+> [!NOTE]

+> File Integrity Monitoring (FIM) using [Microsoft Defender for Endpoint (MDE)](https://learn.microsoft.com/azure/defender-for-cloud/file-integrity-monitoring-enable-defender-endpoint) is now currently available. Follow the guidance to migrate from:

+> - [FIM with Change Tracking and Inventory using AMA](https://learn.microsoft.com/azure/defender-for-cloud/migrate-file-integrity-monitoring#migrate-from-fim-over-ama).

+> - [FIM with Change Tracking and Inventory using MMA](https://learn.microsoft.com/azure/defender-for-cloud/migrate-file-integrity-monitoring#migrate-from-fim-over-mma).

+> File Integrity Monitoring (FIM) using [Microsoft Defender for Endpoint (MDE)](https://learn.microsoft.com/azure/defender-for-cloud/file-integrity-monitoring-enable-defender-endpoint) is now currently available. Follow the guidance to migrate from:

+> - [FIM with Change Tracking and Inventory using AMA](https://learn.microsoft.com/azure/defender-for-cloud/migrate-file-integrity-monitoring#migrate-from-fim-over-ama).

+> - [FIM with Change Tracking and Inventory using MMA](https://learn.microsoft.com/azure/defender-for-cloud/migrate-file-integrity-monitoring#migrate-from-fim-over-mma).

+The below example shows how a [docker compose](https://docs.docker.com/compose/) file can be created to deploy the health-insights containers.

+* Australia Central

+* Australia Central 2

+* Australia Southeast

+* Brazil Southeast

+* Canada East

+* Germany North

+* Germany West Central

+* Israel Central

+* Italy North

+* Japan West

+* Switzerland West

+ Title: Dynamically change the service level of an Azure NetApp Files volume

+description: Learn about the benefits of changing the service level of an Azure NetApp Files volume within your NetApp account.

+# Dynamically change the service level of an Azure NetApp Files volume

+You can change the service level of an existing volume by moving the volume to another capacity pool in the same NetApp account that uses the [service level](azure-netapp-files-service-levels.md) you want for the volume. This in-place service-level change for the volume doesn't require that you migrate data. It also doesn't affect access to the volume.

+This functionality enables you to meet your workload needs on demand. You can change an existing volume to use a higher service level for better performance, or to use a lower service level for cost optimization. For example, if the volume is in a capacity pool that uses the *Standard* service level and you want the volume to use the *Premium* service level, you can move the volume dynamically to a capacity pool that uses the *Premium* service level.

+The capacity pool that you want to move the volume to must already exist. The capacity pool can contain other volumes. If you want to move the volume to a brand-new capacity pool, you need to [create the capacity pool](azure-netapp-files-set-up-capacity-pool.md) before you move the volume.

+* Dynamically changing the service level of a volume is supported within the same NetApp account. You can't move the volume to a capacity pool in a different NetApp Account.

+* After the volume is moved to another capacity pool, you no longer have access to the previous volume activity logs and volume metrics. The volume starts with new activity logs and metrics under the new capacity pool.

+* If you move a volume to a capacity pool of a higher service level (for example, moving from *Standard* to *Premium* or *Ultra* service level), you must wait at least 24 hours before you can move that volume *again* to a capacity pool of a lower service level (for example, moving from *Ultra* to *Premium* or *Standard*). You can always change to higher service level without wait time.

+* If the target capacity pool is of the *manual* QoS type, the volume's throughput isn't changed with the volume move. You can [modify the allotted throughput](manage-manual-qos-capacity-pool.md#modify-the-allotted-throughput-of-a-manual-qos-volume) in the target manual capacity pool.

+

+* [Dynamic service level change enhancement:](dynamic-change-volume-service-level.md) shortened wait time for changing to lower service levels

+ To address rapidly changing performance requirements, Azure NetApp Files allows [dynamic service level changes of volumes](dynamic-change-volume-service-level.md). The wait time for moving Azure NetApp Files volumes to a lower service level (after first moving service levels upwards) is now 24 hours (a change from the original seven days) enabling you to more actively benefit from this cost optimization capability.

+| <a id='BCP007' />[BCP007](./diagnostics/bcp007.md) | Error | This declaration type isn't recognized. Specify a metadata, parameter, variable, resource, or output declaration. |

+| <a id='BCP009' />[BCP009](./diagnostics/bcp009.md) | Error | Expected a literal value, an array, an object, a parenthesized expression, or a function call at this location. |

+| <a id='BCP063' />[BCP063](./diagnostics/bcp063.md) | Error | The name \<name> isn't a parameter, variable, resource, or module. |

+| <a id='BCP065' />BCP065 | Error | Function \<function-name> isn't valid at this location. It can only be used as a parameter default value. |

+| <a id='BCP066' />BCP066 | Error | Function \<function-name> isn't valid at this location. It can only be used in resource declarations. |

+| <a id='BCP071' />[BCP071](./diagnostics/bcp071.md) | Error | Expected \<arugment-count>, but got \<argument-count>. |

+| <a id='BCP082' />[BCP082](./diagnostics/bcp082.md) | Error | The name \<name> doesn't exist in the current context. Did you mean \<name>? |

+| <a id='BCP124' />[BCP124](./diagnostics/bcp124.md) | Error | The decorator \<decorator-name> can only be attached to targets of type \<data-type>, but the target has type \<data-type>. |

+| <a id='BCP125' />[BCP125](./diagnostics/bcp125.md) | Error | Function \<function-name> can't be used as a parameter decorator. |

+| <a id='BCP126' />[BCP126](./diagnostics/bcp126.md) | Error | Function \<function-name> can't be used as a variable decorator. |

+| <a id='BCP127' />[BCP127](./diagnostics/bcp127.md) | Error | Function \<function-name> can't be used as a resource decorator. |

+| <a id='BCP128' />[BCP128](./diagnostics/bcp128.md) | Error | Function \<function-name> can't be used as a module decorator. |

+| <a id='BCP129' />[BCP129](./diagnostics/bcp129.md) | Error | Function \<function-name> can't be used as an output decorator. |

+| <a id='BCP132' />[BCP132](./diagnostics/bcp132.md) | Error | Expected a declaration after the decorator. |

+| <a id='BCP147' />[BCP147](./diagnostics/bcp147.md) | Error | Expected a parameter declaration after the decorator. |

+| <a id='BCP152' />[BCP152](./diagnostics/bcp152.md) | Error | Function \<function-name> can't be used as a decorator. |

+| <a id='BCP153' />[BCP153](./diagnostics/bcp153.md) | Error | Expected a resource or module declaration after the decorator. |

+| <a id='BCP155' />BCP155 | Error | The decorator \<decorator-name> can only be attached to resource or module collections. |

+| <a id='BCP166' />[BCP166](./diagnostics/bcp166.md) | Error | Duplicate \<decorator-name> decorator. |

+| <a id='BCP180' />BCP180 | Error | Function \<function-name> isn't valid at this location. It can only be used when directly assigning to a module parameter with a secure decorator. |

+| <a id='BCP181' />BCP181 | Error | This expression is being used in an argument of the function \<function-name>, which requires a value that can be calculated at the start of the deployment.{variableDependencyChainClause}{accessiblePropertiesClause} |

+| <a id='BCP241' />BCP241 | Warning | The \<function-name> function is deprecated and will be removed in a future release of Bicep. Add a comment to https://github.com/Azure/bicep/issues/2017 if you believe this will impact your workflow. |

+| <a id='BCP248' />BCP248 | Error | Using lambda variables inside the \<function-name> function isn't currently supported. Found the following lambda variable(s) being accessed: {ToQuotedString(variableNames)}. |

+| <a id='BCP266' />[BCP266](./diagnostics/bcp266.md) | Error | Expected a metadata identifier at this location. |

+| <a id='BCP269' />BCP269 | Error | Function \<function-name> can't be used as a metadata decorator. |

+| <a id='BCP290' />[BCP290](./diagnostics/bcp290.md) | Error | Expected a parameter or type declaration after the decorator. |

+| <a id='BCP292' />[BCP292](./diagnostics/bcp292.md) | Error | Expected a parameter, output, or type declaration after the decorator. |

+| <a id='BCP297' />BCP297 | Error | Function \<function-name> can't be used as a type decorator. |

+| <a id='BCP308' />BCP308 | Error | The decorator \<decorator-name> may not be used on statements whose declared type is a reference to a user-defined type. |

+| <a id='BCP311' />[BCP311](./diagnostics/bcp311.md) | Error | The provided index value of \<index-value> isn't valid for type \<type-name>. Indexes for this type must be between 0 and \<zero-based-tuple-index>. |

+| <a id='BCP351' />BCP351 | Error | Function \<function-name> isn't valid at this location. It can only be used when directly assigning to a parameter. |

+| <a id='BCP386' />BCP386 | Error | The decorator \<decorator-name> may not be used on statements whose declared type is a reference to a resource-derived type. |

+ Title: BCP007

+description: Error - This declaration type isn't recognized. Specify a metadata, parameter, variable, resource, or output declaration.

+# Bicep error code - BCP007

+This error occurs when the declaration type isn't recognized. For a list of declaration types, see [Understand the structure and syntax of Bicep files](../file.md).

+## Error description

+`This declaration type isn't recognized. Specify a metadata, parameter, variable, resource, or output declaration.`

+## Solution

+Use the correct declaration type. For more information, see [Bicep file](../file.md).

+## Examples

+The following example raises the error because `parameter` isn't a correct declaration type:

+```bicep

+parameter name string

+```

+You can fix the error by using the correct declaration type, `param`.

+```bicep

+param name string

+```

+For more information, see [Parameters](../parameters.md).

+## Next steps

+For more information about Bicep error and warning codes, see [Bicep core diagnostics](../bicep-core-diagnostics.md).

+ Title: BCP009

+description: Error - Expected a literal value, an array, an object, a parenthesized expression, or a function call at this location.

+# Bicep error code - BCP009

+This error occurs when a declaration is not completed.

+## Error description

+`Expected a literal value, an array, an object, a parenthesized expression, or a function call at this location.`

+## Solution

+Include the missing part. For more information, see [Bicep file](../file.md).

+## Examples

+The following example raises the error because the `metadata` declaration isn't completed:

+```bicep

+metadata description =

+```

+You can fix the error by using completing the declaration.

+```bicep

+metadata description = 'Creates a storage account and a web app'

+```

+For more information, see [Metadata](../file.md#metadata).

+## Next steps

+For more information about Bicep error and warning codes, see [Bicep core diagnostics](../bicep-core-diagnostics.md).

+For more information, see [Objects](../data-types.md#objects)

+For more information, see [Arrays](../data-types.md#arrays).

+The following example raises the error because the code is missing `=` and the assigned value.

+```bicep

+output month int

+```

+You can fix the error by completing the output declaration.

+```bicep

+output month int = 3

+```

+For more information, see [Outputs](../file.md#outputs).

+For more information about Bicep error and warning codes, see [Bicep core diagnostics](../bicep-core-diagnostics.md).

+This error occurs when the referenced name doesn't exist, either due to a typo or because it hasn't been declared. If it's a typo, you'll encounter [BCP082](./bcp082.md) when the compiler identifies and suggests a similarly named symbol.

+Fix the typo or declare the symbol.

+ Title: BCP063

+description: Error - The name <name> isn't a parameter, variable, resource, or module.

+# Bicep error code - BCP063

+This error occurs when the system tries to locate a name within the context, but no matching name is found.

+## Error description

+`The name <name> isn't a parameter, variable, resource, or module.`

+## Solutions

+Use the property declaration types. For more information, see [Bicep file](../file.md).

+## Examples

+The following example raises the error because *@metadata* is not a correct declaration type:

+```bicep

+@metadata

+resource store 'Microsoft.Storage/storageAccounts@2023-05-01' existing = {

+ name: 'mystore'

+}

+```

+You can fix the error by properly declaring `metadata`.

+```bicep

+metadata description = 'create a storage account'

+resource store 'Microsoft.Storage/storageAccounts@2023-05-01' existing = {

+ name: 'mystore'

+}

+```

+For more information, see [Metadata](../file.md#metadata).

+## Next steps

+For more information about Bicep error and warning codes, see [Bicep core diagnostics](../bicep-core-diagnostics.md).

+ Title: BCP071

+description: Error - Expected <arugment-count>, but got <argument-count>.

+# Bicep error code - BCP071

+This error occurs when a function is given an incorrect number of arguments. For a list of system defined functions, see [Bicep functions](../bicep-functions-any.md). To define you own functions, see [User-defined functions](../user-defined-functions.md).

+## Error description

+`Expected <arugment-count>, but got <argument-count>.`

+## Solution

+Provide the correct number of arguments.

+## Examples

+The following example raises the error because [`split()`](../bicep-functions-string.md#split) expects two arguments, but three arguments were provided:

+```bicep

+var tooManyArgs = split('a,b', ',', '?')

+```

+You can fix the error by removing the extra argument:

+```bicep

+var tooManyArgs = split('a,b', ',', '?')

+```

+## Next steps

+For more information about Bicep error and warning codes, see [Bicep core diagnostics](../bicep-core-diagnostics.md).

+ Title: BCP082

+description: Error/warning - The name <name> doesn't exist in the current context. Did you mean <name>?

+# Bicep error/warning code - BCP082

+This error or warning is similar to [BCP057](./bcp057.md), it occurs when the referenced name doesn't exist, likely due to a typo. The compiler identifies and suggests a similarly named symbol.

+## Error/warning description

+`The name <name> doesn't exist in the current context. Did you mean <name>?`

+## Solutions

+Fix the typo.

+## Examples

+The following example raises the error because `substirng` looks like a typo.

+```bicep

+var prefix = substirng('1234567890', 0, 11)

+```

+You can fix the error by using `substring` instead:

+```bicep

+var prefix = substring('1234567890', 0, 11)

+```

+## Next steps

+For more information about Bicep error and warning codes, see [Bicep warnings and errors](../bicep-core-diagnostics.md).

+ Title: BCP124

+description: Error - The decorator <decorator-name> can only be attached to targets of type <data-type>, but the target has type <data-type>.

+# Bicep error code - BCP124

+This error occurs when you specify a decorator that isn't supported by the type of the syntax being decorated.

+## Error description

+`The decorator <decorator-name> can only be attached to targets of type <data-type>, but the target has type <data-type>.`

+## Solutions

+Use the valid decorators based on the data types.

+## Examples

+The following example raises the error because `@maxValue()` is for the integer data type, not for the string data type.

+```bicep

+@maxValue(3)

+param name string

+```

+You can fix the error by providing the correct decorator for the data type:

+```bicep

+@maxLength(3)

+param name string

+```

+For a list of decorators, see [Decorators](../file.md#decorators).

+## Next steps

+For more information about Bicep error and warning codes, see [Bicep core diagnostics](../bicep-core-diagnostics.md).

+ Title: BCP125

+description: Error - Function <function-name> can't be used as a parameter decorator.

+# Bicep error code - BCP125

+This error occurs when you specify an invalid parameter decorator.

+## Error description

+`Function <function-name> can't be used as a parameter decorator.`

+## Solutions

+Use the valid decorators for parameter declarations. For more information, see [Decorators](../parameters.md#use-decorators).

+## Examples

+The following example raises the error because `@export()` isn't a valid decorator for parameters.

+```bicep

+@export()

+param name string

+```

+You can fix the error by providing the correct decorator for parameters:

+```bicep

+@description('Specify the resource name.')

+param name string

+```

+## Next steps

+For more information about Bicep error and warning codes, see [Bicep core diagnostics](../bicep-core-diagnostics.md).

+ Title: BCP126

+description: Error - Function <function-name> can't be used as a variable decorator.

+# Bicep error code - BCP126

+This error occurs when you specify an invalid variable decorator.

+## Error description

+`Function <function-name> can't be used as a variable decorator.`

+## Solutions

+Use the valid decorators for variable declarations. For more information, see [Decorators](../variables.md#use-decorators).

+## Examples

+The following example raises the error because `@minLength()` is not a valid variable decorator.

+```bicep

+@minLength()

+var name = uniqueString(resourceGroup().id)

+```

+The valid variable decorators are `@description()` and `@export()`.

+## Next steps

+For more information about Bicep error and warning codes, see [Bicep core diagnostics](../bicep-core-diagnostics.md).

+ Title: BCP127

+description: Error - Function <function-name> can't be used as a resource decorator.

+# Bicep error code - BCP127

+This error occurs when you specify an invalid resource decorator.

+## Error description

+`Function <function-name> can't be used as a resource decorator.`

+## Solutions

+Use the valid decorators for resource declarations. For more information, see [Decorators](../resource-declaration.md#use-decorators).

+## Examples

+The following example raises the error because `@export()` is not a valid resource decorator.

+```bicep

+@export()

+resource store 'Microsoft.Storage/storageAccounts@2023-05-01' existing = {

+ name: uniqueString(resourceGroup().id)

+}

+```

+The valid resource decorators are `@description()` and `@batchSize()`.

+## Next steps

+For more information about Bicep error and warning codes, see [Bicep core diagnostics](../bicep-core-diagnostics.md).

+ Title: BCP128

+description: Error - Function <function-name> can't be used as a module decorator.

+# Bicep error code - BCP128

+This error occurs when you specify an invalid module decorator.

+## Error description

+`Function <function-name> can't be used as a module decorator.`

+## Solutions

+Use the valid decorators for module declarations. For more information, see [Decorators](../modules.md#use-decorators).

+## Examples

+The following example raises the error because `@export()` is not a valid module decorator.

+```bicep

+@export()

+module storage 'br/public:avm/res/storage/storage-account:0.11.1' = {

+ name: 'myStorage'

+ params: {

+ name: 'store${resourceGroup().name}'

+ }

+}

+```

+The valid module decorators are `@description()` and `@batchSize()`.

+## Next steps

+For more information about Bicep error and warning codes, see [Bicep core diagnostics](../bicep-core-diagnostics.md).

+ Title: BCP129

+description: Error - Function <function-name> can't be used as an output decorator.

+# Bicep error code - BCP129

+This error occurs when you specify an invalid output decorator.

+## Error description

+`Function <function-name> can't be used as a output decorator.`

+## Solutions

+Use the valid decorators for output declarations. For more information, see [Decorators](../outputs.md#use-decorators).

+## Examples

+The following example raises the error because `@export()` isn't a valid output decorator.

+```bicep

+@export()

+output foo string = 'Hello world'

+```

+## Next steps

+For more information about Bicep error and warning codes, see [Bicep core diagnostics](../bicep-core-diagnostics.md).

+ Title: BCP132

+description: Error - Expected a declaration after the decorator.

+# Bicep error code - BCP132

+This error occurs when you have a decorator but there is no declaration following it.

+## Error description

+`Expected a declaration after the decorator.`

+## Solutions

+Add the proper type declarations after the decorator.

+## Examples

+The following example raises the error because there are no declarations after the decorator.

+```bicep

+@description()

+```

+You can fix the error by removing the decorator or adding the declaration after the decorator.

+```bicep

+@description('Declare a existing storage account.')

+resource store 'Microsoft.Storage/storageAccounts@2023-05-01' existing = {

+ name: 'mystore'

+}

+```

+For a list of valid decorators, see [Decorators](../file.md#decorators).

+## Next steps

+For more information about Bicep error and warning codes, see [Bicep core diagnostics](../bicep-core-diagnostics.md).

+ Title: BCP147

+description: Error - Expected a parameter declaration after the decorator.

+# Bicep error code - BCP147

+This error occurs when you have a decorator that is expecting to be followed by a `param` declaration, but miss the declaration.

+## Error description

+`Expected a parameter declaration after the decorator.`

+## Solutions

+

+Add the parameter declaration after the decorator. For a list of valid parameter decorators, see [Decorators](../parameters.md#use-decorators).

+## Examples

+The following example raises the error because the `param` declaration is missing.

+```bicep

+@allowed()

+```

+You can fix the error by adding the `param` declaration.

+```bicep

+@allowed([

+ 'foo'

+ 'bar'

+])

+param stringParam string = 'foo'

+```

+## Next steps

+For more information about Bicep error and warning codes, see [Bicep core diagnostics](../bicep-core-diagnostics.md).

+ Title: BCP152

+description: Error - Function <function-name> can't be used as a decorator.

+# Bicep error code - BCP152

+This error occurs when you try to use a Bicep function as a decorator, but the function isn't suitable for that purpose.

+## Error description

+`Function <function-name> can't be used as a decorator.`

+## Solutions

+Use valid decorators. For a list of parameter decorators, see [Decorators](../parameters.md#use-decorators).

+## Examples

+The following example raises the error because `uniqueString()` can't be used as a parameter decorator.

+```bicep

+@uniqueString()

+param name string

+```

+You can fix the error by using the valid decorators.

+```bicep

+@description('Provide resource name.')

+param name string

+```

+## Next steps

+For more information about Bicep error and warning codes, see [Bicep core diagnostics](../bicep-core-diagnostics.md).

+ Title: BCP153

+description: Error - Expected a resource or module declaration after the decorator.

+# Bicep error code - BCP153

+This error occurs when you have a decorator that is expecting to be followed by a `resource` or `module` declaration, but miss the declaration.

+## Error description

+`Expected a resource or module declaration after the decorator.`

+## Solutions

+Add the [module](../modules.md) or [resource](../resource-declaration.md) declarations.

+## Examples

+The following example raises the error because the type declaration is missing.

+```bicep

+@batchSize()

+```

+You can fix the error by adding the module or resource declaration.

+```bicep

+@batchSize(3)

+module storage 'br/public:avm/res/storage/storage-account:0.11.1' = [for storageName in storageAccounts: {

+ name: 'myStorage'

+ params: {

+ name: 'store${resourceGroup().name}'

+ }

+}]

+```

+For a list of valid decorators, see [Module decorators](../modules.md#use-decorators) and [Resource decorators](../resource-declaration.md#use-decorators).

+## Next steps

+For more information about Bicep error and warning codes, see [Bicep core diagnostics](../bicep-core-diagnostics.md).

+ Title: BCP166

+description: Error - Duplicate <decorator-name> decorator.

+# Bicep error code - BCP166

+This error occurs when you have duplicate decorators.

+## Error description

+`Duplicate <decorator-name> decorator.`

+## Solutions

+Remove the duplicate decorator.

+## Examples

+The following example raises the error because there's two duplicate decorators.

+```bicep

+@description('foo')

+@description('bar')

+param name string

+```

+You can fix the error by removing one of the duplicate decorators.

+```bicep

+@description('bar')

+param name string

+```

+For more information, see [Decorators](../file.md#decorators).

+## Next steps

+For more information about Bicep error and warning codes, see [Bicep core diagnostics](../bicep-core-diagnostics.md).

+ Title: BCP266

+description: Error - Expected a metadata identifier at this location.

+# Bicep error code - BCP266

+This error occurs when the `metadata` declaration missing the identifier.

+## Error description

+`Expected a metadata identifier at this location.`

+## Solution

+Add the metadata identifier, and complete the declaration.

+## Examples

+The following example raises the error because type declaration `metadata` misses the identifier.

+```bicep

+metadata

+```

+You can fix the error by completing the `metadata` declaration.

+```bicep

+metadata description = 'Creates a storage account and a web app'

+```

+For more information, see [Metadata](../file.md#metadata).

+## Next steps

+For more information about Bicep error and warning codes, see [Bicep core diagnostics](../bicep-core-diagnostics.md).

+ Title: BCP290

+description: Error - Expected a parameter or type declaration after the decorator.

+# Bicep error code - BCP290

+This error occurs when you have a decorator that is expecting to be followed by a `param` or `type` declaration, but miss the declaration.

+## Error description

+`Expected a parameter or type declaration after the decorator.`

+## Examples

+The following example raises the error because there is no parameter or type declaration after the `@secure()` decorator.

+```bicep

+@secure()

+```

+You can fix the error by removing the decorator and adding a parameter of type declaration.

+```bicep

+@secure()

+param password string

+```

+For more information, see [Decorators](../file.md#decorators).

+## Next steps

+For more information about Bicep error and warning codes, see [Bicep core diagnostics](../bicep-core-diagnostics.md).

+ Title: BCP292

+description: Error - Expected a parameter, output, or type declaration after the decorator.

+# Bicep error code - BCP292

+This error occurs when you have a decorator that is expecting to be followed by a `param` or `output` or `type` declaration, but miss the declaration.

+## Error description

+`Expected a parameter, output, or type declaration after the decorator.`

+## Examples

+The following example raises the error because there is no type declaration after the `@metadata`, `@minValue()`, `@maxValue()`,`@minLength()`, `@maxLength()`, `@discriminator()`, or `@sealed()` decorator.

+```bicep

+@minLength()

+```

+You can fix the error by removing the decorator and adding the correct type declaration.

+```bicep

+@minLength(3)

+param name string

+```

+For more information, see [Decorators](../file.md#decorators).

+## Next steps

+For more information about Bicep error and warning codes, see [Bicep core diagnostics](../bicep-core-diagnostics.md).

+ Title: BCP311

+description: Error - The provided index value of <index-value> isn't valid for type <type-name>. Indexes for this type must be between 0 and <zero-based-tuple-index>.

+# Bicep error code - BCP311

+This error occurs when you provide an invalid index number. Arrays in Bicep are zero-based. For more information, see [Arrays](../data-types.md#arrays).

+## Error description

+`The provided index value of <index-value> isn't valid for type <type-name>. Indexes for this type must be between 0 and <zero-based-tuple-index>.`

+## Solutions

+Use the correct index number.

+## Examples

+The following example raises the error because the index is out of bounds:

+```bicep

+var exampleArray = [

+ 1

+ 2

+ 3

+]

+output bar int = exampleArray[3]

+```

+You can fix the error by using the correct index number:

+```bicep

+var exampleArray = [

+ 1

+ 2

+ 3

+]

+output bar int = exampleArray[2]

+```

+## Next steps

+For more information about Bicep error and warning codes, see [Bicep core diagnostics](../bicep-core-diagnostics.md).

+For more information about Bicep error and warning codes, see [Bicep core diagnostics](../bicep-core-diagnostics.md).

+For more information about Bicep error and warning codes, see [Bicep core diagnostics](../bicep-core-diagnostics.md).

+For more information about Bicep error and warning codes, see [Bicep core diagnostics](../bicep-core-diagnostics.md).

+The auxiliary header can hold up to three auxiliary tokens.

+After authenticating the request, Azure Resource Manager sends it to the resource provider, which completes the operation. Even during periods of unavailability for the control plane, you can still access the data plane of your Azure resources. For instance, you can continue to access and operate on data in your storage account resource via its separate storage URI `https://myaccount.blob.core.windows.net` even when `https://management.azure.com` isn't available.

+To assist with creating ARM templates, you can export a template from existing resources. For more information, see [Use Azure CLI to export a template](../templates/export-template-cli.md).

+* To learn Azure Resource Manager, see [Azure Resource Manager overview](overview.md).

+* To learn the Resource Manager template syntax, see [Understand the structure and syntax of Azure Resource Manager templates](../templates/syntax.md).

+The resource group stores metadata about the resources. Therefore, when you specify a location for the resource group, you're specifying where that metadata is stored. For compliance reasons, you might need to ensure that your data is stored in a particular region. Note that resources inside a resource group can be of different regions.

+Locking prevents other users in your organization from accidentally deleting or modifying critical resources.

+To assist with creating ARM templates, you can export a template from existing resources. For more information, see [Use Azure PowerShell to export a template](../templates/export-template-powershell.md).

+* To learn Azure Resource Manager, see [Azure Resource Manager overview](overview.md).

+* To learn the Resource Manager template syntax, see [Understand the structure and syntax of Azure Resource Manager templates](../templates/syntax.md).

+* To learn Azure Resource Manager, see [Azure Resource Manager overview](overview.md).

+* For more information about authentication options, see [Authenticate Python apps to Azure services by using the Azure SDK for Python](/azure/developer/python/sdk/authentication-overview).

+Locking prevents other users in your organization from accidentally deleting or modifying critical resources, such as Azure subscription, resource group, or resource.

+3. Select the resource you want to open.

+Locking prevents other users in your organization from accidentally deleting or modifying critical resources, such as Azure subscription, resource group, or resource.

+Tagging helps organizing your resource group and resources logically.

+Locking prevents other users in your organization from accidentally deleting or modifying critical resources, such as Azure subscription, resource group, or resource.

+Locking prevents other users in your organization from accidentally deleting or modifying critical resources, such as Azure subscription, resource group, or resource.

+If you're getting started and want to test Azure REST APIs using your individual token, you can retrieve your current access token quickly with either Azure PowerShell or Azure CLI.

+* To upgrade a free trial, see [Upgrade your Free Trial or Microsoft Imagine Azure subscription to pay-as-you-go](../../cost-management-billing/manage/upgrade-azure-subscription.md).

+* To change a pay-as-you-go account, see [Change your Azure pay-as-you-go subscription to a different offer](../../cost-management-billing/manage/switch-azure-offer.md).

+* **Align to a region launch**: Move your resources to a newly introduced Azure region that wasn't previously available.

+* **Align for services/features**: Move resources to take advantage of services or features that are available in a specific region.

+* **Respond to business developments**: Move resources to a region in response to business changes, such as mergers or acquisitions.

+* **Align for proximity**: Move resources to a region local to your business.

+* **Meet data requirements**: Move resources to align with data residency requirements, or data classification needs. [Learn more](https://azure.microsoft.com/mediahandler/files/resourcefiles/achieving-compliant-data-residency-and-security-with-azure/Achieving_Compliant_Data_Residency_and_Security_with_Azure.pdf).

+* **Respond to deployment requirements**: Move resources that were deployed in error, or move in response to capacity needs.

+* **Respond to decommissioning**: Move resources because of decommissioned regions.

+* A single hub for moving resources across regions.

+* Reduced move time and complexity. Everything you need is in a single location.

+* A simple and consistent experience for moving different types of Azure resources.

+* An easy way to identify dependencies across resources you want to move. This identification helps you to move related resources together, so that everything works as expected in the target region, after the move.

+* Automatic cleanup of resources in the source region, if you want to delete them after the move.

+* Testing. You can try out a move, and then discard it if you don't want to do a full move.

+* **Start moving resources from a resource group**: With this method, you kick off the region move from within a resource group. After selecting the resources you want to move, the process continues in the Resource Mover hub, to check resource dependencies, and orchestrate the move process. [Learn more](../../resource-mover/move-region-within-resource-group.md).

+* **Start moving resources directly from the Resource Mover hub**: With this method, you kick off the region move process directly in the hub. [Learn more](../../resource-mover/tutorial-move-region-virtual-machines.md).

+* To check if a resource type supports being moved, see [Move operation support for resources](move-support-resources.md).

+* To learn more about the region move process, see [About the move process](../../resource-mover/about-move-process.md).

+* To learn more deeply about service relocation and planning recommendations, see [Relocated cloud workloads](/azure/cloud-adoption-framework/relocate/).

+3. To access insights for a resource group, select **Insights** in the left-side menu of any resource group.

+Most resource types open a gallery of Azure Monitor Workbook templates. Each workbook you create can be customized, saved, shared with your team, and reused in the future to diagnose similar issues.

+When App Service is chosen, you're presented with a gallery of Azure Monitor Workbook templates.

+Choosing the template for Failure Insights open the workbook.

+Workbooks abstract away the difficult work of creating custom reports and visualizations into an easily consumable format. While some users may only want to adjust the prebuilt parameters, workbooks are customizable.

+In this case, if you select edit you'll see that this set of visualizations is powered by Azure Monitor Metrics.

+To see alerts in Resource Group insights, someone with an Owner or Contributor role for this subscription needs to open Resource Group insights for any resource group in the subscription. This enables anyone with read access to see alerts in Resource Group insights for all of the resource groups in the subscription. If you have an Owner or Contributor role, refresh this page in a few minutes.

+* [Azure Monitor Workbooks](/azure/azure-monitor/visualize/workbooks-overview)

+* [Azure Resource Health](/azure/service-health/resource-health-overview)

+* [Azure Monitor Alerts](/azure/azure-monitor/alerts/alerts-overview)

+Before you use a resource provider, you must make sure your Azure subscription is registered for the resource provider. Registration configures your subscription to work with the resource provider.

+* To learn about creating Resource Manager templates, see [Authoring Azure Resource Manager templates](../templates/syntax.md).

+* botServices - By default, limited to 800 instances. That limit can be increased by [registering the following features](preview-features.md) - Microsoft.Resources/ARMDisableResourcesPerRGLimit

+* profiles - By default, limited to 800 instances. That limit can be increased by [registering the following features](preview-features.md) - Microsoft.Resources/ARMDisableResourcesPerRGLimit

+* profiles/networkpolicies - By default, limited to 800 instances. That limit can be increased by [registering the following features](preview-features.md) - Microsoft.Resources/ARMDisableResourcesPerRGLimit

+* virtualMachineScaleSets - By default, limited to 800 instances. That limit can be increased by [registering the following features](preview-features.md) - Microsoft.Resources/ARMDisableResourcesPerRGLimit

+* capacities - By default, limited to 800 instances. That limit can be increased by [registering the following features](preview-features.md) - Microsoft.Fabric/UnlimitedResourceGroupQuota

+* loadBalancers - By default, limited to 800 instances. That limit can be increased by [registering the following features](preview-features.md) - Microsoft.Resources/ARMDisableResourcesPerRGLimit

+* vpnBranches - By default, limited to 800 instances. That limit can be increased by [registering the following features](preview-features.md) - Microsoft.NetworkFunction/AllowNaasVpnAccess

+* namespaces - By default, limited to 800 instances. That limit can be increased by [registering the following features](preview-features.md) - Microsoft.NotificationHubs/ARMDisableResourcesPerRGLimit

+* namespaces/notificationHubs - By default, limited to 800 instances. That limit can be increased by [registering the following features](preview-features.md) - Microsoft.NotificationHubs/ARMDisableResourcesPerRGLimit

+* workspaceCollections - By default, limited to 800 instances. That limit can be increased by [registering the following features](preview-features.md) - Microsoft.PowerBI/UnlimitedQuota

+* autoScaleVCores - By default, limited to 800 instances. That limit can be increased by [registering the following features](preview-features.md) - Microsoft.PowerBIDedicated/UnlimitedResourceGroupQuota

+* capacities - By default, limited to 800 instances. That limit can be increased by [registering the following features](preview-features.md) - Microsoft.PowerBIDedicated/UnlimitedResourceGroupQuota

+* streamingjobs - By default, limited to 800 instances. That limit can be increased by [registering the following features](preview-features.md) - Microsoft.StreamAnalytics/ASADisableARMResourcesPerRGLimit

+* You can have write access to the `Microsoft.Resources/tags` resource type. This access lets you tag any resource, even if you don't have access to the resource itself. The [Tag Contributor](../../role-based-access-control/built-in-roles.md#tag-contributor) role grants this access. The tag contributor role, for example, can't apply tags to resources or resource groups through the portal. It can, however, apply tags to subscriptions through the portal. It supports all tag operations through Azure PowerShell and REST API.

+* You can have write access to the resource itself. The [Contributor](../../role-based-access-control/built-in-roles.md#contributor) role grants the required access to apply tags to any entity. To apply tags to only one resource type, use the contributor role for that resource. To apply tags to virtual machines, for example, use the [Virtual Machine Contributor](../../role-based-access-control/built-in-roles.md#virtual-machine-contributor).

+## Unique tags pagination

+When calling the [Unique Tags API](/rest/api/resources/tags/list) there's a limit to the size of each API response page that is returned. A tag that has a large set of unique values will require the API to fetch the next page to retrieve the remaining set of values. When this happens the tag key is shown again to indicate that the values are still under this key.

+We recommend the following steps as you prepare to migrate your clients to TLS 1.2:

+* [Configure Transport Layer Security (TLS) for a client application](../../storage/common/transport-layer-security-configure-client-version.md) ΓÇô contains instructions to update TLS version in PowerShell.

+ For more details about comments and metadata, see [Understand the structure and syntax of ARM templates](./syntax.md#comments-and-metadata).

+In addition to the `comments` property, comments using the `//` syntax are supported. For more details about comments and metadata, see [Understand the structure and syntax of ARM templates](./syntax.md#comments-and-metadata). You may choose to save JSON files that contain `//` comments using the `.jsonc` file extension, to indicate the JSON file contains comments. The ARM service will also accept comments in any JSON file including parameters files.

+Working with ARM templates is easier with the Azure Resource Manager (ARM) Tools for Visual Studio Code. This extension provides language support, resource snippets, and resource auto-completion to help you create and validate Azure Resource Manager templates. To learn more and install the extension, see [Azure Resource Manager (ARM) Tools](https://marketplace.visualstudio.com/items?itemName=msazurermtools.azurerm-vscode-tools).

+You can put the file anywhere in the repository. The workflow sample in the next section assumes the template file is named **azuredeploy.json**, and it's stored at the root of your repository.

+ - **on**: The name of the GitHub events that triggers the workflow. The workflow is trigger when there's a push event on the main branch, which modifies at least one of the two files specified. The two files are the workflow file and the template file.

+ - **on**: The name of the GitHub events that triggers the workflow. The workflow is trigger when there's a push event on the main branch, which modifies at least one of the two files specified. The two files are the workflow file and the template file.

+1. Select the **Actions** tab. You see a **Create deployStorageAccount.yml** workflow listed. It takes 1-2 minutes to run the workflow.

+The following template is the main template. The highlighted `Microsoft.Resources/deployments` object shows how to call a linked template. The linked template can't be stored as a local file or a file that is only available on your local network. You can either provide a URI value of the linked template that includes either HTTP or HTTPS, or use the _relativePath_ property to deploy a remote linked template at a location relative to the parent template. One option is to place both the main template and the linked template in a storage account.

+To deploy templates in a storage account, generate a SAS token and supply it to the _-QueryString_ parameter. Set the expiry time to allow enough time to complete the deployment. The blobs containing the templates are accessible to only the account owner. However, when you create a SAS token for a blob, the blob is accessible to anyone with that SAS token. If another user intercepts the URI and the SAS token, that user is able to access the template. A SAS token is a good way of limiting access to your templates, but you shouldn't include sensitive data like passwords directly in the template.

+[Nested resources](./child-resource-name-type.md#within-parent-resource) can't be used in a [symbolic name](./resource-declaration.md#use-symbolic-name) template. In the following template, the nested storage account resource can't use symbolic name:

+Make sure there's no leading "?" in QueryString. The deployment adds one when assembling the URI for the deployments.

+You're limited to 256 parameters in a template. For more information, see [Template limits](./best-practices.md#template-limits).

+- To learn about the available properties for parameters, see [Understand the structure and syntax of ARM templates](./syntax.md).

+- To learn about passing in parameter values as a file, see [Create Resource Manager parameter file](parameter-files.md).

+- For recommendations about creating parameters, see [Best practices - parameters](./best-practices.md#parameters).

+Azure storage account names have a minimum length of three characters and a maximum of 24. Add both `minLength` and `maxLength` to the parameter and provide appropriate values.

+The following example shows a network interface that depends on a virtual network, network security group, and public IP address. For the full template, see [the quickstart template for a Linux virtual machine](https://github.com/Azure/azure-quickstart-templates/blob/master/quickstarts/microsoft.compute/vm-simple-linux/azuredeploy.json).

+The enhancements and changes that come with languageVersion 2.0:

+* Use symbolic name in ARM JSON template. For more information, see [Use symbolic name](./resource-declaration.md#use-symbolic-name).

+* Use symbolic name in resource copy loops. See [Use symbolic name](./copy-resources.md#use-symbolic-name).

+* Use symbolic name in `dependsOn` arrays. See [DependsOn](./resource-dependency.md#dependson) and [Depend on resources in a loop](./resource-dependency.md#depend-on-resources-in-a-loop).

+* Use symbolic name instead of resource name in the `reference` function. See [reference](./template-functions-resource.md#reference).

+* A references() function that returns an array of objects representing a resource collection's runtime states. See [references](./template-functions-resource.md#references).

+* Use the 'existing' resource property to declare existing resources for ARM to read rather than deploy a resource. See [Declare existing resources](./resource-declaration.md#declare-existing-resources).

+* Create user-defined types. See [Type definition](./definitions.md).

+* Additional aggregate type validation constraints to be used in [parameters](./parameters.md) and [outputs](./outputs.md).

+* The default value for the `expressionEvaluationOptions` property is `inner`. The value `outer` is blocked. See [Expression evaluation scope in nested templates](./linked-templates.md#expression-evaluation-scope-in-nested-templates).

+* The `deployment` function returns a limited subset of properties. See [deployment](./template-functions-deployment.md#deployment).

+* If Deployments resource is used in a symbolic-name deployment, use apiVersion `2020-09-01` or later.

+* In resource definition, double-escaping values within an expression is no longer needed. See [Escape characters](./template-expressions.md#escape-characters).

+Most functions work the same whether they're deployed to a resource group, subscription, management group, or tenant. The following functions have restrictions based on the scope:

+ Title: Update pool properties

+description: Learn how to update existing Batch pool properties.

+# Update Batch pool properties

+When you create an Azure Batch pool, you specify certain properties that define the configuration

+of the pool. Examples include specifying the VM size, VM image to use, virtual network configuration,

+and encryption settings. However, you may need to update pool properties as your workload evolves

+over time or if a VM image reaches end-of-life.

+Some, but not all, of these pool properties can be patched or updated to accommodate these situations.

+This article provides information about updateable pool properties, expected behaviors for

+pool property updates, and examples.

+> [!TIP]

+> Some pool properties can only be updated using the

+> [Batch Management Plane APIs or SDKs](batch-apis-tools.md#batch-management-apis) using Entra

+> authentication. You will need to install or use the appropriate [API or SDK](batch-apis-tools.md)

+> for these operations to be available.

+## Updateable pool properties

+Batch provides multiple methods to update properties on a pool. Selecting which API to use

+determines the set of pool properties that can be updated as well as the update behavior.

+> [!NOTE]

+> If you want to update pool properties that aren't part of the following Update or Patch

+> APIs, then you must recreate the pool to reflect the desired state.

+### Management Plane: Pool - Update

+The recommended path to updating pool properties is utilizing the

+[Pool - Update API](/rest/api/batchmanagement/pool/update) as part of the

+[Batch Management Plane API or SDK](batch-apis-tools.md#batch-management-apis). This API provides

+the most comprehensive and flexible way to update pool properties. Using this API allows select

+update of Management plane only pool properties and the ability to update other properties that

+would otherwise be immutable via Data Plane APIs.

+> [!IMPORTANT]

+> You must use API version 2024-07-01 or newer of the Batch Management Plane API for updating pool

+> properties as described in this section.

+Since this operation is a `PATCH`, only pool properties specified in the request are updated.

+If properties aren't specified as part of the request, then the existing values remain unmodified.

+Some properties can only be updated when the pool has no active nodes in it or where the total

+number of compute nodes in the pool is zero. The properties that *don't* require the pool

+to be size zero for the new value to take effect are:

+- applicationPackages

+- certificates

+- metadata

+- scaleSettings

+- startTask

+If there are active nodes when the pool is updated with these properties, reboot of active

+compute nodes may be required for changes to take effect. For more information, see the

+documentation for each individual pool property.

+All other updateable pool properties require the pool to be of size zero nodes to be accepted

+as part of the request to update.

+You may also use [Pool - Create API](/rest/api/batchmanagement/pool/create) to update these

+select properties, but since the operation is a `PUT`, the request fully replaces all

+existing properties. Therefore, any property that isn't specified in the request is removed

+or set with the associated default.

+#### Example: Update VM Image Specification

+The following example shows how to update a pool VM image configuration via the Management Plane C# SDK:

+```csharp

+public async Task UpdatePoolVmImage()

+{

+ // Authenticate

+ var clientId = Environment.GetEnvironmentVariable("CLIENT_ID");

+ var clientSecret = Environment.GetEnvironmentVariable("CLIENT_SECRET");

+ var tenantId = Environment.GetEnvironmentVariable("TENANT_ID");

+ var subscriptionId = Environment.GetEnvironmentVariable("SUBSCRIPTION_ID");

+ ClientSecretCredential credential = new ClientSecretCredential(tenantId, clientId, clientSecret);

+ ArmClient client = new ArmClient(credential, subscriptionId);

+ // Get an existing Batch account

+ string resourceGroupName = "<resourcegroup>";

+ string accountName = "<batchaccount>";

+ ResourceIdentifier batchAccountResourceId = BatchAccountResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, accountName);

+ BatchAccountResource batchAccount = client.GetBatchAccountResource(batchAccountResourceId);

+ // get the collection of this BatchAccountPoolResource

+ BatchAccountPoolCollection collection = batchAccount.GetBatchAccountPools();

+ // Update the pool

+ string poolName = "mypool";

+ BatchAccountPoolData data = new BatchAccountPoolData()

+ {

+ DeploymentConfiguration = new BatchDeploymentConfiguration()

+ {

+ VmConfiguration = new BatchVmConfiguration(new BatchImageReference()

+ {

+ Publisher = "MicrosoftWindowsServer",

+ Offer = "WindowsServer",

+ Sku = "2022-datacenter-azure-edition-smalldisk",

+ Version = "latest",

+ },

+ nodeAgentSkuId: "batch.node.windows amd64"),

+ },

+ };

+ ArmOperation<BatchAccountPoolResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, poolName, data);

+ BatchAccountPoolResource result = lro.Value;

+ BatchAccountPoolData resourceData = result.Data;

+ Console.WriteLine($"Succeeded on id: {resourceData.Id}");

+}

+```

+#### Example: Update VM Size and Target Node Communication Mode

+The following example shows how to update a pool VM image size and target node communication

+mode to be simplified via REST API:

+```http

+PATCH https://management.azure.com/subscriptions/<subscriptionid>/resourceGroups/<resourcegroupName>/providers/Microsoft.Batch/batchAccounts/<batchaccountname>/pools/<poolname>?api-version=2024-07-01

+```

+Request Body

+```json

+{

+ "type": "Microsoft.Batch/batchAccounts/pools",

+ "parameters": {

+ "properties": {

+ "vmSize": "standard_d32ads_v5",

+ "targetNodeCommunicationMode": "simplified"

+ }

+ }

+}

+```

+### Data Plane: Pool - Patch or Update Properties

+The Data Plane offers the ability to either patch or update select pool properties. The

+available APIs are the [Pool - Patch API](/rest/api/batchservice/pool/patch) or the

+[Pool - Update Properties API](/rest/api/batchservice/pool/update-properties) as part of

+the [Batch Data Plane API or SDK](batch-apis-tools.md#batch-service-apis).

+The [Patch API](/rest/api/batchservice/pool/patch) allows patching of select pool properties

+as specified in the documentation such as the `startTask`. Since this operation is a `PATCH`,

+only pool properties specified in the request are updated. If properties aren't specified as

+part of the request, then the existing values remain unmodified.

+The [Update Properties API](/rest/api/batchservice/pool/update-properties) allows select

+update of the pool properties as specified in the documentation. This request fully

+replaces the existing properties, therefore any property that isn't specified in the

+request is removed.

+Compute nodes must be rebooted for changes to take effect for the following properties:

+- applicationPackageReferences

+- certificateReferences

+- startTask

+The pool must be resized to zero active nodes for updates to the `targetNodeCommunicationMode`

+property.

+## FAQs

+- Do I need to perform any other operations after updating pool properties while the pool

+has active nodes?

+Yes, for pool properties that can be updated with active nodes, there are select properties

+which require compute nodes to be rebooted. Alternatively, the pool can be scaled down to

+zero nodes to reflect the modified properties.

+- Can I modify the Managed identity collection on the pool while the pool has active nodes?

+Yes, but you shouldn't. While Batch doesn't prohibit mutation of the collection with active

+nodes, we recommend avoiding doing so as that leads to inconsistency in the identity collection

+if the pool scales out. We recommend to only update this property when the pool is sized zero.

+For more information, see the [Configure managed identities](managed-identity-pools.md) article.

+## Next steps

+- Learn more about available Batch [APIs and tools](batch-apis-tools.md).

+- Learn how to [check pools and nodes for errors](batch-pool-node-error-checking.md).

+| Easy integration with Azure services, such as [Storage](cdn-create-a-storage-account-with-cdn.md), [Web Apps](cdn-add-to-web-app.md), and Media Services | **&#x2713;** |**&#x2713;** |**&#x2713;** |

+- Moreover, in Teams Interop scenarios, there are the following limitations:

+ - The Teams user's display name in typing indicator event is blank.

+ - Read receipt isn't supported.

+ - Certain identities are not supported (i.e. [Bot users](/microsoftteams/platform/bots/what-are-bots), [Skype users](https://support.microsoft.com/en-us/office/use-skype-in-microsoft-teams-4382ea15-f963-413d-8982-491c1b9ae3bf), [non-enterprise users](https://support.microsoft.com/en-us/office/learn-more-about-subscriptions-for-microsoft-teams-free-1061bbd0-6d97-46a6-8ca0-21059be3eee3), etc.)

+ ### Container Apps extension v1.37.2 (September 2024)

+ - Updated Dapr-Metrics image to v0.6.8 to resolve network timeout issue

+ - Resolved issue in Log Processor which prevented MDSD container from starting when cluster is connected behind a Proxy

+Replace the placeholder value `sampleAlias` as needed. For more information on these REST calls, see [Create](/rest/api/subscription/alias/create) and [Get](/rest/api/subscription/alias/get).

+* For advanced subscription creation scenarios using REST API, see [Alias - Create](/rest/api/subscription/alias/).

+> For new Apache Airflow projects, we recommend using Apache Airflow in Microsoft Fabric. More details can be found [here](https://blog.fabric.microsoft.com/blog/introducing-data-workflows-in-microsoft-fabric?ft=All).

+> New users will not be allowed to create a new workflow orchestration manager in ADF, but existing users with a workflow orchestration manager may continue to use it but plan a migration soon.

+| Connector|Upgrade Guidance|Release stage |End of Support Date |Disabled Date |

+|:-- |:-- |:-- |:-- | :-- |

+| [Google BigQuery (legacy)](connector-google-bigquery-legacy.md)  | [Link](connector-google-bigquery.md#upgrade-the-google-bigquery-linked-service) |End of support announced and new version available | October 31, 2024 | January 10, 2025 |

+| [MariaDB (legacy driver version)](connector-mariadb.md)  | [Link](connector-mariadb.md#upgrade-the-mariadb-driver-version) | End of support announced and new version available | October 31, 2024 | January 10, 2025 |

+| [MySQL (legacy driver version)](connector-mysql.md)  | [Link](connector-mysql.md#upgrade-the-mysql-driver-version) | End of support announced and new version available | October 31, 2024| January 10, 2025|

+| [Salesforce (legacy)](connector-salesforce-legacy.md)   | [Link](connector-salesforce.md#upgrade-the-salesforce-linked-service) | End of support announced and new version available | October 11, 2024 | January 10, 2025|

+| [Salesforce Service Cloud (legacy)](connector-salesforce-service-cloud-legacy.md)   | [Link](connector-salesforce-service-cloud.md#upgrade-the-salesforce-service-cloud-linked-service) | End of support announced and new version available | October 11, 2024 |January 10, 2025 |

+| [PostgreSQL (legacy)](connector-postgresql-legacy.md)   | [Link](connector-postgresql.md#upgrade-the-postgresql-linked-service)| End of support announced and new version available |October 31, 2024 | January 10, 2025 |

+| [Snowflake (legacy)](connector-snowflake-legacy.md)   | [Link](connector-snowflake.md#upgrade-the-snowflake-linked-service) | End of support announced and new version available | October 31, 2024 | January 10, 2025 |

+| [Azure Database for MariaDB](connector-azure-database-for-mariadb.md) |/ | End of support announced |December 31, 2024 | December 31, 2024 |

+| [Concur (Preview)](connector-concur.md) |/ | End of support announced | December 31, 2024 | December 31, 2024 |

+| [Couchbase (Preview)](connector-couchbase.md) |/ | End of support announced | December 31, 2024 | December 31, 2024 |

+| [Drill](connector-drill.md) |/ | End of support announced | December 31, 2024 | December 31, 2024 |

+| [Hbase](connector-hbase.md) |/ | End of support announced | December 31, 2024 | December 31, 2024 |

+| [Magento (Preview)](connector-magento.md) |/ | End of support announced | December 31, 2024 | December 31, 2024 |

+| [Marketo (Preview)](connector-marketo.md) |/ | End of support announced | December 31, 2024| December 31, 2024 |

+| [Oracle Eloqua (Preview)](connector-oracle-eloqua.md) |/ | End of support announced | December 31, 2024 | December 31, 2024 |

+| [Oracle Responsys (Preview)](connector-oracle-responsys.md) |/ | End of support announced | December 31, 2024 | December 31, 2024 |

+| [Oracle Service Cloud (Preview)](connector-oracle-service-cloud.md) |/ | End of support announced | December 31, 2024 | December 31, 2024 |

+| [Paypal (Preview)](connector-paypal.md) |/ | End of support announced |December 31, 2024 | December 31, 2024|

+| [Phoenix](connector-phoenix.md) |/ | End of support announced | December 31, 2024 | December 31, 2024 |

+| [Salesforce Marketing Cloud](connector-salesforce-marketing-cloud.md) |/ | End of support announced | December 31, 2024 | December 31, 2024 |

+| [Zoho (Preview)](connector-zoho.md) |/ | End of support announced | December 31, 2024 | December 31, 2024 |

+| [Amazon Marketplace Web Service](connector-amazon-marketplace-web-service.md)|/ | Disabled |/ |/ |

+| Legacy ```connectionstring``` property is deprecated in favor of required parameters **Account**, **Warehouse**, **Database**, **Schema**, and **Role** | In the legacy Snowflake connector, the `connectionstring` property was used to establish a connection. |

+ai-usage: ai-assisted

+When processor usage is high and available memory is low on the self-hosted IR, add a new node to help scale out the load across machines. If activities fail because they time out or the self-hosted IR node is offline, it helps if you add a node to the gateway. To add a node, complete the following steps:

+1. [Download the SHIR setup from the Azure Data Factory portal](create-self-hosted-integration-runtime.md).

+2. Run the Installer on the node you want to add to the cluster.

+3. During the installation, select the option to join an existing integration runtime, and provide the authentication key from the existing SHIR to link the new node to the existing SHIR cluster.

+- MCW-Real-time-data-with-Azure-Database-for-PostgreSQL-Hyperscale<br/>

+Avro complex data types are not supported (records, enums, arrays, maps, unions, and fixed) in Copy Activity.

+* Complex data types are not supported (records, enums, arrays, maps, unions, and fixed).

+To create a URL for the article in a specific language, use a locale code in the following table.

+| Amharic | am | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Amharic_RevA_5-25-2022.pdf) |

+| Azerbaijani | az | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Azerbaijani_RevA_5-25-2022.pdf) |

+| Bulgarian | bg | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Bulgarian_RevA_5-25-2022.pdf) |

+| Bengali | bn | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Bengali_RevA_5-25-2022.pdf) |

+| Bosnian | bs | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Bosnian_RevA_5-25-2022.pdf) |

+| Danish | da | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Danish_RevA_5-25-2022.pdf) |

+| Greek | el | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Greek_RevA_5-25-2022.pdf) |

+| Estonian | et | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Estonian_RevA_5-25-2022.pdf) |

+| Finnish | fi | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Finnish_RevA_5-25-2022.pdf) |

+| Hebrew | he | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Hebrew_RevA_5-25-2022.pdf) |

+| Hindi | hi | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Hindi_RevA_5-25-2022.pdf) |

+| Croatian | hr | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Croatian_RevA_5-25-2022.pdf) |

+| Hungarian | hu | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Hungarian_RevA_5-25-2022.pdf) |

+| Icelandic | is | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Icelandic_RevA_5-25-2022.pdf) |

+| Georgian | ka | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Georgian_RevA_5-25-2022.pdf) |

+| Lithuanian | lt | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Lithuanian_RevA_5-25-2022.pdf) |

+| Latvian | lv | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Latvian_RevA_5-25-2022.pdf) |

+| Macedonian | mk | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Macedonian_RevA_5-25-2022.pdf) |

+| Mongolian | mn | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Mongolian_RevA_5-25-2022.pdf) |

+| Malay | ms | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Malay_RevA_5-25-2022.pdf) |

+| Maltese | mt | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Maltese_RevA_5-25-2022.pdf) |

+| Norwegian Bokmål | nb | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Norwegian_RevA_5-25-2022.pdf) |

+| Nepali | ne | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Nepali_RevA_5-25-2022.pdf) |

+| Romanian | ro | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Romanian_RevA_5-25-2022.pdf) |

+| Slovak | sk | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Slovak_RevA_5-25-2022.pdf) |

+| Slovenian | sl | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Slovenian_RevA_5-25-2022.pdf) |

+| Montenegrin | sr | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Montenegrin_RevA_5-25-2022.pdf) |

+| Serbian | sr | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Serbian_RevA_5-25-2022.pdf) |

+| Kiswahili | sw | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Kiswahili_RevA_5-25-2022.pdf) |

+| Thai | th | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Thai_RevA_5-25-2022.pdf) |

+| Turkmen | tk | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Turkmen_RevA_5-25-2022.pdf) |

+| Ukrainian | uk | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Ukrainian_RevA_5-25-2022.pdf) |

+| Urdu | ur | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Urdu_RevA_5-25-2022.pdf) |

+| Uzbek | uz | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Uzbek_RevA_5-25-2022.pdf) |

+| Vietnamese | vi | [Download PDF](https://github.com/Azure-Samples/azure-stack-edge-deploy-vms/AzureStackEdgePro2Safety/MicrosoftAzureStackEdgePro2_SafetyGuide_Vietnamese_RevA_5-25-2022.pdf) |

+- [Prepare to deploy Azure Stack Edge Pro 2 device](azure-stack-edge-pro-2-deploy-prep.md).

+## New data partitions with static IP private endpoints

+It is preferable to create private endpoints with dynamic IP to enable dynamic data partition creation. If you initiate the creation of new data partitions with static IPs private endpoint, it will fail. Each new data partition requires three additional static IPs which the static IP private endpoint is not able to provide.

+To create new data partitions successfully with static IP private endpoint, follow the below steps:

+1. Create a new private endpoint with either dynamic IP or enable public access.

+2. Delete existing private endpoint with static IP from Azure Data Manager for Energy instance and delete it from Azure resources also.

+3. Create new data partitions successfully.

+4. Delete the newly created private endpoint with dynamic IP and/or disable public access.

+5. Create a new private endpoint with static IP. This step will now ask to assign additional static IPs needed for new data partition.

+[](media/how-to-manage-private-links/private-links-19-static-ip.png#lightbox)

+| Features and optimizations | Front Door Standard | Front Door Premium | Front Door (classic) | CDN Standard from Microsoft (classic) | CDN Standard from Edgio | CDN Premium from Edgio |

+| Managed Identities with Azure Key Vault | &check; | &check; | | &check; | | |

+## Services on retirement path

+The following table lists services that are on retirement path, frequently asked questions regarding retirement, and migration guidance.

+| Details | Front Door (classic) | CDN Standard from Microsoft (classic) | CDN Standard from Akamai |

+| | | | |

+| Retirement Date | March 31, 2027 | September 30, 2027 | December 31, 2023 |

+| Date till new resources can be created | March 31, 2025 | September 30, 2025 | Service is already retired |

+| Documentation | [Azure update](https://azure.microsoft.com/updates/azure-front-door-classic-will-be-retired-on-31-march-2027/), [FAQ](classic-retirement-faq.md) | [Azure update](https://azure.microsoft.com/updates/v2/Azure-CDN-Standard-from-Microsoft-classic-will-be-retired-on-30-September-2027), [FAQ](../cdn/classic-cdn-retirement-faq.md) | [FAQ](../cdn/akamai-retirement-faq.md)|

+| Migration | [Considerations](tier-migration.md), [Step-by-step instructions](migrate-tier.md) | [Considerations](../cdn/tier-migration.md), [Step-by-step instructions](../cdn/migrate-tier.md) | Service is already retired |

+* [Submitting Spark Applications via Spark-submit utility](https://archive.apache.org/dist/spark/docs/2.4.0/submitting-applications.html)

+* [Submitting Spark Applications via Spark-submit utility](https://archive.apache.org/dist/spark/docs/2.4.0/submitting-applications.html)

+In this article, you learn how to enable diagnostic logging in Azure API for FHIR&reg; and be able to review sample queries for these logs. Access to diagnostic logs is essential for any healthcare service where compliance with regulatory requirements (such as HIPAA) is a must. The feature in Azure API for FHIR that enables diagnostic logs is the [**Diagnostic settings**](/azure/azure-monitor/essentials/diagnostic-settings) in the Azure portal.

+You can view the metrics under Monitoring | Metrics from the portal. The metrics include Number of Requests, Average Latency, Number of Errors, Data Size, request units (RUs) Used, Number of requests that exceeded capacity, and Availability (in %). The Total Request Metrics provides the number of requests reaching the FHIR service. This means requests such as FHIR bundles are considered as single request for logging.

+The following screenshot shows RUs used for a sample environment with few activities in the last seven days. You can download the data in Json format.

+ 1. **Archive to a storage account** for auditing or manual inspection. The storage account you want to use needs to already be created.

+ 3. **Stream to the Log Analytics** workspace in Azure Monitor. You need to create your Logs Analytics Workspace before you can select this option.

+6. Select **AuditLogs** and/or **AllMetrics**. The metrics include service name, availability, data size, total latency, total requests, total errors, and timestamp. Find more detail on [supported metrics](/azure/azure-monitor/essentials/metrics-supported#microsofthealthcareapisservices).

+For more information on how to work with diagnostic logs, refer to the [Azure Resource Log documentation](/azure/azure-monitor/essentials/platform-logs-overview).

+At this time, the Azure API for FHIR service returns the following fields in the audit log.

+|CallerIdentityIssuer|String|Issuer |

+|CallerIdentityObjectId|String|Object_Id |

+|CallerIPAddress|String|The callerΓÇÖs IP address |

+|CorrelationId|String| Correlation ID |

+|FhirResourceType|String|The resource type for which the operation was executed |

+|LogCategory|String|The log category (currently returning ΓÇÿAuditLogsΓÇÖ LogCategory) |

+|Location|String|The location of the server that processed the request (for example, South Central US) |

+|OperationDuration|Int|The time it took to complete this request in seconds. **Note** : This value is always set to 0, due to a known issue |

+|OperationName|String| Describes the type of operation (for example, update, search-type) |

+|RequestUri|String|The request URI |

+|ResultType|String|The available values currently are **Started**, **Succeeded**, or **Failed** |

+|StatusCode|Int|The HTTP status code. (for example, 200) |

+|Properties|String| Describes the properties of the fhirResourceType |

+|SourceSystem|String| Source System (always Azure in this case) |

+|TenantId|String|Tenant ID |

+|Type|String|Type of log (always MicrosoftHealthcareApisAuditLog in this case) |

+|_ResourceId|String|Details about the resource |

+Run the following query to see the **100 most recent** logs.

+Run the following query to group operations by **FHIR Resource Type**.

+Run the following query to get all the **failed results**.

+Having access to diagnostic logs is essential for monitoring a service and providing compliance reports. Azure API for FHIR allows you to take these actions through diagnostic logs.

+The Bulk Export feature allows data to be exported from the FHIR&reg; Server per the [FHIR specification](https://www.hl7.org/fhir/uv/bulkdata/).

+Before using `$export`, make sure that the Azure API for FHIR is configured to use it. For configuring export settings and creating an Azure storage account, refer to the [configure export data page](configure-export-data.md).

+After configuring the Azure API for FHIR for export, you can use the `$export` command to export the data out of the service. The data is stored in the storage account you specified while configuring export. To learn how to invoke the `$export` command in FHIR server, read documentation in the [HL7 FHIR $export specification](https://www.hl7.org/fhir/uv/bulkdata/).

+In some situations, a job may get stuck in a bad state. This can occur if the storage account permissions havenΓÇÖt been set up properly. One way to validate an export is to check your storage account to see if the corresponding container (that is, `ndjson`) files are present. If they arenΓÇÖt present, and there are no other export jobs running, then it's possible the current job is stuck in a bad state. You should cancel the export job by sending a cancellation request and try requeuing the job again. Our default run time for an export in bad state is 10 minutes before it will stop and move to a new job or retry the export.

+The Azure API For FHIR supports `$export` at the following levels:

+Data is exported in multiple files, each containing resources of only one type. The number of resources in an individual file will be limited. The maximum number of resources is based on system performance. It's currently set to 5,000, but can change. The result is that you might get multiple files for a resource type. The file names follow the format 'resourceName-number-number.ndjson'. The order of the files isn't guaranteed to correspond to any ordering of the resources in the database.

+In addition, checking the export status through the URL returned by the location header during the queuing is supported, along with canceling the actual export job.

+Currently we support `$export` for ADLS Gen2 enabled storage accounts, with the following limitations:

+- Users canΓÇÖt take advantage of [hierarchical namespaces](../../storage/blobs/data-lake-storage-namespace.md) - there isn't a way to target an export to a specific subdirectory within a container. We only provide the ability to target a specific container (where a new folder is created for each export).

+- Once an export is complete, nothing is ever exported to that folder again. Subsequent exports to the same container will be inside a newly created folder.

+There are two required header parameters that must be set for `$export` jobs. The values are defined by the current [$export specification](https://www.hl7.org/fhir/uv/bulkdata/).

+The Azure API for FHIR supports the following query parameters. All of these parameters are optional.

+| \_since | Yes | Allows you to only export resources that have been modified since the time provided. |

+| \_type | Yes | Allows you to specify which types of resources will be included. For example, \_type=Patient would return only patient resources.|

+| \_typefilter | Yes | To request finer-grained filtering, you can use \_typefilter along with the \_type parameter. The value of the _typeFilter parameter is a comma-separated list of FHIR queries that further restrict the results. |

+| \_container | No | Specifies the container within the configured storage account where the data should be exported. If a container is specified, the data is exported into a folder in that container. If the container isnΓÇÖt specified, the data is exported to a new container. |

+| \_till | No | Allows you to only export resources that have been modified up to the time provided. This parameter is only applicable to System-Level export. In this case, if historical versions haven't been disabled or purged, export guarantees a true snapshot view. In other words, enables time travel. |

+|includeAssociatedData | No | Allows you to export history and soft deleted resources. This filter doesn't work with the '_typeFilter' query parameter. Include the value as '_history' to export history (non-latest versioned) resources. Include the value as '_deleted' to export soft deleted resources. |

+|\_isparallel| No |The "_isparallel" query parameter can be added to the export operation to enhance its throughput. The value needs to be set to true to enable parallelization. Note: Using this parameter may result in an increase in request units consumption over the life of export. |

+> There is a known issue with the `$export` operation that could result in incomplete exports with status success. The issue occurs when the is_parallel flag was used. Export jobs executed with _isparallel query parameter starting February 13th, 2024 are impacted with this issue.

+Azure API for FHIR supports a secure export operation. Choose one of the following two options.

+This option provides two different configurations depending on whether the storage account is in the same or different location as the Azure API for FHIR.

+You're now ready to export FHIR data to the storage account securely. Note: The storage account is on selected networks and isnΓÇÖt publicly accessible. To access the files, you can either enable and use private endpoints for the storage account, or enable all networks for the storage account for a short period of time.

+In this article, you learned how to export FHIR resources using `$export` command. Next, to learn how to export de-identified data, see

+ Title: Configure Private Endpoint network access to Azure Health Data Services de-identification service

+description: Learn how to restrict network access to your de-identification service.

+# customer intent: As an IT admin, I want to restrict network access to a de-identification service to a private endpoint in a virtual network.

+# Configure Private Endpoint network access to Azure Health Data Services de-identification service (preview)

+Azure Private Link enables you to access Azure services over a **private endpoint** in your virtual network.

+A private endpoint is a network interface that connects you privately and securely to an Azure service which supports Azure Private Link. The private endpoint uses a private IP address from your virtual network, effectively bringing the service into your virtual network. All traffic to the service is routed through the private endpoint, so no gateways, NAT devices, ExpressRoute or VPN connections, or public IP addresses are needed. Traffic between your virtual network and the service traverses the Microsoft backbone network, eliminating exposure from the public Internet. You can restrict connections to specific instances of an Azure service, giving you the highest level of granularity in access control.

+For more information, see [What is Azure Private Link?](../../private-link/private-link-overview.md)

+## Add a private endpoint using the Azure portal

+### Prerequisites

+> [!IMPORTANT]

+> Before enabling Private Endpoint access to your de-identification service (preview), you will need to [create a support request](/azure/azure-portal/supportability/how-to-create-azure-support-request) to request access to this feature for your subscription.

+> Create the request under **Azure Health Data Services > General question > De-identification service > Configuration and management**

+- A de-identification service in your Azure subscription. If you don't have a de-identification service, follow the steps in [Quickstart: Deploy the de-identification service](quickstart.md).

+- Owner or contributor permissions for the de-identification service.

+

+### Create a private endpoint

+Follow the steps at [Quickstart: Create a private endpoint by using the Azure portal](/azure/private-link/create-private-endpoint-portal).

+- Instead of a webapp, create a private endpoint to a de-identification service (preview).

+- When you reach [Create a private endpoint](/azure/private-link/create-private-endpoint-portal?tabs=dynamic-ip#create-a-private-endpoint), step 5, enter resource type **Microsoft.HealthDataAIServices/deidServices**.

+- Your private endpoint and virtual network must be in the same region. When you select a region for the private endpoint using the portal, it automatically filters virtual networks that are in that region. Your de-identification service can be in a different region.

+- When you reach [Test connectivity to the private endpoint](/azure/private-link/create-private-endpoint-portal?tabs=dynamic-ip#test-connectivity-to-the-private-endpoint) steps 8 and 10, use the service URL of your de-identification service plus the `/health` path.

+### Configure private access

+> [!IMPORTANT]

+> Creating a private endpoint does **not** restrict public network access automatically.

+When creating a de-identification service (preview), you can either allow public only (from all networks) or private only (only via private endpoints) access to the de-identification service.

+If you already have a de-identification service, you can configure network access by going to the service's Azure portal **Networking** page, and under **Public network access**, selecting **Disabled**.

+## Manage private endpoints using Azure portal

+When you create a private endpoint, the connection must be approved. If the resource for which you're creating a private endpoint is in your directory, you can approve the connection request provided you have sufficient permissions. If you're connecting to an Azure resource in another directory, you must wait for the owner of that resource to approve your connection request.

+There are four provisioning states:

+| Service action | Service consumer private endpoint state | Description |

+|--|--|--|

+| None | Pending | Connection is created manually and is pending approval from the target resource owner. |

+| Approve | Approved | Connection was automatically or manually approved and is ready to be used. |

+| Reject | Rejected | The target resource owner rejected the connection. |

+| Remove | Disconnected | The target resource owner removed the connection. The private endpoint should be deleted for cleanup. |

+

+### Approve, reject, or remove a private endpoint connection

+1. Sign in to the Azure portal.

+2. In the search bar, type in **de-id**.

+3. Select the **de-identification service** that you want to manage.

+4. Select the **Networking** tab.

+5. Go to the appropriate following section based on the operation you want to: approve, reject, or remove.

+### Approve a private endpoint connection

+1. If there are any connections that are pending, you see a connection listed with **Pending** in the provisioning state.

+2. Select the **private endpoint** you wish to approve

+3. Select the **Approve** button.

+4. On the **Approve connection** page, add a comment (optional), and select **Yes**. If you select **No**, nothing happens.

+5. You should see the status of the private endpoint connection in the list changed to **Approved**.

+### Reject a private endpoint connection

+1. If there are any private endpoint connections you want to reject, whether it's a pending request or existing connection, select the connection and select the **Reject** button.

+2. On the **Reject connection** page, enter a comment (optional), and select **Yes**. If you select **No**, nothing happens.

+3. You should see the status of the private endpoint connection in the list changed to **Rejected**.

+### Remove a private endpoint connection

+1. To remove a private endpoint connection, select it in the list, and select **Remove** on the toolbar.

+2. On the **Delete connection** page, select **Yes** to confirm the deletion of the private endpoint. If you select **No**, nothing happens.

+3. You should see the status changed to **Disconnected**. Then, the endpoint disappears from the list.

+## Limitations and design considerations

+- For pricing information, see [Azure Private Link pricing](https://azure.microsoft.com/pricing/details/private-link/).

+- This feature is available in all Azure public regions.

+- Because network traffic is blocked at the application layer, you can still ping the public endpoint of your service even though public network access is disabled.

+For more, see [Azure Private Link service: Limitations](../../private-link/private-link-service-overview.md#limitations)

+## Related content

+- Learn more about [Azure Private Link](../../private-link/private-link-service-overview.md)

+## Certificate information

+The certificate used to enable the TLS connection is issued by: **Microsoft Azure RSA TLS Issuing CA 03**. Devices that download content over TLS from the Device Update service will need to be provisioned with one or more certificates that have Microsoft Azure RSA TLS Issuing CA 03 as their root.

+* [Git](https://git-scm.com/downloads/).

+ **Network Requirements** | Access to the following endpoints: <br/><br/> https://dc.services.visualstudio.com/v2/track <br/><br/> [Azure CLI endpoints for proxy bypass](/cli/azure/azure-cli-endpoints)

+> Ensure that you have curl installed on the server. For Ubuntu, you can install it using the command `sudo apt-get install curl`, and for other OS (RHEL), you can use the command `yum install curl`.

+> - Ensure that you have curl installed on the server. For Ubuntu, you can install it using the command `sudo apt-get install curl`, and for other OS (RHEL), you can use the `yum install curl` command.

+To migrate workloads running on Amazon Linux, you can spin up a RHEL VM in Azure. Then you can migrate the workload running on the AWS Linux machine by using a relevant workload migration approach. For example, depending on the workload, there might be workload-specific tools to aid the migration. These tools might be for databases or deployment tools for web servers.

+ - RHEL: etc/redhat-release

+> [!IMPORTANT]

+> Azure Operator Nexus does not support ephemeral volumes. Nexus recommends that the persistent volume storage mechanisms described in this document are used for all workload volumes as these provide the highest levels of performance and availability. All storage in Azure Operator Nexus is provided by the storage appliance. There is no support for storage provided by baremetal machine disks.

+In this article, you can learn how to use Azure Policy to secure and validate the compliance status of your Nexus resources.

+- **Policy Definitions**: The rules that your resources need to comply with. They can be built-in or custom.

+1. **Explore built-in policies**: Review built-in policies relevant to Nexus Bare Metal Machine (BMM) and Compute Cluster resources.

+The Operator Nexus service offers a built-in policy definition that is recommended to assign to your Nexus BMM resources. This policy definition is called **[Preview]: Nexus compute machines should meet security baseline**. This policy definition is used to ensure that your Nexus BMM resources are configured with industry best practice security settings.

+## Use Azure Policy to secure your Nexus Kubernetes Compute Cluster resources

+The Operator Nexus service offers a built-in initiative definition that is recommended to assign to your Nexus Kubernetes Compute Cluster resources. This initiative definition is called **[Preview]: Nexus compute cluster should meet security baseline**. This initiative definition is used to ensure that your Nexus Kubernetes Compute Cluster resources are configured with industry best practice security settings.

+- [[Preview]: Nexus compute cluster should meet security baseline](https://portal.azure.com/#blade/Microsoft_Azure_Policy/InitiativeDetail.ReactView/id/%2Fproviders%2FMicrosoft.Authorization%2FpolicySetDefinitions%2F336cb876-5cb8-4795-b9d1-bd9323d3487e)

+### Customizing Policies

+- Customize policies considering the unique aspects of the specific resources.

+Whether you're securing Nexus BMM resources or Nexus Kubernetes Compute Clusters, the process of applying and validating policies is similar. Here's a generalized approach:

+ - For Nexus Kubernetes Compute Clusters, consider the recommended **[Preview]: Nexus compute cluster should meet security baseline** initiative.

+1. **End of support:**

+ - Nexus will stop supporting the oldest supported LTS version shortly before adding support for new LTS version (that is before the next LTS version is ready for testing in labs).

+ - Introduction of a new LTS release may, in rare cases, require a specific upgrade ordering and a timeline.

+ - Depending on severity of Common Vulnerabilities & Exposures (CVE) fixes or blocker issues, a Purity version may be verified and introduced outside of a runtime release.

+| 6.5.8 | Nexus 2408.2 | Dec 2025* | |

+## Supported Pure FlashArray Expansion Shelf firmware versions

+Azure Operator Nexus supports and tests the latest combination of a Purity version and FlashArray expansion shelf version (DFS) at the time of a Nexus release.

+| PurityOS Version | DFS Version|

+|||

+| 6.5.8 | 2.2.1 |

+<!-- You can find Informatica Intelligent Data Management Cloud - Azure Native ISV Service in the [Azure portal](https://portal.azure.com/) or get it on [Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/).-->

+Event Hubs implements transparent failure detection and failover mechanisms so that, when failure occurs, the service continues to operate within the assured service-levels and without noticeable interruptions. If you create an Event Hubs namespace in a region that supports availability zones, [zone redundancy](./availability-zones-overview.md#zonal-and-zone-redundant-services) is automatically enabled. With zone-redundancy, fault tolerance is increased and the service has enough capacity reserves to cope with the outage of an entire facility. Both metadata and data (events) are replicated across data centers in each zone.

+When you create availability zones in a region that supports them, availability zones are automatically enabled. If you wish to learn how to move your Event Hubs namespace to a new region that supports availability zones, see

+ The Geo-disaster recovery feature of Azure Event Hubs is a disaster recovery solution. The concepts and workflow described in this article apply to disaster scenarios, and not to temporary outages. For a detailed discussion of disaster recovery in Microsoft Azure, see [this article](/azure/architecture/resiliency/disaster-recovery-azure-applications).

+ For detailed information, samples, and further documentation, on Geo-Disaster recovery in Event Hubs, see [Azure Event Hubs - Geo-disaster recovery](../event-hubs/event-hubs-geo-dr.md).

+ For detailed information, samples, and further documentation, on Geo-replication in Event Hubs, see [Geo-replication ](../event-hubs/geo-replication.md).

+Event Grid is deeply integrated with other Azure services and can be integrated with third-party services. It simplifies event consumption and lowers costs by eliminating the need for constant polling. Event Grid efficiently and reliably routes events from Azure and non-Azure resources. It distributes the events to registered subscriber endpoints. The event message has the information you need to react to changes in services and applications.

+SQL as PaaS configured with active geo-replication on Azure.<br/><br/>This deployment type includes managed instances, elastic pools, and single databases. | Auto-failover groups | RTO of one hour. | RPO of five seconds.<br/><br/>Auto-failover groups provide the group semantics on top of active geo-replication. But the same asynchronous replication mechanism is used.

+### Does Azure Site Recovery Work with SQL Transactional Replication?

+Due to Azure Site Recovery using file-level copy, SQL cannot guarantee that the servers in an associated SQL replication topology are in sync at the time of Azure Site Recovery failover. This may cause the log reader and/or distribution agents to fail due to LSN mismatch, which can break replication. If you failover the publisher, distributor, or subscriber in a replication topology, you need to rebuild replication. It is recommended to [reinitialize the subscription to SQL Server](/sql/relational-databases/replication/reinitialize-a-subscription).

+* VMware VMs that don't have DHCP enabled , irrespective of whether they are using DHCP or static IP addresses.

+**Start Date** and **End Date**: The start and end dates of the profiling data considered for report generation. By default, the start date is the date when profiling starts, and the end date is the date when profiling stops. This can be the `StartDate` and `EndDate` values if the report is generated with these parameters.

+**Number of compatible virtual machines**: The total number of compatible virtual machines for which the required network bandwidth, required number of storage accounts, Microsoft Azure cores, configuration servers and extra process servers are calculated.

+**Total number of disks across all compatible virtual machines**: The number that's used as one of the inputs to decide the number of configuration servers and extra process servers to be used in the deployment.

+**Average number of disks per compatible virtual machine**: The average number of disks calculated across all compatible virtual machines.

+**Average disk size (GB)**: The average disk size calculated across all compatible virtual machines.

+**Desired RPO (minutes)**: Either the default recovery point objective or the value passed for the `DesiredRPO` parameter at the time of report generation to estimate required bandwidth.

+**Desired bandwidth (Mbps)**: The value that you have passed for the `Bandwidth` parameter at the time of report generation to estimate achievable RPO.

+**Observed typical data churn per day (GB)**: The average data churn observed across all profiling days. This number is used as one of the inputs to decide the number of configuration servers and extra process servers to be used in the deployment.

+**Profiled data period**: The period during which the profiling was run. By default, the tool includes all profiled data in the calculation, unless it generates the report for a specific period by using `StartDate` and `EndDate` options during report generation.

+**Server Name**: The name or IP address of the VMware vCenter or ESXi host whose virtual machinesΓÇÖ report is generated.

+**Total Profiled Virtual Machines**: The total number of virtual machines whose profiled data is available. If the VMListFile has names of any virtual machines which weren't profiled, the report generation excludes those VMs and does not count them among the total profiled virtual machine.

+**Compatible Virtual Machines**: The number of virtual machines that can be protected to Azure by using Site Recovery. The calculation of required network bandwidth, storage accounts, Azure cores, configuration servers, and additional process servers is based on the total number of compatible virtual machines. The details of every compatible virtual machine are available in the *Compatible virtual machines* section.

+**Incompatible Virtual Machines**: The number of profiled virtual machines that are incompatible for protection with Site Recovery. The reasons for incompatibility are noted in the *Incompatible virtual machines* section. If the VMListFile has names of any virtual machines that weren't profiled, those virtual machines are excluded from the incompatible virtual machines count. These virtual machines are listed as "Data not found" at the end of the *Incompatible virtual machines* section.

+**To meet RPO 100 percent of the time:** The recommended bandwidth in Mbps to be allocated to meet your desired RPO 100 percent of the time. This amount of bandwidth must be dedicated for steady-state delta replication of all your compatible virtual machines to avoid any RPO violations.

+**To meet RPO 90 percent of the time**: If broadband pricing or other factors prevent you from setting the necessary bandwidth to achieve your desired RPO 100 percent of the time, you can opt for a lower bandwidth setting that meets your desired RPO 90 percent of the time. To understand the implications of setting this lower bandwidth, the report provides a what-if analysis on the number and duration of RPO violations to expect.

+**Achieved Throughput:** The throughput from the server on which you run the GetThroughput command to the Microsoft Azure region where the storage account is located. This throughput number indicates the estimated level that you can achieve when you protect the compatible virtual machines by using Site Recovery, provided that your configuration server or process server storage and network characteristics remain the same as that of the server from which you run the tool.

+If you're running the tool on a configuration server or process server that already has protected virtual machines, run the tool a few times. The achieved throughput number changes depending on the amount of churn being processed then.

+The following chart shows the total number of storage accounts (standard and premium) that are required to protect all the compatible virtual machines. To learn which storage account to use for each virtual machine, see the *VM-storage placement* section. If you're using v2.5 of Deployment Planner, this recommendation only shows the number of standard cache storage accounts which are needed for replication since the data is being directly written to Managed Disks.

+This result is the total number of cores to be set up before failover or test failover of all the compatible virtual machines. If too few cores are available in the subscription, Site Recovery fails to create virtual machines at the time of test failover or failover.

+This figure is the total number of configuration servers and extra process servers to be configured that would suffice to protect all the compatible virtual machines. Depending on the supported [size recommendations for the configuration server](./site-recovery-plan-capacity-vmware.md#size-recommendations-for-the-configuration-server-and-inbuilt-process-server), the tool might recommend extra servers. The recommendation is based on the larger of either the per-day churn or the maximum number of protected virtual machines (assuming an average of three disks per virtual machine), whichever is hit first on the configuration server or the extra process server. You'll find the details of total churn per day and total number of protected disks in the "On-premises summary" section.

+Based on this analysis, you can decide if the number of RPO violations across all days and peak RPO hit per day is acceptable with the specified lower bandwidth. If it's acceptable, you can allocate the lower bandwidth for replication, else allocate the higher bandwidth as suggested to meet the desired RPO 100 percent of the time.

+### Recommended virtual machine batch size for initial replication

+In this section, we recommend the number of virtual machines that can be protected in parallel to complete the initial replication within 72 hours with the suggested bandwidth to meet desired RPO 100 percent of the time being set. This value is configurable value. To change it at report-generation time, use the *GoalToCompleteIR* parameter.

+The graph here shows a range of bandwidth values and a calculated virtual machine batch size count to complete initial replication in 72 hours, based on the average detected virtual machine size across all the compatible virtual machines.

+In the public preview, the report does not specify which virtual machines should be included in a batch. You can use the disk size shown in the *Compatible VMs* section to find each virtual machineΓÇÖs size and select them for a batch, or you can select the virtual machines based on known workload characteristics. The completion time of the initial replication changes proportionally, based on the actual virtual machine disk size, used disk space, and available network throughput.

+

+The summary helps you to understand the cost that you need to pay for storage, compute, network, and license when you protect all your compatible virtual machines to Azure using Azure Site Recovery. The cost is calculated on for compatible virtual machines and not on all the profiled virtual machines.

+The total DR cost is divided into four components: Compute, Storage, Network, and Azure Site Recovery license cost. The cost is calculated based on the consumption that is incurred during replication and at DR drill time for compute, storage (premium and standard), ExpressRoute/VPN that is configured between the on-premises site and Azure, and Azure Site Recovery license.

+**Replication cost**: The cost that is incurred during replication. It covers the cost of storage, network, and Azure Site Recovery license.

+**DR-Drill cost**: The cost that is incurred during test failovers. Azure Site Recovery spins up virtual machines during test failover. The DR drill cost covers the running virtual machinesΓÇÖ compute and storage cost.

+It shows the total storage cost that is incurred for premium and standard storage for replication and DR drill.

+You can view detailed cost analysis per virtual machine in the [Cost Estimation](site-recovery-vmware-deployment-planner-cost-estimation.md) sheet.

+This section at the bottom of the sheet shows the percentile value used for all the performance counters of the profiled virtual machines (default is 95th percentile), and the growth factor (default is 30 percent) that's used in all the calculations.

+You might have a situation where you know that you cannot set a bandwidth of more than x Mbps for Site Recovery replication. The tool allows you to input available bandwidth (using the -Bandwidth parameter during report generation) and get the achievable RPO in minutes. With this achievable RPO value, you can decide whether you need to set up extra bandwidth or you're OK with having a disaster recovery solution with this RPO.

+## virtual machine-storage placement

+

+**Replication Storage Type**: Either a standard or premium managed disk, which is used to replicate all the corresponding virtual machines mentioned in the **VMs to Place** column.

+**Suggested Prefix for Storage Account**: The suggested three-character prefix that can be used for naming the cache storage account. You can use your own prefix, but the tool's suggestion follows the [partition naming convention for storage accounts](../storage/blobs/storage-performance-checklist.md).

+**Placement Summary**: A summary of the disks needed to protected virtual machines by storage type. It includes the total number of virtual machines, total provisioned size across all disks, and total number of disks.

+**Virtual Machines to Place**: A list of all the virtual machines that should be placed on the given storage account for optimal performance and use.

+## Compatible virtual machines

+

+**Virtual machine Name**: The virtual machine name or IP address that's used in the VMListFile when a report is generated. This column also lists the disks (VMDKs) that are attached to the virtual machines. To distinguish vCenter virtual machines with duplicate names or IP addresses, the names include the ESXi host name. The listed ESXi host is the one where the virtual machine was placed when the tool discovered during the profiling period.

+**Virtual machine Compatibility**: Values are **Yes** and **Yes\***. **Yes**\* is for instances in which the virtual machine is a fit for [premium SSDs](/azure/virtual-machines/disks-types). Here, the profiled high-churn or Input/output operations per second (IOPS) disk fits in the P20 or P30 category, but the size of the disk causes it to be mapped down to a P10 or P20. The storage account decides which premium storage disk type to map a disk to, based on its size. For example:

+For example, if the workload characteristics of a disk put it in the P20 or P30 category, but the size maps it down to a lower premium storage disk type, the tool marks that virtual machine as **Yes**\*. The tool also recommends that you either change the source disk size to fit into the recommended premium storage disk type or change the target disk type post-failover.

+**Peak R/W IOPS (with Growth Factor)**: The peak workload read/write IOPS on the disk (default is 95th percentile), including the future growth factor (default is 30 percent). The total read/write IOPS of a virtual machine isn't always the sum of the virtual machineΓÇÖs individual disksΓÇÖ read/write IOPS, because the peak read/write IOPS of the virtual machine is the peak of the sum of its individual disks' read/write IOPS during every minute of the profiling period.

+**Peak Data Churn in Mbps (with Growth Factor)**: The peak churn rate on the disk (default is 95th percentile), including the future growth factor (default is 30 percent). The total data churn of the virtual machine isn't always the sum of the virtual machineΓÇÖs individual disksΓÇÖ data churn, because the peak data churn of the virtual machine is the peak of the sum of its individual disks' churn during every minute of the profiling period.

+**Azure virtual machine Size**: The ideal mapped Azure Cloud Services virtual machine size for this on-premises virtual machine. The mapping is based on the on-premises virtual machineΓÇÖs memory, number of disks/cores/NICs, and read/write IOPS. The recommendation is always the lowest Azure virtual machine size that matches all of the on-premises virtual machine characteristics.

+**Number of Disks**: The total number of virtual machine disks (VMDKs) on the virtual machine.

+**Disk size (GB)**: The total setup size of all disks of the virtual machine. The tool also shows the disk size for the individual disks in the virtual machine.

+**Cores**: The number of CPU cores on the virtual machine.

+**Memory (MB)**: The RAM on the virtual machine.

+**NICs**: The number of NICs on the virtual machine.

+**Boot Type**: Boot type of the virtual machine. It can be either BIOS or EFI. Currently Azure Site Recovery supports Windows Server EFI virtual machines (Windows Server 2012, 2012 R2 and 2016) provided the number of partitions in the boot disk is less than 4 and boot sector size is 512 bytes. To protect EFI virtual machines, Azure Site Recovery mobility service version must be 9.13 or later. Only failover is supported for EFI virtual machines. Failback isn't supported.

+**OS Type**: It's OS type of the virtual machine. It can be either Windows or Linux or other based on the chosen template from virtual machineware vSphere while creating the virtual machine.

+## Incompatible virtual machines

+![Excel spreadsheet of incompatible virtual machines

+**Virtual machine Name**: The virtual machine name or IP address that's used in the VMListFile when a report is generated. This column also lists the VMDKs that are attached to the virtual machines. To distinguish vCenter virtual machines with duplicate names or IP addresses, the names include the ESXi host name. The listed ESXi host is the one where the virtual machine was placed when the tool discovered during the profiling period.

+**Virtual machine Compatibility**: Indicates why the given virtual machine is incompatible for use with Site Recovery. The reasons are described for each incompatible disk of the virtual machine and, based on published [storage limits](../storage/common/scalability-targets-standard-account.md), can be any of the following:

+* Total virtual machine size (replication + TFO) exceeds the supported storage-account size limit (35 TB). This incompatibility usually occurs when a single disk in the virtual machine has a performance characteristic that exceeds the maximum supported Azure or Site Recovery limits for standard storage. Such an instance pushes the virtual machine into the premium storage zone. However, the maximum supported size of a premium storage account is 35 TB, and a single protected virtual machine cannot be protected across multiple storage accounts. Also note that when a test failover is executed on a protected virtual machine, it runs in the same storage account where replication is progressing. In this instance, set up 2x the size of the disk for replication to progress and test failover to succeed in parallel.

+* Source IOPS exceeds supported storage IOPS limit of 80,000 per virtual machine.

+* Peak data churn across all disks on the virtual machine exceeds the maximum supported Site Recovery peak data churn limit of 54 MB/s per virtual machine.

+**Peak R/W IOPS (with Growth Factor)**: The peak workload IOPS on the disk (default is 95th percentile), including the future growth factor (default is 30 percent). The total read/write IOPS of the virtual machine isn't always the sum of the virtual machineΓÇÖs individual disksΓÇÖ read/write IOPS, because the peak read/write IOPS of the virtual machine is the peak of the sum of its individual disks' read/write IOPS during every minute of the profiling period.

+**Peak Data Churn in Mbps (with Growth Factor)**: The peak churn rate on the disk (default 95th percentile) including the future growth factor (default 30 percent). The total data churn of the virtual machine isn't always the sum of the virtual machineΓÇÖs individual disksΓÇÖ data churn, because the peak data churn of the virtual machine is the peak of the sum of its individual disks' churn during every minute of the profiling period.

+**Number of Disks**: The total number of VMDKs on the virtual machine.

+**Disk size (GB)**: The total setup size of all disks of the virtual machine. The tool also shows the disk size for the individual disks in the virtual machine.

+**Cores**: The number of CPU cores on the virtual machine.

+**Memory (MB)**: The amount of RAM on the virtual machine.

+**NICs**: The number of NICs on the virtual machine.

+**Boot Type**: Boot type of the virtual machine. It can be either BIOS or EFI. Currently Azure Site Recovery supports Windows Server EFI virtual machines (Windows Server 2012, 2012 R2 and 2016) provided the number of partitions in the boot disk is less than 4 and boot sector size is 512 bytes. To protect EFI virtual machines, Azure Site Recovery mobility service version must be 9.13 or above. Only failover is supported for EFI virtual machines. Failback isn't supported.

+**OS Type**: It's OS type of the virtual machine. It can be either Windows or Linux or other based on the chosen template from VMware vSphere while creating the virtual machine.

+Peak data churn across all disks on a virtual machine | 54 MB/s

+These are average numbers assuming a 30 percent I/O overlap. Site Recovery is capable of handling higher throughput based on overlap ratio, larger write sizes, and actual workload I/O behavior. The preceding numbers assume a typical backlog of approximately five minutes. That is, after data is uploaded, it's processed and a recovery point is created within five minutes.

+1. [Profiling](#profile-vmware-virtual-machines)

+First, run the tool in profiling mode to gather virtual machine data churn and IOPS. Next, run the tool to generate the report to find the network bandwidth, storage requirements and DR cost.

+## Profile VMware virtual machines

+In profiling mode, the deployment planner tool connects to the vCenter server/vSphere ESXi host to collect performance data about the virtual machine.

+* Profiling doesn't affect the performance of the production virtual machines, because no direct connection is made to them. All performance data is collected from the vCenter server/vSphere ESXi host.

+* To ensure that there is a negligible impact on the server because of profiling, the tool queries the vCenter server/vSphere ESXi host once every 15 minutes. This query interval doesn't compromise profiling accuracy, because the tool stores every minuteΓÇÖs performance counter data.

+### Create a list of virtual machines to profile

+First, you need a list of the virtual machines to be profiled. You can get all the names of virtual machines on a vCenter server/vSphere ESXi host by using the VMware vSphere PowerCLI commands in the following procedure. Alternatively, you can list in a file the friendly names or IP addresses of the virtual machines that you want to profile manually.

+1. Sign in to the virtual machine that VMware vSphere PowerCLI is installed in.

+3. Ensure that the execution policy is enabled for the script. If it's disabled, launch the VMware vSphere PowerCLI console in administrator mode, and then enable it by running the following command:

+4. You may optionally need to run the following command if Connect-VIServer isn'trecognized as the name of cmdlet.

+5. To get all the names of virtual machines on a vCenter server/vSphere ESXi host and store the list in a .txt file, run the two commands listed here.

+6. Open the output file in Notepad, and then copy the names of all virtual machines that you want to profile to another file (for example, ProfileVMList.txt), one virtual machine name per line. This file is used as input to the *-VMListFile* parameter of the command-line tool.

+After you have the list of virtual machines to be profiled, you can run the tool in profiling mode. Here is the list of mandatory and optional parameters of the tool to run in profiling mode.

+| -Server | The fully qualified domain name or IP address of the vCenter server/vSphere ESXi host whose virtual machines are to be profiled.|

+| -VMListFile | The file that contains the list of virtual machines to be profiled. The file path can be absolute or relative. The file should contain one VM name/IP address per line. Virtual machine name specified in the file should be the same as the virtual machine name on the vCenter server/vSphere ESXi host.<br>For example, the file VMList.txt contains the following VMs:<ul><li>virtual_machine_A</li><li>10.150.29.110</li><li>virtual_machine_B</li><ul> |

+| -Directory | (Optional) The universal naming convention (UNC) or local directory path to store profiling data generated during profiling. If a directory name isn'tgiven, the directory named ΓÇÿProfiledDataΓÇÖ under the current path is used as the default directory. |

+| -Password | (Optional) The password to use to connect to the vCenter server/vSphere ESXi host. If you don't specify one now, you're prompted for it when the command is executed.|

+| -Environment | (optional) This is your target Azure Storage account environment. This can be one of three values - AzureCloud, AzureUSGovernment, AzureChinaCloud. Default is AzureCloud. Use the parameter when your target Azure region is either Azure US Government or Microsoft Azure operated by 21Vianet. |

+We recommend that you profile your virtual machines for more than 7 days. If churn pattern varies in a month, we recommend profiling during the week when you see the maximum churn. The best way is to profile for 31 days to get better recommendation. During the profiling period, ASRDeploymentPlanner.exe keeps running. The tool takes profiling time input in days. For a quick test of the tool or for proof of concept you can profile for few hours or minutes. The minimum allowed profiling time is 30 minutes.

+During profiling, you can optionally pass a storage-account name and key to find the throughput that Site Recovery can achieve at the time of replication from the configuration server or process server to Azure. If the storage-account name and key are not passed during profiling, the tool doesn't calculate achievable throughput.

+You can run multiple instances of the tool for various sets of virtual machines. Ensure that the virtual machine names are not repeated in any of the profiling sets. For example, if you have profiled ten virtual machines (VM1 through VM10) and after few days you want to profile another five virtual machines (VM11 through VM15), you can run the tool from another command-line console for the second set of virtual machines (VM11 through VM15). Ensure that the second set of virtual machines doesn't have any virtual machine names from the first profiling instance or you use a different output directory for the second run. If two instances of the tool are used for profiling the same virtual machines and use the same output directory, the generated report is incorrect.

+By default, the tool is configured to profile and generate report up to 1000 virtual machines. You can change limit by changing MaxVMsSupported key value in *ASRDeploymentPlanner.exe.config* file.

+With the default settings, to profile say 1500 virtual machines, create two VMList.txt files. One with 1000 virtual machines and other with 500 virtual machine list. Run the two instances of Azure Site Recovery Deployment Planner, one with VMList1.txt and other with VMList2.txt. You can use the same directory path to store the profiled data of both the VMList virtual machines.

+Virtual machine configurations are captured once at the beginning of the profiling operation and stored in a file called VMDetailList.xml. This information is used when the report is generated. Any change in virtual machine configuration (for example, an increased number of cores, disks, or NICs) from the beginning to the end of profiling isn'tcaptured. If a profiled virtual machine configuration has changed during the profiling, in the public preview, here is the workaround to get latest virtual machine details when generating the report:

+The profiling command generates several files in the profiling directory. Don't delete any of the files, because doing so affects report generation.

+#### Example 1: Profile virtual machines for 30 days, and find the throughput from on-premises to Azure

+#### Example 3: Profile virtual machines for 60 minutes for a quick test of the tool

+ASRDeploymentPlanner.exe -Operation StartProfiling -Virtualization VMware -Directory ΓÇ£E:\vCenter1_ProfiledDataΓÇ¥ -Server vCenter1.contoso.com -virtual machineListFile ΓÇ£E:\vCenter1_ProfiledData\ProfileVMList1.txtΓÇ¥ -NoOfMinutesToProfile 60 -User vCenterUser1

+#### Example 4: Profile virtual machines for 2 hours for a proof of concept

+>* When the storage-account name and key are passed, the tool measures the throughput at the last step of profiling. If the tool is closed before profiling is completed, the throughput isn'tcalculated. To find the throughput before generating the report, you can run the GetThroughput operation from the command-line console. Otherwise, the generated report won't contain the throughput information.

+| -Server | The vCenter/vSphere server fully qualified domain name or IP address (use the same name or IP address that you used at the time of profiling) where the profiled virtual machines whose report is to be generated are located. If you used a vCenter server at the time of profiling, you can't use a vSphere server for report generation, and vice-versa.|

+| -VMListFile | The file that contains the list of profiled virtual machines that the report is to be generated for. The file path can be absolute or relative. The file should contain one virtual machine name or IP address per line. The virtual machine names that are specified in the file should be the same as the virtual machine names on the vCenter server/vSphere ESXi host, and match what was used during profiling.|

+| -GoalToCompleteIR | (Optional) The number of hours in which the initial replication of the profiled virtual machines needs to be completed. The generated report provides the number of virtual machines for which initial replication can be completed in the specified time. The default is 72 hours. |

+| -User | (Optional) The user name to use to connect to the vCenter/vSphere server. The name is used to fetch the latest configuration information of the virtual machines, such as the number of disks, number of cores, and number of NICs, to use in the report. If the name isn't provided, the configuration information collected at the beginning of the profiling kickoff is used. |

+| -Password | (Optional) The password to use to connect to the vCenter server/vSphere ESXi host. If the password isn't specified as a parameter, you're prompted for it later when the command is executed. |

+|-OfferId|(Optional) The offer associated with the given subscription. Default is MS-AZR-0003P (pay-as-you-go).|

+By default, the tool is configured to profile and generate report up to 1000 virtual machines. You can change limit by changing MaxVMsSupported key value in *ASRDeploymentPlanner.exe.config* file.

+The tool defaults to the 95th percentile values of read/write IOPS, write IOPS, and data churn that are collected during profiling of all the virtual machines. This metric ensures that the 100th percentile spike your virtual machines might see because of temporary events aren't used to determine your target storage-account and source-bandwidth requirements. For example, a temporary event might be a backup job running once a day, a periodic database indexing or analytics report-generation activity, or other similar short-lived, point-in-time events.

+Using 95th percentile values gives a true picture of real workload characteristics, and it gives you the best performance when the workloads are running on Azure. We don't anticipate that you would need to change this number. If you do change the value (to the 90th percentile, for example), you can update the configuration file *ASRDeploymentPlanner.exe.config* in the default folder and save it to generate a new report on the existing profiled data.

+It's critical to account for growth in your workload characteristics, assuming a potential increase in usage over time. After protection is in place, if your workload characteristics change, you can't switch to a different storage account for protection without disabling and re-enabling the protection.

+For example, let's say that today your virtual machine fits in a standard storage replication account. Over the next three months, several changes are likely to occur:

+* The number of users of the application that runs on the virtual machine increases.

+* The resulting increased churn on the virtual machine requires the virtual machine to go to premium storage so that Site Recovery replication can keep pace.

+* So, you have to disable and re-enable protection to a premium storage account.

+We strongly recommend that you plan for growth during deployment planning and while the default value is 30 percent. You're the expert on your application usage pattern and growth projections, and you can change this number accordingly while generating a report. Moreover, you can generate multiple reports with various growth factors with the same profiled data and determine what target storage and source bandwidth recommendations work best for you.

+* [Virtual machine<->Storage Placement](site-recovery-vmware-deployment-planner-analyze-report.md#virtual-machine-storage-placement)

+* [Compatible VMs](site-recovery-vmware-deployment-planner-analyze-report.md#compatible-virtual-machines)

+* [Incompatible VMs](site-recovery-vmware-deployment-planner-analyze-report.md#incompatible-virtual-machines)

+| -Directory | (Optional) The UNC or local directory path where the profiled data (files generated during profiling) is stored. This data is required for generating the report. If a directory name isn'tspecified, ΓÇÿProfiledDataΓÇÖ directory is used. |

+| -VMListFile | The file that contains the list of virtual machines to be profiled for calculating the bandwidth consumed. The file path can be absolute or relative. The file should contain one virtual machine name/IP address per line. The virtual machine names specified in the file should be the same as the virtual machine names on the vCenter server/vSphere ESXi host.<br>For example, the file VMList.txt contains the following VMs:<ul><li>VM_A</li><li>10.150.29.110</li><li>VM_B</li></ul>|

+| -Environment | (optional) This is your target Azure Storage account environment. This can be one of three values - AzureCloud, AzureUSGovernment, AzureChinaCloud. Default is AzureCloud. Use the parameter when your target Azure region is either Azure US Government or Microsoft Azure operated by 21Vianet. |

+The tool creates several 64-MB asrvhdfile<#>.vhd files (where "#" is the number of files) on the specified directory. The tool uploads the files to the storage account to find the throughput. After the throughput is measured, the tool deletes all the files from the storage account and from the local server. If the tool is terminated for any reason while it's calculating throughput, it doesn't delete the files from the storage or from the local server. You have to delete them manually.

+The throughput is measured at a specified point in time, and it's the maximum throughput that Site Recovery can achieve during replication, if all other factors remain the same. For example, if any application starts consuming more bandwidth on the same network, the actual throughput varies during replication. If you're running the GetThroughput command from a configuration server, the tool is unaware of any protected virtual machines and ongoing replication. The result of the measured throughput is different if the GetThroughput operation is run when the protected virtual machines have high data churn. We recommend that you run the tool at various points in time during profiling to understand what throughput levels can be achieved at various times. In the report, the tool shows the last measured throughput.

+Azure Site Recovery provides disaster recovery by replicating the critical components in your environment to a cold remote site or a public cloud like Microsoft Azure. Since the virtual machines with the web server and the database are replicated to the recovery site, there's no requirement for a separate backup for configuration files or certificates. The application mappings and bindings dependent on environment variables that are changed post failover can be updated through scripts integrated into the disaster recovery plans. Virtual machines are brought up on the recovery site only during a failover. Azure Site Recovery also helps you orchestrate the end-to-end failover by providing you with the following capabilities:

+App-consistent recovery points are created from app-consistent snapshots.<br/><br/> An app-consistent snapshot contains all the information in a crash-consistent snapshot, plus all the data in memory and transactions in progress. | App-consistent snapshots use the Volume Shadow Copy Service (VSS):<br/><br/> 1) Azure Site Recovery uses Copy Only backup (VSS_BT_COPY) method which does not change Microsoft SQL's transaction log backup time and sequence number </br></br> 2) When a snapshot is initiated, VSS perform a copy-on-write (COW) operation on the volume.<br/><br/> 3) Before it performs the COW, VSS informs every app on the machine that it needs to flush its memory-resident data to disk.<br/><br/> 4) VSS then allows the backup/disaster recovery app (in this case Site Recovery) to read the snapshot data and proceed. | App-consistent snapshots are taken in accordance with the frequency you specify. This frequency should always be less than you set for retaining recovery points. For example, if you retain recovery points using the default setting of 24 hours, you should set the frequency at less than 24 hours.<br/><br/>They're more complex and take longer to complete than crash-consistent snapshots.<br/><br/> They affect the performance of apps running on a VM enabled for replication.

+Yes, the UUID of the Azure virtual machine is different from the on-premises VMware virtual machine. However, most application vendors support transferring the license to a new UUID. If the application supports it, the customer can work with the vendor to transfer the license to the VM with the new UUID.

+- If you don't yet have a configuration server setup:

+- These limits are based on a configuration server setup using an OVF template.

+ - For VMware VMs, you can use the [recommended VM batch size](site-recovery-vmware-deployment-planner-analyze-report.md#recommended-virtual-machine-batch-size-for-initial-replication) in the Deployment Planner report.

+<a id="download-and-install-azcopy"></a>This video shows you how to download and run the AzCopy utility.

+## Use cases for AzCopy

+AzCopy can be used to copy your data to, from, or between Azure storage accounts. Common use cases include:

+- Copying data from an on-premises source to an Azure storage account

+- Copying data from an Azure storage account to an on-premises source

+- Copying data from one storage account to another storage account

+Each of these use cases has unique options. For example, AzCopy has native commands for copying and/or synchronizing data. This makes AzCopy a flexible tool that can be used for one-time copy activities and ongoing synchronization scenarios. AzCopy also allows you to target specific storage services such as Azure Blob Storage or Azure Files. This allows you to copy data from blob to file, file to blob, file to file, etc.

+To learn more about these scenarios, see:

+- [Upload files to Azure Blob storage by using AzCopy](storage-use-azcopy-blobs-upload.md)

+- [Download blobs from Azure Blob Storage by using AzCopy](storage-use-azcopy-blobs-download.md)

+- [Copy blobs between Azure storage accounts by using AzCopy](storage-use-azcopy-blobs-copy.md)

+- [Synchronize with Azure Blob storage by using AzCopy](storage-use-azcopy-blobs-synchronize.md)

+|Azure StorSimple 8000 Series Copy Utility documentation |Instructions for use of the Copy Utility. |

+|StorSimple archived documentation |Archived StorSimple articles from Microsoft technical documentation. |

+- **Backup files.** If you have backup files, use the Azure StorSimple 8000 Series Copy Utility to migrate backup files to your environment.

+Azure Stream Analytics supports managed identity authentication for Azure Data Explorer output. Managed identity for Azure resources is a cross-Azure feature that enables you to create a secure identity associated with the deployment under which your application code runs. You can then associate that identity with access-control roles that grant custom permissions for accessing specific Azure resources that your application needs.

+With managed identities, the Azure platform manages this runtime identity. You don't need to store and protect access keys in your application code or configuration, either for the identity itself, or for the resources you need to access. For more information on managed identities for Azure Stream Analytics, see [Managed identities for Azure Stream Analytics](stream-analytics-managed-identities-overview.md).

+| Ingestor | Can ingest data into all existing tables in the database, but can't query the data. |

+| Monitor | Can execute `.show` commands in the context of the database and its child entities. |

+For more information about roles supported Azure Data Explorer, see [Role-based access control in Azure Data Explorer](/kusto/access-control/role-based-access-control?view=azure-data-explorer&preserve-view=true#roles-and-permissions).

+ | Role | Ingestor and Monitor |

+1. Select **Add > Azure Data Explorer**. In the output properties window, search and select your Azure Data Explorer cluster or type in the URL of your cluster and select **Managed Identity: System assigned** from the *Authentication mode* drop-down menu.

+|ApacheAvro|`.avro` |An [AVRO](https://avro.apache.org/docs/current/) format with support for [logical types](https://avro.apache.org/docs/1.11.1/specification/#Logical+Types). The following compression codecs are supported: `null`, `deflate`, and `snappy`. Reader implementation of the `apacheavro` format is based on the official [Apache Avro library](https://github.com/apache/avro).|

+## Related content

+ - [Manage Azure Synapse RBAC role assignments](./how-to-manage-synapse-rbac-role-assignments.md)

+ - [Create aSynapse Workspace](../quickstart-create-workspace.md)

+Spark's in-memory distributed computation capabilities make it a good choice for the iterative algorithms used in machine learning and graph computations. ```spark.ml``` provides a uniform set of high-level APIs that help users create and tune machine learning pipelines.To learn more about ```spark.ml```, you can visit the [Apache Spark ML programming guide](https://archive.apache.org/dist/spark/docs/1.2.2/ml-guide.html).

+- [Tuning Apache Spark](https://archive.apache.org/dist/spark/docs/2.4.5/tuning.html)

+ |Referenced Jars and Referenced Files|You can enter the paths for the referenced Jars and files if any. You can also browse files in the Azure virtual file system, which currently only supports ADLS Gen2 cluster. For more information: [Apache Spark Configuration](https://archive.apache.org/dist/spark/docs/2.4.5/configuration.html#runtime-environment) and [How to upload resources to cluster](../../storage/blobs/quickstart-storage-explorer.md).|

+## Related content

+### `desktopscalefactor`

+- **Syntax**: `desktopscalefactor:i:*value*`

+- **Description**: Specifies the scale factor of the remote session to make the content appear larger.

+- **Supported values**:

+ - Numerical value from the following list: `100`, `125`, `150`, `175`, `200`, `250`, `300`, `400`, `500`

+- **Default value**: None. Match the local device.

+- **Applies to**:

+ - Azure Virtual Desktop

+ - Remote Desktop Services

+ - Remote PC connections

+> [!NOTE]

+> The `desktopscalefactor` property is being deprecated and will soon be unavailable.

+## Reset password

+Password resets can't be done in the product. You should follow your organization's process to reset your password.

+Password resets can't be done in the product. You should follow your organization's process to reset your password.

+Password resets can't be done in the product. You should follow your organization's process to reset your password.

+> [!IMPORTANT]

+> We are updating Standard non-zonal IPs to be zone-redundant by default on a region by region basis. This means that in the following regions, all IPs created (except zonal) are zone-redundant.

+> Region availability: Central Canada, Central Poland, Central Israel, Central France, Central Qatar, East Asia, East US 2, East Norway, Italy North, Sweden Central, South Africa North, South Brazil, West Central Germany, West US 2, Central Spain

+>

+To generate self-signed certificates, see [Generate and export certificates for User VPN P2S connections: PowerShell](certificates-point-to-site.md). To generate a certificate with a specific Common Name, change the **Subject** parameter to the appropriate value (example, xx@domain.com) when running the `New-SelfSignedCertificate` PowerShell command. For example, you can generate certificates with the following **Subject**:

+| **Digital certificate field** | Value | description |

+|||--|

+| **Subject**| CN= cert@marketing.contoso.com| digital certificate for Marketing department|

+| **Subject**| CN= cert@sale.contoso.com| digital certificate for Sale department|

+| **Subject**| CN= cert@engineering.contoso.com| digital certificate for Engineering department|

+| **Subject**| CN= cert@finance.contoso.com| digital certificate for Finance department|

+> [!NOTE]

+> The multiple address pool feature with digital certificate authentication applies to a specific user group based on the **Subject** field. The selection criteria do not work with Subject Alternative Name (SAN) certificates.

+1. For **Address Pools**, select **Configure** to open the **Specify Address Pools** page. On this page, associate new address pools with this configuration. Users who are members of groups associated to this configuration will be assigned IP addresses from the specified pools. Based on the number of **Gateway Scale Units** associated to the gateway, you might need to specify more than one address pool. Address pools can't be smaller than /24. For example you can't assign a range of /25 or /26 if you want to have a smaller address pool range for the user groups. The minimum prefix is /24. Select **Add** and **Okay** to save your address pools.

+We're simplifying our VPN Gateway SKU portfolio. Due to the lack of redundancy, lower availability, and potential higher costs associated with additional failover solutions, we're transitioning all non availability zone (AZ) supported SKUs to AZ supported SKUs. This article helps you understand the upcoming changes for VPN Gateway virtual network gateway SKUs. This article expands on the [official announcement.](https://azure.microsoft.com/updates/v2/vpngw1-5-non-az-skus-will-be-retired-on-30-september-2026)

+|SKU Consolidation | N/A | [VpnGw1-5 non-AZ VPN Gateway SKU](https://learn.microsoft.com/azure/vpn-gateway/gateway-sku-consolidation) | VpnGw1-5 non-AZ SKU will be deprecated on 30 Sep 2026. View the announcement [here](https://azure.microsoft.com/updates/v2/vpngw1-5-non-az-skus-will-be-retired-on-30-september-2026) | Sep 2024 | N/A