cloud-app-security/proxy-deployment-any-app).

+ Title: Microsoft Entra SSO integration with The People Experience Hub

+description: Learn how to configure single sign-on between Microsoft Entra ID and The People Experience Hub.

+# Microsoft Entra SSO integration with The People Experience Hub

+In this tutorial, you'll learn how to integrate The People Experience Hub with Microsoft Entra ID. When you integrate The People Experience Hub with Microsoft Entra ID, you can:

+* Control in Microsoft Entra ID who has access to The People Experience Hub.

+* Enable your users to be automatically signed-in to The People Experience Hub with their Microsoft Entra accounts.

+* Manage your accounts in one central location.

+## Prerequisites

+To integrate Microsoft Entra ID with The People Experience Hub, you need:

+* A Microsoft Entra subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).

+* The People Experience Hub single sign-on (SSO) enabled subscription.

+## Scenario description

+In this tutorial, you configure and test Microsoft Entra SSO in a test environment.

+* The People Experience Hub supports **SP and IDP** initiated SSO.

+> [!NOTE]

+> Identifier of this application is a fixed string value so only one instance can be configured in one tenant.

+## Adding The People Experience Hub from the gallery

+To configure the integration of The People Experience Hub into Microsoft Entra ID, you need to add The People Experience Hub from the gallery to your list of managed SaaS apps.

+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](../roles/permissions-reference.md#cloud-application-administrator).

+1. Browse to **Identity** > **Applications** > **Enterprise applications** > **New application**.

+1. In the **Add from the gallery** section, type **The People Experience Hub** in the search box.

+1. Select **The People Experience Hub** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.

+Alternatively, you can also use the [Enterprise App Configuration Wizard](https://portal.office.com/AdminPortal/home?Q=Docs#/azureadappintegration). In this wizard, you can add an application to your tenant, add users/groups to the app, assign roles, and walk through the SSO configuration as well. [Learn more about Microsoft 365 wizards.](/microsoft-365/admin/misc/azure-ad-setup-guides)

+## Configure and test Microsoft Entra SSO for The People Experience Hub

+Configure and test Microsoft Entra SSO with The People Experience Hub using a test user called **B.Simon**. For SSO to work, you need to establish a link relationship between a Microsoft Entra user and the related user in The People Experience Hub.

+To configure and test Microsoft Entra SSO with The People Experience Hub, perform the following steps:

+1. **[Configure Microsoft Entra SSO](#configure-microsoft-entra-sso)** - to enable your users to use this feature.

+ 1. **[Create a Microsoft Entra ID test user](#create-a-microsoft-entra-id-test-user)** - to test Microsoft Entra single sign-on with B.Simon.

+ 1. **[Assign the Microsoft Entra ID test user](#assign-the-microsoft-entra-id-test-user)** - to enable B.Simon to use Microsoft Entra single sign-on.

+1. **[Configure The People Experience Hub SSO](#configure-the-people-experience-hub-sso)** - to configure the single sign-on settings on application side.

+ 1. **[Create The People Experience Hub test user](#create-the-people-experience-hub-test-user)** - to have a counterpart of B.Simon in The People Experience Hub that is linked to the Microsoft Entra ID representation of user.

+1. **[Test SSO](#test-sso)** - to verify whether the configuration works.

+## Configure Microsoft Entra SSO

+Follow these steps to enable Microsoft Entra SSO in the Microsoft Entra admin center.

+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](../roles/permissions-reference.md#cloud-application-administrator).

+1. Browse to **Identity** > **Applications** > **Enterprise applications** > **The People Experience Hub** > **Single sign-on**.

+1. On the **Select a single sign-on method** page, select **SAML**.

+1. On the **Set up single sign-on with SAML** page, click the pencil icon for **Basic SAML Configuration** to edit the settings.

+ 

+1. On the **Basic SAML Configuration** section, perform the following steps:

+ a. In the **Identifier** textbox, type the URL:

+ `https://app.pxhub.io`

+ b. In the **Reply URL** textbox, type a URL using the following pattern:

+ `https://auth.api.pxhub.io/v1/auth/saml/<COMPANY_ID>/assert`

+1. Perform the following step, if you wish to configure the application in **SP** initiated mode:

+ In the **Sign on URL** textbox, type a URL using the following pattern:

+ `https://auth.api.pxhub.io/v1/auth/saml/<COMPANY_ID>/login`

+ > [!NOTE]

+ > These values are not real. Update these values with the actual Reply URL and Sign on URL. Contact [The People Experience Hub support team](mailto:it@pxhub.io) to get these values. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Microsoft Entra admin center.

+1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section, find **Certificate (Base64)** and select **Download** to download the certificate and save it on your computer.

+ 

+1. On the **Set up The People Experience Hub** section, copy the appropriate URL(s) based on your requirement.

+ 

+### Create a Microsoft Entra ID test user

+In this section, you'll create a test user in the Microsoft Entra admin center called B.Simon.

+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [User Administrator](../roles/permissions-reference.md#user-administrator).

+1. Browse to **Identity** > **Users** > **All users**.

+1. Select **New user** > **Create new user**, at the top of the screen.

+1. In the **User** properties, follow these steps:

+ 1. In the **Display name** field, enter `B.Simon`.

+ 1. In the **User principal name** field, enter the username@companydomain.extension. For example, `B.Simon@contoso.com`.

+ 1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.

+ 1. Select **Review + create**.

+1. Select **Create**.

+### Assign the Microsoft Entra ID test user

+In this section, you'll enable B.Simon to use Microsoft Entra single sign-on by granting access to The People Experience Hub.

+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](../roles/permissions-reference.md#cloud-application-administrator).

+1. Browse to **Identity** > **Applications** > **Enterprise applications** > **The People Experience Hub**.

+1. In the app's overview page, select **Users and groups**.

+1. Select **Add user/group**, then select **Users and groups** in the **Add Assignment** dialog.

+ 1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.

+ 1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.

+ 1. In the **Add Assignment** dialog, click the **Assign** button.

+## Configure The People Experience Hub SSO

+1. Log in to The People Experience Hub company site as an administrator.

+1. Go to **Admin Settings** > **Integrations** > **Single Sign-On** and click **Manage**.

+ 

+1. In the **SAML 2.0 Single sign-on** page, perform the following steps:

+ 

+ 1. **Enable SAML 2.0 Single sign-on** toggle on.

+ 1. Copy **EntityID** value, paste this value into the **Identifier** textbox in the **Basic SAML Configuration** section in Microsoft Entra admin center.

+ 1. Copy **Login URL** value, paste this value into the **Sign on URL** textbox in the **Basic SAML Configuration** section in Microsoft Entra admin center.

+ 1. Copy **Reply URL** value, paste this value into the **Reply URL** textbox in the **Basic SAML Configuration** section in Microsoft Entra admin center.

+ 1. In the **SSO Login URL** textbox, paste the **Login URL** value, which you copied from the Microsoft Entra admin center.

+ 1. Open the downloaded **Certificate (Base64)** into Notepad and paste the content into the **X509 Certificate** textbox.

+ 1. Click **Save Configuration**.

+### Create The People Experience Hub test user

+1. In a different web browser window, sign into The People Experience Hub website as an administrator.

+1. Navigate to **Admin Settings** > **Users** and click **Create**.

+

+ 

+1. In the **Create a new admin users** section, perform the following steps:

+ 

+ 1. In the **Email** textbox, enter a valid email address of the user.

+ 1. In the **First Name** textbox, enter the first name of the user.

+ 1. In the **Last Name** textbox, enter the last name of the user.

+ 1. Click **Create User**.

+## Test SSO

+In this section, you test your Microsoft Entra single sign-on configuration with following options.

+#### SP initiated:

+* Click on **Test this application** in Microsoft Entra admin center. This will redirect to The People Experience Hub Sign-on URL where you can initiate the login flow.

+* Go to The People Experience Hub Sign-on URL directly and initiate the login flow from there.

+#### IDP initiated:

+* Click on **Test this application** in Microsoft Entra admin center and you should be automatically signed in to The People Experience Hub for which you set up the SSO.

+You can also use Microsoft My Apps to test the application in any mode. When you click The People Experience Hub tile in the My Apps, if configured in SP mode you would be redirected to the application sign-on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to The People Experience Hub for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).

+## Next Steps

+Once you configure The People Experience Hub you can enforce session control, which protects exfiltration and infiltration of your organization's sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Defender for Cloud Apps](/cloud-app-security/proxy-deployment-any-app).

+Learn how to access Advisor through the Azure portal, get and manage recommendations, and configure Advisor settings.

+> Azure Advisor runs in the background to find newly created resources. It can take up to 24 hours to provide recommendations on those resources.

+## Open Advisor

+To access Azure Advisor, sign in to the [Azure portal](https://portal.azure.com) and open [Advisor](https://aka.ms/azureadvisordashboard). The Advisor score page opens by default.

+You can also use the search bar at the top, or the left navigation pane, to find Advisor.

+## Read your score

+See how your system configuration measures against Azure best practices.

+* The far-left graphic is your overall system Advisor score against Azure best practices. The **Learn more** link opens the [Optimize Azure workloads by using Advisor score](azure-advisor-score.md) page.

+* The middle graphic depicts the trend of your system Advisor score history. Roll over the graphic to activate a slider to see your trend at different points of time. Use the drop-down menu to pick a trend time frame.

+* The far-right graphic shows a breakdown of your best practices Advisor score per category. Click a category bar to open the recommendations page for that category.

+## Get recommendations

+To display a specific list of recommendations, click a category tile.

+The tiles on the Advisor score page show the different categories of recommendations per subscription:

+* To get recommendations for a specific category, click one of the tiles. To open a list of all recommendations for all categories, click the **All recommendations** tile. By default, the **Cost** tile is selected.

+* You can filter the display using the buttons at the top of the page:

+ * **Subscription**: Choose *All* for Advisor recommendations on all subscriptions. Alternatively, select specific subscriptions. Apply changes by clicking outside of the button.

+ * **Recommendation Status**: *Active* (the default, recommendations that you haven't postponed or dismissed), *Postponed* or *Dismissed*. Apply changes by clicking outside of the button.

+ * **Resource Group**: Choose *All* (the default) or specific resource groups. Apply changes by clicking outside of the button.

+ * **Type**: Choose *All* (the default) or specific resources. Apply changes by clicking outside of the button.

+ * **Commitments**: Applicable only to cost recommendations. Adjust your subscription **Cost** recommendations to reflect your committed **Term (years)** and chosen **Look-back period (days)**. Apply changes by clicking **Apply**.

+ * For more advanced filtering, click **Add filter**.

+* The **Commitments** button lets you adjust your subscription **Cost** recommendations to reflect your committed **Term (years)** and chosen **Look-back period (days)**.

+## Get recommendation details and solution options

+View recommendation details ΓÇô such as the recommended actions and impacted resources ΓÇô and the solution options, including postponing or dismissing a recommendation.

+1. To review details of a recommendation, including the affected resources, open the recommendation list for a category and then click the **Description** or the **Impacted resources** link for a specific recommendation. The following screenshot shows a **Reliability** recommendation details page.

+ :::image type="content" source="./media/advisor-get-started/advisor-score-reliability-recommendation-page.png" alt-text="Screenshot of Azure Advisor reliability recommendation details example." lightbox="./media/advisor-get-started/advisor-score-reliability-recommendation-page.png":::

+1. To see action details, click a **Recommended actions** link. The Azure page where you can act opens. Alternatively, open a page to the affected resources to take the recommended action (the two pages may be the same).

+

+ Understand the recommendation before you act by clicking the **Learn more** link on the recommended action page, or at the top of the recommendations details page.

+1. You can postpone the recommendation.

+

+ :::image type="content" source="./media/advisor-get-started/advisor-recommendation-postpone.png" alt-text="Sreenshot of Azure Advisor recommendation postpone option." lightbox="./media/advisor-get-started/advisor-recommendation-postpone.png":::

+ You can't dismiss the recommendation without certain privileges. For information on permissions, see [Permissions in Azure Advisor](permissions.md).

+## Download recommendations

+To download your recommendations from the Advisor score or any recommendation details page, click **Download as CSV** or **Download as PDF** on the action bar at the top. The download option respects any filters you have applied to Advisor. If you select the download option while viewing a specific recommendation category or recommendation, the downloaded summary only includes information for that category or recommendation.

+## Configure recommendations

+You can exclude subscriptions or resources, such as 'test' resources, from Advisor recommendations and configure Advisor to generate recommendations only for specific subscriptions and resource groups.

+> To change subscriptions or Advisor compute rules, you must be a subscription Owner. If you do not have the required permissions, the option is disabled in the user interface. For information on permissions, see [Permissions in Azure Advisor](permissions.md). For details on right sizing VMs, see [Reduce service costs by using Azure Advisor](advisor-cost-recommendations.md).

+From any Azure Advisor page, click **Configuration** in the left navigation pane. The Advisor Configuration page opens with the **Resources** tab selected, by default.

+* **Resources**: Uncheck any subscriptions you don't want to receive Advisor recommendations for, click **Apply**. The page refreshes.

+* **VM/VMSS right sizing**: You can adjust the average CPU utilization rule and the look back period on a per-subscription basis. Doing virtual machine (VM) right sizing requires specialized knowledge.

+ 1. Select the subscriptions youΓÇÖd like to adjust the average CPU utilization rule for, and then click **Edit**. Not all subscriptions can be edited for VM/VMSS right sizing and certain privileges are required; for more information on permissions, see [Permissions in Azure Advisor](permissions.md).

+

+ 1. Select the desired average CPU utilization value and click **Apply**. It can take up to 24 hours for the new settings to be reflected in recommendations.

+ :::image type="content" source="./media/advisor-get-started/advisor-configure-rules.png" alt-text="Screenshot of Azure Advisor configuration option for VM/VMSS sizing rules." lightbox="./media/advisor-get-started/advisor-configure-rules.png":::

+- [Advisor Security recommendations](advisor-security-recommendations.md)

+- [Advisor Reliability recommendations](advisor-high-availability-recommendations.md)

+- [Advisor Performance recommendations](advisor-performance-recommendations.md)

+- [Try the Image Analysis Quickstart](../quickstarts-sdk/image-analysis-client-library-40.md)

+* Now that you have a resource, you can authenticate your API requests to one of the [supported Azure AI services](#supported-services-with-a-multi-service-resource).

+GPT-3.5 models can understand and generate natural language or code. The most capable and cost effective model in the GPT-3.5 family is GPT-3.5 Turbo, which has been optimized for chat and works well for traditional completions tasks as well. GPT-3.5 Turbo is available for use with the Chat Completions API. GPT-3.5 Turbo Instruct has similar capabilities to `text-davinci-003` using the Completions API instead of the Chat Completions API. We recommend using GPT-3.5 Turbo and GPT-3.5 Turbo Instruct over [legacy GPT-3.5 and GPT-3 models](./legacy-models.md).

+- `gpt-35-turbo-instruct`

+The `gpt-35-turbo` model supports 4096 max input tokens and the `gpt-35-turbo-16k` model supports up to 16,384 tokens. `gpt-35-turbo-instruct` supports 4097 max input tokens.

+To learn more about how to interact with GPT-3.5 Turbo and the Chat Completions API check out our [in-depth how-to](../how-to/chatgpt.md).

+| `gpt-35-turbo-instruct` (0914) | East US, Sweden Central | N/A | 4,097 | Sep 2021 |

+> Power Virtual Agents supports Azure Cognitive Search indexes with keyword or semantic search only. Other data sources and advanced features may not be supported.

+### GPT-3.5 Turbo Instruct

+Azure OpenAI Service now supports the GPT-3.5 Turbo Instruct model. This model has performance comparable to `text-davinci-003` and is available to use with the Completions API. Check the [models page](concepts/models.md), for the latest information on model availability in each region.

+[kubectl-delete]: https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#delete

+ Title: Azure Kubernetes Service (AKS) managed nginx ingress with the application routing add-on (preview)

+# Managed nginx ingress with the application routing add-on (preview)

+The application routing add-on configures an [ingress controller](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/) in your Azure Kubernetes Service (AKS) cluster with SSL termination through certificates stored in Azure Key Vault. When you deploy ingresses, the add-on creates publicly accessible DNS names for endpoints on an Azure DNS zone.

+## Application routing add-on with nginx overview

+description: Learn how to migrate your managed clusters from Dapr OSS to the Dapr extension for Azure Kubernetes Service (AKS).

+This article shows you how to migrate from Dapr OSS to the Dapr extension for AKS.

+You can configure the Dapr extension to use and manage the Kubernetes resources created by Dapr OSS by [checking for an existing Dapr installation using the Azure CLI](#check-for-an-existing-dapr-installation) (*default method*) or [configuring the existing Dapr installation using `--configuration-settings`](#configure-the-existing-dapr-installation-usingconfiguration-settings).

+For more information, see [Dapr extension for AKS][dapr-extension-aks].

+When you [create the Dapr extension](./dapr.md), the extension checks for an existing Dapr installation on your cluster. If Dapr exists, the extension uses and manages the Kubernetes resources created by Dapr OSS.

+1. List the details of your current Dapr installation using the `helm list -A` command and save the Dapr release name and namespace from the output.

+ ```azurecli-interactive

+ helm list -A

+ ```

+2. Enter the Helm release name and namespace (from `helm list -A`) when prompted with the following questions:

+ ```azurecli-interactive

+ Enter the Helm release name for Dapr, or press Enter to use the default name [dapr]:

+ Enter the namespace where Dapr is installed, or press Enter to use the default namespace [dapr-system]:

+ ```

+## Configure the existing Dapr installation using `--configuration-settings`

+When you [create the Dapr extension](./dapr.md), you can configure the extension to use and manage the Kubernetes resources created by Dapr OSS using the `--configuration-settings` flag.

+1. List the details of your current Dapr installation using the `helm list -A` command and save the Dapr release name and namespace from the output.

+ ```azurecli-interactive

+ helm list -A

+ ```

+2. Create the Dapr extension using the [`az k8s-extension create`][az-k8s-extension-create] and use the `--configuration-settings` flags to set the Dapr release name and namespace.

+ ```azurecli-interactive

+ az k8s-extension create --cluster-type managedClusters \

+ --cluster-name myAKSCluster \

+ --resource-group myResourceGroup \

+ --name dapr \

+ --extension-type Microsoft.Dapr \

+ --configuration-settings "existingDaprReleaseName=dapr" \

+ --configuration-settings "existingDaprReleaseNamespace=dapr-system"

+ ```

+When installing the Dapr extension on top of an existing Dapr installation, you receive the following message:

+```output

+The extension will be installed on your existing Dapr installation. Note, if you have updated the default values for global.ha.* or dapr_placement.* in your existing Dapr installation, you must provide them in the configuration settings. Failing to do so will result in an error, since Helm upgrade will try to modify the StatefulSet. See <link> for more information.

+```

+Kubernetes only allows patching for limited fields in StatefulSets. If any of the HA mode or placement service settings are configured, the upgrade fails. To update the HA mode or placement service settings, you must delete the stateful set and then update the HA mode.

+1. Delete the stateful set using the `kubectl delete` command.

+2. Update the HA mode using the [`az k8s-extension update`][az-k8s-extension-update] command.

+For more information, see the [Dapr production guidelines][dapr-prod-guidelines].

+[dapr-extension-aks]: ./dapr-overview.md

+[az-k8s-extension-create]: /cli/azure/k8s-extension#az-k8s-extension-create

+[az-k8s-extension-update]: /cli/azure/k8s-extension#az-k8s-extension-update

+ Title: Use Kubernetes events for troubleshooting

+description: Learn about Kubernetes events, which provide details on pods, nodes, and other Kubernetes objects.

+# Kubernetes events for troubleshooting

+Events are one of the most prominent sources for monitoring and troubleshooting issues in Kubernetes. They capture and record information about the lifecycle of various Kubernetes objects, such as pods, nodes, services, and deployments. By monitoring events, you can gain visibility into your cluster's activities, identify issues, and troubleshoot problems effectively.

+Kubernetes events do not persist throughout your cluster life cycle, as there is no mechanism for retention. They are short-lived, only available for one hour after the event is generated. To store events for a longer time period, enable [Container Insights][container-insights].

+## Kubernetes event objects

+Below is a set of the important fields in a Kubernetes Event. For a comprehensive list of all fields, check the official [Kubernetes documentation][k8s-events].

+|Field name|Significance|

+|-||

+|type |Significance changes based on the severity of the event:<br/>**Warning:** these events signal potentially problematic situations, such as a pod repeatedly failing or a node running out of resources. They require attention, but might not result in immediate failure.<br/>**Normal:** These events represent routine operations, such as a pod being scheduled or a deployment scaling up. They usually indicate healthy cluster behavior.|

+|reason|The reason why the event was generated. For example, *FailedScheduling* or *CrashLoopBackoff*.|

+|message|A human-readable message that describes the event.|

+|namespace|The namespace of the Kubernetes object that the event is associated with.|

+|firstSeen|Timestamp when the event was first observed.|

+|lastSeen|Timestamp of when the event was last observed.|

+|reportingController|The name of the controller that reported the event. For example, `kubernetes.io/kubelet`|

+|object|The name of the Kubernetes object that the event is associated with.|

+## Accessing events

+# [Azure CLI](#tab/azure-cli)

+You can find events for your cluster and its components by using `kubectl`.

+```azurecli-interactive

+kubectl get events

+```

+To look at a specific pod's events, first find the name of the pod and then use `kubectl describe` to list events.

+```azurecli-interactive

+kubectl get pods

+kubectl describe pods <pod-name>

+```

+# [Portal](#tab/azure-portal)

+You can browse the events for your cluster by navigating to **Events** under **Kubernetes resources** from the Azure portal overview page for your cluster. By default, all events are shown.

+You can also filter by event type:

+by reason:

+or by pods or nodes:

+These filters can be combined to scope the query to your specific needs.

+## Best practices for troubleshooting with events

+### Filtering events for relevance

+In your AKS cluster, you might have various namespaces and services running. Filtering events based on object type, namespace, or reason can help you narrow down your focus to what's most relevant to your applications. For instance, you can use the following command to filter events within a specific namespace:

+```azurecli-interactive

+kubectl get events -n <namespace>

+```

+### Automating event notifications

+To ensure timely response to critical events in your AKS cluster, set up automated notifications. Azure offers integration with monitoring and alerting services like [Azure Monitor][aks-azure-monitor]. You can configure alerts to trigger based on specific event patterns. This way, you're immediately informed about crucial issues that require attention.

+### Regularly reviewing events

+Make a habit of regularly reviewing events in your AKS cluster. This proactive approach can help you identify trends, catch potential problems early, and prevent escalations. By staying on top of events, you can maintain the stability and performance of your applications.

+## Next steps

+Now that you understand Kubernetes events, you can continue your monitoring and observability journey by [enabling Container Insights][container-insights].

+<!-- LINKS -->

+[aks-azure-monitor]: ./monitor-aks.md

+[container-insights]: ../azure-monitor/containers/container-insights-enable-aks.md

+[k8s-events]: https://kubernetes.io/docs/reference/kubernetes-api/cluster-resources/event-v1/

+ Title: HTTP application routing add-on for Azure Kubernetes Service (AKS) (retired)

+description: Use the HTTP application routing add-on to access applications deployed on Azure Kubernetes Service (AKS) (retired).

+# HTTP application routing add-on for Azure Kubernetes Service (AKS) (retired)

+> HTTP application routing add-on (preview) for Azure Kubernetes Service (AKS) will be [retired](https://azure.microsoft.com/updates/retirement-http-application-routing-addon-preview-for-aks-will-retire-03032025) on 03 March 2025. We recommend migrating to the [Application Routing add-on](./app-routing-migration.md) by that date.

+| web_application_routing | Use a managed NGINX ingress controller with your AKS cluster.| [Application Routing Overview][app-routing] |

+| ingress-appgw | Use Application Gateway Ingress Controller with your AKS cluster. | [What is Application Gateway Ingress Controller?][agic] |

+| keda | Use event-driven autoscaling for the applications on your AKS cluster. | [Simplified application autoscaling with Kubernetes Event-driven Autoscaling (KEDA) add-on][keda]|

+| virtual-node | Use virtual nodes with your AKS cluster. | [Use virtual nodes][virtual-nodes] |

+| http_application_routing | Configure ingress with automatic public DNS name creation for your AKS cluster (retired). | [HTTP application routing add-on on Azure Kubernetes Service (AKS) (retired)][http-app-routing] |

+| open-service-mesh | Use Open Service Mesh with your AKS cluster (retired). | [Open Service Mesh AKS add-on (retired)][osm] |

+[app-routing]: app-routing.md

+[windows-aks-partner-solutions]: windows-aks-partner-solutions.md

+ Title: Install the Kubernetes Event-driven Autoscaling (KEDA) add-on using the Azure CLI

+description: Use the Azure CLI to deploy the Kubernetes Event-driven Autoscaling (KEDA) add-on to Azure Kubernetes Service (AKS).

+# Install the Kubernetes Event-driven Autoscaling (KEDA) add-on using the Azure CLI

+This article shows you how to install the Kubernetes Event-driven Autoscaling (KEDA) add-on to Azure Kubernetes Service (AKS) using the Azure CLI.

+## Before you begin

+- You need an Azure subscription. If you don't have an Azure subscription, you can create a [free account](https://azure.microsoft.com/free).

+- You need the [Azure CLI installed](/cli/azure/install-azure-cli).

+- Ensure you have firewall rules configured to allow access to the Kubernetes API server. For more information, see [Outbound network and FQDN rules for Azure Kubernetes Service (AKS) clusters][aks-firewall-requirements].

+- [Install the `aks-preview` Azure CLI extension](#install-the-aks-preview-azure-cli-extension).

+- [Register the `AKS-KedaPreview` feature flag](#register-the-aks-kedapreview-feature-flag).

+### Install the `aks-preview` Azure CLI extension

+1. Install the `aks-preview` extension using the [`az extension add`][az-extension-add] command.

+ ```azurecli-interactive

+ az extension add --name aks-preview

+ ```

+2. Update to the latest version of the `aks-preview` extension using the [`az extension update`][az-extension-update] command.

+ ```azurecli-interactive

+ az extension update --name aks-preview

+ ```

+### Register the `AKS-KedaPreview` feature flag

+1. Register the `AKS-KedaPreview` feature flag using the [`az feature register`][az-feature-register] command.

+ ```azurecli-interactive

+ az feature register --namespace "Microsoft.ContainerService" --name "AKS-KedaPreview"

+ ```

+ It takes a few minutes for the status to show *Registered*.

+2. Verify the registration status using the [`az feature show`][az-feature-show] command.

+ ```azurecli-interactive

+ az feature show --namespace "Microsoft.ContainerService" --name "AKS-KedaPreview"

+ ```

+3. When the status reflects *Registered*, refresh the registration of the *Microsoft.ContainerService* resource provider using the [`az provider register`][az-provider-register] command.

+ ```azurecli-interactive

+ az provider register --namespace Microsoft.ContainerService

+ ```

+## Enable the KEDA add-on on your AKS cluster

+> [!NOTE]

+> While KEDA provides various customization options, the KEDA add-on currently provides basic common configuration.

+>

+> If you require custom configurations, you can manually edit the KEDA YAML files to customize the installation. **Azure doesn't offer support for custom configurations**.

+### Create a new AKS cluster with KEDA add-on enabled

+1. Create a resource group using the [`az group create`][az-group-create] command.

+ ```azurecli-interactive

+ az group create --name myResourceGroup --location eastus

+ ```

+2. Create a new AKS cluster using the [`az aks create`][az-aks-create] command and enable the KEDA add-on using the `--enable-keda` flag.

+ ```azurecli-interactive

+ az aks create \

+ --resource-group myResourceGroup \

+ --name myAKSCluster \

+ --enable-keda

+ ```

+### Enable the KEDA add-on on an existing AKS cluster

+- Update an existing cluster using the [`az aks update`][az-aks-update] command and enable the KEDA add-on using the `--enable-keda` flag.

+ ```azurecli-interactive

+ az aks update \

+ --resource-group myResourceGroup \

+ --name myAKSCluster \

+ --enable-keda

+ ```

+- Get the credentials for your AKS cluster using the [`az aks get-credentials`][az-aks-get-credentials] command.

+ ```azurecli-interactive

+ az aks get-credentials --resource-group myResourceGroup --name myAKSCluster

+ ```

+## Verify the KEDA add-on is installed on your cluster

+- Verify the KEDA add-on is installed on your cluster using the [`az aks show`][az-aks-show] command and set the `--query` parameter to `workloadAutoScalerProfile.keda.enabled`.

+ ```azurecli-interactive

+ az aks show -g myResourceGroup --name myAKSCluster --query "workloadAutoScalerProfile.keda.enabled"

+ ```

+ The following example output shows the KEDA add-on is installed on the cluster:

+ ```output

+ true

+ ```

+## Verify KEDA is running on your cluster

+- Verify the KEDA add-on is running on your cluster using the [`kubectl get pods`][kubectl] command.

+ ```azurecli-interactive

+ kubectl get pods -n kube-system

+ ```

+ The following example output shows the KEDA operator and metrics API server are installed on the cluster:

+ ```output

+ keda-operator-********-k5rfv 1/1 Running 0 43m

+ keda-operator-metrics-apiserver-*******-sj857 1/1 Running 0 43m

+ ```

+## Verify the KEDA version on your cluster

+- Verify the KEDA version using the `kubectl get crd/scaledobjects.keda.sh -o yaml` command.

+ ```azurecli-interactive

+ kubectl get crd/scaledobjects.keda.sh -o yaml

+ ```

+ The following condensed example output shows the configuration of KEDA in the `app.kubernetes.io/version` label:

+ ```output

+ apiVersion: apiextensions.k8s.io/v1

+ kind: CustomResourceDefinition

+ metadata:

+ annotations:

+ controller-gen.kubebuilder.io/version: v0.9.0

+ meta.helm.sh/release-name: aks-managed-keda

+ meta.helm.sh/release-namespace: kube-system

+ creationTimestamp: "2023-09-26T10:31:06Z"

+ generation: 1

+ labels:

+ app.kubernetes.io/component: operator

+ app.kubernetes.io/managed-by: Helm

+ app.kubernetes.io/name: keda-operator

+ app.kubernetes.io/part-of: keda-operator

+ app.kubernetes.io/version: 2.10.1

+ ...

+ ```

+## Disable the KEDA add-on on your AKS cluster

+- Disable the KEDA add-on on your cluster using the [`az aks update`][az-aks-update] command with the `--disable-keda` flag.

+ ```azurecli-interactive

+ az aks update \

+ --resource-group myResourceGroup \

+ --name myAKSCluster \

+ --disable-keda

+ ```

+This article showed you how to install the KEDA add-on on an AKS cluster using the Azure CLI.

+With the KEDA add-on installed on your cluster, you can [deploy a sample application][keda-sample] to start scaling apps.

+For information on KEDA troubleshooting, see [Troubleshoot the Kubernetes Event-driven Autoscaling (KEDA) add-on][keda-troubleshoot].

+[az-aks-update]: /cli/azure/aks#az-aks-update

+[az-aks-get-credentials]: /cli/azure/aks#az-aks-get-credentials

+[az-aks-show]: /cli/azure/aks#az-aks-show

+[az-group-create]: /cli/azure/group#az-group-create

+[az-extension-add]: /cli/azure/extension#az-extension-add

+[az-extension-update]: /cli/azure/extension#az-extension-update

+<!-- LINKS - external -->

+> Ensure your application pods using workload identity have added the following label `azure.workload.identity/use: "true"` to your pod spec, otherwise the pods fail after their restarted.

+- Use `DefaultAzureCredential`, which attempts to use the `WorkloadIdentityCredential`.

+In the following code samples, `DefaultAzureCredential` is used. This credential type uses the environment variables injected by the Azure Workload Identity mutating webhook to authenticate with Azure Key Vault.

+Similar to other webhook addons, the certificate is rotated by cluster certificate [auto rotation][auto-rotation] operation.

+> For applications using workload identity, it's required to add the label `azure.workload.identity/use: "true"` to the pod spec for AKS to move workload identity to a *Fail Close* scenario to provide a consistent and reliable behavior for pods that need to use workload identity. Otherwise the pods fail after their restarted.

+|`azure.workload.identity/use` | This label is required in the pod template spec. Only pods with this label are mutated by the azure-workload-identity mutating admission webhook to inject the Azure specific environment variables and the projected service account token volume. |true |Yes |

+Azure Application Gateway is a web traffic (OSI layer 7) load balancer that enables you to manage traffic to your web applications. Traditional load balancers operate at the transport layer (OSI layer 4 - TCP and UDP) and route traffic based on source IP address and port, to a destination IP address and port.

+ Title: 'Quickstart: Direct web traffic with Azure Application Gateway - Terraform'

+- Updated SSH key entry to use the [Ed25519 SSH host key](https://bitbucket.org/blog/ssh-host-key-changes) to prevent failures in configurations with `ssh` authentication type for Bitbucket.

+## Cost savings with migration and modernization of workloads

+As you migrate and modernize your Windows Server 2012 and Windows 2012 R2 infrastructure through the end of 2023, you can utilize the flexibility of monthly billing with Windows Server 2012 ESUs enabled by Azure Arc for cost savings benefits.

+As servers no longer require ESUs because they've been migrated to Azure, Azure VMware Solution (AVS), or Azure Stack HCI (where theyΓÇÖre eligible for free ESUs), or updated to Windows Server 2016 or higher, you can modify the number of cores associated with a license or delete/deactivate licenses. You can also link the license to a new scope of additional servers. See [Programmatically deploy and manage Azure Arc Extended Security Updates licenses](api-extended-security-updates.md) to learn more.

+> [!NOTE]

+> This process is not automatic; billing is tied to the activated licenses and you are responsible for modifying your provisioned licensing to take advantage of cost savings.

+>

+To prepare for this new offer, you need to plan and prepare to onboard your machines to Azure Arc-enabled servers through the installation of the [Azure Connected Machine agent](agent-overview.md) (version 1.34 or higher) and establishing a connection to Azure.

+description: Learn the best practices when using the high performance Azure Cache for Redis Enterprise and Enterprise Flash tiers

+# What are the best practices for the Enterprise and Enterprise Flash tiers

+Here are the best practices when using the Enterprise and Enterprise Flash tiers of Azure Cache for Redis.

+Zone redundancy is important on the Enterprise tier because your cache instance always uses at least three nodes. Two nodes are data nodes, which hold your data, and a _quorum node_. Increasing capacity scales the number of data nodes in even-number increments.

+In the Enterprise and Enterprise Flash tiers of Azure Cache for Redis, we recommend prioritizing _scaling up_ over _scaling out_. Prioritize scaling up because the Enterprise tiers are built on Redis Enterprise, which is able to utilize more CPU cores in larger VMs.

+Conversely, the opposite recommendation is true for the Basic, Standard, and Premium tiers, which are built on open-source Redis. In those tiers, prioritizing _scaling out_ over _scaling up_ is recommended in most cases.

+In the Basic, Standard, and Premium tiers of Azure Cache for Redis, determining the number of virtual CPUs (vCPUs) utilized is straightforward. Each Redis node runs on a dedicated VM. The Redis server process is single-threaded, utilizing one vCPU on each primary and each replica node. The other vCPUs on the VM are still used for other activities, such as workflow coordination for different tasks, health monitoring, and TLS load, among others.

+When you use clustering, the effect is to spread data across more nodes with one shard per node. By increasing the number of shards, you linearly increase the number of vCPUs you use, based on the number of shards in the cluster.

+Redis Enterprise, on the other hand, can use multiple vCPUs for the Redis instance itself. In other words, all tiers of Azure Cache for Redis can use multiple vCPUs for background and monitoring tasks, but only the Enterprise and Enterprise Flash tiers are able to utilize multiple vCPUs per VM for Redis shards. The table shows the number of effective vCPUs used for each SKU and capacity (that is, scale-out) configuration.

+The tables show the number of vCPUs used for the primary shards, not the replica shards. Shards don't map one-to-one to the number of vCPUs. The tables only illustrate vCPUs, not shards. Some configurations use more shards than available vCPUs to boost performance in some usage scenarios.

+### E5

+|Capacity|Effective vCPUs|

+|:|:|

+| 2 | 1 |

+| 4 | 2 |

+| 6 | 6 |

+### E10

+### E200

+|Capacity|Effective vCPUs|

+|:|:|

+|2|30|

+|4|60|

+|6|60|

+|8|120|

+|10|120|

+### E400

+|Capacity|Effective vCPUs|

+|:|:|

+|2|60|

+|4|120|

+|6|120|

+|8|240|

+|10|240|

+The Enterprise tiers offer two choices for Clustering Policy: _OSS_ and _Enterprise_. _OSS_ cluster policy is recommended for most applications because it supports higher maximum throughput, but there are advantages and disadvantages to each version.

+The _OSS clustering policy_ implements the same [Redis Cluster API](https://redis.io/docs/reference/cluster-spec/) as open-source Redis. The Redis Cluster API allows the Redis client to connect directly to each Redis node, minimizing latency and optimizing network throughput. As a result, near-linear scalability is obtained when scaling out the cluster with more nodes. The OSS clustering policy generally provides the best latency and throughput performance, but requires your client library to support Redis Clustering. OSS clustering policy also can't be used with the [RediSearch module](cache-redis-modules.md).

+The _Enterprise clustering policy_ is a simpler configuration that utilizes a single endpoint for all client connections. Using the Enterprise clustering policy routes all requests to a single Redis node that is then used as a proxy, internally routing requests to the correct node in the cluster. The advantage of this approach is that Redis client libraries donΓÇÖt need to support Redis Clustering to take advantage of multiple nodes. The downside is that the single node proxy can be a bottleneck, in either compute utilization or network throughput. The Enterprise clustering policy is the only one that can be used with the [RediSearch module](cache-redis-modules.md).

+Because the Enterprise tiers use a clustered configuration, you might see `CROSSSLOT` exceptions on commands that operate on multiple keys. Behavior varies depending on the clustering policy used. If you use the OSS clustering policy, multi-key commands require all keys to be mapped to [the same hash slot](https://docs.redis.com/latest/rs/databases/configure/oss-cluster-api/#multi-key-command-support).

+- Each cache in the geo-replication group has its own access key. Determine how the application switches to different access keys when targeting a backup cache.

+Many customers want to use persistence to take periodic backups of the data on their cache. We don't recommend that you use data persistence in this way. Instead, use the [import/export](cache-how-to-import-export-data.md) feature. You can export copies of cache data in RDB format directly into your chosen storage account and trigger the data export as frequently as you require. Export can be triggered either from the portal or by using the CLI, PowerShell, or SDK tools.

+## Related content

+ Title: About Vector Embeddings and Vector Search in Azure Cache for Redis

+description: Learn about Azure Cache for Redis to store vector embeddings and provide similarity search.

+# About Vector Embeddings and Vector Search in Azure Cache for Redis

+Vector similarity search (VSS) has become a popular use-case for AI-driven applications. Azure Cache for Redis can be used to store vector embeddings and compare them through vector similarity search. This article is a high-level introduction to the concept of vector embeddings, vector comparison, and how Redis can be used as a seamless part of a vector similarity workflow.

+For a tutorial on how to use Azure Cache for Redis and Azure OpenAI to perform vector similarity search, see [Tutorial: Conduct vector similarity search on Azure OpenAI embeddings using Azure Cache for Redis](./cache-tutorial-vector-similarity.md)

+## Scope of Availability

+|Tier | Basic / Standard | Premium |Enterprise | Enterprise Flash |

+| |::|:-:|::|::|

+|Available | No | No | Yes | Yes (preview) |

+Vector search capabilities in Redis require [Redis Stack](https://redis.io/docs/about/about-stack/), specifically the [RediSearch](https://redis.io/docs/interact/search-and-query/) module. This capability is only available in the [Enterprise tiers of Azure Cache for Redis](./cache-redis-modules.md).

+## What are vector embeddings?

+### Concept

+Vector embeddings are a fundamental concept in machine learning and natural language processing that enable the representation of data, such as words, documents, or images as numerical vectors in a high-dimension vector space. The primary idea behind vector embeddings is to capture the underlying relationships and semantics of the data by mapping them to points in this vector space. In simpler terms, that means converting your text or images into a sequence of numbers that represents the data, and then comparing the different number sequences. This allows complex data to be manipulated and analyzed mathematically, making it easier to perform tasks like similarity comparison, recommendation, and classification.

+<!-- TODO - Add image example -->

+Each machine learning model classifies data and produces the vector in a different manner. Furthermore, it's typically not possible to determine exactly what semantic meaning each vector dimension represents. But because the model is consistent between each block of input data, similar words, documents, or images have vectors that are also similar. For example, the words `basketball` and `baseball` have embeddings vectors much closer to each other than a word like `rainforest`.

+### Vector comparison

+Vectors can be compared using various metrics. The most popular way to compare vectors is to use [cosine similarity](https://en.wikipedia.org/wiki/Cosine_similarity), which measures the cosine of the angle between two vectors in a multi-dimensional space. The closer the vectors, the smaller the angle. Other common distance metrics include [Euclidean distance](https://en.wikipedia.org/wiki/Euclidean_distance) and [inner product](https://en.wikipedia.org/wiki/Inner_product_space).

+### Generating embeddings

+Many machine learning models support embeddings APIs. For an example of how to create vector embeddings using Azure OpenAI Service, see [Learn how to generate embeddings with Azure OpenAI](../ai-services/openai/how-to/embeddings.md).

+## What is a vector database?

+A vector database is a database that can store, manage, retrieve, and compare vectors. Vector databases must be able to efficiently store a high-dimensional vector and retrieve it with minimal latency and high throughput. Non-relational datastores are most commonly used as vector databases, although it's possible to use relational databases like PostgreSQL, for example, with the [pgvector](https://github.com/pgvector/pgvector) extension.

+### Index method

+Vector databases need to index data for fast search and retrieval. There are several common indexing methods, including:

+- **K-Nearest Neighbors (KNN)** - an exhaustive method that provides the most precision but with higher computational cost.

+- **Approximate Nearest Neighbors (ANN)** - a more efficient by trading precision for greater speed and lower processing overhead.

+### Search capabilities

+Finally, vector databases execute vector searches by using the chosen vector comparison method to return the most similar vectors. Some vector databases can also perform _hybrid_ searches by first narrowing results based on characteristics or metadata also stored in the database before conducting the vector search. This is a way to make the vector search more effective and customizable. For example, a vector search could be limited to only vectors with a specific tag in the database, or vectors with geolocation data in a certain region.

+## Vector search key scenarios

+Vector similarity search can be used in multiple applications. Some common use-cases include:

+- **Semantic Q&A**. Create a chatbot that can respond to questions about your own data. For instance, a chatbot that can respond to employee questions on their healthcare coverage. Hundreds of pages of dense healthcare coverage documentation can be split into chunks, converted into embeddings vectors, and searched based on vector similarity. The resulting documents can then be summarized for employees using another large language model (LLM). [Semantic Q&A Example](https://techcommunity.microsoft.com/t5/azure-developer-community-blog/vector-similarity-search-with-azure-cache-for-redis-enterprise/ba-p/3822059)

+- **Document Retrieval**. Use the deeper semantic understanding of text provided by LLMs to provide a richer document search experience where traditional keyword-based search falls short. [Document Retrieval Example](https://github.com/RedisVentures/redis-arXiv-search)

+- **Product Recommendation**. Find similar products or services to recommend based on past user activities, like search history or previous purchases. [Product Recommendation Example](https://github.com/RedisVentures/LLM-Recommender)

+- **Visual Search**. Search for products that look similar to a picture taken by a user or a picture of another product. [Visual Search Example](https://github.com/RedisVentures/redis-product-search)

+- **Semantic Caching**. Reduce the cost and latency of LLMs by caching LLM completions. LLM queries are compared using vector similarity. If a new query is similar enough to a previously cached query, the cached query is returned. [Semantic Caching example using LangChain](https://python.langchain.com/docs/integrations/llms/llm_caching#redis-cache)

+- **LLM Conversation Memory**. Persist conversation history with an LLM as embeddings in a vector database. Your application can use vector search to pull relevant history or "memories" into the response from the LLM. [LLM Conversation Memory example](https://github.com/continuum-llms/chatgpt-memory)

+## Why choose Azure Cache for Redis for storing and searching vectors?

+Azure Cache for Redis can be used effectively as a vector database to store embeddings vectors and to perform vector similarity searches. In many ways, Redis is naturally a great choice in this area. It's extremely fast because it runs in-memory, unlike other vector databases that run on-disk. This can be useful when processing large datasets! Redis is also battle-hardened. Support for vector storage and search has been available for years, and many key machine learning frameworks like [LangChain](https://python.langchain.com/docs/integrations/vectorstores/redis) and [LlamaIndex](https://gpt-index.readthedocs.io/en/latest/examples/vector_stores/RedisIndexDemo.html) feature rich integrations with Redis. For example, the Redis LangChain integration [automatically generates an index schema for metadata](https://python.langchain.com/docs/integrations/vectorstores/redis#inspecting-the-created-index) passed in when using Redis as a vector store. This makes it much easier to filter results based on metadata.

+Redis has a wide range of vector search capabilities through the [RediSearch module](cache-redis-modules.md#redisearch), which is available in the Enterprise tier of Azure Cache for Redis. These include:

+- Multiple distance metrics, including `Euclidean`, `Cosine`, and `Internal Product`.

+- Support for both KNN (using `FLAT`) and ANN (using `HNSW`) indexing methods.

+- Vector storage in hash or JSON data structures

+- Top K queries

+- [Vector range queries](https://redis.io/docs/interact/search-and-query/search/vectors/#creating-a-vss-range-query) (i.e., find all items within a specific vector distance)

+- Hybrid search with [powerful query features](https://redis.io/docs/interact/search-and-query/) such as:

+ - Geospatial filtering

+ - Numeric and text filters

+ - Prefix and fuzzy matching

+ - Phonetic matching

+ - Boolean queries

+Additionally, Redis is often an economical choice because it's already so commonly used for caching or session store applications. In these scenarios, it can pull double-duty by serving a typical caching role while simultaneously handling vector search applications.

+## What are my other options for storing and searching for vectors?

+There are multiple other solutions on Azure for vector storage and search. These include:

+- [Azure Cognitive Search](../search/vector-search-overview.md)

+- [Azure Cosmos DB](../cosmos-db/mongodb/vcore/vector-search.md) using the MongoDB vCore API

+- [Azure Database for PostgreSQL - Flexible Server](../postgresql/flexible-server/how-to-use-pgvector.md) using `pgvector`

+## Next Steps

+The best way to get started with embeddings and vector search is to try it yourself!

+> [!div class="nextstepaction"]

+> [Tutorial: Conduct vector similarity search on Azure OpenAI embeddings using Azure Cache for Redis](./cache-tutorial-vector-similarity.md)

+# What is Azure Cache for Redis?

+- **Memory**: The Basic and Standard tiers offer 250 MB ΓÇô 53 GB; the Premium tier 6 GB - 1.2 TB; the Enterprise tier 4 GB - 2 TB, and the Enterprise Flash tier 300 GB - 4.5 TB. To create a Premium tier cache larger than 120 GB, you can use Redis OSS clustering. For more information, see [Azure Cache for Redis Pricing](https://azure.microsoft.com/pricing/details/cache/). For more information, see [How to configure clustering for a Premium Azure Cache for Redis](cache-how-to-premium-clustering.md).

+- **Performance**: Caches in the Premium and Enterprise tiers are deployed on hardware that has faster processors, giving better performance compared to the Basic or Standard tier. The Enterprise tier typically has the best performance for most workloads, especially with larger cache instances. For more information, see [Performance testing](cache-best-practices-performance.md).

+- **Dedicated core for Redis server**: All caches except C0 run dedicated vCPUs. The Basic, Standard, and Premium tiers run open source Redis, which by design uses only one thread for command processing. On these tiers, having more vCPUs usually improves throughput performance because Azure Cache for Redis uses other vCPUs for I/O processing or for OS processes. However, adding more vCPUs per instance may not produce linear performance increases. Scaling out usually boosts performance more than scaling up in these tiers. Enterprise and Enterprise Flash tier caches run on Redis Enterprise which is able to utilize multiple vCPUs per instance, which can also significantly increase performance over other tiers. For Enterprise and Enterprise flash tiers, scaling up is recommended before scaling out. For more information, see [Sharding and CPU utilization](cache-best-practices-enterprise-tiers.md#sharding-and-cpu-utilization).

+- **Network performance**: If you have a workload that requires high throughput, the Premium or Enterprise tier offers more bandwidth compared to Basic or Standard. Also within each tier, larger size caches have more bandwidth because of the underlying VM that hosts the cache. Higher bandwidth limits help you avoid network saturation that cause timeouts in your application.For more information, see [Performance testing](cache-best-practices-performance.md).

+- **Network isolation**: Azure Private Link and Virtual Network (VNet) deployments provide enhanced security and traffic isolation for your Azure Cache for Redis. VNet allows you to further restrict access through network access control policies. For more information, see [Azure Cache for Redis with Azure Private Link](cache-private-link.md) and [How to configure Virtual Network support for a Premium Azure Cache for Redis](cache-how-to-premium-vnet.md).

+The Enterprise tiers rely on Redis Enterprise, a commercial variant of Redis from Redis Inc. Customers obtain and pay for a license to this software through an Azure Marketplace offer. Azure Cache for Redis manages the license acquisition so that you don't have to do it separately. To purchase in the Azure Marketplace, you must have the following prerequisites:

+## Related content

+ Title: 'Tutorial: Conduct vector similarity search on Azure OpenAI embeddings using Azure Cache for Redis'

+description: In this tutorial, you learn how to use Azure Cache for Redis to store and search for vector embeddings.

+#CustomerIntent: As a < type of user >, I want < what? > so that < why? >.

+# Tutorial: Conduct vector similarity search on Azure OpenAI embeddings using Azure Cache for Redis

+In this tutorial, you'll walk through a basic vector similarity search use-case. You'll use embeddings generated by Azure OpenAI Service and the built-in vector search capabilities of the Enterprise tier of Azure Cache for Redis to query a dataset of movies to find the most relevant match.

+The tutorial uses the [Wikipedia Movie Plots dataset](https://www.kaggle.com/datasets/jrobischon/wikipedia-movie-plots) that features plot descriptions of over 35,000 movies from Wikipedia covering the years 1901 to 2017.

+The dataset includes a plot summary for each movie, plus metadata such as the year the film was released, the director(s), main cast, and genre. You'll follow the steps of the tutorial to generate embeddings based on the plot summary and use the other metadata to run hybrid queries.

+In this tutorial, you learn how to:

+> [!div class="checklist"]

+> * Create an Azure Cache for Redis instance configured for vector search

+> * Install Azure OpenAI and other required Python libraries.

+> * Download the movie dataset and prepare it for analysis.

+> * Use the **text-embedding-ada-002 (Version 2)** model to generate embeddings.

+> * Create a vector index in Azure Cache for Redis

+> * Use cosine similarity to rank search results.

+> * Use hybrid query functionality through [RediSearch](https://redis.io/docs/interact/search-and-query/) to prefilter the data and make the vector search even more powerful.

+>[!IMPORTANT]

+>This tutorial will walk you through building a Jupyter Notebook. You can follow this tutorial with a Python code file (.py) and get *similar* results, but you will need to add all of the code blocks in this tutorial into the `.py` file and execute once to see results. In other words, Jupyter Notebooks provides intermediate results as you execute cells, but this is not behavior you should expect when working in a Python code file.

+>[!IMPORTANT]

+>If you would like to follow along in a completed Jupyter notebook instead, [download the Jupyter notebook file named *tutorial.ipynb*](https://github.com/Azure-Samples/azure-cache-redis-samples/tree/main/tutorial/vector-similarity-search-open-ai) and save it into the new *redis-vector* folder.

+## Prerequisites

+* An Azure subscription - [Create one for free](https://azure.microsoft.com/free/cognitive-services?azure-portal=true)

+* Access granted to Azure OpenAI in the desired Azure subscription

+ Currently, you must apply for access to Azure OpenAI. You can apply for access to Azure OpenAI by completing the form at <a href="https://aka.ms/oai/access" target="_blank">https://aka.ms/oai/access</a>.

+* <a href="https://www.python.org/" target="_blank">Python 3.7.1 or later version</a>

+* [Jupyter Notebooks](https://jupyter.org/) (optional)

+* An Azure OpenAI resource with the **text-embedding-ada-002 (Version 2)** model deployed. This model is currently only available in [certain regions](../ai-services/openai/concepts/models.md#model-summary-table-and-region-availability). See the [resource deployment guide](../ai-services/openai/how-to/create-resource.md) for instructions on how to deploy the model.

+## Create an Azure Cache for Redis Instance

+1. Follow the [Quickstart: Create a Redis Enterprise cache](quickstart-create-redis-enterprise.md) guide. On the **Advanced** page, make sure that you've added the **RediSearch** module and have chosen the **Enterprise** Cluster Policy. All other settings can match the default described in the quickstart.

+ It takes a few minutes for the cache to create. You can move on to the next step in the meantime.

+## Set up your development environment

+1. Create a folder on your local computer named *redis-vector* in the location where you typically save your projects.

+1. Create a new python file (*tutorial.py*) or Jupyter notebook (*tutorial.ipynb*) in the folder.

+1. Install the required Python packages:

+ ```python

+ pip install openai num2words matplotlib plotly scipy scikit-learn pandas tiktoken redis langchain

+ ```

+## Download the dataset

+1. In a web browser, navigate to [https://www.kaggle.com/datasets/jrobischon/wikipedia-movie-plots](https://www.kaggle.com/datasets/jrobischon/wikipedia-movie-plots).

+1. Sign in or register with Kaggle. Registration is required to download the file.

+1. Select the **Download** link on Kaggle to download the *archive.zip* file.

+1. Extract the *archive.zip* file and move the *wiki_movie_plots_deduped.csv* into the *redis-vector* folder.

+## Import libraries and set up connection information

+To successfully make a call against Azure OpenAI, you need an **endpoint** and a **key**. You also need an **endpoint** and a **key** to connect to Azure Cache for Redis.

+1. Go to your Azure Open AI resource in the Azure portal.

+1. Locate **Endpoint and Keys** in the **Resource Management** section. Copy your endpoint and access key as you'll need both for authenticating your API calls. An example endpoint is: `https://docs-test-001.openai.azure.com`. You can use either `KEY1` or `KEY2`.

+1. Go to the **Overview** page of your Azure Cache for Redis resource in the Azure portal. Copy your endpoint.

+1. Locate **Access keys** in the **Settings** section. Copy your access key. You can use either `Primary` or `Secondary`.

+1. Add the following code to a new code cell:

+ ```python

+ # Code cell 2

+ import re

+ from num2words import num2words

+ import os

+ import pandas as pd

+ from openai.embeddings_utils import get_embedding

+ import tiktoken

+ from typing import List

+ from langchain.embeddings import OpenAIEmbeddings

+ from langchain.vectorstores.redis import Redis as RedisVectorStore

+ from langchain.document_loaders import DataFrameLoader

+ API_KEY = "<your-azure-openai-key>"

+ RESOURCE_ENDPOINT = "<your-azure-openai-endpoint>"

+ DEPLOYMENT_NAME = "<name-of-your-model-deployment>"

+ MODEL_NAME = "text-embedding-ada-002"

+ REDIS_ENDPOINT = "<your-azure-redis-endpoint>"

+ REDIS_PASSWORD = "<your-azure-redis-password>"

+ ```

+1. Update the value of `API_KEY` and `RESOURCE_ENDPOINT` with the key and endpoint values from your Azure OpenAI deployment. `DEPLOYMENT_NAME` should be set to the name of your deployment using the `text-embedding-ada-002 (Version 2)` embeddings model, and `MODEL_NAME` should be the specific embeddings model used.

+1. Update `REDIS_ENDPOINT` and `REDIS_PASSWORD` with the endpoint and key value from your Azure Cache for Redis instance.

+ > [!Important]

+ > We strongly recommend using environmental variables or a secret manager like [Azure Key Vault](../key-vault/general/overview.md) to pass in the API key, endpoint, and deployment name information. These variables are set in plaintext here for the sake of simplicity.

+1. Execute code cell 2.

+## Import dataset into pandas and process data

+Next, you'll read the csv file into a pandas DataFrame.

+1. Add the following code to a new code cell:

+ ```python

+ # Code cell 3

+ df=pd.read_csv(os.path.join(os.getcwd(),'wiki_movie_plots_deduped.csv'))

+ df

+ ```

+1. Execute code cell 3. You should see the following output:

+

+ :::image type="content" source="media/cache-tutorial-vector-similarity/code-cell-3.png" alt-text="Screenshot of results from executing code cell 3, displaying eight columns and a sampling of 10 rows of data." lightbox="media/cache-tutorial-vector-similarity/code-cell-3.png":::

+1. Next, process the data by adding an `id` index, removing spaces from the column titles, and filters the movies to take only movies made after 1970 and from English speaking countries. This filtering step reduces the number of movies in the dataset, which lowers the cost and time required to generate embeddings. You're free to change or remove the filter parameters based on your preferences.

+ To filter the data, add the following code to a new code cell:

+ ```python

+ # Code cell 4

+ df.insert(0, 'id', range(0, len(df)))

+ df['year'] = df['Release Year'].astype(int)

+ df['origin'] = df['Origin/Ethnicity'].astype(str)

+ del df['Release Year']

+ del df['Origin/Ethnicity']

+ df = df[df.year > 1970] # only movies made after 1970

+ df = df[df.origin.isin(['American','British','Canadian'])] # only movies from English-speaking cinema

+ df

+ ```

+1. Execute code cell 4. You should see the following results:

+ :::image type="content" source="media/cache-tutorial-vector-similarity/code-cell-4.png" alt-text="Screenshot of results from executing code cell 4, displaying nine columns and a sampling of 10 rows of data." lightbox="media/cache-tutorial-vector-similarity/code-cell-4.png":::

+1. Create a function to clean the data by removing whitespace and punctuation, then use it against the dataframe containing the plot.

+ Add the following code to a new code cell and execute it:

+ ```python

+ # Code cell 5

+ pd.options.mode.chained_assignment = None

+ # s is input text

+ def normalize_text(s, sep_token = " \n "):

+ s = re.sub(r'\s+', ' ', s).strip()

+ s = re.sub(r". ,","",s)

+ # remove all instances of multiple spaces

+ s = s.replace("..",".")

+ s = s.replace(". .",".")

+ s = s.replace("\n", "")

+ s = s.strip()

+

+ return s

+ df['Plot']= df['Plot'].apply(lambda x : normalize_text(x))

+ ```

+1. Finally, remove any entries that contain plot descriptions that are too long for the embeddings model. (In other words, they require more tokens than the 8192 token limit.) and then calculate the numbers of tokens required to generate embeddings. This also impacts pricing for embedding generation.

+ Add the following code to a new code cell:

+ ```python

+ # Code cell 6

+ tokenizer = tiktoken.get_encoding("cl100k_base")

+ df['n_tokens'] = df["Plot"].apply(lambda x: len(tokenizer.encode(x)))

+ df = df[df.n_tokens<8192]

+ print('Number of movies: ' + str(len(df)))

+ print('Number of tokens required:' + str(df['n_tokens'].sum()))

+ ```

+1. Execute code cell 6. You should see this output:

+ ```output

+ Number of movies: 11125

+ Number of tokens required:7044844

+ ```

+ > [!Important]

+ > Refer to [Azure OpenAI Service pricing](https://azure.microsoft.com/pricing/details/cognitive-services/openai-service/) to caculate the cost of generating embeddings based on the number of tokens required.

+## Load DataFrame into LangChain

+Load the DataFrame into LangChain using the `DataFrameLoader` class. Once the data is in LangChain documents, it's far easier to use LangChain libraries to generate embeddings and conduct similarity searches. Set *Plot* as the `page_content_column` so that embeddings are generated on this column.

+1. Add the following code to a new code cell and execute it:

+ ```python

+ # Code cell 7

+ loader = DataFrameLoader(df, page_content_column="Plot" )

+ movie_list = loader.load()

+ ```

+## Generate embeddings and load them into Redis

+Now that the data has been filtered and loaded into LangChain, you'll create embeddings so you can query on the plot for each movie. The following code configures Azure OpenAI, generates embeddings, and loads the embeddings vectors into Azure Cache for Redis.

+1. Add the following code a new code cell:

+ ```python

+ # Code cell 8

+ embedding = OpenAIEmbeddings(

+ deployment=DEPLOYMENT_NAME,

+ model=MODEL_NAME,

+ openai_api_base=RESOURCE_ENDPOINT,

+ openai_api_type="azure",

+ openai_api_key=API_KEY,

+ openai_api_version="2023-05-15",

+ chunk_size=16 # current limit with Azure OpenAI service. This will likely increase in the future.

+ )

+ # name of the Redis search index to create

+ index_name = "movieindex"

+ # create a connection string for the Redis Vector Store. Uses Redis-py format: https://redis-py.readthedocs.io/en/stable/connections.html#redis.Redis.from_url

+ # This example assumes TLS is enabled. If not, use "redis://" instead of "rediss://

+ redis_url = "rediss://:" + REDIS_PASSWORD + "@"+ REDIS_ENDPOINT

+ # create and load redis with documents

+ vectorstore = RedisVectorStore.from_documents(

+ documents=movie_list,

+ embedding=embedding,

+ index_name=index_name,

+ redis_url=redis_url

+ )

+ # save index schema so you can reload in the future without re-generating embeddings

+ vectorstore.write_schema("redis_schema.yaml")

+ ```

+1. Execute code cell 8. This can take up to 10 minutes to complete. A `redis_schema.yaml` file is generated as well. This file is useful if you want to connect to your index in Azure Cache for Redis instance without re-generating embeddings.

+## Run vector search queries

+Now that your dataset, Azure OpenAI service API, and Redis instance are set up, you can search using vectors. In this example, the top 10 results for a given query are returned.

+1. Add the following code to your Python code file:

+ ```python

+ # Code cell 9

+ query = "Spaceships, aliens, and heroes saving America"

+ results = vectorstore.similarity_search_with_score(query, k=10)

+ for i, j in enumerate(results):

+ movie_title = str(results[i][0].metadata['Title'])

+ similarity_score = str(round((1 - results[i][1]),4))

+ print(movie_title + ' (Score: ' + similarity_score + ')')

+ ```

+1. Execute code cell 9. You should see the following output:

+ ```output

+ Independence Day (Score: 0.8348)

+ The Flying Machine (Score: 0.8332)

+ Remote Control (Score: 0.8301)

+ Bravestarr: The Legend (Score: 0.83)

+ Xenogenesis (Score: 0.8291)

+ Invaders from Mars (Score: 0.8291)

+ Apocalypse Earth (Score: 0.8287)

+ Invasion from Inner Earth (Score: 0.8287)

+ Thru the Moebius Strip (Score: 0.8283)

+ Solar Crisis (Score: 0.828)

+ ```

+ The similarity score is returned along with the ordinal ranking of movies by similarity. Notice that more specific queries have similarity scores decrease faster down the list.

+## Hybrid searches

+1. Since RediSearch also features rich search functionality on top of vector search, it's possible to filter results by the metadata in the data set, such as film genre, cast, release year, or director. In this case, filter based on the genre `comedy`.

+ Add the following code to a new code cell:

+ ```python

+ # Code cell 10

+ from langchain.vectorstores.redis import RedisText

+ query = "Spaceships, aliens, and heroes saving America"

+ genre_filter = RedisText("Genre") == "comedy"

+ results = vectorstore.similarity_search_with_score(query, filter=genre_filter, k=10)

+ for i, j in enumerate(results):

+ movie_title = str(results[i][0].metadata['Title'])

+ similarity_score = str(round((1 - results[i][1]),4))

+ print(movie_title + ' (Score: ' + similarity_score + ')')

+ ```

+1. Execute code cell 10. You should see the following output:

+ ```output

+ Remote Control (Score: 0.8301)

+ Meet Dave (Score: 0.8236)

+ Elf-Man (Score: 0.8208)

+ Fifty/Fifty (Score: 0.8167)

+ Mars Attacks! (Score: 0.8165)

+ Strange Invaders (Score: 0.8143)

+ Amanda and the Alien (Score: 0.8136)

+ Suburban Commando (Score: 0.8129)

+ Coneheads (Score: 0.8129)

+ Morons from Outer Space (Score: 0.8121)

+ ```

+With Azure Cache for Redis and Azure OpenAI Service, you can use embeddings and vector search to add powerful search capabilities to your application.

+## Related Content

+* [Learn more about Azure Cache for Redis](cache-overview.md)

+* Learn more about Azure Cache for Redis [vector search capabilities](./cache-overview-vector-similarity.md)

+* Learn more about [embeddings generated by Azure OpenAI Service](../ai-services/openai/concepts/understand-embeddings.md)

+* Learn more about [cosine similarity](https://en.wikipedia.org/wiki/Cosine_similarity)

+* [Read how to build an AI-powered app with OpenAI and Redis](https://techcommunity.microsoft.com/t5/azure-developer-community-blog/vector-similarity-search-with-azure-cache-for-redis-enterprise/ba-p/3822059)

+* [Build a Q&A app with semantic answers](https://github.com/ruoccofabrizio/azure-open-ai-embeddings-qna)

+# Differences between isolated worker model and in-process model .NET Azure Functions

+| Feature/behavior | Isolated worker process | In-process³ |

+| [Supported .NET versions](#supported-versions) | Long Term Support (LTS) versions⁶,<br/>Standard Term Support (STS) versions,<br/>.NET Framework | Long Term Support (LTS) versions⁶ |

+| Core packages | [Microsoft.Azure.Functions.Worker](https://www.nuget.org/packages/Microsoft.Azure.Functions.Worker/)<br/>[Microsoft.Azure.Functions.Worker.Sdk](https://www.nuget.org/packages/Microsoft.Azure.Functions.Worker.Sdk) | [Microsoft.NET.Sdk.Functions](https://www.nuget.org/packages/Microsoft.NET.Sdk.Functions/) |

+| Binding extension packages | [Microsoft.Azure.Functions.Worker.Extensions.*](https://www.nuget.org/packages?q=Microsoft.Azure.Functions.Worker.Extensions) | [Microsoft.Azure.WebJobs.Extensions.*](https://www.nuget.org/packages?q=Microsoft.Azure.WebJobs.Extensions) |

+| Durable Functions | [Supported](durable/durable-functions-isolated-create-first-csharp.md?pivots=code-editor-visualstudio) (Support does not yet include Durable Entities) | [Supported](durable/durable-functions-overview.md) |

+| Model types exposed by bindings | Simple types<br/>JSON serializable types<br/>Arrays/enumerations<br/>[Service SDK types](dotnet-isolated-process-guide.md#sdk-types)⁴ | Simple types<br/>[JSON serializable](/dotnet/api/system.text.json.jsonserializeroptions) types<br/>Arrays/enumerations<br/>Service SDK types⁴ |

+| HTTP trigger model types| [HttpRequestData] / [HttpResponseData]<br/>[HttpRequest] / [IActionResult] (using [ASP.NET Core integration][aspnetcore-integration])⁵| [HttpRequest] / [IActionResult]⁵<br/>[HttpRequestMessage] / [HttpResponseMessage] |

+| Output binding interactions | Return values in an expanded model with:<br/> - single or [multiple outputs](dotnet-isolated-process-guide.md#multiple-output-bindings)<br/> - arrays of outputs| Return values (single output only),<br/>`out` parameters,<br/>`IAsyncCollector` |

+| Imperative bindings¹ | Not supported - instead [work with SDK types directly](./dotnet-isolated-process-guide.md#register-azure-clients) | [Supported](functions-dotnet-class-library.md#binding-at-runtime) |

+| Dependency injection | [Supported](dotnet-isolated-process-guide.md#dependency-injection) (improved model consistent with .NET ecosystem) | [Supported](functions-dotnet-dependency-injection.md) |

+| Middleware | [Supported](dotnet-isolated-process-guide.md#middleware) | Not supported |

+| Logging | [ILogger&lt;T&gt;]/[ILogger] obtained from [FunctionContext](/dotnet/api/microsoft.azure.functions.worker.functioncontext) or via [dependency injection](dotnet-isolated-process-guide.md#dependency-injection)| [ILogger] passed to the function<br/>[ILogger&lt;T&gt;] via [dependency injection](functions-dotnet-dependency-injection.md) |

+| Application Insights dependencies | [Supported](./dotnet-isolated-process-guide.md#application-insights) | [Supported](functions-monitoring.md#dependencies) |

+| Cancellation tokens | [Supported](dotnet-isolated-process-guide.md#cancellation-tokens) | [Supported](functions-dotnet-class-library.md#cancellation-tokens) |

+| Cold start times² | [Configurable optimizations (preview)](./dotnet-isolated-process-guide.md#performance-optimizations) | Optimized |

+| ReadyToRun | [Supported](dotnet-isolated-process-guide.md#readytorun) | [Supported](functions-dotnet-class-library.md#readytorun) |

+⁶ The isolated worker model supports .NET 8 [as a preview](./dotnet-isolated-process-guide.md#preview-net-versions). For information about .NET 8 plans, including future options for the in-process model, see the [Azure Functions Roadmap Update post](https://aka.ms/azure-functions-dotnet-roadmap).

+## Preview .NET versions

+Azure Functions currently can be used with the following preview versions of .NET:

+| Operating system | .NET preview version |

+| - | - |

+| Windows | .NET 8 Preview 7 |

+| Linux | .NET 8 RC1 |

+### Using a preview .NET SDK

+To use Azure Functions with a preview version of .NET, you need to update your project by:

+1. Installing the relevant .NET SDK version in your development

+1. Changing the `TargetFramework` setting in your `.csproj` file

+When deploying to a function app in Azure, you also need to ensure that the framework is made available to the app. To do so on Windows, you can use the following CLI command. Replace `<groupName>` with the name of the resource group, and replace `<appName>` with the name of your function app. Replace `<framework>` with the appropriate version string, such as "v8.0".

+```azurecli

+az functionapp config set -g <groupName> -n <appName> --net-framework-version <framework>

+```

+### Considerations for using .NET preview versions

+Keep these considerations in mind when using Functions with preview versions of .NET:

+If you author your functions in Visual Studio, you must use [Visual Studio Preview](https://visualstudio.microsoft.com/vs/preview/), which supports building Azure Functions projects with .NET preview SDKs. You should also ensure you have the latest Functions tools and templates. To update these, navigate to `Tools->Options`, select `Azure Functions` under `Projects and Solutions`, and then click the `Check for updates` button, installing updates as prompted.

+During the preview period, your development environment might have a more recent version of the .NET preview than the hosted service. This can cause the application to fail when deployed. To address this, you can configure which version of the SDK to use in [`global.json`](/dotnet/core/tools/global-json). First, identify which versions you have installed using `dotnet --list-sdks` and note the version that matches what the service supports. Then you can run `dotnet new globaljson --sdk-version <sdk-version> --force`, substituting `<sdk-version>` for the version you noted in the previous command. For example, `dotnet new globaljson --sdk-version dotnet-sdk-8.0.100-preview.7.23376.3 --force` will cause the system to use the .NET 8 Preview 7 SDK when building your project.

+Note that due to just-in-time loading of preview frameworks, function apps running on Windows may experience increased cold start times when compared against earlier GA versions.

+# [Isolated worker model](#tab/isolated-process)

+dotnet add package Microsoft.Azure.Functions.Worker.Extensions.Sql

+# [In-process model](#tab/in-process)

+dotnet add package Microsoft.Azure.WebJobs.Extensions.Sql

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+Open the *HttpExample.cs* project file and add the following parameter to the `Run` method definition:

+The `toDoItems` parameter is an `IAsyncCollector<ToDoItem>` type, which represents a collection of ToDo items that are written to your Azure SQL Database when the function completes. Specific attributes indicate the names of the database table (`dbo.ToDo`) and the connection string for your Azure SQL Database (`SqlConnectionString`).

+# [Isolated worker model](#tab/isolated-process)

+Replace the existing Run method with the following code:

+```cs

+[Function("HttpExample")]

+public static OutputType Run([HttpTrigger(AuthorizationLevel.Anonymous, "get", "post")] HttpRequestData req,

+ FunctionContext executionContext)

+{

+ var logger = executionContext.GetLogger("HttpExample");

+ logger.LogInformation("C# HTTP trigger function processed a request.");

+ var message = "Welcome to Azure Functions!";

+ var response = req.CreateResponse(HttpStatusCode.OK);

+ response.Headers.Add("Content-Type", "text/plain; charset=utf-8");

+ response.WriteString(message);

+ // Return a response to both HTTP trigger and Azure SQL output binding.

+ return new OutputType()

+ {

+ ToDoItem = new ToDoItem

+ {

+ id = System.Guid.NewGuid().ToString(),

+ title = message,

+ completed = false,

+ url = ""

+ },

+ HttpResponse = response

+ };

+}

+```

+# [In-process model](#tab/in-process)

+# [Isolated worker model](#tab/isolated-process)

+dotnet add package Microsoft.Azure.Functions.Worker.Extensions.CosmosDB --version 3.0.9

+# [In-process model](#tab/in-process)

+dotnet add package Microsoft.Azure.WebJobs.Extensions.CosmosDB --version 3.0.10

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+Open the *HttpExample.cs* project file and add the following parameter to the `Run` method definition:

+The `documentsOut` parameter is an `IAsyncCollector<T>` type, which represents a collection of JSON documents that are written to your Azure Cosmos DB container when the function completes. Specific attributes indicate the names of the container and its parent database. The connection string for your Azure Cosmos DB account is set by the `ConnectionStringSettingAttribute`.

+# [Isolated worker model](#tab/isolated-process)

+Replace the existing Run method with the following code:

+# [In-process model](#tab/in-process)

+ # [Isolated worker model](#tab/isolated-process)

+ Install-Package /dotnet/api/microsoft.azure.webjobs.blobattribute.Queues -IncludePrerelease

+ # [In-process model](#tab/in-process)

+ Install-Package Microsoft.Azure.WebJobs.Extensions.Storage

+# [Isolated worker model](#tab/isolated-process)

+More samples for the Azure Data Explorer input binding (out of process) are available in the [GitHub repository](https://github.com/Azure/Webjobs.Extensions.Kusto/tree/main/samples/samples-outofproc).

+This section contains the following examples:

+* [HTTP trigger, get row by ID from query string](#http-trigger-look-up-id-from-query-string-c-oop)

+* [HTTP trigger, get multiple rows from route data](#http-trigger-get-multiple-items-from-route-data-c-oop)

+The examples refer to a `Product` class and the Products table, both of which are defined in the previous sections.

+<a id="http-trigger-look-up-id-from-query-string-c-oop"></a>

+### HTTP trigger, get row by ID from query string

+The following example shows a [C# function](functions-dotnet-class-library.md) that retrieves a single record. The function is triggered by an HTTP request that uses a query string to specify the ID. That ID is used to retrieve a `Product` record with the specified query.

+> [!NOTE]

+> The HTTP query string parameter is case sensitive.

+>

+```cs

+using System.Text.Json.Nodes;

+using Microsoft.Azure.Functions.Worker;

+using Microsoft.Azure.Functions.Worker.Extensions.Kusto;

+using Microsoft.Azure.Functions.Worker.Http;

+using Microsoft.Azure.WebJobs.Extensions.Kusto.SamplesOutOfProc.OutputBindingSamples.Common;

+namespace Microsoft.Azure.WebJobs.Extensions.Kusto.SamplesOutOfProc.InputBindingSamples

+{

+ public static class GetProductsQuery

+ {

+ [Function("GetProductsQuery")]

+ public static JsonArray Run(

+ [HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = "getproductsquery")] HttpRequestData req,

+ [KustoInput(Database: "productsdb",

+ KqlCommand = "declare query_parameters (productId:long);Products | where ProductID == productId",

+ KqlParameters = "@productId={Query.productId}",Connection = "KustoConnectionString")] JsonArray products)

+ {

+ return products;

+ }

+ }

+}

+```

+<a id="http-trigger-get-multiple-items-from-route-data-c-oop"></a>

+### HTTP trigger, get multiple rows from route parameter

+The following example shows a [C# function](functions-dotnet-class-library.md) that retrieves records returned by the query (based on the name of the product, in this case). The function is triggered by an HTTP request that uses route data to specify the value of a query parameter. That parameter is used to filter the `Product` records in the specified query.

+```cs

+using Microsoft.Azure.Functions.Worker;

+using Microsoft.Azure.Functions.Worker.Extensions.Kusto;

+using Microsoft.Azure.Functions.Worker.Http;

+using Microsoft.Azure.WebJobs.Extensions.Kusto.SamplesOutOfProc.OutputBindingSamples.Common;

+namespace Microsoft.Azure.WebJobs.Extensions.Kusto.SamplesOutOfProc.InputBindingSamples

+{

+ public static class GetProductsFunction

+ {

+ [Function("GetProductsFunction")]

+ public static IEnumerable<Product> Run(

+ [HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = "getproductsfn/{name}")] HttpRequestData req,

+ [KustoInput(Database: "productsdb",

+ KqlCommand = "declare query_parameters (name:string);GetProductsByName(name)",

+ KqlParameters = "@name={name}",Connection = "KustoConnectionString")] IEnumerable<Product> products)

+ {

+ return products;

+ }

+ }

+}

+```

+# [In-process model](#tab/in-process)

+### [Isolated worker model](#tab/isolated-process)

+More samples for the Azure Data Explorer output binding are available in the [GitHub repository](https://github.com/Azure/Webjobs.Extensions.Kusto/tree/main/samples/samples-outofproc).

+This section contains the following examples:

+* [HTTP trigger, write one record](#http-trigger-write-one-record-c-oop)

+* [HTTP trigger, write records with mapping](#http-trigger-write-records-with-mapping-oop)

+The examples refer to `Product` class and a corresponding database table:

+```cs

+public class Product

+{

+ [JsonProperty(nameof(ProductID))]

+ public long ProductID { get; set; }

+ [JsonProperty(nameof(Name))]

+ public string Name { get; set; }

+ [JsonProperty(nameof(Cost))]

+ public double Cost { get; set; }

+}

+```

+```kusto

+.create-merge table Products (ProductID:long, Name:string, Cost:double)

+```

+<a id="http-trigger-write-one-record-c-oop"></a>

+#### HTTP trigger, write one record

+The following example shows a [C# function](functions-dotnet-class-library.md) that adds a record to a database. The function uses data provided in an HTTP POST request as a JSON body.

+```cs

+using Microsoft.Azure.Functions.Worker;

+using Microsoft.Azure.Functions.Worker.Extensions.Kusto;

+using Microsoft.Azure.Functions.Worker.Http;

+using Microsoft.Azure.WebJobs.Extensions.Kusto.SamplesOutOfProc.OutputBindingSamples.Common;

+namespace Microsoft.Azure.WebJobs.Extensions.Kusto.SamplesOutOfProc.OutputBindingSamples

+{

+ public static class AddProduct

+ {

+ [Function("AddProduct")]

+ [KustoOutput(Database: "productsdb", Connection = "KustoConnectionString", TableName = "Products")]

+ public static async Task<Product> Run(

+ [HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = "addproductuni")]

+ HttpRequestData req)

+ {

+ Product? prod = await req.ReadFromJsonAsync<Product>();

+ return prod ?? new Product { };

+ }

+ }

+}

+```

+<a id="http-trigger-write-records-with-mapping-oop"></a>

+#### HTTP trigger, write records with mapping

+The following example shows a [C# function](functions-dotnet-class-library.md) that adds a collection of records to a database. The function uses mapping that transforms a `Product` to `Item`.

+To transform data from `Product` to `Item`, the function uses a mapping reference:

+```kusto

+.create-merge table Item (ItemID:long, ItemName:string, ItemCost:float)

+-- Create a mapping that transforms an Item to a Product

+.create-or-alter table Product ingestion json mapping "item_to_product_json" '[{"column":"ProductID","path":"$.ItemID"},{"column":"Name","path":"$.ItemName"},{"column":"Cost","path":"$.ItemCost"}]'

+```

+```cs

+namespace Microsoft.Azure.WebJobs.Extensions.Kusto.SamplesOutOfProc.OutputBindingSamples.Common

+{

+ public class Item

+ {

+ public long ItemID { get; set; }

+ public string? ItemName { get; set; }

+ public double ItemCost { get; set; }

+ }

+}

+```

+```cs

+using Microsoft.Azure.Functions.Worker;

+using Microsoft.Azure.Functions.Worker.Extensions.Kusto;

+using Microsoft.Azure.Functions.Worker.Http;

+using Microsoft.Azure.WebJobs.Extensions.Kusto.SamplesOutOfProc.OutputBindingSamples.Common;

+namespace Microsoft.Azure.WebJobs.Extensions.Kusto.SamplesOutOfProc.OutputBindingSamples

+{

+ public static class AddProductsWithMapping

+ {

+ [Function("AddProductsWithMapping")]

+ [KustoOutput(Database: "productsdb", Connection = "KustoConnectionString", TableName = "Products", MappingRef = "item_to_product_json")]

+ public static async Task<Item> Run(

+ [HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = "addproductswithmapping")]

+ HttpRequestData req)

+ {

+ Item? item = await req.ReadFromJsonAsync<Item>();

+ return item ?? new Item { };

+ }

+ }

+}

+```

+### [In-process model](#tab/in-process)

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+Functions run in the same process as the Functions host. To learn more, see [Develop C# class library functions using Azure Functions](functions-dotnet-class-library.md).

+Add the extension to your project by installing [this NuGet package](https://www.nuget.org/packages/Microsoft.Azure.WebJobs.Extensions.Kusto).

+```bash

+dotnet add package Microsoft.Azure.WebJobs.Extensions.Kusto --prerelease

+```

+# [Isolated worker model](#tab/isolated-process)

+More samples for the Azure SQL input binding are available in the [GitHub repository](https://github.com/Azure/azure-functions-sql-extension/tree/main/samples/samples-outofproc).

+* [HTTP trigger, get row by ID from query string](#http-trigger-look-up-id-from-query-string-c-oop)

+* [HTTP trigger, get multiple rows from route data](#http-trigger-get-multiple-items-from-route-data-c-oop)

+* [HTTP trigger, delete rows](#http-trigger-delete-one-or-multiple-rows-c-oop)

+<a id="http-trigger-look-up-id-from-query-string-c-oop"></a>

+using Microsoft.Azure.Functions.Worker;

+using Microsoft.Azure.Functions.Worker.Extensions.Sql;

+using Microsoft.Azure.Functions.Worker.Http;

+ [SqlInput(commandText: "select [Id], [order], [title], [url], [completed] from dbo.ToDo where Id = @Id",

+<a id="http-trigger-get-multiple-items-from-route-data-c-oop"></a>

+using Microsoft.Azure.Functions.Worker;

+using Microsoft.Azure.Functions.Worker.Extensions.Sql;

+using Microsoft.Azure.Functions.Worker.Http;

+ [SqlInput(commandText: "select [Id], [order], [title], [url], [completed] from dbo.ToDo where [Priority] > @Priority",

+<a id="http-trigger-delete-one-or-multiple-rows-c-oop"></a>

+```cs

+namespace AzureSQL.ToDo

+{

+ public static class DeleteToDo

+ {

+ // delete all items or a specific item from querystring

+ // returns remaining items

+ // uses input binding with a stored procedure DeleteToDo to delete items and return remaining items

+ [FunctionName("DeleteToDo")]

+ public static IActionResult Run(

+ [HttpTrigger(AuthorizationLevel.Anonymous, "delete", Route = "DeleteFunction")] HttpRequest req,

+ ILogger log,

+ [SqlInput(commandText: "DeleteToDo", commandType: System.Data.CommandType.StoredProcedure,

+ parameters: "@Id={Query.id}", connectionStringSetting: "SqlConnectionString")]

+ IEnumerable<ToDoItem> toDoItems)

+ {

+ return new OkObjectResult(toDoItems);

+ }

+ }

+}

+```

+# [In-process model](#tab/in-process)

+More samples for the Azure SQL input binding are available in the [GitHub repository](https://github.com/Azure/azure-functions-sql-extension/tree/main/samples/samples-csharp).

+* [HTTP trigger, get row by ID from query string](#http-trigger-look-up-id-from-query-string-c)

+* [HTTP trigger, get multiple rows from route data](#http-trigger-get-multiple-items-from-route-data-c)

+* [HTTP trigger, delete rows](#http-trigger-delete-one-or-multiple-rows-c)

+<a id="http-trigger-look-up-id-from-query-string-c"></a>

+using Microsoft.Azure.WebJobs;

+using Microsoft.Azure.WebJobs.Extensions.Http;

+ [Sql(commandText: "select [Id], [order], [title], [url], [completed] from dbo.ToDo where Id = @Id",

+<a id="http-trigger-get-multiple-items-from-route-data-c"></a>

+using Microsoft.Azure.WebJobs;

+using Microsoft.Azure.WebJobs.Extensions.Http;

+ [Sql(commandText: "select [Id], [order], [title], [url], [completed] from dbo.ToDo where [Priority] > @Priority",

+<a id="http-trigger-delete-one-or-multiple-rows-c"></a>

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+More samples for the Azure SQL output binding are available in the [GitHub repository](https://github.com/Azure/azure-functions-sql-extension/tree/main/samples/samples-csharp).

+* [HTTP trigger, write one record](#http-trigger-write-one-record-c)

+* [HTTP trigger, write to two tables](#http-trigger-write-to-two-tables-c)

+* [HTTP trigger, write records using IAsyncCollector](#http-trigger-write-records-using-iasynccollector-c)

+<a id="http-trigger-write-one-record-c"></a>

+### HTTP trigger, write one record

+The following example shows a [C# function](functions-dotnet-class-library.md) that adds a record to a database, using data provided in an HTTP POST request as a JSON body.

+<a id="http-trigger-write-to-two-tables-c"></a>

+The following example shows a [C# function](functions-dotnet-class-library.md) that adds records to a database in two different tables (`dbo.ToDo` and `dbo.RequestLog`), using data provided in an HTTP POST request as a JSON body and multiple output bindings.

+```cs

+namespace AzureSQL.ToDo

+ public static class PostToDo

+ {

+ // create a new ToDoItem from body object

+ // uses output binding to insert new item into ToDo table

+ [FunctionName("PostToDo")]

+ public static async Task<IActionResult> Run(

+ [HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = "PostFunction")] HttpRequest req,

+ ILogger log,

+ [Sql(commandText: "dbo.ToDo", connectionStringSetting: "SqlConnectionString")] IAsyncCollector<ToDoItem> toDoItems,

+ [Sql(commandText: "dbo.RequestLog", connectionStringSetting: "SqlConnectionString")] IAsyncCollector<RequestLog> requestLogs)

+ {

+ string requestBody = await new StreamReader(req.Body).ReadToEndAsync();

+ ToDoItem toDoItem = JsonConvert.DeserializeObject<ToDoItem>(requestBody);

+ // generate a new id for the todo item

+ toDoItem.Id = Guid.NewGuid();

+ // set Url from env variable ToDoUri

+ toDoItem.url = Environment.GetEnvironmentVariable("ToDoUri")+"?id="+toDoItem.Id.ToString();

+ // if completed is not provided, default to false

+ if (toDoItem.completed == null)

+ {

+ toDoItem.completed = false;

+ }

+ await toDoItems.AddAsync(toDoItem);

+ await toDoItems.FlushAsync();

+ List<ToDoItem> toDoItemList = new List<ToDoItem> { toDoItem };

+ requestLog = new RequestLog();

+ requestLog.RequestTimeStamp = DateTime.Now;

+ requestLog.ItemCount = 1;

+ await requestLogs.AddAsync(requestLog);

+ await requestLogs.FlushAsync();

+ return new OkObjectResult(toDoItemList);

+ }

+ }

+ public class RequestLog {

+ public DateTime RequestTimeStamp { get; set; }

+ public int ItemCount { get; set; }

+ }

+<a id="http-trigger-write-records-using-iasynccollector-c"></a>

+### HTTP trigger, write records using IAsyncCollector

+The following example shows a [C# function](functions-dotnet-class-library.md) that adds a collection of records to a database, using data provided in an HTTP POST body JSON array.

+```cs

+using Microsoft.AspNetCore.Http;

+using Microsoft.Azure.WebJobs;

+using Microsoft.Azure.WebJobs.Extensions.Http;

+using System.IO;

+using System.Threading.Tasks;

+namespace AzureSQLSamples

+ public static class WriteRecordsAsync

+ {

+ [FunctionName("WriteRecordsAsync")]

+ public static async Task<IActionResult> Run(

+ [HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = "addtodo-asynccollector")]

+ HttpRequest req,

+ [Sql(commandText: "dbo.ToDo", connectionStringSetting: "SqlConnectionString")] IAsyncCollector<ToDoItem> newItems)

+ {

+ string requestBody = await new StreamReader(req.Body).ReadToEndAsync();

+ var incomingItems = JsonConvert.DeserializeObject<ToDoItem[]>(requestBody);

+ foreach (ToDoItem newItem in incomingItems)

+ {

+ await newItems.AddAsync(newItem);

+ }

+ // Rows are upserted here

+ await newItems.FlushAsync();

+ return new CreatedResult($"/api/addtodo-asynccollector", "done");

+ }

+ }

+# [Isolated worker model](#tab/isolated-process)

+More samples for the Azure SQL trigger are available in the [GitHub repository](https://github.com/Azure/azure-functions-sql-extension/tree/main/samples/samples-outofproc).

+using System;

+using Microsoft.Azure.Functions.Worker;

+using Microsoft.Azure.Functions.Worker.Extensions.Sql;

+using Newtonsoft.Json;

+ [Function("ToDoTrigger")]

+ FunctionContext context)

+ var logger = context.GetLogger("ToDoTrigger");

+# [In-process model](#tab/in-process)

+More samples for the Azure SQL trigger are available in the [GitHub repository](https://github.com/Azure/azure-functions-sql-extension/tree/main/samples/samples-csharp).

+using Microsoft.Azure.WebJobs;

+using Microsoft.Azure.WebJobs.Extensions.Sql;

+ [FunctionName("ToDoTrigger")]

+ ILogger logger)

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+Functions execute in the same process as the Functions host. To learn more, see [Develop C# class library functions using Azure Functions](functions-dotnet-class-library.md).

+Add the extension to your project by installing this [NuGet package](https://www.nuget.org/packages/Microsoft.Azure.WebJobs.Extensions.Sql).

+```bash

+dotnet add package Microsoft.Azure.WebJobs.Extensions.Sql

+To use a preview version of the Microsoft.Azure.WebJobs.Extensions.Sql package for [SQL trigger](functions-bindings-azure-sql-trigger.md) functionality, add the `--prerelease` flag to the command.

+```bash

+dotnet add package Microsoft.Azure.WebJobs.Extensions.Sql --prerelease

+> Breaking changes between preview releases of the Azure SQL trigger for Functions requires that all Functions targeting the same database use the same version of the SQL extension package.

+### [Isolated worker model](#tab/isolated-process)

+The isolated process examples aren't available in preview.

+### [In-process model](#tab/in-process)

+### [Isolated worker model](#tab/isolated-process)

+The isolated process examples aren't available in preview.

+```csharp

+//TBD

+```

+### [In-process model](#tab/in-process)

+### [Isolated worker model](#tab/isolated-process)

+The isolated process examples aren't available in preview.

+```csharp

+//TBD

+```

+### [In-process model](#tab/in-process)

+### [Isolated worker model](#tab/isolated-process)

+Functions run in an isolated C# worker process. To learn more, see [Guide for running C# Azure Functions in an isolated worker process](dotnet-isolated-process-guide.md).

+Add the extension to your project by installing [this NuGet package](https://www.nuget.org/packages/Microsoft.Azure.Functions.Worker.Extensions.Redis).

+dotnet add package Microsoft.Azure.Functions.Worker.Extensions.Redis --prerelease

+### [In-process model](#tab/in-process)

+Functions run in the same process as the Functions host. To learn more, see [Develop C# class library functions using Azure Functions](functions-dotnet-class-library.md).

+Add the extension to your project by installing [this NuGet package](https://www.nuget.org/packages/Microsoft.Azure.WebJobs.Extensions.Redis).

+dotnet add package Microsoft.Azure.WebJobs.Extensions.Redis --prerelease

+# [Isolated worker model](#tab/isolated-process)

+This section contains examples that require version 3.x of Azure Cosmos DB extension and 5.x of Azure Storage extension. If not already present in your function app, add reference to the following NuGet packages:

+ * [Microsoft.Azure.Functions.Worker.Extensions.CosmosDB](https://www.nuget.org/packages/Microsoft.Azure.Functions.Worker.Extensions.CosmosDB)

+ * [Microsoft.Azure.Functions.Worker.Extensions.Storage.Queues](https://www.nuget.org/packages/Microsoft.Azure.Functions.Worker.Extensions.Storage.Queues/5.0.0)

+* [Queue trigger, look up ID from JSON](#queue-trigger-look-up-id-from-json-isolated)

+The examples refer to a simple `ToDoItem` type:

+<a id="queue-trigger-look-up-id-from-json-isolated"></a>

+### Queue trigger, look up ID from JSON

+The following example shows a function that retrieves a single document. The function is triggered by a JSON message in the storage queue. The queue trigger parses the JSON into an object of type `ToDoItemLookup`, which contains the ID and partition key value to retrieve. That ID and partition key value are used to return a `ToDoItem` document from the specified database and collection.

+# [In-process model](#tab/in-process)

+Both [in-process](functions-dotnet-class-library.md) and [isolated worker process](dotnet-isolated-process-guide.md) C# libraries use attributes to define the function. C# script instead uses a function.json configuration file as described in the [C# scripting guide](./functions-reference-csharp.md#azure-cosmos-db-v2-input).

+# [Isolated worker model](#tab/isolated-process)

+The following code defines a `MyDocument` type:

+In the following example, the return type is an [`IReadOnlyList<T>`](/dotnet/api/system.collections.generic.ireadonlylist-1), which is a modified list of documents from trigger binding parameter:

+# [In-process model](#tab/in-process)

+Both [in-process](functions-dotnet-class-library.md) and [isolated worker process](dotnet-isolated-process-guide.md) C# libraries use attributes to define the function. C# script instead uses a function.json configuration file as described in the [C# scripting guide](./functions-reference-csharp.md#azure-cosmos-db-v2-output).

+# [Extension 4.x+](#tab/extensionv4/isolated-process)

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+An in-process class library is a compiled C# function runs in the same process as the Functions runtime.

+

+Both [in-process](functions-dotnet-class-library.md) and [isolated process](dotnet-isolated-process-guide.md) C# libraries use the [CosmosDBTriggerAttribute](https://github.com/Azure/azure-webjobs-sdk-extensions/blob/master/src/WebJobs.Extensions.CosmosDB/Trigger/CosmosDBTriggerAttribute.cs) to define the function. C# script instead uses a function.json configuration file as described in the [C# scripting guide](./functions-reference-csharp.md#azure-cosmos-db-v2-trigger).

+# [Isolated worker model](#tab/isolated-process)

+Functions execute in an isolated C# worker process. To learn more, see [Guide for running C# Azure Functions in an isolated worker process](dotnet-isolated-process-guide.md).

+# [In-process model](#tab/in-process)

+Functions execute in the same process as the Functions host. To learn more, see [Develop C# class library functions using Azure Functions](functions-dotnet-class-library.md).

+In a variation of this model, Functions can be run using [C# scripting], which is supported primarily for C# portal editing. To update existing binding extensions for C# script apps running in the portal without having to republish your function app, see [Update your extensions].

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+An in-process class library is a compiled C# function runs in the same process as the Functions runtime.

+

+The following example shows an [in-process C# function](functions-dotnet-class-library.md) that is invoked when there are inserts or updates in the specified database and collection.

+For [in-process C# class libraries](functions-dotnet-class-library.md), use the [CosmosDBTrigger](https://github.com/Azure/azure-webjobs-sdk-extensions/blob/master/src/WebJobs.Extensions.CosmosDB/Trigger/CosmosDBTriggerAttribute.cs) attribute.

+In [in-process C# class libraries](functions-dotnet-class-library.md), use the [DocumentDB](https://github.com/Azure/azure-webjobs-sdk-extensions/blob/v2.x/src/WebJobs.Extensions.DocumentDB/DocumentDBAttribute.cs) attribute.

+In [in-process C# class libraries](functions-dotnet-class-library.md), use the [DocumentDB](https://github.com/Azure/azure-webjobs-sdk-extensions/blob/v2.x/src/WebJobs.Extensions.DocumentDB/DocumentDBAttribute.cs) attribute.

+# [Isolated worker model](#tab/isolated-process/fixed-delay)

+# [In-process model](#tab/in-process/fixed-delay)

+[FixedDelayRetry(5, "00:00:10")]

+|DelayInterval|The delay that's used between retries. Specify it as a string with the format `HH:mm:ss`.|

+# [Isolated worker model](#tab/isolated-process/exponential-backoff)

+# [In-process model](#tab/in-process/exponential-backoff)

+Retries require NuGet package [Microsoft.Azure.WebJobs](https://www.nuget.org/packages/Microsoft.Azure.WebJobs) >= 3.0.23

+```csharp

+[FunctionName("EventHubTrigger")]

+[ExponentialBackoffRetry(5, "00:00:04", "00:15:00")]

+public static async Task Run([EventHubTrigger("myHub", Connection = "EventHubConnection")] EventData[] events, ILogger log)

+// ...

+|Property | Description |

+|MaxRetryCount|Required. The maximum number of retries allowed per function execution. `-1` means to retry indefinitely.|

+|MinimumInterval|The minimum retry delay. Specify it as a string with the format `HH:mm:ss`.|

+|MaximumInterval|The maximum retry delay. Specify it as a string with the format `HH:mm:ss`.|

+# [Isolated worker model](#tab/isolated-process)

+The following example shows how the custom type is used in both the trigger and an Event Grid output binding:

+# [In-process model](#tab/in-process)

+# [Isolated worker model](#tab/isolated-process)

+The following table explains the parameters for the `EventGridOutputAttribute`.

+|||

+|**connection**^* | The value of the common prefix for the setting that contains the topic endpoint URI. For more information about the naming format of this application setting, see [Identity-based authentication](#identity-based-authentication). |

+# [In-process model](#tab/in-process)

+The following table explains the parameters for the `EventGridAttribute`.

+|||

+|**Connection**^* | The value of the common prefix for the setting that contains the topic endpoint URI. For more information about the naming format of this application setting, see [Identity-based authentication](#identity-based-authentication). |

+# [Isolated worker model](#tab/isolated-process)

+When running your C# function in an isolated worker process, you need to define a custom type for event properties. The following example defines a `MyEventType` class.

+The following example shows how the custom type is used in both the trigger and an Event Grid output binding:

+# [In-process model](#tab/in-process)

+# [Isolated worker model](#tab/isolated-process)

+Here's an `EventGridTrigger` attribute in a method signature:

+# [In-process model](#tab/in-process)

+# [Isolated worker model](#tab/isolated-process)

+Functions execute in an isolated C# worker process. To learn more, see [Guide for running C# Azure Functions in an isolated worker process](dotnet-isolated-process-guide.md).

+# [In-process model](#tab/in-process)

+Functions execute in the same process as the Functions host. To learn more, see [Develop C# class library functions using Azure Functions](functions-dotnet-class-library.md).

+In a variation of this model, Functions can be run using [C# scripting], which is supported primarily for C# portal editing. To update existing binding extensions for C# script apps running in the portal without having to republish your function app, see [Update your extensions].

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+An in-process class library is a compiled C# function runs in the same process as the Functions runtime.

+

+# [Isolated worker model](#tab/isolated-process)

+The following example shows a [C# function](dotnet-isolated-process-guide.md) that writes a message string to an event hub, using the method return value as the output:

+# [In-process model](#tab/in-process)

+# [Isolated worker model](#tab/isolated-process)

+Use the [EventHubOutputAttribute] to define an output binding to an event hub, which supports the following properties.

+# [In-process model](#tab/in-process)

+Use the [EventHubAttribute] to define an output binding to an event hub, which supports the following properties.

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+The HTTP triggered function returns a type of [IActionResult] or `Task<IActionResult>`.

+# [Isolated worker model](#tab/isolated-process)

+The following example shows an HTTP trigger that returns a "hello world" response as an [HttpResponseData](/dotnet/api/microsoft.azure.functions.worker.http.httpresponsedata) object:

+The following example shows an HTTP trigger that returns a "hello, world" response as an [IActionResult], using [ASP.NET Core integration in .NET Isolated]:

+```csharp

+[Function("HttpFunction")]

+public IActionResult Run(

+ [HttpTrigger(AuthorizationLevel.Anonymous, "get")] HttpRequest req)

+{

+ return new OkObjectResult($"Welcome to Azure Functions, {req.Query["name"]}!");

+}

+```

+[IActionResult]: /dotnet/api/microsoft.aspnetcore.mvc.iactionresult

+# [In-process model](#tab/in-process)

+# [Isolated worker model](#tab/isolated-process)

+In [isolated worker process](dotnet-isolated-process-guide.md) function apps, the `HttpTriggerAttribute` supports the following parameters:

+# [In-process model](#tab/in-process)

+In [in-process functions](functions-dotnet-class-library.md), the `HttpTriggerAttribute` supports the following parameters:

+| **WebHookType** | _Supported only for the version 1.x runtime._<br/><br/>Configures the HTTP trigger to act as a [webhook](https://en.wikipedia.org/wiki/Webhook) receiver for the specified provider. For supported values, see [WebHook type](#webhook-type).|

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+The trigger input type is declared as either `HttpRequest` or a custom type. If you choose `HttpRequest`, you get full access to the request object. For a custom type, the runtime tries to parse the JSON request body to set the object properties.

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+The following C# function code accepts two parameters `category` and `id` in the route and writes a response using both parameters.

+```csharp

+[FunctionName("Function1")]

+public static IActionResult Run(

+[HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = "products/{category:alpha}/{id:int?}")] HttpRequest req,

+string category, int? id, ILogger log)

+{

+ log.LogInformation("C# HTTP trigger function processed a request.");

+ var message = String.Format($"Category: {category}, ID: {id}");

+ return (ActionResult)new OkObjectResult(message);

+}

+```

+# [Isolated worker model](#tab/isolated-process)

+The authenticated user is available via [HTTP Headers](../app-service/configure-authentication-user-identities.md#access-user-claims-in-app-code).

+# [In-process model](#tab/in-process)

+# [Isolated worker model](#tab/isolated-process)

+Functions execute in an isolated C# worker process. To learn more, see [Guide for running C# Azure Functions in an isolated worker process](dotnet-isolated-process-guide.md).

+# [In-process model](#tab/in-process)

+Functions execute in the same process as the Functions host. To learn more, see [Develop C# class library functions using Azure Functions](functions-dotnet-class-library.md).

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+An [in-process class library](functions-dotnet-class-library.md) is a compiled C# function runs in the same process as the Functions runtime.

+

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+An [in-process class library](functions-dotnet-class-library.md) is a compiled C# function runs in the same process as the Functions runtime.

+

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+Kafka events are passed to the function as `KafkaEventData<string>` objects or arrays. Strings and string arrays that are JSON payloads are also supported.

+

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+Functions execute in the same process as the Functions host. To learn more, see [Develop C# class library functions using Azure Functions](functions-dotnet-class-library.md).

+Add the extension to your project by installing this [NuGet package](https://www.nuget.org/packages/Microsoft.Azure.WebJobs.Extensions.Kafka).

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+Both [in-process](functions-dotnet-class-library.md) and [isolated worker process](dotnet-isolated-process-guide.md) C# libraries use the <!--attribute API here--> attribute to define the function. C# script instead uses a [function.json configuration file](#configuration).

+# [Isolated worker model](#tab/isolated-process)

+In [C# class libraries](functions-dotnet-class-library.md), use the [RabbitMQTrigger](https://github.com/Azure/azure-functions-rabbitmq-extension/blob/dev/extension/WebJobs.Extensions.RabbitMQ/Trigger/RabbitMQTriggerAttribute.cs) attribute.

+Here's a `RabbitMQTrigger` attribute in a method signature for an isolated worker process library:

+# [In-process model](#tab/in-process)

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+* `POCO` - The message is formatted as a C# object.

+When working with C# functions:

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+Both [in-process](functions-dotnet-class-library.md) and [isolated worker process](dotnet-isolated-process-guide.md) C# libraries use the <!--attribute API here--> attribute to define the function. C# script instead uses a [function.json configuration file](#configuration).

+# [Isolated worker model](#tab/isolated-process)

+In [C# class libraries](functions-dotnet-class-library.md), use the [RabbitMQTrigger](https://github.com/Azure/azure-functions-rabbitmq-extension/blob/dev/extension/WebJobs.Extensions.RabbitMQ/Trigger/RabbitMQTriggerAttribute.cs) attribute.

+Here's a `RabbitMQTrigger` attribute in a method signature for an isolated worker process library:

+# [In-process model](#tab/in-process)

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+* `POCO` - The message is formatted as a C# object. For complete code, see C# [example](#example).

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+Functions execute in the same process as the Functions host. To learn more, see [Develop C# class library functions using Azure Functions](functions-dotnet-class-library.md).

+Add the extension to your project by installing this [NuGet package](https://www.nuget.org/packages/Microsoft.Azure.WebJobs.Extensions.RabbitMQ).

+# [Isolated worker model](#tab/isolated-process)

+See [Output bindings in the .NET worker guide](./dotnet-isolated-process-guide.md#output-bindings) for details and examples.

+# [In-process model](#tab/in-process)

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+Functions execute in the same process as the Functions host. To learn more, see [Develop C# class library functions using Azure Functions](functions-dotnet-class-library.md).

+# [Isolated worker model](#tab/isolated-process)

+We don't currently have an example for using the SendGrid binding in a function app running in an isolated worker process.

+# [In-process model](#tab/in-process)

+# [Isolated worker model](#tab/isolated-process)

+In [isolated worker process](dotnet-isolated-process-guide.md) function apps, the `SendGridOutputAttribute` supports the following parameters:

+# [In-process model](#tab/in-process)

+In [in-process](functions-dotnet-class-library.md) function apps, use the [SendGridAttribute](https://github.com/Azure/azure-webjobs-sdk-extensions/blob/master/src/WebJobs.Extensions.SendGrid/SendGridAttribute.cs), which supports the following parameters.

+# [Isolated worker model](#tab/isolated-process)

+The following example shows a [C# function](dotnet-isolated-process-guide.md) that receives a Service Bus queue message, logs the message, and sends a message to different Service Bus queue:

+# [In-process model](#tab/in-process)

+# [Isolated worker model](#tab/isolated-process)

+In [C# class libraries](dotnet-isolated-process-guide.md), use the [ServiceBusOutputAttribute](https://github.com/Azure/azure-functions-dotnet-worker/blob/main/extensions/Worker.Extensions.ServiceBus/src/ServiceBusOutputAttribute.cs) to define the queue or topic written to by the output.

+The following table explains the properties you can set using the attribute:

+| Property |Description|

+| | |

+|**EntityType**|Sets the entity type as either `Queue` for sending messages to a queue or `Topic` when sending messages to a topic. |

+|**QueueOrTopicName**|Name of the topic or queue to send messages to. Use `EntityType` to set the destination type.|

+|**Connection**|The name of an app setting or setting collection that specifies how to connect to Service Bus. See [Connections](#connections).|

+# [In-process model](#tab/in-process)

+# [Isolated worker model](#tab/isolated-process)

+The following example shows a [C# function](dotnet-isolated-process-guide.md) that receives a Service Bus queue message, logs the message, and sends a message to different Service Bus queue:

+# [In-process model](#tab/in-process)

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+|**Access**|Access rights for the connection string. Available values are `manage` and `listen`. The default is `manage`, which indicates that the `connection` has the **Manage** permission. If you use a connection string that does not have the **Manage** permission, set `accessRights` to "listen". Otherwise, the Functions runtime might fail trying to do operations that require manage rights. In Azure Functions version 2.x and higher, this property is not available because the latest version of the Service Bus SDK doesn't support manage operations.|

+|**AutoComplete**|`true` Whether the trigger should automatically call complete after processing, or if the function code will manually call complete.<br/><br/>If set to `true`, the trigger completes the message automatically if the function execution completes successfully, and abandons the message otherwise.<br/><br/>When set to `false`, you are responsible for calling [MessageReceiver](/dotnet/api/microsoft.azure.servicebus.core.messagereceiver) methods to complete, abandon, or deadletter the message. If an exception is thrown (and none of the `MessageReceiver` methods are called), then the lock remains. Once the lock expires, the message is re-queued with the `DeliveryCount` incremented and the lock is automatically renewed. |

+# [Isolated worker model](#tab/isolated-process)

+Functions execute in an isolated C# worker process. To learn more, see [Guide for running C# Azure Functions in an isolated worker process](dotnet-isolated-process-guide.md).

+Add the extension to your project installing this [NuGet package](https://www.nuget.org/packages/Microsoft.Azure.Functions.Worker.Extensions.servicebus).

+# [In-process model](#tab/in-process)

+_This section describes using a [class library](./functions-dotnet-class-library.md). For [C# scripting], you would need to instead [install the extension bundle][Update your extensions], version 2.x or later._

+Functions execute in the same process as the Functions host. To learn more, see [Develop C# class library functions using Azure Functions](functions-dotnet-class-library.md).

+Add the extension to your project installing this [NuGet package](https://www.nuget.org/packages/Microsoft.Azure.WebJobs.Extensions.ServiceBus).

+# [Isolated worker model](#tab/isolated-process)

+An isolated worker process class library compiled C# function runs in a process isolated from the runtime.

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+The following example shows a [C# function](functions-dotnet-class-library.md) that acquires SignalR connection information using the input binding and returns it over HTTP.

+[FunctionName("negotiate")]

+public static SignalRConnectionInfo Negotiate(

+ [HttpTrigger(AuthorizationLevel.Anonymous)]HttpRequest req,

+ [SignalRConnectionInfo(HubName = "chat")]SignalRConnectionInfo connectionInfo)

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+You can set the `UserId` property of the binding to the value from either header using a [binding expression](#binding-expressions-for-http-trigger): `{headers.x-ms-client-principal-id}` or `{headers.x-ms-client-principal-name}`.

+[FunctionName("negotiate")]

+public static SignalRConnectionInfo Negotiate(

+ [HttpTrigger(AuthorizationLevel.Anonymous)]HttpRequest req,

+ [SignalRConnectionInfo

+ (HubName = "chat", UserId = "{headers.x-ms-client-principal-id}")]

+ SignalRConnectionInfo connectionInfo)

+ // connectionInfo contains an access key token with a name identifier claim set to the authenticated user

+# [Isolated worker model](#tab/isolated-process)

+The following table explains the properties of the `SignalRConnectionInfoInput` attribute:

+# [In-process model](#tab/in-process)

+The following table explains the properties of the `SignalRConnectionInfo` attribute:

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+The following example shows a function that sends a message using the output binding to all connected clients. The *target* is the name of the method to be invoked on each client. The *Arguments* property is an array of zero or more objects to be passed to the client method.

+[FunctionName("SendMessage")]

+public static Task SendMessage(

+ [HttpTrigger(AuthorizationLevel.Anonymous, "post")]object message,

+ [SignalR(HubName = "chat")]IAsyncCollector<SignalRMessage> signalRMessages)

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+# [Isolated worker model](#tab/isolated-process)

+Specify `SignalRGroupActionType` to add or remove a member. The following example removes a user from a group.

+# [In-process model](#tab/in-process)

+Both [in-process](functions-dotnet-class-library.md) and [isolated worker process](dotnet-isolated-process-guide.md) C# libraries use attribute to define the function. C# script instead uses a [function.json configuration file](#configuration).

+# [Isolated worker model](#tab/isolated-process)

+The following table explains the properties of the `SignalROutput` attribute.

+# [In-process model](#tab/in-process)

+The following table explains the properties of the `SignalR` output attribute.

+# [Isolated worker model](#tab/isolated-process)

+The following sample shows a C# function that receives a message event from clients and logs the message content.

+# [In-process model](#tab/in-process)

+Both [in-process](functions-dotnet-class-library.md) and [isolated worker process](dotnet-isolated-process-guide.md) C# libraries use the `SignalRTrigger` attribute to define the function. C# script instead uses a [function.json configuration file](#configuration).

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+Functions execute in the same process as the Functions host. To learn more, see [Develop C# class library functions using Azure Functions](functions-dotnet-class-library.md).

+Add the extension to your project by installing this [NuGet package].

+# [Isolated process](#tab/isolated-process)

+The following example is a [C# function](dotnet-isolated-process-guide.md) that runs in an isolated worker process and uses a blob trigger with both blob input and blob output blob bindings. The function is triggered by the creation of a blob in the *test-samples-trigger* container. It reads a text file from the *test-samples-input* container and creates a new text file in an output container based on the name of the triggered file.

+# [Isolated process](#tab/isolated-process)

+isolated worker process defines an input binding by using a `BlobInputAttribute` attribute, which takes the following parameters:

+|Parameter | Description|

+||-|

+|**BlobPath** | The path to the blob.|

+|**Connection** | The name of an app setting or setting collection that specifies how to connect to Azure Blobs. See [Connections](#connections).|

+# [In-process](#tab/in-process)

+See [Binding types](./functions-bindings-storage-blob.md?tabs=in-process#binding-types) for a list of supported types.

+# [Isolated worker model](#tab/isolated-process)

+The following example is a [C# function](dotnet-isolated-process-guide.md) that runs in an isolated worker process and uses a blob trigger with both blob input and blob output blob bindings. The function is triggered by the creation of a blob in the *test-samples-trigger* container. It reads a text file from the *test-samples-input* container and creates a new text file in an output container based on the name of the triggered file.

+# [In-process model](#tab/in-process)

+# [Isolated worker model](#tab/isolated-process)

+The `BlobOutputAttribute` constructor takes the following parameters:

+|Parameter | Description|

+||-|

+|**BlobPath** | The path to the blob.|

+|**Connection** | The name of an app setting or setting collection that specifies how to connect to Azure Blobs. See [Connections](#connections).|

+# [In-process model](#tab/in-process)

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+See [Binding types](./functions-bindings-storage-blob.md?tabs=in-process#binding-types) for a list of supported types.

+# [Isolated worker model](#tab/isolated-process)

+The following example is a [C# function](dotnet-isolated-process-guide.md) that runs in an isolated worker process and uses a blob trigger with both blob input and blob output blob bindings. The function is triggered by the creation of a blob in the *test-samples-trigger* container. It reads a text file from the *test-samples-input* container and creates a new text file in an output container based on the name of the triggered file.

+# [In-process model](#tab/in-process)

+# [Isolated worker model](#tab/isolated-process)

+Here's an `BlobTrigger` attribute in a method signature:

+# [In-process model](#tab/in-process)

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+See [Binding types](./functions-bindings-storage-blob.md?tabs=in-process#binding-types) for a list of supported types.

+# [Isolated worker model](#tab/isolated-process)

+Functions execute in an isolated C# worker process. To learn more, see [Guide for running C# Azure Functions in an isolated worker process](dotnet-isolated-process-guide.md).

+# [In-process model](#tab/in-process)

+Functions execute in the same process as the Functions host. To learn more, see [Develop C# class library functions using Azure Functions](functions-dotnet-class-library.md).

+In a variation of this model, Functions can be run using [C# scripting], which is supported primarily for C# portal editing. To update existing binding extensions for C# script apps running in the portal without having to republish your function app, see [Update your extensions].

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+An in-process class library is a compiled C# function runs in the same process as the Functions runtime.

+

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+# [Isolated worker model](#tab/isolated-process)

+When running in an isolated worker process, you use the [QueueOutputAttribute](https://github.com/Azure/azure-functions-dotnet-worker/blob/main/extensions/Worker.Extensions.Storage.Queues/src/QueueOutputAttribute.cs), which takes the name of the queue, as shown in the following example:

+Only returned variables are supported when running in an isolated worker process. Output parameters can't be used.

+# [In-process model](#tab/in-process)

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+An in-process class library is a compiled C# function runs in the same process as the Functions runtime.

+

+# [Isolated worker model](#tab/isolated-process)

+The following example shows a [C# function](dotnet-isolated-process-guide.md) that polls the `input-queue` queue and writes several messages to an output queue each time a queue item is processed.

+# [In-process model](#tab/in-process)

+# [Isolated worker model](#tab/isolated-process)

+In [C# class libraries](dotnet-isolated-process-guide.md), the attribute's constructor takes the name of the queue to monitor, as shown in the following example:

+This example also demonstrates setting the [connection string setting](#connections) in the attribute itself.

+# [In-process model](#tab/in-process)

+# [Isolated worker model](#tab/isolated-process)

+An isolated worker process class library compiled C# function runs in a process isolated from the runtime.

+# [Isolated worker model](#tab/isolated-process)

+Functions execute in an isolated C# worker process. To learn more, see [Guide for running C# Azure Functions in an isolated worker process](dotnet-isolated-process-guide.md).

+# [In-process model](#tab/in-process)

+Functions execute in the same process as the Functions host. To learn more, see [Develop C# class library functions using Azure Functions](functions-dotnet-class-library.md).

+In a variation of this model, Functions can be run using [C# scripting], which is supported primarily for C# portal editing. To update existing binding extensions for C# script apps running in the portal without having to republish your function app, see [Update your extensions].

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+An in-process class library is a compiled C# function runs in the same process as the Functions runtime.

+

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+An [in-process class library](functions-dotnet-class-library.md) is a compiled C# function runs in the same process as the Functions runtime.

+

+# [Isolated worker model](#tab/isolated-process)

+In [C# class libraries](dotnet-isolated-process-guide.md), the `TableInputAttribute` supports the following properties:

+| Attribute property |Description|

+|||

+| **TableName** | The name of the table.|

+| **PartitionKey** |Optional. The partition key of the table entity to read. |

+|**RowKey** | Optional. The row key of the table entity to read. |

+| **Take** | Optional. The maximum number of entities to read into an [`IEnumerable<T>`]. Can't be used with `RowKey`.|

+|**Filter** | Optional. An OData filter expression for entities to read into an [`IEnumerable<T>`]. Can't be used with `RowKey`. |

+|**Connection** | The name of an app setting or setting collection that specifies how to connect to the table service. See [Connections](#connections). |

+# [In-process model](#tab/in-process)

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+An in-process class library is a compiled C# function that runs in the same process as the Functions runtime.

+

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+The following example shows a [C# function](functions-dotnet-class-library.md) that uses an HTTP trigger to write a single table row.

+```csharp

+public class TableStorage

+{

+ public class MyPoco

+ {

+ public string PartitionKey { get; set; }

+ public string RowKey { get; set; }

+ public string Text { get; set; }

+ }

+ [FunctionName("TableOutput")]

+ [return: Table("MyTable")]

+ public static MyPoco TableOutput([HttpTrigger] dynamic input, ILogger log)

+ {

+ log.LogInformation($"C# http trigger function processed: {input.Text}");

+ return new MyPoco { PartitionKey = "Http", RowKey = Guid.NewGuid().ToString(), Text = input.Text };

+ }

+}

+```

+# [Isolated worker model](#tab/isolated-process)

+In [C# class libraries](dotnet-isolated-process-guide.md), the `TableInputAttribute` supports the following properties:

+| Attribute property |Description|

+|||

+|**TableName** | The name of the table to which to write.|

+|**PartitionKey** | The partition key of the table entity to write. |

+|**RowKey** | The row key of the table entity to write. |

+|**Connection** | The name of an app setting or setting collection that specifies how to connect to the table service. See [Connections](#connections). |

+# [In-process model](#tab/in-process)

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+An in-process class library is a compiled C# function runs in the same process as the Functions runtime.

+

+# [Isolated worker model](#tab/isolated-process)

+Functions execute in an isolated C# worker process. To learn more, see [Guide for running C# Azure Functions in an isolated worker process](dotnet-isolated-process-guide.md).

+# [In-process model](#tab/in-process)

+Functions execute in the same process as the Functions host. To learn more, see [Develop C# class library functions using Azure Functions](functions-dotnet-class-library.md).

+In a variation of this model, Functions can be run using [C# scripting], which is supported primarily for C# portal editing. To update existing binding extensions for C# script apps running in the portal without having to republish your function app, see [Update your extensions].

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+An in-process class library is a compiled C# function runs in the same process as the Functions runtime.

+

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+[In-process](functions-dotnet-class-library.md) C# library uses [TimerTriggerAttribute](https://github.com/Azure/azure-webjobs-sdk-extensions/blob/master/src/WebJobs.Extensions/Extensions/Timers/TimerTriggerAttribute.cs) from [Microsoft.Azure.WebJobs.Extensions](https://www.nuget.org/packages/Microsoft.Azure.WebJobs.Extensions) whereas [isolated worker process](dotnet-isolated-process-guide.md) C# library uses [TimerTriggerAttribute](https://github.com/Azure/azure-functions-dotnet-worker/blob/main/extensions/Worker.Extensions.Timer/src/TimerTriggerAttribute.cs) from [Microsoft.Azure.Functions.Worker.Extensions.Timer](https://www.nuget.org/packages/Microsoft.Azure.Functions.Worker.Extensions.Timer) to define the function. C# script instead uses a [function.json configuration file](#configuration).

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+Functions execute in the same process as the Functions host. To learn more, see [Develop C# class library functions using Azure Functions](functions-dotnet-class-library.md).

+# [Isolated worker model](#tab/isolated-process)

+The Twilio binding isn't currently supported for a function app running in an isolated worker process.

+# [In-process model](#tab/in-process)

+Both [in-process](functions-dotnet-class-library.md) and [isolated worker process](dotnet-isolated-process-guide.md) C# libraries use attributes to define the output binding. C# script instead uses a [function.json configuration file](#configuration).

+# [Isolated worker model](#tab/isolated-process)

+The Twilio binding isn't currently supported for a function app running in an isolated worker process.

+# [In-process model](#tab/in-process)

+# [Isolated worker model](#tab/isolated-process)

+The following example shows a [C# function](dotnet-isolated-process-guide.md) that runs on each new instance when it's added to your app.

+# [In-process model](#tab/in-process)

+ log.LogInformation("Function App instance is warm.");

+ context.getLogger().info("Function App instance is warm.");

+ context.log('Function App instance is warm.');

+ logging.info('Function App instance is warm.')

+Both [in-process](functions-dotnet-class-library.md) and [isolated worker process](dotnet-isolated-process-guide.md) C# libraries use the `WarmupTrigger` attribute to define the function. C# script instead uses a [function.json configuration file](#configuration).

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+Use the `WarmupTrigger` attribute to define the function. This attribute has no parameters.

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+- Your function must be named `warmup` (case-insensitive) using the `FunctionName` attribute.

+- A return value attribute isn't required.

+- You must be using version `3.0.5` of the `Microsoft.Azure.WebJobs.Extensions` package, or a later version.

+- You can pass a `WarmupContext` instance to the function.

+### [In-process](#tab/in-process)

+Update the function method to add a binding parameter defined by using the `Queue` attribute. You can use an `ICollector<T>` type to represent a collection of messages.

+ # [Isolated worker model](#tab/isolated-process)

+ Install-Package Microsoft.Azure.Functions.Worker.Extensions.<BINDING_TYPE> -Version <TARGET_VERSION>

+ # [In-process model](#tab/in-process)

+ Install-Package Microsoft.Azure.WebJobs.Extensions.<BINDING_TYPE> -Version <TARGET_VERSION>

+# [Isolated worker model](#tab/isolated-process)

+# [In-process model](#tab/in-process)

+To attach a remote debugger to a function app running in-process with the Functions host:

+ :::image type="content" source="media/functions-develop-vs/attach-to-process-in-process.png" alt-text="Screenshot of attaching the debugger from Visual Studio.":::

+Visual Studio connects to your function app and enables remote debugging, if it's not already enabled. It also locates and attaches the debugger to the host process for the app. At this point, you can debug your function app as normal.

+### [v2.x+](#tab/functionsv2)

+### [v1.x](#tab/functionsv1)

+### [v2.x+](#tab/functionsv2)

+### [v1.x](#tab/functionsv1)

+## Retry policies

+Functions supports two built-in retry policies. For more information, see [Retry policies](functions-bindings-error-pages.md#retry-policies).

+### [Fixed delay](#tab/fixed-delay)

+Here's the retry policy in the *function.json* file:

+```json

+{

+ "disabled": false,

+ "bindings": [

+ {

+ ....

+ }

+ ],

+ "retry": {

+ "strategy": "fixedDelay",

+ "maxRetryCount": 4,

+ "delayInterval": "00:00:10"

+ }

+}

+```

+|*function.json*&nbsp;property | Description |

+||-|

+|strategy|Use `fixedDelay`.|

+|maxRetryCount|Required. The maximum number of retries allowed per function execution. `-1` means to retry indefinitely.|

+|delayInterval|The delay that's used between retries. Specify it as a string with the format `HH:mm:ss`.|

+### [Exponential backoff](#tab/exponential-backoff)

+Here's the retry policy in the *function.json* file:

+```json

+{

+ "disabled": false,

+ "bindings": [

+ {

+ ....

+ }

+ ],

+ "retry": {

+ "strategy": "exponentialBackoff",

+ "maxRetryCount": 5,

+ "minimumInterval": "00:00:10",

+ "maximumInterval": "00:15:00"

+ }

+}

+```

+|*function.json*&nbsp;property | Description |

+||-|

+|strategy|Use `exponentialBackoff`.|

+|maxRetryCount|Required. The maximum number of retries allowed per function execution. `-1` means to retry indefinitely.|

+|minimumInterval|The minimum retry delay. Specify it as a string with the format `HH:mm:ss`.|

+|maximumInterval|The maximum retry delay. Specify it as a string with the format `HH:mm:ss`.|

+### RabbitMQ trigger

+The following example shows a RabbitMQ trigger binding in a *function.json* file and a [C# script function](functions-reference-csharp.md) that uses the binding. The function reads and logs the RabbitMQ message.

+Here's the binding data in the *function.json* file:

+```json

+{ΓÇïΓÇï

+ "bindings": [

+ {ΓÇïΓÇï

+ "name": "myQueueItem",

+ "type": "rabbitMQTrigger",

+ "direction": "in",

+ "queueName": "queue",

+ "connectionStringSetting": "rabbitMQConnectionAppSetting"

+ }ΓÇïΓÇï

+ ]

+}ΓÇïΓÇï

+```

+Here's the C# script code:

+```C#

+using System;

+public static void Run(string myQueueItem, ILogger log)

+{ΓÇïΓÇï

+ log.LogInformation($"C# Script RabbitMQ trigger function processed: {ΓÇïΓÇïmyQueueItem}ΓÇïΓÇï");

+}ΓÇïΓÇï

+```

+### Azure Cosmos DB v2 trigger

+### Azure Cosmos DB v2 input

+### Azure Cosmos DB v2 output

+### Azure Cosmos DB v1 trigger

+The following example shows an Azure Cosmos DB trigger binding in a *function.json* file and a [C# script function](functions-reference-csharp.md) that uses the binding. The function writes log messages when Azure Cosmos DB records are modified.

+Here's the binding data in the *function.json* file:

+```json

+{

+ "type": "cosmosDBTrigger",

+ "name": "documents",

+ "direction": "in",

+ "leaseCollectionName": "leases",

+ "connectionStringSetting": "<connection-app-setting>",

+ "databaseName": "Tasks",

+ "collectionName": "Items",

+ "createLeaseCollectionIfNotExists": true

+}

+```

+Here's the C# script code:

+```cs

+ #r "Microsoft.Azure.Documents.Client"

+

+ using System;

+ using Microsoft.Azure.Documents;

+ using System.Collections.Generic;

+

+ public static void Run(IReadOnlyList<Document> documents, TraceWriter log)

+ {

+ log.Info("Documents modified " + documents.Count);

+ log.Info("First document Id " + documents[0].Id);

+ }

+```

+### Azure Cosmos DB v1 input

+This section contains the following examples:

+* [Queue trigger, look up ID from string](#queue-trigger-look-up-id-from-string-c-script)

+* [Queue trigger, get multiple docs, using SqlQuery](#queue-trigger-get-multiple-docs-using-sqlquery-c-script)

+* [HTTP trigger, look up ID from query string](#http-trigger-look-up-id-from-query-string-c-script)

+* [HTTP trigger, look up ID from route data](#http-trigger-look-up-id-from-route-data-c-script)

+* [HTTP trigger, get multiple docs, using SqlQuery](#http-trigger-get-multiple-docs-using-sqlquery-c-script)

+* [HTTP trigger, get multiple docs, using DocumentClient](#http-trigger-get-multiple-docs-using-documentclient-c-script)

+The HTTP trigger examples refer to a simple `ToDoItem` type:

+```cs

+namespace CosmosDBSamplesV1

+{

+ public class ToDoItem

+ {

+ public string Id { get; set; }

+ public string Description { get; set; }

+ }

+}

+```

+<a id="queue-trigger-look-up-id-from-string-c-script"></a>

+#### Queue trigger, look up ID from string

+The following example shows an Azure Cosmos DB input binding in a *function.json* file and a [C# script function](functions-reference-csharp.md) that uses the binding. The function reads a single document and updates the document's text value.

+Here's the binding data in the *function.json* file:

+```json

+{

+ "name": "inputDocument",

+ "type": "documentDB",

+ "databaseName": "MyDatabase",

+ "collectionName": "MyCollection",

+ "id" : "{queueTrigger}",

+ "partitionKey": "{partition key value}",

+ "connection": "MyAccount_COSMOSDB",

+ "direction": "in"

+}

+```

+Here's the C# script code:

+```cs

+ using System;

+ // Change input document contents using Azure Cosmos DB input binding

+ public static void Run(string myQueueItem, dynamic inputDocument)

+ {

+ inputDocument.text = "This has changed.";

+ }

+```

+<a id="queue-trigger-get-multiple-docs-using-sqlquery-c-script"></a>

+#### Queue trigger, get multiple docs, using SqlQuery

+The following example shows an Azure Cosmos DB input binding in a *function.json* file and a [C# script function](functions-reference-csharp.md) that uses the binding. The function retrieves multiple documents specified by a SQL query, using a queue trigger to customize the query parameters.

+The queue trigger provides a parameter `departmentId`. A queue message of `{ "departmentId" : "Finance" }` would return all records for the finance department.

+Here's the binding data in the *function.json* file:

+```json

+{

+ "name": "documents",

+ "type": "documentdb",

+ "direction": "in",

+ "databaseName": "MyDb",

+ "collectionName": "MyCollection",

+ "sqlQuery": "SELECT * from c where c.departmentId = {departmentId}",

+ "connection": "CosmosDBConnection"

+}

+```

+Here's the C# script code:

+```csharp

+ public static void Run(QueuePayload myQueueItem, IEnumerable<dynamic> documents)

+ {

+ foreach (var doc in documents)

+ {

+ // operate on each document

+ }

+ }

+ public class QueuePayload

+ {

+ public string departmentId { get; set; }

+ }

+```

+<a id="http-trigger-look-up-id-from-query-string-c-script"></a>

+#### HTTP trigger, look up ID from query string

+The following example shows a [C# script function](functions-reference-csharp.md) that retrieves a single document. The function is triggered by an HTTP request that uses a query string to specify the ID to look up. That ID is used to retrieve a `ToDoItem` document from the specified database and collection.

+Here's the *function.json* file:

+```json

+{

+ "bindings": [

+ {

+ "authLevel": "anonymous",

+ "name": "req",

+ "type": "httpTrigger",

+ "direction": "in",

+ "methods": [

+ "get",

+ "post"

+ ]

+ },

+ {

+ "name": "$return",

+ "type": "http",

+ "direction": "out"

+ },

+ {

+ "type": "documentDB",

+ "name": "toDoItem",

+ "databaseName": "ToDoItems",

+ "collectionName": "Items",

+ "connection": "CosmosDBConnection",

+ "direction": "in",

+ "Id": "{Query.id}"

+ }

+ ],

+ "disabled": true

+}

+```

+Here's the C# script code:

+```cs

+using System.Net;

+public static HttpResponseMessage Run(HttpRequestMessage req, ToDoItem toDoItem, TraceWriter log)

+{

+ log.Info("C# HTTP trigger function processed a request.");

+ if (toDoItem == null)

+ {

+ log.Info($"ToDo item not found");

+ }

+ else

+ {

+ log.Info($"Found ToDo item, Description={toDoItem.Description}");

+ }

+ return req.CreateResponse(HttpStatusCode.OK);

+}

+```

+<a id="http-trigger-look-up-id-from-route-data-c-script"></a>

+#### HTTP trigger, look up ID from route data

+The following example shows a [C# script function](functions-reference-csharp.md) that retrieves a single document. The function is triggered by an HTTP request that uses route data to specify the ID to look up. That ID is used to retrieve a `ToDoItem` document from the specified database and collection.

+Here's the *function.json* file:

+```json

+{

+ "bindings": [

+ {

+ "authLevel": "anonymous",

+ "name": "req",

+ "type": "httpTrigger",

+ "direction": "in",

+ "methods": [

+ "get",

+ "post"

+ ],

+ "route":"todoitems/{id}"

+ },

+ {

+ "name": "$return",

+ "type": "http",

+ "direction": "out"

+ },

+ {

+ "type": "documentDB",

+ "name": "toDoItem",

+ "databaseName": "ToDoItems",

+ "collectionName": "Items",

+ "connection": "CosmosDBConnection",

+ "direction": "in",

+ "Id": "{id}"

+ }

+ ],

+ "disabled": false

+}

+```

+Here's the C# script code:

+```cs

+using System.Net;

+public static HttpResponseMessage Run(HttpRequestMessage req, ToDoItem toDoItem, TraceWriter log)

+{

+ log.Info("C# HTTP trigger function processed a request.");

+ if (toDoItem == null)

+ {

+ log.Info($"ToDo item not found");

+ }

+ else

+ {

+ log.Info($"Found ToDo item, Description={toDoItem.Description}");

+ }

+ return req.CreateResponse(HttpStatusCode.OK);

+}

+```

+<a id="http-trigger-get-multiple-docs-using-sqlquery-c-script"></a>

+#### HTTP trigger, get multiple docs, using SqlQuery

+The following example shows a [C# script function](functions-reference-csharp.md) that retrieves a list of documents. The function is triggered by an HTTP request. The query is specified in the `SqlQuery` attribute property.

+Here's the *function.json* file:

+```json

+{

+ "bindings": [

+ {

+ "authLevel": "anonymous",

+ "name": "req",

+ "type": "httpTrigger",

+ "direction": "in",

+ "methods": [

+ "get",

+ "post"

+ ]

+ },

+ {

+ "name": "$return",

+ "type": "http",

+ "direction": "out"

+ },

+ {

+ "type": "documentDB",

+ "name": "toDoItems",

+ "databaseName": "ToDoItems",

+ "collectionName": "Items",

+ "connection": "CosmosDBConnection",

+ "direction": "in",

+ "sqlQuery": "SELECT top 2 * FROM c order by c._ts desc"

+ }

+ ],

+ "disabled": false

+}

+```

+Here's the C# script code:

+```cs

+using System.Net;

+public static HttpResponseMessage Run(HttpRequestMessage req, IEnumerable<ToDoItem> toDoItems, TraceWriter log)

+{

+ log.Info("C# HTTP trigger function processed a request.");

+ foreach (ToDoItem toDoItem in toDoItems)

+ {

+ log.Info(toDoItem.Description);

+ }

+ return req.CreateResponse(HttpStatusCode.OK);

+}

+```

+<a id="http-trigger-get-multiple-docs-using-documentclient-c-script"></a>

+#### HTTP trigger, get multiple docs, using DocumentClient

+The following example shows a [C# script function](functions-reference-csharp.md) that retrieves a list of documents. The function is triggered by an HTTP request. The code uses a `DocumentClient` instance provided by the Azure Cosmos DB binding to read a list of documents. The `DocumentClient` instance could also be used for write operations.

+Here's the *function.json* file:

+```json

+{

+ "bindings": [

+ {

+ "authLevel": "anonymous",

+ "name": "req",

+ "type": "httpTrigger",

+ "direction": "in",

+ "methods": [

+ "get",

+ "post"

+ ]

+ },

+ {

+ "name": "$return",

+ "type": "http",

+ "direction": "out"

+ },

+ {

+ "type": "documentDB",

+ "name": "client",

+ "databaseName": "ToDoItems",

+ "collectionName": "Items",

+ "connection": "CosmosDBConnection",

+ "direction": "inout"

+ }

+ ],

+ "disabled": false

+}

+```

+Here's the C# script code:

+```cs

+#r "Microsoft.Azure.Documents.Client"

+using System.Net;

+using Microsoft.Azure.Documents.Client;

+using Microsoft.Azure.Documents.Linq;

+public static async Task<HttpResponseMessage> Run(HttpRequestMessage req, DocumentClient client, TraceWriter log)

+{

+ log.Info("C# HTTP trigger function processed a request.");

+ Uri collectionUri = UriFactory.CreateDocumentCollectionUri("ToDoItems", "Items");

+ string searchterm = req.GetQueryNameValuePairs()

+ .FirstOrDefault(q => string.Compare(q.Key, "searchterm", true) == 0)

+ .Value;

+ if (searchterm == null)

+ {

+ return req.CreateResponse(HttpStatusCode.NotFound);

+ }

+ log.Info($"Searching for word: {searchterm} using Uri: {collectionUri.ToString()}");

+ IDocumentQuery<ToDoItem> query = client.CreateDocumentQuery<ToDoItem>(collectionUri)

+ .Where(p => p.Description.Contains(searchterm))

+ .AsDocumentQuery();

+ while (query.HasMoreResults)

+ {

+ foreach (ToDoItem result in await query.ExecuteNextAsync())

+ {

+ log.Info(result.Description);

+ }

+ }

+ return req.CreateResponse(HttpStatusCode.OK);

+}

+```

+### Azure Cosmos DB v1 output

+This section contains the following examples:

+* Queue trigger, write one doc

+* Queue trigger, write docs using `IAsyncCollector`

+#### Queue trigger, write one doc

+The following example shows an Azure Cosmos DB output binding in a *function.json* file and a [C# script function](functions-reference-csharp.md) that uses the binding. The function uses a queue input binding for a queue that receives JSON in the following format:

+```json

+{

+ "name": "John Henry",

+ "employeeId": "123456",

+ "address": "A town nearby"

+}

+```

+The function creates Azure Cosmos DB documents in the following format for each record:

+```json

+{

+ "id": "John Henry-123456",

+ "name": "John Henry",

+ "employeeId": "123456",

+ "address": "A town nearby"

+}

+```

+Here's the binding data in the *function.json* file:

+```json

+{

+ "name": "employeeDocument",

+ "type": "documentDB",

+ "databaseName": "MyDatabase",

+ "collectionName": "MyCollection",

+ "createIfNotExists": true,

+ "connection": "MyAccount_COSMOSDB",

+ "direction": "out"

+}

+```

+Here's the C# script code:

+```cs

+ #r "Newtonsoft.Json"

+ using Microsoft.Azure.WebJobs.Host;

+ using Newtonsoft.Json.Linq;

+ public static void Run(string myQueueItem, out object employeeDocument, TraceWriter log)

+ {

+ log.Info($"C# Queue trigger function processed: {myQueueItem}");

+ dynamic employee = JObject.Parse(myQueueItem);

+ employeeDocument = new {

+ id = employee.name + "-" + employee.employeeId,

+ name = employee.name,

+ employeeId = employee.employeeId,

+ address = employee.address

+ };

+ }

+```

+#### Queue trigger, write docs using IAsyncCollector

+To create multiple documents, you can bind to `ICollector<T>` or `IAsyncCollector<T>` where `T` is one of the supported types.

+This example refers to a simple `ToDoItem` type:

+```cs

+namespace CosmosDBSamplesV1

+{

+ public class ToDoItem

+ {

+ public string Id { get; set; }

+ public string Description { get; set; }

+ }

+}

+```

+Here's the function.json file:

+```json

+{

+ "bindings": [

+ {

+ "name": "toDoItemsIn",

+ "type": "queueTrigger",

+ "direction": "in",

+ "queueName": "todoqueueforwritemulti",

+ "connection": "AzureWebJobsStorage"

+ },

+ {

+ "type": "documentDB",

+ "name": "toDoItemsOut",

+ "databaseName": "ToDoItems",

+ "collectionName": "Items",

+ "connection": "CosmosDBConnection",

+ "direction": "out"

+ }

+ ],

+ "disabled": false

+}

+```

+Here's the C# script code:

+```cs

+using System;

+public static async Task Run(ToDoItem[] toDoItemsIn, IAsyncCollector<ToDoItem> toDoItemsOut, TraceWriter log)

+{

+ log.Info($"C# Queue trigger function processed {toDoItemsIn?.Length} items");

+ foreach (ToDoItem toDoItem in toDoItemsIn)

+ {

+ log.Info($"Description={toDoItem.Description}");

+ await toDoItemsOut.AddAsync(toDoItem);

+ }

+}

+```

+### Azure SQL trigger

+More samples for the Azure SQL trigger are available in the [GitHub repository](https://github.com/Azure/azure-functions-sql-extension/tree/main/samples/samples-csx).

+The example refers to a `ToDoItem` class and a corresponding database table:

+[Change tracking](./functions-bindings-azure-sql-trigger.md#set-up-change-tracking-required) is enabled on the database and on the table:

+```sql

+ALTER DATABASE [SampleDatabase]

+SET CHANGE_TRACKING = ON

+(CHANGE_RETENTION = 2 DAYS, AUTO_CLEANUP = ON);

+ALTER TABLE [dbo].[ToDo]

+ENABLE CHANGE_TRACKING;

+```

+The SQL trigger binds to a `IReadOnlyList<SqlChange<T>>`, a list of `SqlChange` objects each with two properties:

+- **Item:** the item that was changed. The type of the item should follow the table schema as seen in the `ToDoItem` class.

+- **Operation:** a value from `SqlChangeOperation` enum. The possible values are `Insert`, `Update`, and `Delete`.

+The following example shows a SQL trigger in a function.json file and a [C# script function](functions-reference-csharp.md) that is invoked when there are changes to the `ToDo` table:

+The following is binding data in the function.json file:

+```json

+{

+ "name": "todoChanges",

+ "type": "sqlTrigger",

+ "direction": "in",

+ "tableName": "dbo.ToDo",

+ "connectionStringSetting": "SqlConnectionString"

+}

+```

+The following is the C# script function:

+```csharp

+#r "Newtonsoft.Json"

+using System.Net;

+using Microsoft.AspNetCore.Mvc;

+using Microsoft.Extensions.Primitives;

+using Newtonsoft.Json;

+public static void Run(IReadOnlyList<SqlChange<ToDoItem>> todoChanges, ILogger log)

+{

+ log.LogInformation($"C# SQL trigger function processed a request.");

+ foreach (SqlChange<ToDoItem> change in todoChanges)

+ {

+ ToDoItem toDoItem = change.Item;

+ log.LogInformation($"Change operation: {change.Operation}");

+ log.LogInformation($"Id: {toDoItem.Id}, Title: {toDoItem.title}, Url: {toDoItem.url}, Completed: {toDoItem.completed}");

+ }

+}

+```

+### Azure SQL input

+More samples for the Azure SQL input binding are available in the [GitHub repository](https://github.com/Azure/azure-functions-sql-extension/tree/main/samples/samples-csx).

+This section contains the following examples:

+* [HTTP trigger, get row by ID from query string](#http-trigger-look-up-id-from-query-string-csharpscript)

+* [HTTP trigger, delete rows](#http-trigger-delete-one-or-multiple-rows-csharpscript)

+The examples refer to a `ToDoItem` class and a corresponding database table:

+<a id="http-trigger-look-up-id-from-query-string-csharpscript"></a>

+#### HTTP trigger, get row by ID from query string

+The following example shows an Azure SQL input binding in a *function.json* file and a [C# script function](functions-reference-csharp.md) that uses the binding. The function is triggered by an HTTP request that uses a query string to specify the ID. That ID is used to retrieve a `ToDoItem` record with the specified query.

+> [!NOTE]

+> The HTTP query string parameter is case-sensitive.

+>

+Here's the binding data in the *function.json* file:

+```json

+{

+ "authLevel": "anonymous",

+ "type": "httpTrigger",

+ "direction": "in",

+ "name": "req",

+ "methods": [

+ "get"

+ ]

+},

+{

+ "type": "http",

+ "direction": "out",

+ "name": "res"

+},

+{

+ "name": "todoItem",

+ "type": "sql",

+ "direction": "in",

+ "commandText": "select [Id], [order], [title], [url], [completed] from dbo.ToDo where Id = @Id",

+ "commandType": "Text",

+ "parameters": "@Id = {Query.id}",

+ "connectionStringSetting": "SqlConnectionString"

+}

+```

+Here's the C# script code:

+```cs

+#r "Newtonsoft.Json"

+using System.Net;

+using Microsoft.AspNetCore.Mvc;

+using Microsoft.Extensions.Primitives;

+using Newtonsoft.Json;

+using System.Collections.Generic;

+public static IActionResult Run(HttpRequest req, ILogger log, IEnumerable<ToDoItem> todoItem)

+{

+ return new OkObjectResult(todoItem);

+}

+```

+<a id="http-trigger-delete-one-or-multiple-rows-csharpscript"></a>

+#### HTTP trigger, delete rows

+The following example shows an Azure SQL input binding in a *function.json* file and a [C# script function](functions-reference-csharp.md) that uses the binding to execute a stored procedure with input from the HTTP request query parameter. In this example, the stored procedure deletes a single record or all records depending on the value of the parameter.

+The stored procedure `dbo.DeleteToDo` must be created on the SQL database.

+Here's the binding data in the *function.json* file:

+```json

+{

+ "authLevel": "anonymous",

+ "type": "httpTrigger",

+ "direction": "in",

+ "name": "req",

+ "methods": [

+ "get"

+ ]

+},

+{

+ "type": "http",

+ "direction": "out",

+ "name": "res"

+},

+{

+ "name": "todoItems",

+ "type": "sql",

+ "direction": "in",

+ "commandText": "DeleteToDo",

+ "commandType": "StoredProcedure",

+ "parameters": "@Id = {Query.id}",

+ "connectionStringSetting": "SqlConnectionString"

+}

+```

+Here's the C# script code:

+```cs

+#r "Newtonsoft.Json"

+using System.Net;

+using Microsoft.AspNetCore.Mvc;

+using Microsoft.Extensions.Primitives;

+using Newtonsoft.Json;

+using System.Collections.Generic;

+public static IActionResult Run(HttpRequest req, ILogger log, IEnumerable<ToDoItem> todoItems)

+{

+ return new OkObjectResult(todoItems);

+}

+```

+### Azure SQL output

+More samples for the Azure SQL output binding are available in the [GitHub repository](https://github.com/Azure/azure-functions-sql-extension/tree/main/samples/samples-csx).

+This section contains the following examples:

+* [HTTP trigger, write records to a table](#http-trigger-write-records-to-table-csharpscript)

+* [HTTP trigger, write to two tables](#http-trigger-write-to-two-tables-csharpscript)

+The examples refer to a `ToDoItem` class and a corresponding database table:

+<a id="http-trigger-write-records-to-table-csharpscript"></a>

+#### HTTP trigger, write records to a table

+The following example shows a SQL output binding in a function.json file and a [C# script function](functions-reference-csharp.md) that adds records to a table, using data provided in an HTTP POST request as a JSON body.

+The following is binding data in the function.json file:

+```json

+{

+ "authLevel": "anonymous",

+ "type": "httpTrigger",

+ "direction": "in",

+ "name": "req",

+ "methods": [

+ "post"

+ ]

+},

+{

+ "type": "http",

+ "direction": "out",

+ "name": "res"

+},

+{

+ "name": "todoItem",

+ "type": "sql",

+ "direction": "out",

+ "commandText": "dbo.ToDo",

+ "connectionStringSetting": "SqlConnectionString"

+}

+```

+The following is sample C# script code:

+```cs

+#r "Newtonsoft.Json"

+using System.Net;

+using Microsoft.AspNetCore.Mvc;

+using Microsoft.Extensions.Primitives;

+using Newtonsoft.Json;

+public static IActionResult Run(HttpRequest req, ILogger log, out ToDoItem todoItem)

+{

+ log.LogInformation("C# HTTP trigger function processed a request.");

+ string requestBody = new StreamReader(req.Body).ReadToEnd();

+ todoItem = JsonConvert.DeserializeObject<ToDoItem>(requestBody);

+ return new OkObjectResult(todoItem);

+}

+```

+<a id="http-trigger-write-to-two-tables-csharpscript"></a>

+#### HTTP trigger, write to two tables

+The following example shows a SQL output binding in a function.json file and a [C# script function](functions-reference-csharp.md) that adds records to a database in two different tables (`dbo.ToDo` and `dbo.RequestLog`), using data provided in an HTTP POST request as a JSON body and multiple output bindings.

+The second table, `dbo.RequestLog`, corresponds to the following definition:

+```sql

+CREATE TABLE dbo.RequestLog (

+ Id int identity(1,1) primary key,

+ RequestTimeStamp datetime2 not null,

+ ItemCount int not null

+)

+```

+The following is binding data in the function.json file:

+```json

+{

+ "authLevel": "anonymous",

+ "type": "httpTrigger",

+ "direction": "in",

+ "name": "req",

+ "methods": [

+ "post"

+ ]

+},

+{

+ "type": "http",

+ "direction": "out",

+ "name": "res"

+},

+{

+ "name": "todoItem",

+ "type": "sql",

+ "direction": "out",

+ "commandText": "dbo.ToDo",

+ "connectionStringSetting": "SqlConnectionString"

+},

+{

+ "name": "requestLog",

+ "type": "sql",

+ "direction": "out",

+ "commandText": "dbo.RequestLog",

+ "connectionStringSetting": "SqlConnectionString"

+}

+```

+The following is sample C# script code:

+```cs

+#r "Newtonsoft.Json"

+using System.Net;

+using Microsoft.AspNetCore.Mvc;

+using Microsoft.Extensions.Primitives;

+using Newtonsoft.Json;

+public static IActionResult Run(HttpRequest req, ILogger log, out ToDoItem todoItem, out RequestLog requestLog)

+{

+ log.LogInformation("C# HTTP trigger function processed a request.");

+ string requestBody = new StreamReader(req.Body).ReadToEnd();

+ todoItem = JsonConvert.DeserializeObject<ToDoItem>(requestBody);

+ requestLog = new RequestLog();

+ requestLog.RequestTimeStamp = DateTime.Now;

+ requestLog.ItemCount = 1;

+ return new OkObjectResult(todoItem);

+}

+public class RequestLog {

+ public DateTime RequestTimeStamp { get; set; }

+ public int ItemCount { get; set; }

+}

+```

+### RabbitMQ output

+The following example shows a RabbitMQ output binding in a *function.json* file and a [C# script function](functions-reference-csharp.md) that uses the binding. The function reads in the message from an HTTP trigger and outputs it to the RabbitMQ queue.

+Here's the binding data in the *function.json* file:

+```json

+{

+ "bindings": [

+ {

+ "type": "httpTrigger",

+ "direction": "in",

+ "authLevel": "function",

+ "name": "input",

+ "methods": [

+ "get",

+ "post"

+ ]

+ },

+ {

+ "type": "rabbitMQ",

+ "name": "outputMessage",

+ "queueName": "outputQueue",

+ "connectionStringSetting": "rabbitMQConnectionAppSetting",

+ "direction": "out"

+ }

+ ]

+}

+```

+Here's the C# script code:

+```C#

+using System;

+using Microsoft.Extensions.Logging;

+public static void Run(string input, out string outputMessage, ILogger log)

+{

+ log.LogInformation(input);

+ outputMessage = input;

+}

+```

+### SendGrid output

+The following example shows a SendGrid output binding in a *function.json* file and a [C# script function](functions-reference-csharp.md) that uses the binding.

+Here's the binding data in the *function.json* file:

+```json

+{

+ "bindings": [

+ {

+ "type": "queueTrigger",

+ "name": "mymsg",

+ "queueName": "myqueue",

+ "connection": "AzureWebJobsStorage",

+ "direction": "in"

+ },

+ {

+ "type": "sendGrid",

+ "name": "$return",

+ "direction": "out",

+ "apiKey": "SendGridAPIKeyAsAppSetting",

+ "from": "{FromEmail}",

+ "to": "{ToEmail}"

+ }

+ ]

+}

+```

+Here's the C# script code:

+```csharp

+#r "SendGrid"

+using System;

+using SendGrid.Helpers.Mail;

+using Microsoft.Azure.WebJobs.Host;

+public static SendGridMessage Run(Message mymsg, ILogger log)

+{

+ SendGridMessage message = new SendGridMessage()

+ {

+ Subject = $"{mymsg.Subject}"

+ };

+

+ message.AddContent("text/plain", $"{mymsg.Content}");

+ return message;

+}

+public class Message

+{

+ public string ToEmail { get; set; }

+ public string FromEmail { get; set; }

+ public string Subject { get; set; }

+ public string Content { get; set; }

+}

+```

+### SignalR trigger

+Here's example binding data in the *function.json* file:

+```json

+{

+ "type": "signalRTrigger",

+ "name": "invocation",

+ "hubName": "SignalRTest",

+ "category": "messages",

+ "event": "SendMessage",

+ "parameterNames": [

+ "message"

+ ],

+ "direction": "in"

+}

+```

+And, here's the code:

+```cs

+#r "Microsoft.Azure.WebJobs.Extensions.SignalRService"

+using System;

+using Microsoft.Azure.WebJobs.Extensions.SignalRService;

+using Microsoft.Extensions.Logging;

+public static void Run(InvocationContext invocation, string message, ILogger logger)

+{

+ logger.LogInformation($"Receive {message} from {invocationContext.ConnectionId}.");

+}

+```

+### SignalR input

+The following example shows a SignalR connection info input binding in a *function.json* file and a [C# Script function](functions-reference-csharp.md) that uses the binding to return the connection information.

+Here's binding data in the *function.json* file:

+Example function.json:

+```json

+{

+ "type": "signalRConnectionInfo",

+ "name": "connectionInfo",

+ "hubName": "chat",

+ "connectionStringSetting": "<name of setting containing SignalR Service connection string>",

+ "direction": "in"

+}

+```

+Here's the C# Script code:

+```cs

+#r "Microsoft.Azure.WebJobs.Extensions.SignalRService"

+using Microsoft.Azure.WebJobs.Extensions.SignalRService;

+public static SignalRConnectionInfo Run(HttpRequest req, SignalRConnectionInfo connectionInfo)

+{

+ return connectionInfo;

+}

+```

+You can set the `userId` property of the binding to the value from either header using a [binding expression](./functions-bindings-signalr-service-input.md#binding-expressions-for-http-trigger): `{headers.x-ms-client-principal-id}` or `{headers.x-ms-client-principal-name}`.

+Example function.json:

+```json

+{

+ "type": "signalRConnectionInfo",

+ "name": "connectionInfo",

+ "hubName": "chat",

+ "userId": "{headers.x-ms-client-principal-id}",

+ "connectionStringSetting": "<name of setting containing SignalR Service connection string>",

+ "direction": "in"

+}

+```

+Here's the C# Script code:

+```cs

+#r "Microsoft.Azure.WebJobs.Extensions.SignalRService"

+using Microsoft.Azure.WebJobs.Extensions.SignalRService;

+public static SignalRConnectionInfo Run(HttpRequest req, SignalRConnectionInfo connectionInfo)

+{

+ // connectionInfo contains an access key token with a name identifier

+ // claim set to the authenticated user

+ return connectionInfo;

+}

+```

+### SignalR output

+Here's binding data in the *function.json* file:

+Example function.json:

+```json

+{

+ "type": "signalR",

+ "name": "signalRMessages",

+ "hubName": "<hub_name>",

+ "connectionStringSetting": "<name of setting containing SignalR Service connection string>",

+ "direction": "out"

+}

+```

+Here's the C# Script code:

+```cs

+#r "Microsoft.Azure.WebJobs.Extensions.SignalRService"

+using Microsoft.Azure.WebJobs.Extensions.SignalRService;

+public static Task Run(

+ object message,

+ IAsyncCollector<SignalRMessage> signalRMessages)

+{

+ return signalRMessages.AddAsync(

+ new SignalRMessage

+ {

+ Target = "newMessage",

+ Arguments = new [] { message }

+ });

+}

+```

+You can send a message only to connections that have been authenticated to a user by setting the *user ID* in the SignalR message.

+Example function.json:

+```json

+{

+ "type": "signalR",

+ "name": "signalRMessages",

+ "hubName": "<hub_name>",

+ "connectionStringSetting": "<name of setting containing SignalR Service connection string>",

+ "direction": "out"

+}

+```

+Here's the C# script code:

+```cs

+#r "Microsoft.Azure.WebJobs.Extensions.SignalRService"

+using Microsoft.Azure.WebJobs.Extensions.SignalRService;

+public static Task Run(

+ object message,

+ IAsyncCollector<SignalRMessage> signalRMessages)

+{

+ return signalRMessages.AddAsync(

+ new SignalRMessage

+ {

+ // the message will only be sent to this user ID

+ UserId = "userId1",

+ Target = "newMessage",

+ Arguments = new [] { message }

+ });

+}

+```

+You can send a message only to connections that have been added to a group by setting the *group name* in the SignalR message.

+Example function.json:

+```json

+{

+ "type": "signalR",

+ "name": "signalRMessages",

+ "hubName": "<hub_name>",

+ "connectionStringSetting": "<name of setting containing SignalR Service connection string>",

+ "direction": "out"

+}

+```

+Here's the C# Script code:

+```cs

+#r "Microsoft.Azure.WebJobs.Extensions.SignalRService"

+using Microsoft.Azure.WebJobs.Extensions.SignalRService;

+public static Task Run(

+ object message,

+ IAsyncCollector<SignalRMessage> signalRMessages)

+{

+ return signalRMessages.AddAsync(

+ new SignalRMessage

+ {

+ // the message will be sent to the group with this name

+ GroupName = "myGroup",

+ Target = "newMessage",

+ Arguments = new [] { message }

+ });

+}

+```

+SignalR Service allows users or connections to be added to groups. Messages can then be sent to a group. You can use the `SignalR` output binding to manage groups.

+The following example adds a user to a group.

+Example *function.json*

+```json

+{

+ "type": "signalR",

+ "name": "signalRGroupActions",

+ "connectionStringSetting": "<name of setting containing SignalR Service connection string>",

+ "hubName": "chat",

+ "direction": "out"

+}

+```

+*Run.csx*

+```cs

+#r "Microsoft.Azure.WebJobs.Extensions.SignalRService"

+using Microsoft.Azure.WebJobs.Extensions.SignalRService;

+public static Task Run(

+ HttpRequest req,

+ ClaimsPrincipal claimsPrincipal,

+ IAsyncCollector<SignalRGroupAction> signalRGroupActions)

+{

+ var userIdClaim = claimsPrincipal.FindFirst(ClaimTypes.NameIdentifier);

+ return signalRGroupActions.AddAsync(

+ new SignalRGroupAction

+ {

+ UserId = userIdClaim.Value,

+ GroupName = "myGroup",

+ Action = GroupAction.Add

+ });

+}

+```

+The following example removes a user from a group.

+Example *function.json*

+```json

+{

+ "type": "signalR",

+ "name": "signalRGroupActions",

+ "connectionStringSetting": "<name of setting containing SignalR Service connection string>",

+ "hubName": "chat",

+ "direction": "out"

+}

+```

+*Run.csx*

+```cs

+#r "Microsoft.Azure.WebJobs.Extensions.SignalRService"

+using Microsoft.Azure.WebJobs.Extensions.SignalRService;

+public static Task Run(

+ HttpRequest req,

+ ClaimsPrincipal claimsPrincipal,

+ IAsyncCollector<SignalRGroupAction> signalRGroupActions)

+{

+ var userIdClaim = claimsPrincipal.FindFirst(ClaimTypes.NameIdentifier);

+ return signalRGroupActions.AddAsync(

+ new SignalRGroupAction

+ {

+ UserId = userIdClaim.Value,

+ GroupName = "myGroup",

+ Action = GroupAction.Remove

+ });

+}

+```

+### Twilio output

+The following example shows a Twilio output binding in a *function.json* file and a [C# script function](functions-reference-csharp.md) that uses the binding. The function uses an `out` parameter to send a text message.

+Here's binding data in the *function.json* file:

+Example function.json:

+```json

+{

+ "type": "twilioSms",

+ "name": "message",

+ "accountSidSetting": "TwilioAccountSid",

+ "authTokenSetting": "TwilioAuthToken",

+ "from": "+1425XXXXXXX",

+ "direction": "out",

+ "body": "Azure Functions Testing"

+}

+```

+Here's C# script code:

+```cs

+#r "Newtonsoft.Json"

+#r "Twilio"

+#r "Microsoft.Azure.WebJobs.Extensions.Twilio"

+using System;

+using Microsoft.Extensions.Logging;

+using Newtonsoft.Json;

+using Microsoft.Azure.WebJobs.Extensions.Twilio;

+using Twilio.Rest.Api.V2010.Account;

+using Twilio.Types;

+public static void Run(string myQueueItem, out CreateMessageOptions message, ILogger log)

+{

+ log.LogInformation($"C# Queue trigger function processed: {myQueueItem}");

+ // In this example the queue item is a JSON string representing an order that contains the name of a

+ // customer and a mobile number to send text updates to.

+ dynamic order = JsonConvert.DeserializeObject(myQueueItem);

+ string msg = "Hello " + order.name + ", thank you for your order.";

+ // You must initialize the CreateMessageOptions variable with the "To" phone number.

+ message = new CreateMessageOptions(new PhoneNumber("+1704XXXXXXX"));

+ // A dynamic message can be set instead of the body in the output binding. In this example, we use

+ // the order information to personalize a text message.

+ message.Body = msg;

+}

+```

+You can't use out parameters in asynchronous code. Here's an asynchronous C# script code example:

+```cs

+#r "Newtonsoft.Json"

+#r "Twilio"

+#r "Microsoft.Azure.WebJobs.Extensions.Twilio"

+using System;

+using Microsoft.Extensions.Logging;

+using Newtonsoft.Json;

+using Microsoft.Azure.WebJobs.Extensions.Twilio;

+using Twilio.Rest.Api.V2010.Account;

+using Twilio.Types;

+public static async Task Run(string myQueueItem, IAsyncCollector<CreateMessageOptions> message, ILogger log)

+{

+ log.LogInformation($"C# Queue trigger function processed: {myQueueItem}");

+ // In this example the queue item is a JSON string representing an order that contains the name of a

+ // customer and a mobile number to send text updates to.

+ dynamic order = JsonConvert.DeserializeObject(myQueueItem);

+ string msg = "Hello " + order.name + ", thank you for your order.";

+ // You must initialize the CreateMessageOptions variable with the "To" phone number.

+ CreateMessageOptions smsText = new CreateMessageOptions(new PhoneNumber("+1704XXXXXXX"));

+ // A dynamic message can be set instead of the body in the output binding. In this example, we use

+ // the order information to personalize a text message.

+ smsText.Body = msg;

+ await message.AddAsync(smsText);

+}

+```

+### Warmup trigger

+The following example shows a warmup trigger in a *function.json* file and a [C# script function](functions-reference-csharp.md) that runs on each new instance when it's added to your app.

+Not supported for version 1.x of the Functions runtime.

+Here's the *function.json* file:

+```json

+{

+ "bindings": [

+ {

+ "type": "warmupTrigger",

+ "direction": "in",

+ "name": "warmupContext"

+ }

+ ]

+}

+```

+```cs

+public static void Run(WarmupContext warmupContext, ILogger log)

+{

+ log.LogInformation("Function App instance is warm.");

+}

+```

+||||

+### [Isolated worker model](#tab/isolated-process)

+ <OutputType>Exe</OutputType>

+ <PackageReference Include="Microsoft.Azure.Functions.Worker" Version="1.14.1" />

+ <PackageReference Include="Microsoft.Azure.Functions.Worker.Extensions.CosmosDB" Version="4.4.1" />

+ <PackageReference Include="Microsoft.Azure.Functions.Worker.Sdk" Version="1.10.0" />

+### [In-process model](#tab/in-process)

+ <PackageReference Include="Microsoft.Azure.WebJobs.Extensions.CosmosDB" Version="4.3.0" />

+ <PackageReference Include="Microsoft.NET.Sdk.Functions" Version="4.1.1" />

+This article provides information to help you troubleshoot errors with your Python functions in Azure Functions. This article supports both the v1 and v2 programming models. Choose the model you want to use from the selector at the top of the article.

+### [Isolated worker model](#tab/isolated-process)

+### [In-process model](#tab/in-process)

+[CORS] is an HTTP protocol that enables a web application running under one domain to access resources in another domain. Web browsers implement a security restriction known as [same-origin policy] that prevents a web page from calling APIs in a different domain; CORS provides a secure way to allow one domain (the origin domain) to call APIs in another domain. Using the Azure Maps account resource, you can configure which origins are allowed to access the Azure Maps REST API from your applications.

+> [!IMPORTANT]

+> CORS is not an authorization mechanism. Any request made to a map account using REST API, when CORS is enabled, also needs a valid map account authentication scheme such as Shared Key, Azure AD, or SAS token.

+>

+> CORS is supported for all map account pricing tiers, data-plane endpoints, and locations.

+<!

+This article describes how to use the [Get Map Static Image] command with image composition functionality. Image composition functionality supports the retrieval of static raster tiles that contain custom data.

+> To show a simple map on a web page, it's often more cost effective to use the Azure Maps Web SDK, rather than to use the static image service. The web SDK uses map tiles; and unless the user pans and zooms the map, they will often generate only a fraction of a transaction per map load. The Azure Maps Web SDK has options for disabling panning and zooming. Also, the Azure Maps Web SDK provides a richer set of data visualization options than a static map web service does.

+The Azure Maps account Gen1 S0 pricing tier only supports a single instance of the [pins] parameter. It allows you to render up to five pushpins, specified in the URL request, with a custom image.

+3. Enter a **Request name** for the request, such as *Get Map Static Image*.

+ https://atlas.microsoft.com/map/static/png?subscription-key={Your-Azure-Maps-Subscription-key}&api-version=2022-08-01&layer=basic&style=main&zoom=12&center=-73.98,%2040.77&pins=custom%7Cla15+50%7Cls12%7Clc003b61%7C%7C%27CentralPark%27-73.9657974+40.781971%7C%7Chttps%3A%2F%2Fsamples.azuremaps.com%2Fimages%2Ficons%2Fylw-pushpin.png

+You can modify the appearance of a polygon by using style modifiers with the [path] parameter.

+5. Enter the following URL to the [Render] service:

+You can modify the appearance of the pins by adding style modifiers. For example, to make pushpins and their labels larger or smaller, use the `sc` "scale style" modifier. This modifier takes a value that's greater than zero. A value of 1 is the standard scale. Values larger than 1 makes the pins larger, and values smaller than 1 makes them smaller. For more information about style modifiers, see the [Path] parameter of the [Get Map Static Image] command.

+5. Enter the following URL to the [Render] service:

+> [Render - Get Map Static Image]

+[Get Map Static Image]: /rest/api/maps/render-v2/get-map-static-image

+[Manage the pricing tier of your Azure Maps account]: how-to-manage-pricing-tier.md

+[path]: /rest/api/maps/render-v2/get-map-static-image#uri-parameters

+[pins]: /rest/api/maps/render-v2/get-map-static-image#uri-parameters

+[Render]: /rest/api/maps/render-v2/get-map-static-image

+[Render - Get Map Static Image]: /rest/api/maps/render-v2/get-map-static-image

+In this article, we guide you through the process of migrating from [classic URL ping tests](/previous-versions/azure/azure-monitor/app/monitor-web-app-availability) to the modern and efficient [standard tests](availability-standard-tests.md).

+> [!IMPORTANT]

+>

+> On 30 September 2026, the **[URL ping tests](/previous-versions/azure/azure-monitor/app/monitor-web-app-availability)** will be retired, and ping tests. Before that date, you'll need to transition to **[standard tests](/editor/availability-standard-tests.md)**.

+>

+> - A cost is associated with running **[standard tests](/editor/availability-standard-tests.md)**. Once you create a **[standard test](/editor/availability-standard-tests.md)**, you will be charged for test executions.

+> - Refer to **[Azure Monitor pricing](https://azure.microsoft.com/pricing/details/monitor/#pricing)** before starting this process.

+* [Web test REST API](/rest/api/application-insights/web-tests)

+ // Import the Azure Monitor OpenTelemetry plugin and OpenTelemetry API

+ // Import the OpenTelemetry instrumentation registration function and Express instrumentation

+ // Get the OpenTelemetry tracer provider and meter provider

+ // Enable Azure Monitor integration

+ useAzureMonitor();

+

+ // Register the Express instrumentation

+ // List of instrumentations to register

+ instrumentations: [

+ new ExpressInstrumentation(), // Express instrumentation

+ ],

+ // OpenTelemetry tracer provider

+ tracerProvider: tracerProvider,

+ // OpenTelemetry meter provider

+ meterProvider: meterProvider

+ ```

+ // Import the Azure Monitor OpenTelemetry plugin and OpenTelemetry API

+ // Enable Azure Monitor integration

+ // Get the meter for the "testMeter" namespace

+ // Create a histogram metric

+ // Record values to the histogram metric with different tags

+ // Import the Azure Monitor OpenTelemetry plugin and OpenTelemetry API

+ // Enable Azure Monitor integration

+ // Get the meter for the "testMeter" namespace

+ // Create a counter metric

+ // Add values to the counter metric with different tags

+ // Import the useAzureMonitor function and the metrics module from the @azure/monitor-opentelemetry and @opentelemetry/api packages, respectively.

+ // Enable Azure Monitor integration.

+ // Get the meter for the "testMeter" meter name.

+ const meter = metrics.getMeter("testMeter");

+ // Create an observable gauge metric with the name "gauge".

+ // Add a callback to the gauge metric. The callback will be invoked periodically to generate a new value for the gauge metric.

+ // Generate a random number between 0 and 99.

+ let randomNumber = Math.floor(Math.random() * 100);

+ // Set the value of the gauge metric to the random number.

+ observableResult.observe(randomNumber, {"testKey": "testValue"});

+ // Import the Azure Monitor OpenTelemetry plugin and OpenTelemetry API

+ // Enable Azure Monitor integration

+ // Get the tracer for the "testTracer" namespace

+ // Start a span with the name "hello"

+ // Try to throw an error

+ throw new Error("Test Error");

+ // Catch the error and record it to the span

+ span.recordException(error);

+ // Import the Azure Monitor OpenTelemetry plugin and OpenTelemetry API

+ // Enable Azure Monitor integration

+ // Get the tracer for the "testTracer" namespace

+ // Start a span with the name "hello"

+ // End the span

+ // Import the TelemetryClient class from the Application Insights SDK for JavaScript.

+ // Create a new TelemetryClient instance.

+ // Create an event telemetry object.

+ name: "testEvent"

+ // Send the event telemetry object to Azure Monitor Application Insights.

+ // Create a trace telemetry object.

+ message: "testMessage",

+ severity: "Information"

+ // Send the trace telemetry object to Azure Monitor Application Insights.

+ // Try to execute a block of code.

+ ...

+ // If an error occurs, catch it and send it to Azure Monitor Application Insights as an exception telemetry item.

+ catch (error) {

+ let exceptionTelemetry = {

+ exception: error,

+ severity: "Critical"

+ };

+ telemetryClient.trackException(exceptionTelemetry);

+}

+// Import the necessary packages.

+const { useAzureMonitor } = require("@azure/monitor-opentelemetry");

+const { trace, ProxyTracerProvider } = require("@opentelemetry/api");

+const { ReadableSpan, Span, SpanProcessor } = require("@opentelemetry/sdk-trace-base");

+const { NodeTracerProvider } = require("@opentelemetry/sdk-trace-node");

+const { SemanticAttributes } = require("@opentelemetry/semantic-conventions");

+// Enable Azure Monitor integration.

+useAzureMonitor();

+// Get the NodeTracerProvider instance.

+const tracerProvider = ((trace.getTracerProvider() as ProxyTracerProvider).getDelegate() as NodeTracerProvider);

+// Create a new SpanEnrichingProcessor class.

+class SpanEnrichingProcessor implements SpanProcessor {

+ forceFlush(): Promise<void> {

+ return Promise.resolve();

+ }

+ shutdown(): Promise<void> {

+ return Promise.resolve();

+ }

+ onStart(_span: Span): void {}

+ onEnd(span: ReadableSpan) {

+ // Add custom dimensions to the span.

+ span.attributes["CustomDimension1"] = "value1";

+ span.attributes["CustomDimension2"] = "value2";

+ }

+}

+// Add the SpanEnrichingProcessor instance to the NodeTracerProvider instance.

+tracerProvider.addSpanProcessor(new SpanEnrichingProcessor());

+ // Import the SemanticAttributes class from the @opentelemetry/semantic-conventions package.

+ // Create a new SpanEnrichingProcessor class.

+ class SpanEnrichingProcessor implements SpanProcessor {

+ onEnd(span) {

+ // Set the HTTP_CLIENT_IP attribute on the span to the IP address of the client.

+ span.attributes[SemanticAttributes.HTTP_CLIENT_IP] = "<IP Address>";

+ }

+ // Import the SemanticAttributes class from the @opentelemetry/semantic-conventions package.

+ // Create a new SpanEnrichingProcessor class.

+ class SpanEnrichingProcessor implements SpanProcessor {

+ onEnd(span: ReadableSpan) {

+ // Set the ENDUSER_ID attribute on the span to the ID of the user.

+ span.attributes[SemanticAttributes.ENDUSER_ID] = "<User ID>";

+ }

+ // Import the useAzureMonitor function and the logs module from the @azure/monitor-opentelemetry and @opentelemetry/api-logs packages, respectively.

+ // Enable Azure Monitor integration.

+ // Get the logger for the "testLogger" logger name.

+ // Create a new log record.

+ body: "testEvent",

+ attributes: {

+ "testAttribute1": "testValue1",

+ "testAttribute2": "testValue2",

+ "testAttribute3": "testValue3"

+ }

+ // Emit the log record.

+ // Import the useAzureMonitor function and the ApplicationInsightsOptions class from the @azure/monitor-opentelemetry package.

+ // Import the HttpInstrumentationConfig class from the @opentelemetry/instrumentation-http package.

+ // Import the IncomingMessage and RequestOptions classes from the http and https packages, respectively.

+ // Create a new HttpInstrumentationConfig object.

+ enabled: true,

+ ignoreIncomingRequestHook: (request: IncomingMessage) => {

+ // Ignore OPTIONS incoming requests.

+ if (request.method === 'OPTIONS') {

+ return true;

+ return false;

+ },

+ ignoreOutgoingRequestHook: (options: RequestOptions) => {

+ // Ignore outgoing requests with the /test path.

+ if (options.path === '/test') {

+ return true;

+ }

+ return false;

+ }

+ // Create a new ApplicationInsightsOptions object.

+ instrumentationOptions: {

+ http: {

+ httpInstrumentationConfig

+ }

+ }

+ // Enable Azure Monitor integration using the useAzureMonitor function and the ApplicationInsightsOptions object.

+ // Import the SpanKind and TraceFlags classes from the @opentelemetry/api package.

+ // Create a new SpanEnrichingProcessor class.

+ onEnd(span) {

+ // If the span is an internal span, set the trace flags to NONE.

+ if(span.kind == SpanKind.INTERNAL){

+ span.spanContext().traceFlags = TraceFlags.NONE;

+ }

+ // Import the trace module from the OpenTelemetry API.

+ const { trace } = require("@opentelemetry/api");

+ // Get the span ID and trace ID of the active span.

+ let spanId = trace.getActiveSpan().spanContext().spanId;

+ let traceId = trace.getActiveSpan().spanContext().traceId;

+ // Import the useAzureMonitor function and the AzureMonitorOpenTelemetryOptions class from the @azure/monitor-opentelemetry package.

+ const { useAzureMonitor, AzureMonitorOpenTelemetryOptions } = require("@azure/monitor-opentelemetry");

+ // Create a new AzureMonitorOpenTelemetryOptions object.

+ azureMonitorExporterOptions: {

+ connectionString: "<your connection string>"

+ }

+ // Enable Azure Monitor integration using the useAzureMonitor function and the AzureMonitorOpenTelemetryOptions object.

+ useAzureMonitor(options);

+// Import the useAzureMonitor function, the AzureMonitorOpenTelemetryOptions class, the Resource class, and the SemanticResourceAttributes class from the @azure/monitor-opentelemetry, @opentelemetry/resources, and @opentelemetry/semantic-conventions packages, respectively.

+// Create a new Resource object with the following custom resource attributes:

+//

+// * service_name: my-service

+// * service_namespace: my-namespace

+// * service_instance_id: my-instance

+ [SemanticResourceAttributes.SERVICE_NAME]: "my-service",

+ [SemanticResourceAttributes.SERVICE_NAMESPACE]: "my-namespace",

+ [SemanticResourceAttributes.SERVICE_INSTANCE_ID]: "my-instance",

+// Create a new AzureMonitorOpenTelemetryOptions object and set the resource property to the customResource object.

+ resource: customResource

+// Enable Azure Monitor integration using the useAzureMonitor function and the AzureMonitorOpenTelemetryOptions object.

+// Import the useAzureMonitor function and the AzureMonitorOpenTelemetryOptions class from the @azure/monitor-opentelemetry package.

+// Create a new AzureMonitorOpenTelemetryOptions object and set the samplingRatio property to 0.1.

+ samplingRatio: 0.1

+// Enable Azure Monitor integration using the useAzureMonitor function and the AzureMonitorOpenTelemetryOptions object.

+// Import the useAzureMonitor function, the AzureMonitorOpenTelemetryOptions class, and the ManagedIdentityCredential class from the @azure/monitor-opentelemetry and @azure/identity packages, respectively.

+// Create a new ManagedIdentityCredential object.

+const credential = new ManagedIdentityCredential();

+// Create a new AzureMonitorOpenTelemetryOptions object and set the credential property to the credential object.

+ credential: credential

+// Enable Azure Monitor integration using the useAzureMonitor function and the AzureMonitorOpenTelemetryOptions object.

+// Import the useAzureMonitor function and the AzureMonitorOpenTelemetryOptions class from the @azure/monitor-opentelemetry package.

+// Create a new AzureMonitorOpenTelemetryOptions object and set the azureMonitorExporterOptions property to an object with the following properties:

+//

+// * connectionString: The connection string for your Azure Monitor Application Insights resource.

+// * storageDirectory: The directory where the Azure Monitor OpenTelemetry exporter will store telemetry data when it is offline.

+// * disableOfflineStorage: A boolean value that specifies whether to disable offline storage.

+ azureMonitorExporterOptions: {

+ connectionString: "<Your Connection String>",

+ storageDirectory: "C:\\SomeDirectory",

+ disableOfflineStorage: false

+ }

+// Enable Azure Monitor integration using the useAzureMonitor function and the AzureMonitorOpenTelemetryOptions object.

+ // Import the useAzureMonitor function, the AzureMonitorOpenTelemetryOptions class, the trace module, the ProxyTracerProvider class, the BatchSpanProcessor class, the NodeTracerProvider class, and the OTLPTraceExporter class from the @azure/monitor-opentelemetry, @opentelemetry/api, @opentelemetry/sdk-trace-base, @opentelemetry/sdk-trace-node, and @opentelemetry/exporter-trace-otlp-http packages, respectively.

+ // Enable Azure Monitor integration.

+ // Create a new OTLPTraceExporter object.

+ // Get the NodeTracerProvider instance.

+ // Add a BatchSpanProcessor to the NodeTracerProvider instance.

+| Feature differences | ContainerLog | ContainerLogV2 |

+Data volume is measured as the size of the data sent to be stored and is measured in units of GB (10^9 bytes). The data size of a single record is calculated from a string representation of the columns that are stored in the Log Analytics workspace for that record. It doesn't matter whether the data is sent from an agent or added during the ingestion process. This calculation includes any custom columns added by the [logs ingestion API](logs-ingestion-api-overview.md), [transformations](../essentials/data-collection-transformations.md) or [custom fields](custom-fields.md) that are added as data is collected and then stored in the workspace.

+An [Azure Monitor Logs dedicated cluster](logs-dedicated-clusters.md) is a collection of workspaces in a single managed Azure Data Explorer cluster. Dedicated clusters support advanced features, such as [customer-managed keys](customer-managed-keys.md), and use the same commitment-tier pricing model as workspaces, although they must have a commitment level of at least 500 GB per day. Any usage above the commitment level (overage) is billed at that same price per GB as provided by the current commitment tier. There's no pay-as-you-go option for clusters.

+Records with a type of *InsightsMetrics* have performance data from the guest operating system of the virtual machine. These records are collected at 60 second intervals and have the properties in the following table: