+> If you selected an existing virtual network in the previous steps, any VMs connected to the network only get the new DNS settings after a restart. You can restart VMs using the Microsoft Entra admin center, Microsoft Graph PowerShell, or the Azure CLI.

+A cloud-only user account is an account that was created in your Microsoft Entra directory by using either the Microsoft Entra admin center or PowerShell. These user accounts aren't synchronized from an on-premises directory.

+- To learn about Azure Virtual Desktop support for B2B users, see [Prerequisites for Azure Virtual Desktop](../../virtual-desktop/prerequisites.md?tabs=portal).

+The **appRoleAssignments**, **userType**, and **accountExpires** attributes aren't supported as scoping filters.

+Microsoft Entra provisioning service uses basic authentication to connect to Employee Central OData API endpoints. When setting up the SuccessFactors provisioning app, use the *Tenant URL* parameter in the *Admin Credentials* section to configure the [API data center URL](https://help.sap.com/docs/SAP_SUCCESSFACTORS_PLATFORM/d599f15995d348a1b45ba5603e2aba9b/af2b8d5437494b12be88fe374eba75b6.html).

+{

+ "key": "SkipOutOfScopeDeletions",

+ "value": "True"

+}

+ If you want to include ALL users in your tenant, update the following JSON example with the relevant GUIDs of your users and groups. Then paste it in Graph Explorer and run `PATCH` on the endpoint.

+ If you want to include certain users or groups in your tenant, update the following JSON example with the relevant GUIDs of your users and groups. Then paste the JSON in Graph Explorer and run `PATCH` on the endpoint.

+ }

+- Include and exclude specific users or groups

+ If you want to include AND exclude certain users or groups in your tenant, update the following JSON example with the relevant GUIDs of your users and groups. Then paste it in Graph Explorer and run `PATCH` on the endpoint.

+**Will a user who signs in with a 3rd party authenticator app see the nudge?**

+Yes. If a user is enabled for the registration campaign and doesn't have Microsoft Authenticator set up for push notifications, the user is nudged to set up Authenticator.

+**Will a user who has Authenticator set up only for TOTP codes see the nudge?**

+Yes. If a user is enabled for the registration campaign and Authenticator app isn't set up for push notifications, the user is nudged to set up push notification with Authenticator.

+It's the same as snoozing. If setup is required for a user after they snoozed three times, the user is prompted the next time they sign in.

+**Why don't some users see a nudge when there is a Conditional Access policy for "Register security information"?**

+ - Global administrator role in Microsoft Entra ID to configure Microsoft Entra ID by using PowerShell

+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Global Administrator](/azure/active-directory/roles/permissions-reference#global-administrator).

+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com/) as at least a [Global Administrator](/azure/active-directory/roles/permissions-reference#global-administrator).

+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Global Administrator](/azure/active-directory/roles/permissions-reference#global-administrator).

+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Global Administrator](/azure/active-directory/roles/permissions-reference#global-administrator).

+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Global Administrator](/azure/active-directory/roles/permissions-reference#global-administrator).

+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Application Developer](/azure/active-directory/roles/permissions-reference#application-developer).

+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Application Developer](/azure/active-directory/roles/permissions-reference#application-developer).

+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Application Developer](/azure/active-directory/roles/permissions-reference#application-developer).

+- Search for the following terms: `Azure Active Directory (Azure AD)`, `Azure Active Directory`, `Azure AD`, `AAD`

+- DonΓÇÖt change instances of `Active Directory`. Only `Azure Active Directory` is being renamed, not `Active Directory`, which is the shortened name of a different product, Windows Server Active Directory.

+1. Use "find and replace" to find the strings `Azure Active Directory (Azure AD)`, `Azure Active Directory`, `Azure AD`, `AAD`.

+ - Azure AD as the product name alone should be replaced with Microsoft Entra ID.

+ - Azure AD features or functionality become Microsoft Entra features or functionality. For example, "Azure AD Conditional Access" becomes "Microsoft Entra Conditional Access."

+Use the following criteria to determine what change(s) you need to make to instances of `Azure Active Directory (Azure AD)`, `Azure Active Directory`, `Azure AD`, `AAD`.

+1. If `Azure Active Directory (Azure AD)`, `Azure Active Directory`, `Azure AD`, `AAD` is followed by `for`, `Premium`, `Plan`, `P1`, or `P2`, replace with `Microsoft Entra ID` because it refers to a SKU name or Service Plan.

+1. If an article (`a`, `an`, `the`) or possessive (`your`, `your organization's`) precedes (`Azure Active Directory (Azure AD)`, `Azure Active Directory`, `Azure AD`, `AAD`), then replace with `Microsoft Entra` because it's a feature name. For example:

+ 1. "an Azure AD tenant" becomes "a Microsoft Entra tenant"

+ 1. "your organization's Azure AD tenant" becomes "your Microsoft Entra tenant"

+1. If `Azure Active Directory (Azure AD)`, `Azure Active Directory`, `Azure AD`, `AAD` is followed by an adjective or noun not in the previous steps, then replace with `Microsoft Entra` because it's a feature name. For example,"Azure AD Conditional Access" becomes "Microsoft Entra Conditional Access," while "Azure AD tenant" becomes "Microsoft Entra tenant."

+1. Otherwise, replace `Azure Active Directory (Azure AD)`, `Azure Active Directory`, `Azure AD`, `AAD` with `Microsoft Entra ID`

+1. Replace titles or text containing `Azure Active Directory (Azure AD)`, `Azure Active Directory`, `Azure AD`, `AAD` with `Microsoft Entra ID`.

+## Sample PowerShell script

+You can use following PowerShell script as a baseline to rename Azure AD references in your documentation or content. This code sample:

+- Scans .resx files within a specified folder and all nested folders.

+- Edits files by replacing any references to `Azure Active Directory (Azure AD)`, `Azure Active Directory`, `Azure AD`, `AAD` with the correct terminology according to [New name for Azure AD](new-name.md).

+Edit the baseline script according to your needs and the scope of files you need to update. You may need to account for edge cases and modify the script according to how you've defined the messages in your source files. The script is not fully automated. If you use the script as-is, you must review the outputs and may need to make additional adjustments to follow the guidance in [New name for Azure AD](new-name.md).

+```powershell

+# Define the old and new terminology

+$terminology = @(

+ @{ Key = 'Azure AD External Identities'; Value = 'Microsoft Entra External ID' },

+ @{ Key = 'Azure AD Identity Governance'; Value = 'Microsoft Entra ID Governance' },

+ @{ Key = 'Azure AD Verifiable Credentials'; Value = 'Microsoft Entra Verified ID' },

+ @{ Key = 'Azure AD Workload Identities'; Value = 'Microsoft Entra Workload ID' },

+ @{ Key = 'Azure AD Domain Services'; Value = 'Microsoft Entra Domain Services' },

+ @{ Key = 'Azure AD access token authentication'; Value = 'Microsoft Entra access token authentication' },

+ @{ Key = 'Azure AD admin center'; Value = 'Microsoft Entra admin center' },

+ @{ Key = 'Azure AD portal'; Value = 'Microsoft Entra portal' },

+ @{ Key = 'Azure AD application proxy'; Value = 'Microsoft Entra application proxy' },

+ @{ Key = 'Azure AD authentication'; Value = 'Microsoft Entra authentication' },

+ @{ Key = 'Azure AD Conditional Access'; Value = 'Microsoft Entra Conditional Access' },

+ @{ Key = 'Azure AD cloud-only identities'; Value = 'Microsoft Entra cloud-only identities' },

+ @{ Key = 'Azure AD Connect'; Value = 'Microsoft Entra Connect' },

+ @{ Key = 'AD Connect'; Value = 'Microsoft Entra Connect' },

+ @{ Key = 'AD Connect Sync'; Value = 'Microsoft Entra Connect Sync' },

+ @{ Key = 'Azure AD Connect Sync'; Value = 'Microsoft Entra Connect Sync' },

+ @{ Key = 'Azure AD domain'; Value = 'Microsoft Entra domain' },

+ @{ Key = 'Azure AD domain'; Value = 'Microsoft Entra domain' },

+ @{ Key = 'Azure AD Domain Services'; Value = 'Microsoft Entra Domain Services' },

+ @{ Key = 'Azure AD Enterprise Applications'; Value = 'Microsoft Entra enterprise applications' },

+ @{ Key = 'Azure AD federation services'; Value = 'Active Directory Federation Services' },

+ @{ Key = 'Azure AD hybrid identities'; Value = 'Microsoft Entra hybrid identities' },

+ @{ Key = 'Azure AD identities'; Value = 'Microsoft Entra identities' },

+ @{ Key = 'Azure AD role'; Value = 'Microsoft Entra role' },

+ @{ Key = 'Azure AD'; Value = 'Microsoft Entra ID' },

+ @{ Key = 'AAD'; Value = 'ME-ID' },

+ @{ Key = 'Azure AD auth'; Value = 'Microsoft Entra auth' },

+ @{ Key = 'Azure AD-only auth'; Value = 'Microsoft Entra-only auth' },

+ @{ Key = 'Azure AD object'; Value = 'Microsoft Entra object' },

+ @{ Key = 'Azure AD identity'; Value = 'Microsoft Entra identity' },

+ @{ Key = 'Azure AD schema'; Value = 'Microsoft Entra schema' },

+ @{ Key = 'Azure AD seamless single sign-on'; Value = 'Microsoft Entra seamless single sign-on' },

+ @{ Key = 'Azure AD self-service password reset'; Value = 'Microsoft Entra self-service password reset' },

+ @{ Key = 'Azure AD SSPR'; Value = 'Microsoft Entra SSPR' },

+ @{ Key = 'Azure AD SSPR'; Value = 'Microsoft Entra SSPR' },

+ @{ Key = 'Azure AD domain'; Value = 'Microsoft Entra domain' },

+ @{ Key = 'Azure AD group'; Value = 'Microsoft Entra group' },

+ @{ Key = 'Azure AD login'; Value = 'Microsoft Entra login' },

+ @{ Key = 'Azure AD managed'; Value = 'Microsoft Entra managed' },

+ @{ Key = 'Azure AD entitlement'; Value = 'Microsoft Entra entitlement' },

+ @{ Key = 'Azure AD access review'; Value = 'Microsoft Entra access review' },

+ @{ Key = 'Azure AD Identity Protection'; Value = 'Microsoft Entra ID Protection' },

+ @{ Key = 'Azure AD pass-through'; Value = 'Microsoft Entra pass-through' },

+ @{ Key = 'Azure AD password'; Value = 'Microsoft Entra password' },

+ @{ Key = 'Azure AD Privileged Identity Management'; Value = 'Microsoft Entra Privilegd Identity Management' },

+ @{ Key = 'Azure AD registered'; Value = 'Microsoft Entra registered' },

+ @{ Key = 'Azure AD reporting and monitoring'; Value = 'Microsoft Entra reporting and monitoring' },

+ @{ Key = 'Azure AD enterprise app'; Value = 'Microsoft Entra enterprise app' },

+ @{ Key = 'Azure AD cloud-only identities'; Value = 'Microsoft Entra cloud-only identities' },

+ @{ Key = 'Cloud Knox'; Value = 'Microsoft Entra Permissions Management' },

+ @{ Key = 'Azure AD Premium P1'; Value = 'Microsoft Entra ID P1' },

+ @{ Key = 'AD Premium P1'; Value = 'Microsoft Entra ID P1' },

+ @{ Key = 'Azure AD Premium P2'; Value = 'Microsoft Entra ID P2' },

+ @{ Key = 'AD Premium P2'; Value = 'Microsoft Entra ID P2' },

+ @{ Key = 'Azure AD F2'; Value = 'Microsoft Entra ID F2' },

+ @{ Key = 'Azure AD Free'; Value = 'Microsoft Entra ID Free' },

+ @{ Key = 'Azure AD for education'; Value = 'Microsoft Entra ID for education' },

+ @{ Key = 'Azure AD work or school account'; Value = 'Microsoft Entra work or school account' },

+ @{ Key = 'federated with Azure AD'; Value = 'federated with Microsoft Entra' },

+ @{ Key = 'Hybrid Azure AD Join'; Value = 'Microsoft Entra hybrid join' },

+ @{ Key = 'Azure Active Directory External Identities'; Value = 'Microsoft Entra External ID' },

+ @{ Key = 'Azure Active Directory Identity Governance'; Value = 'Microsoft Entra ID Governance' },

+ @{ Key = 'Azure Active Directory Verifiable Credentials'; Value = 'Microsoft Entra Verified ID' },

+ @{ Key = 'Azure Active Directory Workload Identities'; Value = 'Microsoft Entra Workload ID' },

+ @{ Key = 'Azure Active Directory Domain Services'; Value = 'Microsoft Entra Domain Services' },

+ @{ Key = 'Azure Active Directory access token authentication'; Value = 'Microsoft Entra access token authentication' },

+ @{ Key = 'Azure Active Directory admin center'; Value = 'Microsoft Entra admin center' },

+ @{ Key = 'Azure Active Directory portal'; Value = 'Microsoft Entra portal' },

+ @{ Key = 'Azure Active Directory application proxy'; Value = 'Microsoft Entra application proxy' },

+ @{ Key = 'Azure Active Directory authentication'; Value = 'Microsoft Entra authentication' },

+ @{ Key = 'Azure Active Directory Conditional Access'; Value = 'Microsoft Entra Conditional Access' },

+ @{ Key = 'Azure Active Directory cloud-only identities'; Value = 'Microsoft Entra cloud-only identities' },

+ @{ Key = 'Azure Active Directory Connect'; Value = 'Microsoft Entra Connect' },

+ @{ Key = 'Azure Active Directory Connect Sync'; Value = 'Microsoft Entra Connect Sync' },

+ @{ Key = 'Azure Active Directory domain'; Value = 'Microsoft Entra domain' },

+ @{ Key = 'Azure Active Directory domain'; Value = 'Microsoft Entra domain' },

+ @{ Key = 'Azure Active Directory Domain Services'; Value = 'Microsoft Entra Domain Services' },

+ @{ Key = 'Azure Active Directory Enterprise Applications'; Value = 'Microsoft Entra enterprise applications' },

+ @{ Key = 'Azure Active Directory federation services'; Value = 'Active Directory Federation Services' },

+ @{ Key = 'Azure Active Directory hybrid identities'; Value = 'Microsoft Entra hybrid identities' },

+ @{ Key = 'Azure Active Directory identities'; Value = 'Microsoft Entra identities' },

+ @{ Key = 'Azure Active Directory role'; Value = 'Microsoft Entra role' },

+ @{ Key = 'Azure Active Directory'; Value = 'Microsoft Entra ID' },

+ @{ Key = 'Azure Active Directory auth'; Value = 'Microsoft Entra auth' },

+ @{ Key = 'Azure Active Directory-only auth'; Value = 'Microsoft Entra-only auth' },

+ @{ Key = 'Azure Active Directory object'; Value = 'Microsoft Entra object' },

+ @{ Key = 'Azure Active Directory identity'; Value = 'Microsoft Entra identity' },

+ @{ Key = 'Azure Active Directory schema'; Value = 'Microsoft Entra schema' },

+ @{ Key = 'Azure Active Directory seamless single sign-on'; Value = 'Microsoft Entra seamless single sign-on' },

+ @{ Key = 'Azure Active Directory self-service password reset'; Value = 'Microsoft Entra self-service password reset' },

+ @{ Key = 'Azure Active Directory SSPR'; Value = 'Microsoft Entra SSPR' },

+ @{ Key = 'Azure Active Directory SSPR'; Value = 'Microsoft Entra SSPR' },

+ @{ Key = 'Azure Active Directory domain'; Value = 'Microsoft Entra domain' },

+ @{ Key = 'Azure Active Directory group'; Value = 'Microsoft Entra group' },

+ @{ Key = 'Azure Active Directory login'; Value = 'Microsoft Entra login' },

+ @{ Key = 'Azure Active Directory managed'; Value = 'Microsoft Entra managed' },

+ @{ Key = 'Azure Active Directory entitlement'; Value = 'Microsoft Entra entitlement' },

+ @{ Key = 'Azure Active Directory access review'; Value = 'Microsoft Entra access review' },

+ @{ Key = 'Azure Active Directory Identity Protection'; Value = 'Microsoft Entra ID Protection' },

+ @{ Key = 'Azure Active Directory pass-through'; Value = 'Microsoft Entra pass-through' },

+ @{ Key = 'Azure Active Directory password'; Value = 'Microsoft Entra password' },

+ @{ Key = 'Azure Active Directory Privileged Identity Management'; Value = 'Microsoft Entra Privilegd Identity Management' },

+ @{ Key = 'Azure Active Directory registered'; Value = 'Microsoft Entra registered' },

+ @{ Key = 'Azure Active Directory reporting and monitoring'; Value = 'Microsoft Entra reporting and monitoring' },

+ @{ Key = 'Azure Active Directory enterprise app'; Value = 'Microsoft Entra enterprise app' },

+ @{ Key = 'Azure Active Directory cloud-only identities'; Value = 'Microsoft Entra cloud-only identities' },

+ @{ Key = 'Azure Active Directory Premium P1'; Value = 'Microsoft Entra ID P1' },

+ @{ Key = 'Azure Active Directory Premium P2'; Value = 'Microsoft Entra ID P2' },

+ @{ Key = 'Azure Active Directory F2'; Value = 'Microsoft Entra ID F2' },

+ @{ Key = 'Azure Active Directory Free'; Value = 'Microsoft Entra ID Free' },

+ @{ Key = 'Azure Active Directory for education'; Value = 'Microsoft Entra ID for education' },

+ @{ Key = 'Azure Active Directory work or school account'; Value = 'Microsoft Entra work or school account' },

+ @{ Key = 'federated with Azure Active Directory'; Value = 'federated with Microsoft Entra' },

+ @{ Key = 'Hybrid Azure Active Directory Join'; Value = 'Microsoft Entra hybrid join' },

+ @{ Key = 'AAD External Identities'; Value = 'Microsoft Entra External ID' },

+ @{ Key = 'AAD Identity Governance'; Value = 'Microsoft Entra ID Governance' },

+ @{ Key = 'AAD Verifiable Credentials'; Value = 'Microsoft Entra Verified ID' },

+ @{ Key = 'AAD Workload Identities'; Value = 'Microsoft Entra Workload ID' },

+ @{ Key = 'AAD Domain Services'; Value = 'Microsoft Entra Domain Services' },

+ @{ Key = 'AAD access token authentication'; Value = 'Microsoft Entra access token authentication' },

+ @{ Key = 'AAD admin center'; Value = 'Microsoft Entra admin center' },

+ @{ Key = 'AAD portal'; Value = 'Microsoft Entra portal' },

+ @{ Key = 'AAD application proxy'; Value = 'Microsoft Entra application proxy' },

+ @{ Key = 'AAD authentication'; Value = 'Microsoft Entra authentication' },

+ @{ Key = 'AAD Conditional Access'; Value = 'Microsoft Entra Conditional Access' },

+ @{ Key = 'AAD cloud-only identities'; Value = 'Microsoft Entra cloud-only identities' },

+ @{ Key = 'AAD Connect'; Value = 'Microsoft Entra Connect' },

+ @{ Key = 'AAD Connect Sync'; Value = 'Microsoft Entra Connect Sync' },

+ @{ Key = 'AAD domain'; Value = 'Microsoft Entra domain' },

+ @{ Key = 'AAD domain'; Value = 'Microsoft Entra domain' },

+ @{ Key = 'AAD Domain Services'; Value = 'Microsoft Entra Domain Services' },

+ @{ Key = 'AAD Enterprise Applications'; Value = 'Microsoft Entra enterprise applications' },

+ @{ Key = 'AAD federation services'; Value = 'Active Directory Federation Services' },

+ @{ Key = 'AAD hybrid identities'; Value = 'Microsoft Entra hybrid identities' },

+ @{ Key = 'AAD identities'; Value = 'Microsoft Entra identities' },

+ @{ Key = 'AAD role'; Value = 'Microsoft Entra role' },

+ @{ Key = 'AAD'; Value = 'Microsoft Entra ID' },

+ @{ Key = 'AAD auth'; Value = 'Microsoft Entra auth' },

+ @{ Key = 'AAD-only auth'; Value = 'Microsoft Entra-only auth' },

+ @{ Key = 'AAD object'; Value = 'Microsoft Entra object' },

+ @{ Key = 'AAD identity'; Value = 'Microsoft Entra identity' },

+ @{ Key = 'AAD schema'; Value = 'Microsoft Entra schema' },

+ @{ Key = 'AAD seamless single sign-on'; Value = 'Microsoft Entra seamless single sign-on' },

+ @{ Key = 'AAD self-service password reset'; Value = 'Microsoft Entra self-service password reset' },

+ @{ Key = 'AAD SSPR'; Value = 'Microsoft Entra SSPR' },

+ @{ Key = 'AAD SSPR'; Value = 'Microsoft Entra SSPR' },

+ @{ Key = 'AAD domain'; Value = 'Microsoft Entra domain' },

+ @{ Key = 'AAD group'; Value = 'Microsoft Entra group' },

+ @{ Key = 'AAD login'; Value = 'Microsoft Entra login' },

+ @{ Key = 'AAD managed'; Value = 'Microsoft Entra managed' },

+ @{ Key = 'AAD entitlement'; Value = 'Microsoft Entra entitlement' },

+ @{ Key = 'AAD access review'; Value = 'Microsoft Entra access review' },

+ @{ Key = 'AAD Identity Protection'; Value = 'Microsoft Entra ID Protection' },

+ @{ Key = 'AAD pass-through'; Value = 'Microsoft Entra pass-through' },

+ @{ Key = 'AAD password'; Value = 'Microsoft Entra password' },

+ @{ Key = 'AAD Privileged Identity Management'; Value = 'Microsoft Entra Privilegd Identity Management' },

+ @{ Key = 'AAD registered'; Value = 'Microsoft Entra registered' },

+ @{ Key = 'AAD reporting and monitoring'; Value = 'Microsoft Entra reporting and monitoring' },

+ @{ Key = 'AAD enterprise app'; Value = 'Microsoft Entra enterprise app' },

+ @{ Key = 'AAD cloud-only identities'; Value = 'Microsoft Entra cloud-only identities' },

+ @{ Key = 'AAD Premium P1'; Value = 'Microsoft Entra ID P1' },

+ @{ Key = 'AAD Premium P2'; Value = 'Microsoft Entra ID P2' },

+ @{ Key = 'AAD F2'; Value = 'Microsoft Entra ID F2' },

+ @{ Key = 'AAD Free'; Value = 'Microsoft Entra ID Free' },

+ @{ Key = 'AAD for education'; Value = 'Microsoft Entra ID for education' },

+ @{ Key = 'AAD work or school account'; Value = 'Microsoft Entra work or school account' },

+ @{ Key = 'federated with AAD'; Value = 'federated with Microsoft Entra' },

+ @{ Key = 'Hybrid AAD Join'; Value = 'Microsoft Entra hybrid join' }

+)

+$postTransforms = @(

+ @{ Key = 'Microsoft Entra ID B2C'; Value = 'Azure AD B2C' },

+ @{ Key = 'Microsoft Entra ID B2B'; Value = 'Microsoft Entra B2B' },

+ @{ Key = 'ME-ID B2C'; Value = 'AAD B2C' },

+ @{ Key = 'ME-ID B2B'; Value = 'Microsoft Entra B2B' },

+ @{ Key = 'ME-IDSTS'; Value = 'AADSTS' },

+ @{ Key = 'ME-ID Connect'; Value = 'Microsoft Entra Connect' }

+ @{ Key = 'Microsoft Entra ID tenant'; Value = 'Microsoft Entra tenant' }

+ @{ Key = 'Microsoft Entra ID organization'; Value = 'Microsoft Entra tenant' }

+ @{ Key = 'Microsoft Entra ID account'; Value = 'Microsoft Entra account' }

+ @{ Key = 'Microsoft Entra ID resources'; Value = 'Microsoft Entra resources' }

+ @{ Key = 'Microsoft Entra ID admin'; Value = 'Microsoft Entra admin' }

+ @{ Key = ' an Microsoft Entra'; Value = ' a Microsoft Entra' }

+ @{ Key = '>An Microsoft Entra'; Value = '>A Microsoft Entra' }

+ @{ Key = ' an ME-ID'; Value = ' a ME-ID' }

+ @{ Key = '>An ME-ID'; Value = '>A ME-ID' }

+ @{ Key = 'Microsoft Entra ID administration portal'; Value = 'Microsoft Entra administration portal' }

+ @{ Key = 'Microsoft Entra IDvanced Threat'; Value = 'Azure Advanced Threat' }

+ @{ Key = 'Entra ID hybrid join'; Value = 'Entra hybrid join' }

+ @{ Key = 'Microsoft Entra ID join'; Value = 'Microsoft Entra join' }

+ @{ Key = 'ME-ID join'; Value = 'Microsoft Entra join' }

+ @{ Key = 'Microsoft Entra ID service principal'; Value = 'Microsoft Entra service principal' }

+ @{ Key = 'DownloMicrosoft Entra Connector'; Value = 'Download connector' }

+ @{ Key = 'Microsoft Microsoft'; Value = 'Microsoft' }

+)

+# Sort the replacements by the length of the keys in descending order

+$terminology = $terminology.GetEnumerator() | Sort-Object -Property { $_.Key.Length } -Descending

+$postTransforms = $postTransforms.GetEnumerator() | Sort-Object -Property { $_.Key.Length } -Descending

+# Get all resx and resjson files in the current directory and its subdirectories, ignoring .gitignored files.

+Write-Host "Getting all resx and resjson files in the current directory and its subdirectories, ignoring .gitignored files."

+$gitIgnoreFiles = Get-ChildItem -Path . -Filter .gitignore -Recurse

+$targetFiles = Get-ChildItem -Path . -Include *.resx, *.resjson -Recurse

+$filteredFiles = @()

+foreach ($file in $targetFiles) {

+ $ignoreFile = $gitIgnoreFiles | Where-Object { $_.DirectoryName -eq $file.DirectoryName }

+ if ($ignoreFile) {

+ $excludedPatterns = Get-Content $ignoreFile.FullName | Select-String -Pattern '^(?!#).*' | ForEach-Object { $_.Line }

+ if ($excludedPatterns -notcontains $file.Name) {

+ $filteredFiles += $file

+ }

+ }

+ else {

+ $filteredFiles += $file

+ }

+}

+$scriptPath = $MyInvocation.MyCommand.Path

+$filteredFiles = $filteredFiles | Where-Object { $_.FullName -ne $scriptPath }

+# This command will get all the files with the extensions .resx and .resjson in the current directory and its subdirectories, and then filter out those that match the patterns in the .gitignore file. The Resolve-Path cmdlet will find the full path of the .gitignore file, and the Get-Content cmdlet will read its content as a single string. The -notmatch operator will compare the full name of each file with the .gitignore content using regular expressions, and return only those that do not match.

+Write-Host "Found $($filteredFiles.Count) files."

+function Update-Terminology {

+ param (

+ [Parameter(Mandatory = $true)]

+ [ref]$Content,

+ [Parameter(Mandatory = $true)]

+ [object[]]$Terminology

+ )

+ foreach ($item in $Terminology.GetEnumerator()) {

+ $old = [regex]::Escape($item.Key)

+ $new = $item.Value

+ $toReplace = '(?<!(name=\"[^$]*|https?:\/\/aka.ms/[a-z|0-1]*))' + $($old)

+ # Replace the old terminology with the new one

+ $Content.Value = $Content.Value -replace $toReplace, $new

+ }

+}

+# Loop through each file

+foreach ($file in $filteredFiles) {

+ # Read the content of the file

+ $content = Get-Content $file.FullName

+ Write-Host "Processing $file"

+ Update-Terminology -Content ([ref]$content) -Terminology $terminology

+ Update-Terminology -Content ([ref]$content) -Terminology $postTransforms

+ $newContent = $content -join "`n"

+ if ($newContent -ne (Get-Content $file.FullName -Raw)) {

+ Write-Host "Updating $file"

+ # Write the updated content back to the file

+ Set-Content -Path $file.FullName -Value $newContent

+ }

+}

+```

+- [Learn more about Microsoft Entra with content from Microsoft Learn](/entra)

+During 2023, you may see both the current Azure AD name and the new Microsoft Entra ID name in support area paths. For self-service support, look for the topic path of `Microsoft Entra` or `Azure Active Directory/Microsoft Entra ID`.

+In the Azure AD PowerShell for Graph module, `AzureAD` is in the name of almost all the cmdlets. These won't change, and you can continue to use these same cmdlets now that the official product name is Microsoft Entra ID.

+ - Precedence: 20

+ - Precedence: 21

+To restore the enterprise application, run the following query:

+* A [CybSafe](https://www.cybsafe.com/) Administrator account with an enterprise subscription.

+{

+ "text": "Turn on the lights",

+ "intentName": "TurnOn",

+ "entityLabels": [

+ "entityName": "Operation",

+ "startCharIndex": 5,

+ "endCharIndex": 6

+ },

+ {

+ "entityName": "Device",

+ "startCharIndex": 12,

+ "endCharIndex": 17

+ ]

+}

+"relations": [

+ {

+ "relationType": "DosageOfMedication",

+ "entities": [

+ {

+ "ref": "#/results/documents/0/entities/0",

+ "role": "Dosage"

+ },

+ {

+ "ref": "#/results/documents/0/entities/1",

+ "role": "Medication"

+ }

+ ]

+ },

+ {

+ "relationType": "RouteOfMedication",

+ "entities": [

+ {

+ "ref": "#/results/documents/0/entities/1",

+ "role": "Medication"

+ },

+ {

+ "ref": "#/results/documents/0/entities/2",

+ "role": "Route"

+ }

+ ]

+ }

+description: Learn more about how the Azure OpenAI embeddings API uses cosine similarity for document search and to measure similarity between texts.

+# Understand embeddings in Azure OpenAI Service

+An embedding is a special format of data representation that machine learning models and algorithms can easily use. The embedding is an information dense representation of the semantic meaning of a piece of text. Each embedding is a vector of floating-point numbers, such that the distance between two embeddings in the vector space is correlated with semantic similarity between two inputs in the original format. For example, if two texts are similar, then their vector representations should also be similar. Embeddings power vector similarity search in Azure Databases such as [Azure Cosmos DB for MongoDB vCore](../../../cosmos-db/mongodb/vcore/vector-search.md).

+Different Azure OpenAI embedding models are created to be good at a particular task:

+

+- **Similarity embeddings** are good at capturing semantic similarity between two or more pieces of text.

+- **Text search embeddings** help measure whether long documents are relevant to a short query.

+- **Code search embeddings** are useful for embedding code snippets and embedding natural language search queries.

+Embeddings make it easier to do machine learning on large inputs representing words by capturing the semantic similarities in a vector space. Therefore, you can use embeddings to determine if two text chunks are semantically related or similar, and provide a score to assess similarity.

+From a mathematic perspective, cosine similarity measures the cosine of the angle between two vectors projected in a multidimensional space. This measurement is beneficial, because if two documents are far apart by Euclidean distance because of size, they could still have a smaller angle between them and therefore higher cosine similarity. For more information about cosine similarity equations, see [Cosine similarity](https://en.wikipedia.org/wiki/Cosine_similarity).

+An alternative method of identifying similar documents is to count the number of common words between documents. This approach doesn't scale since an expansion in document size is likely to lead to a greater number of common words detected even among disparate topics. For this reason, cosine similarity can offer a more effective alternative.

+| `date` | dmy, mdy, ymd, ydm, ym, my, md, dm, d, m, y | The text is spoken as a date. The `format` attribute specifies the date's format (*d=day, m=month, and y=year*). The speech synthesis engine pronounces:<br /><br />`Today is <say-as interpret-as="date">10-12-2016</say-as>`<br /><br />As "Today is October twelfth two thousand sixteen."<br />Pronounces:<br /><br />`Today is <say-as interpret-as="date" format="dmy">10-12-2016</say-as>`<br /><br />As "Today is December tenth two thousand sixteen." |

+> [!NOTE]

+> The output for `command invoke` is limited to 512kB in size.

+ Title: Support and troubleshooting for Azure Kubernetes Service (AKS)

+description: This article provides support and troubleshooting options for Azure Kubernetes Service (AKS).

+The [AKS troubleshooting documentation](/troubleshoot/azure/azure-kubernetes/welcome-azure-kubernetes) provides guidance for how to diagnose and resolve issues that you might encounter when using AKS. These articles cover how to troubleshoot deployment failures, security-related problems, connection issues, and more.

+Azure's preferred destination for community support, [Microsoft Q&A](/answers/products/azure), allows you to ask technical questions and engage with Azure engineers, Most Valuable Professionals (MVPs), partners, and customers. When you ask a question, make sure you use the `azure-kubernetes-service` tag. You can also submit your own answers and help other community members with their questions.

+If you can't find an answer to your problem using search, you can submit a new question to Microsoft Q&A and tag it with the appropriate Azure service and area.

+The following table lists the tags for AKS and related

+Explore the range of [Azure support options](https://azure.microsoft.com/support/plans) and choose a plan that best fits your needs. Azure customers can create and manage support requests in the Azure portal.

+If you already have an Azure Support Plan, you can [open a support request](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/newsupportrequest).

+If you need help with the languages and tools for developing and managing AKS, you can open an issue in its GitHub repository.

+The following table lists the GitHub repositories for AKS and related

+| Azure CLI | https://github.com/Azure/azure-cli/issues |

+| Azure REST API | https://github.com/Azure/azure-rest-api-specs/issues |

+| Azure SDK for Java | https://github.com/Azure/azure-sdk-for-java/issues |

+| Azure SDK for Python | https://github.com/Azure/azure-sdk-for-python/issues |

+| Azure SDK for .NET | https://github.com/Azure/azure-sdk-for-net/issues |

+| Azure SDK for JavaScript | https://github.com/Azure/azure-sdk-for-js/issues |

+| Terraform | https://github.com/Azure/terraform/issues |

+Learn about important product updates, roadmap, and announcements in [Azure Updates](https://azure.microsoft.com/updates/?category=compute). For information about Azure Virtual Machines, see the [Azure blog](https://azure.microsoft.com/blog/topics/virtual-machines/).

+Visit the [Azure Kubernetes Service (AKS) documentation](./index.yml).

+Node-level OS security updates come in at a faster cadence than Kubernetes patch or minor version updates. This is the main reason for introducing a separate, dedicated Node OS auto-upgrade channel. With this feature, you can have a flexible and customized strategy for node-level OS security updates and a separate plan for cluster-level Kubernetes version [auto-upgrades][Autoupgrade].

+> If you don't have node resource group lockdown enabled, you can directly modify any resource in the node resource group. Directly modifying resources in the node resource group can cause your cluster to become unstable or unresponsive.

+ - docker.io/library/alpine:3.7.3

+ // You can also use "*" to specify all non-running images

+The Kubernetes Event-driven Autoscaling (KEDA) add-on for AKS integrates with features provided by Azure and open-source projects.

+> The [AKS support policy][aks-support-policy] doesn't cover integrations with open-source projects.

+KEDA integrates with various tools and services through [a rich catalog of 50+ KEDA scalers][keda-scalers] and supports leading cloud platforms and open-source technologies.

+KEDA leverages the following scalers for Azure

+You can also install external scalers to autoscale on other Azure

+These external scalers *aren't supported as part of the add-on* and rely on community support.

+- [Enable the KEDA add-on with an ARM template][keda-arm]

+- [Enable the KEDA add-on with the Azure CLI][keda-cli]

+- [Troubleshoot KEDA add-on problems][keda-troubleshoot]

+- [Autoscale a .NET Core worker processing Azure Service Bus Queue message][keda-sample]

+ AKS auto-upgrade needs a certain amount of time to take the maintenance window into consideration. We recommend at least 24 hours between the creation/update of the maintenance configuration, and when it's scheduled to start.

+* [Azure Linux supported GPU SKUs](../azure-linux/intro-azure-linux.md#azure-linux-container-host-supported-gpu-skus)

+ <dependencyManagement>

+ <dependencies>

+ <dependency>

+ <groupId>com.azure.spring</groupId>

+ <artifactId>spring-cloud-azure-dependencies</artifactId>

+ <version>5.5.0</version>

+ <type>pom</type>

+ <scope>import</scope>

+ </dependency>

+ </dependencies>

+ </dependencyManagement>

+ <dependencyManagement>

+ <dependencies>

+ <dependency>

+ <groupId>com.azure.spring</groupId>

+ <artifactId>spring-cloud-azure-dependencies</artifactId>

+ <version>4.11.0</version>

+ <type>pom</type>

+ <scope>import</scope>

+ </dependency>

+ </dependencies>

+ </dependencyManagement>

+<dependencyManagement>

+ <dependencies>

+ <dependency>

+ <groupId>com.azure.spring</groupId>

+ <artifactId>spring-cloud-azure-dependencies</artifactId>

+ <version>5.5.0</version>

+ <type>pom</type>

+ <scope>import</scope>

+ </dependency>

+ </dependencies>

+</dependencyManagement>

+<dependencyManagement>

+ <dependencies>

+ <dependency>

+ <groupId>com.azure.spring</groupId>

+ <artifactId>spring-cloud-azure-dependencies</artifactId>

+ <version>4.11.0</version>

+ <type>pom</type>

+ <scope>import</scope>

+ </dependency>

+ </dependencies>

+</dependencyManagement>

+ Title: How to manage and use snapshots (preview) in Azure App Configuration

+description: How to manage and use snapshots in an Azure App Configuration store.

+# Manage and use snapshots (preview)

+In this article, learn how to create, use and manage snapshots in Azure App Configuration. Snapshot is a set of App Configuration settings stored in an immutable state.

+1. To access values stored in App Configuration, update the `Builder` configuration to use the `AddAzureAppConfiguration()` method.

+1. Open `bootstrap.properties`, remove the connection-string property and replace it with endpoint for System Assigned Identity:

+for User Assigned Identity:

+```properties

+spring.cloud.azure.appconfiguration.stores[0].endpoint=<service_endpoint>

+spring.cloud.azure.credential.managed-identity-enabled= true

+spring.cloud.azure.credential.client-id= <client_id>

+```

+> For more information see [Spring Cloud Azure authentication](/azure/developer/java/spring-framework/authentication).

+ <dependencyManagement>

+ <dependencies>

+ <dependency>

+ <groupId>com.azure.spring</groupId>

+ <artifactId>spring-cloud-azure-dependencies</artifactId>

+ <version>5.5.0</version>

+ <type>pom</type>

+ <scope>import</scope>

+ </dependency>

+ </dependencies>

+ </dependencyManagement>

+

+ <dependencyManagement>

+ <dependencies>

+ <dependency>

+ <groupId>com.azure.spring</groupId>

+ <artifactId>spring-cloud-azure-dependencies</artifactId>

+ <version>4.11.0</version>

+ <type>pom</type>

+ <scope>import</scope>

+ </dependency>

+ </dependencies>

+ </dependencyManagement>

+<dependencyManagement>

+ <dependencies>

+ <dependency>

+ <groupId>com.azure.spring</groupId>

+ <artifactId>spring-cloud-azure-dependencies</artifactId>

+ <version>5.5.0</version>

+ <type>pom</type>

+ <scope>import</scope>

+ </dependency>

+ </dependencies>

+</dependencyManagement>

+<dependencyManagement>

+ <dependencies>

+ <dependency>

+ <groupId>com.azure.spring</groupId>

+ <artifactId>spring-cloud-azure-dependencies</artifactId>

+ <version>4.11.0</version>

+ <type>pom</type>

+ <scope>import</scope>

+ </dependency>

+ </dependencies>

+</dependencyManagement>

+<dependencyManagement>

+ <dependencies>

+ <dependency>

+ <groupId>com.azure.spring</groupId>

+ <artifactId>spring-cloud-azure-dependencies</artifactId>

+ <version>5.5.0</version>

+ <type>pom</type>

+ <scope>import</scope>

+ </dependency>

+ </dependencies>

+</dependencyManagement>

+<dependencyManagement>

+ <dependencies>

+ <dependency>

+ <groupId>com.azure.spring</groupId>

+ <artifactId>spring-cloud-azure-dependencies</artifactId>

+ <version>4.11.0</version>

+ <type>pom</type>

+ <scope>import</scope>

+ </dependency>

+ </dependencies>

+</dependencyManagement>

+## Monitoring

+Currently, local monitoring with Grafana is only available for the default `postgres` database. Metrics dashboards for user created databases will be empty.

+## Configuration

+System configurations that are stored in `postgresql.auto.conf` are backed up when a base backup is created. This means that changes made after the last base backup, will not be present in a restored server until a new base backup is taken to capture those changes.

+## Access to Azure services

+For Azure Arc-enabled servers enrolled in WS2012 ESUs enabled by Azure Arc, free access is provided to these Azure services from October 10, 2023:

+* [Azure Update Manager](../../update-center/overview.md) - Unified management and governance of update compliance that includes not only Azure and hybrid machines, but also ESU update compliance for all your Windows Server 2012/2012 R2 machines.

+* [Azure Automation Change Tracking and Inventory](/azure/automation/change-tracking/overview?tabs=python-2) - Track changes in virtual machines hosted in Azure, on-premises, and other cloud environments.

+* [Azure Policy Guest Configuration](/azure/cloud-adoption-framework/manage/azure-server-management/guest-configuration-policy) - Audit the configuration settings in a virtual machine. Guest configuration supports Azure VMs natively and non-Azure physical and virtual servers through Azure Arc-enabled servers.

+Other Azure services through Azure Arc-enabled servers are available as well, with offerings such as:

+* [Microsoft Sentinel](scenario-onboard-azure-sentinel.md) - Collect security-related events and correlate them with other data sources.

+ "value": "abcdefghijklmmopqrstuv1234567890"

+ "value": "1234567890abcdefghijklmmopqrstuv"

+ "username": "charlie.roy"

+## Azure Linux Container Host supported GPU SKUs

+The Azure Linux Container Host supports the following GPU SKUs:

+- [NVIDIA V100][nvidia-v100]

+- [NVIDIA T4][nvidia-t4]

+> Azure Linux doesn't support the NC A100 v4 series. All other VM SKUs that are available on AKS are available with Azure Linux.

+<!-- LINKS - internal -->

+[nvidia-v100]: ../virtual-machines/ncv3-series.md

+[nvidia-t4]: ../virtual-machines/nct4-v3-series.md

+[cis-benchmarks]: ../aks/cis-azure-linux.md

+ "pricingTier": {

+ "type": "string",

+ "allowedValues":[

+ "G2"

+ ],

+ "defaultValue": "G2",

+ "metadata": {

+ "description": "The pricing tier SKU for the account."

+ }

+ },

+ "kind": {

+ "type": "string",

+ "allowedValues":[

+ "Gen2"

+ ],

+ "defaultValue": "Gen2",

+ "metadata": {

+ "description": "The pricing tier for the account."

+ }

+ }

+2. List all URL ping tests in the current subscription:

+ Get-AzApplicationInsightsWebTest | `

+ Where-Object { $_.WebTestKind -eq "ping" } | `

+ Format-Table -Property ResourceGroupName,Name,WebTestKind,Enabled;

+3. Find the URL Ping Test you want to migrate and record its resource group and name.

+ $resourceGroup = "pingTestResourceGroup";

+>If you are migrating from Container Insights on Azure Red Hat OpenShift v4.x, please also ensure that you have [disabled monitoring](./container-insights-optout-hybrid.md) before proceeding with configuring Container Insights on Azure Arc enabled Kubernetes to prevent any installation issues.

+- To scrape and analyze Prometheus metrics from your cluster, review [Configure Prometheus metrics scraping](container-insights-prometheus-integration.md)

+"variables": {

+ //add this line

+ "storageAccountName": "[concat('storage', uniqueString(resourceGroup().id))]",

+ ...

+}

+{

+ "type": "Microsoft.Compute/virtualMachineScaleSets",

+ "name": "[variables('namingInfix')]",

+ "location": "[resourceGroup().location]",

+ "apiVersion": "2017-03-30",

+ //add these lines below

+ "identity": {

+ "type": "systemAssigned"

+ },

+ //end of lines to add

+ ...

+}

+ "extensionProfile": {

+ "extensions": [

+ // BEGINNING of added code

+ // Managed identities for Azure resources

+ {

+ "name": "VMSS-WAD-extension",

+ "properties": {

+ "publisher": "Microsoft.ManagedIdentity",

+ "type": "ManagedIdentityExtensionForWindows",

+ "typeHandlerVersion": "1.0",

+ "autoUpgradeMinorVersion": true,

+ "settings": {

+ "port": 50342

+ },

+ "protectedSettings": {}

+ }

+ },

+ // add diagnostic extension. (Remove this comment after pasting.)

+ {

+ "name": "[concat('VMDiagnosticsVmExt','_vmNodeType0Name')]",

+ "properties": {

+ "type": "IaaSDiagnostics",

+ "autoUpgradeMinorVersion": true,

+ "protectedSettings": {

+ "storageAccountName": "[variables('storageAccountName')]",

+ "storageAccountKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')),'2015-05-01-preview').key1]",

+ "storageAccountEndPoint": "https://core.windows.net/"

+ },

+ "publisher": "Microsoft.Azure.Diagnostics",

+ "settings": {

+ "WadCfg": {

+ "DiagnosticMonitorConfiguration": {

+ "overallQuotaInMB": "50000",

+ "PerformanceCounters": {

+ "scheduledTransferPeriod": "PT1M",

+ "sinks": "AzMonSink",

+ "PerformanceCounterConfiguration": [

+ {

+ "counterSpecifier": "\\Memory\\% Committed Bytes In Use",

+ "sampleRate": "PT15S"

+ },

+ {

+ "counterSpecifier": "\\Memory\\Available Bytes",

+ "sampleRate": "PT15S"

+ },

+ {

+ "counterSpecifier": "\\Memory\\Committed Bytes",

+ "sampleRate": "PT15S"

+ }

+ ]

+ },

+ "EtwProviders": {

+ "EtwEventSourceProviderConfiguration": [

+ {

+ "provider": "Microsoft-ServiceFabric-Actors",

+ "scheduledTransferKeywordFilter": "1",

+ "scheduledTransferPeriod": "PT5M",

+ "DefaultEvents": {

+ "eventDestination": "ServiceFabricReliableActorEventTable"

+ }

+ },

+ {

+ "provider": "Microsoft-ServiceFabric-Services",

+ "scheduledTransferPeriod": "PT5M",

+ "DefaultEvents": {

+ "eventDestination": "ServiceFabricReliableServiceEventTable"

+ }

+ }

+ ],

+ "EtwManifestProviderConfiguration": [

+ {

+ "provider": "cbd93bc2-71e5-4566-b3a7-595d8eeca6e8",

+ "scheduledTransferLogLevelFilter": "Information",

+ "scheduledTransferKeywordFilter": "4611686018427387904",

+ "scheduledTransferPeriod": "PT5M",

+ "DefaultEvents": {

+ "eventDestination": "ServiceFabricSystemEventTable"

+ }

+ }

+ ]

+ }

+ },

+ "SinksConfig": {

+ "Sink": [

+ {

+ "name": "AzMonSink",

+ "AzureMonitor": {}

+ }

+ ]

+ }

+ },

+ "StorageAccount": "[variables('storageAccountName')]"

+ },

+ "typeHandlerVersion": "1.11"

+ }

+ ]

+ },

+ // end of added code. Be sure that the number and type of brackets match properly when done.

+ {

+ "type": "Microsoft.Insights/autoscaleSettings",

+ ...

+ }

+Add a **dependsOn** for the storage account to ensure it's created in the correct order:

+"dependsOn": [

+ "[concat('Microsoft.Network/loadBalancers/', variables('loadBalancerName'))]",

+ "[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]",

+ //add this line below

+ "[concat('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]"

+]

+ // add this code

+ {

+ "accountType": "Standard_LRS"

+ },

+ // end added code

+ {

+ ...

+ }

+]

+Save and close both files.

+## Deploy the Resource Manager template

+> [!NOTE]

+> You must be running the Azure Diagnostics extension version 1.5 or higher **and** have the **autoUpgradeMinorVersion:** property set to **true** in your Resource Manager template. Azure then loads the proper extension when it starts the VM. If you don't have these settings in your template, change them and redeploy the template.

+To deploy the Resource Manager template, use Azure PowerShell:

+1. Launch PowerShell.

+ Select-AzSubscription -SubscriptionName "<Name of the subscription>"

+1. Create a new resource group for the VM being deployed. Run the following command:

+ New-AzResourceGroup -Name "VMSSWADtestGrp" -Location "<Azure Region>"

+1. Run the following commands to deploy the VM:

+ > [!NOTE]

+ > If you want to update an existing scale set, add **-Mode Incremental** to the end of the command.

+ New-AzResourceGroupDeployment -Name "VMSSWADTest" -ResourceGroupName "VMSSWADtestGrp" -TemplateFile "<File path of your azuredeploy.JSON file>" -TemplateParameterFile "<File path of your azuredeploy.parameters.JSON file>"

+1. After your deployment succeeds, you should find the virtual machine scale set in the Azure portal. It should emit metrics to Azure Monitor.

+ > [!NOTE]

+ > You might run into errors around the selected **vmSkuSize**. In that case, go back to your **azuredeploy.json** file and update the default value of the **vmSkuSize** parameter. We recommend that you try **Standard_DS1_v2**.

+## Chart your metrics

+1. Sign in to the Azure portal.

+1. In the left-hand menu, select **Monitor**.

+1. On the **Monitor** page, select **Metrics**.

+1. Change the aggregation period to **Last 30 minutes**.

+1. In the resource drop-down menu, select the virtual machine scale set you created.

+1. In the namespaces drop-down menu, select **Virtual Machine Guest**.

+1. In the metrics drop-down menu, select **Memory\%Committed Bytes in Use**.

+> InfluxData Telegraf is an open source agent and not officially supported by Azure Monitor. For issues with the Telegraf connector, please refer to the Telegraf GitHub page here: [InfluxData](https://github.com/influxdata/telegraf)

+## Prerequisites

+To query Prometheus metrics from an Azure Monitor workspace, you need the following:

+- An Azure Monitor workspace. To create an Azure Monitor workspace, see [Create an Azure Monitor Workspace](./azure-monitor-workspace-overview.md?tabs=azure-portal.md).

+Workbooks support many visualizations and Azure integrations. For more information about Azure Workbooks, see [Creating an Azure Workbook](../visualize/workbooks-create-workbook.md).

+1. From your Azure Monitor workspace, select **Workbooks**.

+If you receive a message indicating that "You currently do not have any Prometheus data ingested to this Azure Monitor workspace":

+If your workbook query does not return data with a message "You do not have query access":

+- Check that you have sufficient permissions to perform **microsoft.monitor/accounts/read** assigned through Access Control (IAM) in your Azure Monitor workspace.

+- Confirm if your Networking settings support query access. You may need to enable private access through your private endpoint or change settings to allow public access.

+- If you have ad block enabled in your browser, you may need to pause or disable and refresh the workbook in order to view data.

+# Tutorial: Ingest events from Azure Event Hubs into Azure Monitor Logs (Public Preview)

+1. Select **Managed identity** for **Assign access to** and click **Select members**. Select **Data collection rule**, search your DCR by name and click **Select**.

+[  ](media/ingest-logs-event-hub/assign-access-to-managed-identity.png#lightbox)

+* When creating the delegated subnet for Azure NetApp Files, the size of the subnet matters. A subnet with a /28 network mask provides (only) 11 usable IP addresses, which might be insufficient for certain use cases. In that case, you should plan for a larger delegated subnet. For instance, a subnet with a /26 network mask provides 59 and a /24 network mask provides 251 available IP addresses respectively. You should consider even larger subnets (for example, /23 network mask) in scenarios where application volume group for SAP HANA is used and where many volumes and storage endpoints are anticipated. The network mask of the delegated network can't be changed after the initial creation. Make sure to plan your VNet and delegated subnet sizes consciously.

+ Azure enables you to create multiple delegated subnets in a VNet. However, any attempts to create a new volume would fail if you use more than one delegated subnet.

+* You can't designate a network security group or service endpoint in the delegated subnet. Doing so causes the subnet delegation to fail.

+* Access to a volume from a globally peered virtual network isn't currently supported using Basic networks features. Global VNet peering is supported with Standard network features. For more information, see [Supported network topologies](azure-netapp-files-network-topologies.md#supported-network-topologies).

+* US Gov Texas (public preview)

+* South Central US

+"validationTasks": [

+ {

+ "componentName": "Default component",

+ "endTime": "2020-08-25T05:18:49.5224772+00:00",

+ "interfaceId": "dtmi:com:example:TemperatureController;1",

+ "logs": [

+ {

+ "message": "Waiting for telemetry from the device",

+ "time": "2020-08-25T05:18:37.3862586+00:00"

+ },

+ {

+ "message": "Validating PnP properties",

+ "time": "2020-08-25T05:18:37.3875168+00:00"

+ },

+ {

+ "message": "Validating PnP commands",

+ "time": "2020-08-25T05:18:37.3894343+00:00"

+ },

+ {

+ "message": "{\"propertyName\":\"serialNumber\",\"expectedSchemaType\":null,\"actualSchemaType\":null,\"message\":\"Property is successfully validated\",\"passed\":true,\"time\":\"2020-08-25T05:18:37.4205985+00:00\"}",

+ "time": "2020-08-25T05:18:37.4205985+00:00"

+ },

+ {

+ "message": "PnP interface properties validation passed",

+ "time": "2020-08-25T05:18:37.4206964+00:00"

+ },

+ ...

+ ]

+ }

+]

+{

+ "_type" : "ImageModuleAction",

+ "actionType" : "PagesIncluding",

+ "data" : {

+ "value" : [

+ "webSearchUrl" : "https://www.bing.com\/images\/search?",

+ "name" : "Today's smoking hot country",

+ "thumbnailUrl" : "https:\/\/tse2.mm.bing.net\/th?id=OIP...",

+ "datePublished" : "2017-09-20T12:00:00.0000000Z",

+ "contentUrl" : "http:\/\/contoso.com\/wordstuff",

+ "hostPageUrl" : "http:\/\/contoso.com\/2017\/09\/20\/car",

+ "contentSize" : "122540 B",

+ "encodingFormat" : "jpeg",

+ "hostPageDisplayUrl" : "contoso.com\/2017\/09\/20\/car",

+ "width" : 894,

+ "height" : 1200,

+ "thumbnail" : {

+ "width" : 474,

+ "height" : 636

+ },

+ "imageInsightsToken" : "ccid_CO5GEthj*mid_5323B1",

+ "insightsMetadata" : {

+ "pagesIncludingCount" : 12,

+ "availableSizesCount" : 7

+ },

+ "imageId" : "5323B1900FB9087B6B45D176D234E1F2F23CD3A5",

+ "accentColor" : "55585B"

+ ]

+ }

+}

+{

+ "_type" : "ImageShoppingSourcesAction",

+ "actionType" : "ShoppingSources",

+ "data" : {

+ "offers" : [

+ "name" : "Apple Pie",

+ "url" : "https:\/\/contoso.com\/product_p\/l10.htm",

+ "description" : "A taste of the crust, apple, and pie filling...",

+ "seller" : {

+ "name" : "Contoso"

+ },

+ "price" : 3.99,

+ "priceCurrency" : "USD",

+ "aggregateRating" : {

+ "ratingValue" : 5

+ },

+ "lastUpdated" : "2018-04-16T00:00:00.0000000"

+ ]

+ }

+}

+{

+ "image" : {

+ "webSearchUrl" : "https:\/\/www.bing.com\/images\/search?view=detai...",

+ "name" : "Making Apple Pie",

+ "thumbnailUrl" : "https:\/\/tse4.mm.bing.net\/th?id=OIP....",

+ "datePublished" : "2013-06-21T12:00:00.0000000Z",

+ "contentUrl" : "http:\/\/contoso.com\/content\/uploads\/2013\/06\/apple-pie.jpg",

+ "hostPageUrl" : "http:\/\/contoso.com\/2013\/06\/21\/making-apple-pie\/",

+ "contentSize" : "134847 B",

+ "encodingFormat" : "jpeg",

+ "hostPageDisplayUrl" : "contoso.com\/2013\/06\/21\/making-apple-pie",

+ "width" : 1050,

+ "height" : 765,

+ "thumbnail" : {

+ "width" : 474,

+ "height" : 345

+ },

+ "imageInsightsToken" : "ccid_tmaGQ2eU*mid_D12339146CF...",

+ "insightsMetadata" : {

+ "recipeSourcesCount" : 6,

+ "pagesIncludingCount" : 103,

+ "availableSizesCount" : 28

+ },

+ "imageId" : "D12339146CFEDF3D409CC7A66D2C98D0D71904D4",

+ "accentColor" : "3A0B01"

+ },

+ "actionType" : "MoreSizes"

+},

+{

+ "_type" : "ImageModuleAction",

+ "actionType" : "VisualSearch",

+ "data" : {

+ "value" : [

+ "webSearchUrl" : "https:\/\/www.bing.com\/images\/search?view=...",

+ "name" : "An apple pie...",

+ "thumbnailUrl" : "https:\/\/tse4.mm.bing.net\/th?id=OIP.z...",

+ "datePublished" : "2017-03-18T00:17:00.0000000Z",

+ "contentUrl" : "http:\/\/contoso.net\/images\/8\/8a\/an_apple_pie.png",

+ "hostPageUrl" : "http:\/\/contoso.com\/wiki\/an_apple_pie.png",

+ "contentSize" : "87930 B",

+ "encodingFormat" : "png",

+ "hostPageDisplayUrl" : "contoso.com\/wiki\/an_apple_pie.png",

+ "width" : 263,

+ "height" : 192,

+ "thumbnail" : {

+ "width" : 474,

+ "height" : 346

+ },

+ "imageInsightsToken" : "ccid_zhRxfGkI*mid_1DCBA7AA6D231...",

+ "insightsMetadata" : {

+ "recipeSourcesCount" : 6,

+ "pagesIncludingCount" : 103,

+ "availableSizesCount" : 28

+ },

+ "imageId" : "1DCBA7AA6D23147F9DD06D47DB3A38EB25389",

+ "accentColor" : "3E0D01"

+ ]

+ }

+}

+{

+ "_type" : "ImageRecipesAction",

+ "actionType" : "Recipes",

+ "data" : {

+ "value" : [

+ "name" : "Granny's Apple Pie",

+ "url" : "http:\/\/contoso.com\/recipes\/appetizer\/apple-pie.html",

+ "description" : "I love Granny's apple pie. Sooooo delicious...",

+ "thumbnailUrl" : "https:\/\/tse4.mm.bing.net\/th?id=A63002cd9",

+ "creator" : {

+ "_type" : "Person",

+ "name" : "Charlene Whitney"

+ },

+ "aggregateRating" : {

+ "text" : "5",

+ "ratingValue" : 5,

+ "bestRating" : 5,

+ "reviewCount" : 1

+ },

+ "cookTime" : "PT45M",

+ "prepTime" : "PT1H",

+ "totalTime" : "PT1H45M"

+ ]

+ }

+}

+{

+ "image" : {

+ "webSearchUrl" : "https:\/\/www.bing.com\/images\/search?view=deta...",

+ "name" : "Making Apple Pie",

+ "thumbnailUrl" : "https:\/\/tse4.mm.bing.net\/th?id=OIP...",

+ "datePublished" : "2013-06-21T12:00:00.0000000Z",

+ "contentUrl" : "http:\/\/contoso.com\/content\/uploads\/2013\/06\/apple-pie.jpg",

+ "hostPageUrl" : "http:\/\/contoso.com\/2013\/06\/21\/making-apple-pie\/",

+ "contentSize" : "134847 B",

+ "encodingFormat" : "jpeg",

+ "hostPageDisplayUrl" : "contoso.com\/2013\/06\/21\/making-apple-pie",

+ "width" : 1050,

+ "height" : 765,

+ "thumbnail" : {

+ "width" : 474,

+ "height" : 345

+ },

+ "imageInsightsToken" : "ccid_tmaGQ2eU*mid_D12339146CFE...",

+ "insightsMetadata" : {

+ "recipeSourcesCount" : 6,

+ "pagesIncludingCount" : 103,

+ "availableSizesCount" : 28

+ },

+ "imageId" : "D12339146CFEDF3D409A66D2C98D0D71904D4",

+ "accentColor" : "3A0B01"

+ },

+ "actionType" : "ImageById"

+},

+{

+ "_type" : "ImageModuleAction",

+ "actionType" : "ProductVisualSearch",

+ "data" : {

+ "value" : [

+ "webSearchUrl" : "https:\/\/www.bing.com\/images\/search?view=detail...",

+ "name" : "Contoso 4-Piece Kitchen Package...",

+ "thumbnailUrl" : "https:\/\/tse3.mm.bing.net\/th?id=OIP.l9hzaabu-RJd...",

+ "datePublished" : "2017-07-16T04:28:00.0000000Z",

+ "contentUrl" : "https:\/\/www.contoso.com\/assets\/media\/images\/prod...",

+ "hostPageUrl" : "https:\/\/www.contoso.com\/4-piece-kitchen-package...",

+ "contentSize" : "13594 B",

+ "encodingFormat" : "jpeg",

+ "hostPageDisplayUrl" : "https:\/\/www.contoso.com\/4-piece-kitchen-package...",

+ "width" : 450,

+ "height" : 332,

+ "thumbnail" : {

+ "width" : 474,

+ "height" : 349

+ },

+ "imageInsightsToken" : "ccid_l9hzaabu*mid_70A8B616355D681DB9A5A...",

+ "insightsMetadata" : {

+ "shoppingSourcesCount" : 1,

+ "recipeSourcesCount" : 0,

+ "aggregateOffer" : {

+ "name":"4-Piece Kitchen Package with...",

+ "priceCurrency":"USD",

+ "lowPrice":2756,

+ "offers" : [

+ {

+ "name" : "4-Piece Kitchen Package with...",

+ "url" : "https:\/\/www.fabrikam.com\/1234.html?ref=bing",

+ "description" : "This 36 Frenchdoor refrigerator by...",

+ "seller" : {

+ "name" : "Fabrikam",

+ "image" : {

+ "url" : "https:\/\/tse1.mm.bing.net\/th?id=A818f811..."

+ }

+ "price" : 2756,

+ "priceCurrency" : "USD",

+ "availability" : "InStock",

+ "lastUpdated" : "2018-02-20T00:00:00.0000000"

+ }

+ ],

+ "offerCount":1

+ },

+ "pagesIncludingCount" : 4,

+ "availableSizesCount" : 2

+ },

+ "imageId" : "70A8B616355D681DA5980A8D0514BCC995A3",

+ "accentColor" : "60646B"

+ ]

+ }

+}

+{

+ "_type" : "ImageRelatedSearchesAction",

+ "actionType" : "RelatedSearches",

+ "data" : {

+ "value" : [

+ "text" : "Homemade Apple Pies Recipes",

+ "displayText" : "Homemade Apple Pies Recipes",

+ "webSearchUrl" : "https:\/\/www.bing.com\/images\/search?q=Homemade...",

+ "thumbnail" : {

+ "url" : "https:\/\/tse1.mm.bing.net\/th?q=Homemade+Apple+Pies"

+ ]

+ }

+}

+{

+ "_type" : "ImageRelatedSearchesAction",

+ "actionType" : "DocumentLevelSuggestions",

+ "data" : {

+ "value" : [

+ "text" : "American Apple Pie",

+ "displayText" : "American Apple Pie",

+ "webSearchUrl" : "https:\/\/www.bing.com\/images\/search?q=American",

+ "thumbnail" : {

+ "url" : "https:\/\/tse3.mm.bing.net\/th?q=American+Apple+Pie."

+ ]

+ }

+}

+- [Call Summary and Call Diagnostic logs](logs/voice-and-video-logs.md)

+- [SMS Diagnostic logs](logs/sms-logs.md)

+| | Mute other participants |Γ£ö∩╕Ź | Γ¥î | Γ¥î | Γ¥î |

+| Screen sharing | Share the entire screen from within the application | Γ£ö∩╕Å | Γ£ö∩╕Ų | Γ£ö∩╕Ų | Γ£ö∩╕Ų |

+| | Share a specific application (from the list of running applications) | Γ£ö∩╕Å | Γ£ö∩╕Ų | Γ¥î | Γ¥î |

+| | Share a web browser tab from the list of open tabs | ✔️ | | | |

+| | Get microphone list | Γ£ö∩╕Å | Γ£ö∩╕Å | Γ¥î ³ | Γ¥î³ |

+| | Set microphone | Γ£ö∩╕Å | Γ£ö∩╕Å | Γ¥î ³ | Γ¥î ³ |

+| | Get selected microphone | Γ£ö∩╕Å | Γ£ö∩╕Å | Γ¥î ³ | Γ¥î ³ |

+| | Get speakers list | Γ£ö∩╕Å | Γ£ö∩╕Å | Γ¥î ³ | Γ¥î ³ |

+| | Set speaker | Γ£ö∩╕Å | Γ£ö∩╕Å | Γ¥î ³ | Γ¥î ³ |

+| | Get selected speaker | Γ£ö∩╕Å | Γ£ö∩╕Å | Γ¥î ³ | Γ¥î ³ |

+1. The capability to Mute Others is currently in public preview.

+2. The Share Screen capability can be achieved using Raw Media, if you want to learn, **how to add Raw Media**, visit [the quickstart guide](../../quickstarts/voice-video-calling/get-started-raw-media-access.md).

+3. The Calling SDK doesn't have an explicit API, you need to use the OS (android & iOS) API to achieve it.

+- Learn about [call automation API](../call-automation/call-automation.md) that enables you to build server-based calling workflows that can route and control calls with client applications.

+ "2019-datacenter-gensecond": {

+ "offer": "WindowsServer",

+ "publisher": "MicrosoftWindowsServer",

+ "sku": "2019-datacenter-gensecond",

+ "version": "latest"

+ },

+ "20_04-lts-gen2": {

+ "offer": "0001-com-ubuntu-server-focal",

+ "publisher": "Canonical",

+ "sku": "20_04-lts-gen2",

+ "version": "latest"

+ }

+ "22_04-lts-gen2": {

+ "offer": "0001-com-ubuntu-server-jammy",

+ "publisher": "Canonical",

+ "sku": "22_04-lts-gen2",

+ "version": "latest"

+ },

+|Iceland | Italy ┬╣ |

+|India ┬▓ | Indonesia |

+┬╣ For Italy, you must enter your organization's Codice Fiscale using the following steps with the **Manage Tax IDs** option.

+┬▓ Follow the instructions in the next section to add your Goods and Services Taxpayer Identification Number (GSTIN).

+ > If you don't see the Tax IDs section, Tax IDs are not yet collected for your region. Or, updating Tax IDs in the Azure portal isn't supported for your account.

+ - **As source**, grant the **Database viewer** role to your database.

+ - **As sink**, grant the **Database ingestor** and **Database viewer** roles to your database.

+* Learn more about how to [copy data from Azure Data Factory and Synapse Analytics to Azure Data Explorer](/azure/data-explorer/data-factory-load-data).

+#### Error code: JreNotFound

+#### Error code: WildcardPathSinkNotSupported

+#### Error code: JniException

+#### Error code: GetOAuth2AccessTokenErrorResponse

+#### Error code: FailedToGetOAuth2AccessToken

+#### Error code: OAuth2AccessTokenTypeNotSupported

+#### Error code: OAuth2ClientIdColonNotAllowed

+#### Error code: ManagedIdentityCredentialObjectNotSupported

+#### Error code: QueryMissingFormatSettingsInDataset

+#### Error code: QueryUnsupportedCommandBehavior

+#### Error code: DataConsistencyFailedToGetSourceFileMetadata

+#### Error code: DataConsistencyFailedToGetSinkFileMetadata

+#### Error code: DataConsistencyValidationNotSupportedForNonDirectBinaryCopy

+#### Error code: DataConsistencyValidationNotSupportedForLowVersionSelfHostedIntegrationRuntime

+#### Error code: SkipMissingFileNotSupportedForNonDirectBinaryCopy

+#### Error code: SkipInconsistencyDataNotSupportedForNonDirectBinaryCopy

+#### Error code: SkipForbiddenFileNotSupportedForNonDirectBinaryCopy

+#### Error code: SkipForbiddenFileNotSupportedForThisConnector

+#### Error code: SkipInvalidFileNameNotSupportedForNonDirectBinaryCopy

+#### Error code: SkipInvalidFileNameNotSupportedForSource

+#### Error code: SkipInvalidFileNameNotSupportedForSink

+#### Error code: SkipAllErrorFileNotSupportedForNonBinaryCopy

+#### Error code: DeleteFilesAfterCompletionNotSupportedForNonDirectBinaryCopy

+#### Error code: DeleteFilesAfterCompletionNotSupportedForThisConnector

+#### Error code: FailedToDownloadCustomPlugins

+#### Error code: UserErrorOdbcInvalidQueryString

+#### Error code: FailToResolveParametersInExploratoryController

+$successStatusCodes = @(200, 201, 202)

+if ($Response.StatusCode -in $successStatusCodes) {

+ LogMessage -LogMessage "There was a problem to enable express configuration Vulnerability Assessment feature on the '$($ServerName)' server. Error '$($Response.StatusCode)': '$($Response.Content)'"

+ "expirationDate": "2022-12-01"

+{

+ "type": "microsoft.devtestlab/labs",

+ "name": "[parameters('lab_name')]",

+ "apiVersion": "2018-10-15-preview",

+ "location": "eastus",

+ "tags": {},

+ "scale": null,

+ "properties": {

+ "vmCreationResourceGroupId": "/subscriptions/<SubscriptionID>/resourcegroups/<ResourceGroupName>",

+ "labStorageType": "Premium",

+ "premiumDataDisks": "Disabled",

+ "provisioningState": "Succeeded",

+ "uniqueIdentifier": "000000000f-0000-0000-0000-00000000000000"

+ },

+ "dependsOn": []

+},

+Skip this section if you're deploying a third-party provider into an existing hub.

+3. Navigate to **Overview**. Select **View secured virtual hubs**.

+5. Enter your subscription and resource group, select a supported region, and add your hub and virtual WAN information.

+To verify that the hub has been created, navigate to Azure Firewall Manager->Overview->View secured virtual hubs. You see the security partner provider name and the security partner status as **Security Connection Pending**.

+1. In **Getting Started**, **Overview**, select **View secured virtual hubs**.

+ When you deploy a third-party provider into the hub, it converts the hub into a *secured virtual hub*. This ensures that the third-party provider is advertising a 0.0.0.0/0 (default) route to the hub. However, virtual network connections and sites connected to the hub donΓÇÖt get this route unless you opt-in on which connections should get this default route.

+## Branch or virtual network Internet traffic via third-party service

+Next, you can check if virtual network virtual machines or the branch site can access the Internet and validate that the traffic is flowing to the third-party service.

+After you finish the route setting steps, the virtual network virtual machines and the branch sites are sent a 0/0 to the third-party service route. You can't RDP or SSH into these virtual machines. To sign in, you can deploy the [Azure Bastion](../bastion/bastion-overview.md) service in a peered virtual network.

+For example, you may observe allowed traffic through the Azure Firewall, even though there's no explicit rule to allow the traffic. This is because Azure Firewall passes the traffic to the next hop security partner provider (ZScalar, CheckPoint, or iBoss). Azure Firewall still has rules to allow outbound traffic, but the rule name isn't logged.

+When you no longer need the resources that you created with the firewall, delete the resource group. The firewall and all the related resources are deleted.

+If your environment meets the prerequisites and you're familiar with using ARM templates, select the **Deploy to Azure** button. The template opens in the Azure portal.

+ "type": "Microsoft.Network/azureFirewalls",

+ "apiVersion": "2022-11-01",

+ "name": "[parameters('azureFirewalls_testFW_name')]",

+ "location": "eastus",

+ "properties": {

+ "sku": {

+ "name": "AZFW_VNet",

+ "tier": "Standard"

+ },

+ "threatIntelMode": "Alert",

+ "additionalProperties": {

+ "Network.RouteServerInfo.RouteServerID": "[parameters'virtualHubs_TestRouteServer_externalid')]"

+ },

+ ...

+ }

+Azure Front Door Premium can connect to your origin using Private Link. Your origin can be hosted in a virtual network or hosted as a PaaS service such as Azure Web App or Azure Storage. Private Link removes the need for your origin to be accessed publicly.

+| US Gov Arizona |||

+| US Gov Texas |||

+* Blob Storage

+* Web App

+* Learn how to [connect Azure Front Door Premium to a Web App origin with Private Link](standard-premium/how-to-enable-private-link-web-app.md).

+- Open ports for the Azure Policy Add-On. The Azure Policy Add-On uses these domains and ports to fetch policy

+ definitions and assignments and report compliance of the cluster back to Azure Policy.

+ |Domain |Port |

+ |||

+ |`data.policy.core.windows.net` |`443` |

+ |`store.policy.core.windows.net` |`443` |

+ |`login.windows.net` |`443` |

+ |`dc.services.visualstudio.com` |`443` |

+

+If you see error code `InvalidNetworkConfigurationErrorCode` with the description "Virtual Network configuration isn't compatible with HDInsight Requirement," it usually indicates a problem with the [virtual network configuration](../hdinsight-plan-virtual-network-deployment.md) for your cluster. Based on the rest of the error description, follow the below sections to resolve your problem.

+Error description contains "HostName Resolution failed."

+This error points to a problem with custom DNS configuration. DNS servers within a virtual network can forward DNS queries to Azure's recursive resolvers to resolve hostnames within that virtual network (see [Name Resolution in Virtual Networks](../../virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances.md) for details). Access to Azure's recursive resolvers is provided via the virtual IP 168.63.129.16. This IP is only accessible from the Azure VMs. It is nonfunctional if you are using an OnPrem DNS server, or your DNS server is an Azure VM, which is not part of the cluster's virtual network.

+1. Ssh into the VM that is part of the cluster, and run the command `hostname -f`. This command returns the host's fully qualified domain name (referred to as `<host_fqdn>` in the below instructions).

+1. Then, run the command `nslookup <host_fqdn>` (for example, `nslookup hn*.5h6lujo4xvoe1kprq3azvzmwsd.hx.internal.cloudapp.net`). If this command resolves the name to an IP address, it means your DNS server is working correctly. In this case, raise a support case with HDInsight, and we investigate your issue. In your support case, include the troubleshooting steps you executed. It helps to resolve the issue faster.

+1. If you don't have an Azure VM that can act as a custom DNS server in the cluster's virtual network, then you need to add this first. Create a VM in the virtual network, which is configured as DNS forwarder.

+Error description contains "Failed to connect to Azure Storage Account" or "Failed to connect to Azure SQL."

+## "Failed to establish an outbound connection from the cluster for the communication with the HDInsight resource provider. Ensure that outbound connectivity is allowed."

+Error description contains "Failed to establish an outbound connection from the cluster for the communication with the HDInsight resource provider. Ensure that outbound connectivity is allowed."

+1. Use [ssh command](../hdinsight-hadoop-linux-use-ssh-unix.md) to connect to your cluster. Edit the following command by replacing CLUSTERNAME with the name of your cluster, and then enter the command:

+Deploy a DNS server VM for the virtual network. It involves the following steps:

+* Create a VM in the virtual network, which is configured as DNS forwarder (it can be a Linux or windows VM).

+In this case, create a support case with HDInsight, and we investigate your issue. Include the result of the below commands in your support case. It helps to investigate and resolve the issue quickly.

+From an ssh session on the head node, edit and then run the following command:

+In order to provide you with optimal levels of availability for your analytics components, HDInsight was developed with a unique architecture for ensuring high availability (HA) of critical services. Microsoft developed some components of this architecture to provide automatic failover. Other components are standard Apache components that are deployed to support specific services. This article explains the architecture of the HA service model in HDInsight, how HDInsight supports failover for HA services, and best practices to recover from other service interruptions.

+This infrastructure consists of many services and software components, some of which are designed by Microsoft. The following components are unique to the HDInsight platform:

+The following sections provide more detail about how these services work together.

+To maintain the correct states of HA services and provide a fast failover, HDInsight utilizes Apache ZooKeeper, which is a coordination service for distributed applications, to conduct active headnode election. HDInsight also provisions a few background Java processes, which coordinate the failover procedure for HDInsight HA services. These services are: the master failover controller, the slave failover controller, the *master-ha-service*, and the *slave-ha-service*.

+Apache ZooKeeper is a high-performance coordination service for distributed applications. In production, ZooKeeper usually runs in replicated mode where a replicated group of ZooKeeper server forms a quorum. Each HDInsight cluster has three ZooKeeper nodes that allow three ZooKeeper servers to form a quorum. HDInsight has two ZooKeeper quorums running in parallel with each other. One quorum decides the active headnode in a cluster on which HDInsight HA services should run. Another quorum is used to coordinate HA services provided by Apache, as detailed in later sections.

+The slave failover controller runs on every node in an HDInsight cluster. This controller is responsible for starting the Ambari agent and *slave-ha-service* on each node. It periodically queries the first ZooKeeper quorum about the active headnode. When the active and standby headnodes change, the slave failover controller performs the following steps:

+A health monitor runs on each headnode along with the master failover controller to send heartbeat notifications to the Zookeeper quorum. The headnode is regarded as an HA service in this scenario. The health monitor checks to see if each high availability service is healthy and if it's ready to join in the leadership election. If yes, this headnode compete in the election. If not, it quits the election until it becomes ready again.

+If the standby headnode ever achieves leadership and becomes active (such as in the case of a failure with the previous active node), its master failover controller starts all HDInsight HA services on it. The master failover controller stops these services on the other headnode.

+HDInsight HA services should only run on the active headnode, and it automatically restart when necessary. Since individual HA services don't have their own health monitor, failover can't be triggered at the level of the individual service. Failover is ensured at the node level and not at the service level.

+HDInsight clusters based on Apache Hadoop 2.0 or higher provide NameNode high availability. There are two NameNodes running on the headnodes, which are configured for automatic failover. The NameNodes use the *ZKFailoverController* to communicate with Zookeeper to elect for active/standby status. The *ZKFailoverController* runs on both headnodes, and works in the same way as the master failover controller.

+Due to the retirement of Azure API for FHIR after April 1, 2025 customers will not be able to create new deployments of Azure API of FHIR. Until April 1, 2025 new deployments are allowed.

+- Improved ingress and egress of data with \$import, \$export including new features such as incremental import

+Start with [migration strategies](migration-strategies.md) to learn more about Azure API for FHIR to Azure Health Data Services FHIR service migration. The migration from Azure API for FHIR to Azure Health Data Services FHIR service involves data migration and updating the applications to use Azure Health Data Services FHIR service. Find more documentation on the step-by-step approach to migrating your data and applications in the [migration tool](https://github.com/Azure/apiforfhir-migration-tool/blob/main/lift-and-shift-resources/Liftandshiftresources_README.md).

+- Get answers from community experts in [Microsoft Q&A](/answers/questions/1377356/retirement-announcement-azure-api-for-fhir).

+|Capabilities|Azure API for FHIR|Azure Health Data Services|

+|||--|

+|**Settings**|Supported: <br> ΓÇó Local RBAC <br> ΓÇó SMART on FHIR Proxy|Planned deprecation: <br> ΓÇó Local RBAC (9/6/23) <br> ΓÇó SMART on FHIR Proxy (9/21/26)|

+|**Data storage Volume**|More than 4 TB|Current support is 4 TB (Open an [Azure support request](../../azure-portal/supportability/how-to-create-azure-support-request.md) if you need more than 4 TB)|

+|**Data ingress**|Tools available in OSS|$import operation|

+|**Autoscaling**|Supported on request and incurs charge|Enabled by default at no extra charge|

+|**Search parameters**|Bundle type supported: Batch <br> ΓÇó Include and revinclude, iterate modifier not supported <br> ΓÇó Sorting supported by first name, last name, birthdate and clinical date|Bundle type supported: Batch and transaction <br> ΓÇó Selectable search parameters <br> ΓÇó Include, revinclude, and iterate modifier is supported <br>ΓÇó Sorting supported by string and dateTime fields|

+|**Events**|Not Supported|Supported|

+|**Infrastructure**|Supported: <br> ΓÇó Customer managed keys <br> ΓÇó AZ support and PITR <br> ΓÇó Cross region DR|Supported: <br> ΓÇó Data recovery <br> Upcoming: <br> ΓÇó AZ support for customer managed keys|

+- **Azure Health Data Services FHIR service does not support local RBAC and custom authority**. The token issuer authority needs to be the authentication endpoint for the tenant that the FHIR Service is running in.

+|Migration pattern|Details|How?|

+|--|-|-|

+|**Lift and shift**|The simplest pattern. Ideal if your data pipeline can afford longer downtime.|Choose the option that works best for your organization: <br> ΓÇó Configure a workflow to [\$export](../azure-api-for-fhir/export-data.md) your data on Azure API for FHIR, and then [\$import](configure-import-data.md) into Azure Health Data Services FHIR service. <br> ΓÇó The [GitHub repo](https://github.com/Azure/apiforfhir-migration-tool/blob/main/lift-and-shift-resources/Liftandshiftresources_README.md) provides tips on running these commands, and a script to help automate creating the \$import payload. <br> ΓÇó Or create your own tool to migrate the data using \$export and \$import.|

+|**Incremental copy**|Continuous version of lift and shift, with less downtime. Ideal for large amounts of data that take longer to copy, or if you want to continue running Azure API for FHIR during the migration.|Choose the option that works best for your organization. <br> ΓÇó We created an [OSS migration tool](https://github.com/Azure/apiforfhir-migration-tool/tree/main/incremental-copy-docs) to help with this migration pattern. <br> ΓÇó Or create your own tool to migrate the data incrementally.|

+If you decide to use the OSS migration tool, review and understand the migration toolΓÇÖs [capabilities and limitations](https://github.com/Azure/apiforfhir-migration-tool/blob/main/incremental-copy-docs/Appendix.md).

+- Configure your new Azure Health Data Services FHIR Service server. If you need to use the same configurations as you have in Azure API for FHIR for your new server, see the recommended list of what to check for in the [migration tool documentation](https://github.com/Azure/apiforfhir-migration-tool/blob/main/incremental-copy-docs/Appendix.md). Configure the settings before you migrate.

+Choose the migration pattern that works best for your organization. If you're using OSS migration tools, follow the instructions on [GitHub](https://github.com/Azure/apiforfhir-migration-tool).

+After youΓÇÖre confident that your Azure Health Data Services FHIR Service server is stable, you can begin using Azure Health Data Services FHIR service to satisfy your business scenarios. Turn off any remaining pipelines that are running on Azure API for FHIR, delete data from the intermediate storage account that was used in the migration tool if necessary, delete data from your Azure API for FHIR server, and decommission your Azure API for FHIR account.

+This article describes the types of token you can use in the authorization header, and how to get them. Please note that service principals are the recommended method for access management for IoT Central REST APIs.

+- _Azure Active Directory bearer token_. A bearer token is associated with an Azure Active Directory user account or service principal. The token grants the caller the same permissions the user or service principal has in the IoT Central application.

+- **Create a certificate with a known issuer provider:** This method requires you to do a one-time task of creating an issuer object. Once an issuer object is created in your key vault, its name can be referenced in the policy of the KV certificate. A request to create such a KV certificate will create a key pair in the vault and communicate with the issuer provider service using the information in the referenced issuer object to get an x509 certificate. The x509 certificate is retrieved from the issuer service and is merged with the key pair to complete the KV certificate creation.

+ - [Monitor and manage certificate creation](create-certificate-scenarios.md)

+Create public IPv6 address with [az network public-ip create](/cli/azure/network/public-ip) for your Standard Load Balancer. The following example creates an IPv6 public IP address named *PublicIP_v6* in the *myResourceGroupSLB* resource group:

+1. In the portal's search bar, enter **virtual networks** and

+1. In the **Virtual Networks** window, select **myVNet**.

+1. Select **Connected devices** under **Settings** to view the attached network interfaces. The dual stack virtual network shows the three NICs with both IPv4 and IPv6 configurations.

+ :::image type="content" source="media/ipv6-add-to-existing-vnet-powershell/ipv6-dual-stack-addresses.png" alt-text="Screenshot of connected devices settings displaying IPv4 and IPv6 addresses on network interfaces.":::

+When no longer needed, you can use the [az group delete](/cli/azure/group#az-group-delete) command to remove the resource group, VM, and all related resources.

+ az group delete --name MyAzureResourceGroupSLB

+If you choose to install and use PowerShell locally, this article requires the Azure PowerShell module version 6.9.0 or later. Run `Get-Module -ListAvailable Az` to find the installed version. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-azure-powershell). If you're running PowerShell locally, you also need to run `Connect-AzAccount` to create a connection with Azure.

+1. In the portal's search bar, enter **virtual networks** and

+1. In the **Virtual Networks** window, select **myVNet**.

+1. Select **Connected devices** under **Settings** to view the attached network interfaces. The dual stack virtual network shows the three NICs with both IPv4 and IPv6 configurations.

+ :::image type="content" source="media/ipv6-add-to-existing-vnet-powershell/ipv6-dual-stack-addresses.png" alt-text="Screenshot of connected devices settings displaying IPv4 and IPv6 addresses on network interfaces.":::

+

+In this article, we discuss guidance for upgrading your Basic Load Balancer instances to Standard Load Balancer. Standard Load Balancer is recommended for all production instances and provides many [key differences](#basic-load-balancer-sku-vs-standard-load-balancer-sku) to your infrastructure.

+| **Global Virtual Network Peering Support** | Standard ILB is supported via Global Virtual Network Peering | Not supported |

+When you define an Azure Load Balancer, a frontend and a backend pool configuration are connected with a load balancing rule. The health probe referenced by the load balancing rule is used to determine the health of a VM on a certain port and protocol. Based on the health probe results, new flows are sent to VMs in the backend pool. The frontend is defined using a three-tuple comprised of an IP address (public or internal), a transport protocol (UDP or TCP), and a port number from the load balancing rule. The backend pool is a collection of Virtual Machine IP configurations (part of the NIC resource) which reference the Load Balancer backend pool.

+Azure Load Balancer allows you to mix both rule types on the same load balancer configuration. The load balancer can use them simultaneously for a given VM, or any combination, if you abide by the constraints of the rule. The rule type you choose depends on the requirements of your application and the complexity of supporting that configuration. You should evaluate which rule types are best for your scenario. We explore these scenarios further by starting with the default behavior.

+With the default rule type, Azure exposes a traditional load balancing IP address mapping scheme for ease of use. Enabling Floating IP changes the IP address mapping scheme to allow for more flexibility.

+```azurecli-interactive

+ az group create \

+ --name CreateIntLBQS-rg \

+ --location westus3

+```azurecli-interactive

+```azurecli-interactive

+```azurecli-interactive

+```azurecli-interactive

+```azurecli-interactive

+```azurecli-interactive

+```azurecli-interactive

+```azurecli-interactive

+```azurecli-interactive

+```azurecli-interactive

+```azurecli-interactive

+```azurecli-interactive

+```azurecli-interactive

+```azurecli-interactive

+```azurecli-interactive

+```azurecli-interactive

+```azurecli-interactive

+```azurecli-interactive

+```azurecli-interactive

+ az group create --name exampleRG --location EastUS

+ New-AzResourceGroup -Name exampleRG -Location EastUS

+ > The Bicep file deployment creates three availability zones. Availability zones are supported only in [certain regions](../availability-zones/az-overview.md). Use one of the supported regions. If you aren't sure, enter **EastUS**.

+ You're prompted to enter the following values:

+Get started with Azure Load Balancer by using the Azure CLI to create a public load balancer and two virtual machines. Along with these resources, you deploy Azure Bastion, NAT Gateway, a virtual network, and the required subnets.

+Create a virtual network using [az network vnet create](/cli/azure/network/vnet#az-network-vnet-create). The virtual network and subnet contain the resources deployed later in this article.

+To create a zonal public IP address in Zone 1 instead, use the following command:

+In this section, you create the resources for Azure Bastion. Azure Bastion is used to securely manage the virtual machines in the backend pool of the load balancer.

+To create a zonal redundant public IP address in Zone 1 instead, use the following command:

+ Title: "Tutorial: Create a multiple virtual machine inbound NAT rule - Azure portal"

+# Tutorial: Create a multiple virtual machine inbound NAT rule using the Azure portal

+A virtual network and subnet is required for the resources in the tutorial. In this section, you create a virtual network and virtual machines for the later steps.

+9. At the **Generate new key pair** prompt, select **Download private key and create resource**. Your key file is downloaded as myKey.pem. Ensure you know where the .pem file was downloaded, you need the path to the key file in later steps.

+You create a load balancer in this section. The frontend IP, backend pool, load-balancing, and inbound NAT rules are configured as part of the creation.

+In this section, you create a multiple instance inbound NAT rule to the backend pool of the load balancer.

+In this section, you create a NAT gateway for outbound internet access for resources in the virtual network.

+You open your web browser in this section and enter the IP address for the load balancer you retrieved in the previous step.

+__Outbound__ communication from a deployment can be secured at the workspace level by enabling managed virtual network isolation for your Azure Machine Learning workspace. Enabling this setting causes Azure Machine Learning to create a managed virtual network for the workspace. Any deployments in the workspace's managed virtual network can use the virtual network's private endpoints for outbound communication.

+The [legacy network isolation method for securing outbound communication](concept-secure-online-endpoint.md#secure-outbound-access-with-legacy-network-isolation-method) worked by disabling a deployment's `egress_public_network_access` flag. We strongly recommend that you secure outbound communication for deployments by using a [workspace managed virtual network](concept-secure-online-endpoint.md) instead. Unlike the legacy approach, the `egress_public_network_access` flag for the deployment no longer applies when you use a workspace managed virtual network with your deployment. Instead, outbound communication will be controlled by the rules set for the workspace's managed virtual network.

+- [How to secure managed online endpoints with network isolation](how-to-secure-online-endpoint.md)

+Learn how to create a [compute instance](concept-compute-instance.md) in your Azure Machine Learning workspace.

+* No extra prerequisites.

+Creating a compute instance is a one time process for your workspace. You can reuse the compute as a development workstation or as a compute target for training. You can have multiple compute instances attached to your workspace.

+The fastest way to create a compute instance is to follow the [Create resources you need to get started](quickstart-create-resources.md).

+ * If you're using an Azure Machine Learning __managed virtual network__, the compute instance is created inside the managed virtual network. You can also select __No public IP__ to prevent the creation of a public IP address. For more information, see [managed compute with a managed network](./how-to-managed-network-compute.md).

+ * If you're using an Azure Machine Learning __managed virtual network__, the compute instance is created inside the managed virtual network. You can also select __No public IP__ to prevent the creation of a public IP address. For more information, see [managed compute with a managed network](./how-to-managed-network-compute.md).

+* No VS Code connections; you must close your VS Code connection for your compute instance to be considered inactive. Sessions are autoterminated if VS Code detects no activity for 3 hours.

+A compute instance won't be considered idle if any custom application is running. There are also some basic bounds around inactivity time periods; compute instance must be inactive for a minimum of 15 mins and a maximum of three days.

+ 1. Select **Advanced** after completing required settings.

+ 1. Specify the shutdown period when enabled.

+ 1. Select **Next** to advance to **Scheduling** after completing required settings.

+1. Select **Next** to advance to **Scheduling** after completing required settings.

+ "schedules": {

+ "value": {

+ "computeStartStop": [

+ {

+ "triggerType": "Cron",

+ "cron": {

+ "timeZone": "UTC",

+ "expression": "0 18 * * *"

+ "action": "Stop",

+ "status": "Enabled"

+ },

+ {

+ "triggerType": "Cron",

+ "cron": {

+ "timeZone": "UTC",

+ "expression": "0 8 * * *"

+ },

+ "action": "Start",

+ "status": "Enabled"

+ },

+ {

+ "triggerType": "Recurrence",

+ "recurrence": {

+ "frequency": "Day",

+ "interval": 1,

+ "timeZone": "UTC",

+ "schedule": {

+ "hours": [17],

+ "minutes": [0]

+ }

+ "action": "Stop",

+ "status": "Enabled"

+ }

+ ]

+ }

+* For trigger type of `cron`, use standard cron syntax:

+}

+You can assign a system- or user-assigned [managed identity](../active-directory/managed-identities-azure-resources/overview.md) to a compute instance, to authenticate against other Azure resources such as storage. Using managed identities for authentication helps improve workspace security and management. For example, you can allow users to access training data only when logged in to a compute instance. Or use a common user-assigned managed identity to permit access to a specific storage account.

+ user_assigned_identities:

+> The name of the created system managed identity will be in the format /workspace-name/computes/compute-instance-name in your Azure Active Directory.

+To use Azure CLI with the managed identity for authentication, specify the identity client ID as the username when logging in:

+SSH access is disabled by default. SSH access can't be enabled or disabled after creation. Make sure to enable access if you plan to debug interactively with [VS Code Remote](how-to-set-up-vs-code-remote.md).

+ 1. Select **Add application**

+1. Select **Posit Workbench (bring your own license)** in the **Application** dropdown and enter your Posit Workbench license key in the **License key** field. You can get your Posit Workbench license or trial license [from posit](https://posit.co).

+1. Select **Custom Application** in the **Application** dropdown list.

+1. Set up the application to run on **Target port** `8787` - the docker image for RStudio open source listed below needs to run on this Target port.

+1. Point the **Docker image** to `ghcr.io/azure/rocker-rstudio-ml-verse:latest`.

+1. Select **Custom Application** on the **Application** dropdown.

+1. Use **Bind mounts** to add access to the files in your default storage account:

+ * Specify **/home/azureuser/cloudfiles** for **Host path**.

+* When you use network isolation that is based on a workspace's managed virtual network with a deployment, you can use resources (Azure Container Registry (ACR), Storage account, Key Vault, and Application Insights) from a different resource group or subscription than that of your workspace. However, these resources must belong to the same tenant as your workspace. For limitations that apply to securing managed online endpoints using a workspace's managed virtual network, see [Network isolation with managed online endpoints](concept-secure-online-endpoint.md#limitations).

+In this article, you'll use network isolation to secure a managed online endpoint. You'll create a managed online endpoint that uses an Azure Machine Learning workspace's private endpoint for secure inbound communication. You'll also configure the workspace with a **managed virtual network** that **allows only approved outbound** communication for deployments. Finally, you'll create a deployment that uses the private endpoints of the workspace's managed virtual network for outbound communication.

+ When the workspace is configured with a private endpoint, the Azure Container Registry for the workspace must be configured for __Premium__ tier to allow access via the private endpoint. For more information, see [Azure Container Registry service tiers](../container-registry/container-registry-skus.md). Also, the workspace should be set with the `image_build_compute` property, as deployment creation involves building of images. For more information on setting the `image_build_compute` property for your workspace, see [Create a workspace that uses a private endpoint](how-to-configure-private-link.md#create-a-workspace-that-uses-a-private-endpoint).

+Because the workspace is configured to have a managed virtual network, any deployments of the endpoint will use the private endpoints of the managed virtual network for outbound communication.

+>- To learn more about resource access while using Azure Machine Learning serverless Spark compute, and attached Synapse Spark pool, see [Ensuring resource access for Spark jobs](apache-spark-environment-configuration.md#ensuring-resource-access-for-spark-jobs).

+>- Azure Machine Learning provides a [shared quota](how-to-manage-quotas.md#azure-machine-learning-shared-quota) pool from which all users can access compute quota to perform testing for a limited time. When you use the serverless Spark compute, Azure Machine Learning allows you to access this shared quota for a short time.

+## Permissions/roles for runtime management

+To create and use a runtime for Prompt flow authoring, you need to have the `AzureML Data Scientist` role in the workspace. To learn more, see [Prerequisites](#prerequisites).

+## Permissions/roles for deployments

+After deploying a Prompt flow, the endpoint must be assigned the `AzureML Data Scientist` role to the workspace for successful inferencing. This can be done at any point after the endpoint has been created.

+> Prompt flow is **not supported** in the project workspace which was created with a workspace hub. The workspace hub is a private preview feature.

+If you do not have a compute instance, create a new one: [Create and manage an Azure Machine Learning compute instance](../how-to-create-compute-instance.md).

+## Using runtime in Prompt flow authoring

+Every time you open the runtime details page, we'll check whether there are new versions of the runtime. If there are new versions available, you'll see a notification at the top of the page. You can also manually check the latest version by clicking the **check version** button.

+Go to the runtime details page and select the "Update" button at the top. Here you can update the environment to use in your runtime. If you select **use default environment**, system will attempt to update your runtime to the latest version.

+> If you used a custom environment, you need to rebuild it using the latest Prompt flow image first, and then update your runtime with the new custom environment.

+- [Develop a chat flow](how-to-develop-a-chat-flow.md)

+This article will use the [sample flow "basic-chat"](https://github.com/microsoft/promptflow/tree/main/examples/flows/chat/basic-chat) as an example to deploy to Azure Machine Learning managed online endpoint.

+- [Secure your RAG workflows with network isolation](../how-to-secure-rag-workflows.md)

+| `egress_public_network_access` | string |**Note:** This key is applicable when you use the [legacy network isolation method](concept-secure-online-endpoint.md#secure-outbound-access-with-legacy-network-isolation-method) to secure outbound communication for a deployment. We strongly recommend that you secure outbound communication for deployments using [a workspace managed VNet](concept-secure-online-endpoint.md) instead. <br><br>This flag secures the deployment by restricting communication between the deployment and the Azure resources used by it. Set to `disabled` to ensure that the download of the model, code, and images needed by your deployment are secured with a private endpoint. This flag is applicable only for managed online endpoints. | `enabled`, `disabled` | `enabled` |

+**In-place automigration** from Azure Database for MySQL ΓÇô Single Server to Flexible Server is a service-initiated in-place migration during planned maintenance window for Single Server database workloads with **Basic or General Purpose SKU**, data storage used **<= 20 GiB** and **no complex features (CMK, AAD, Read Replica, Private Link) enabled**. The eligible servers are identified by the service and are sent an advance notification detailing steps to review migration details.

+* If you own a Single Server workload with Basic or GP SKU, data storage used <= 20 GiB and no complex features (CMK, AAD, Read Replica, Private Link) enabled, you can now nominate yourself (if not already scheduled by the service) for auto-migration by submitting your server details through this [form](https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR4lhLelkCklCuumNujnaQ-ZUQzRKSVBBV0VXTFRMSDFKSUtLUDlaNTA5Wi4u). (Sept 2023)

+> In-place auto-migration from Azure Database for MySQL ΓÇô Single Server to Flexible Server is a service-initiated in-place migration during planned maintenance window for Single Server database workloads with Basic or General Purpose SKU, data storage used <= 20 GiB and no complex features (CMK, AAD, Read Replica, Private Link) enabled. The eligible servers are identified by the service and are sent an advance notification detailing steps to review migration details. All other Single Server workloads are recommended to use user-initiated migration tooling offered by Azure - Azure DMS, Azure MySQL Import to migrate. Learn more about in-place auto-migration [here](../migrate/migrate-single-flexible-in-place-auto-migration.md).

+In this tutorial, You use Azure Network Watcher [next hop](network-watcher-next-hop-overview.md) tool to troubleshoot and diagnose a VM routing problem that's preventing it from correctly communicating with other resources. Next hop shows you that the routing problem is caused by a [custom route](../virtual-network/virtual-networks-udr-overview.md?toc=/azure/network-watcher/toc.json#custom-routes).

+> * Create a virtual network

+ | Virtual network name | Enter ***myVNet***. |

+1. Select the **IP Addresses** tab, or select **Next** button at the bottom of the page twice.

+ | IPv4 address space | **10.0.0.0/16** |

+ | Subnet name | **mySubnet** |

+ | Subnet IP address range | **10.0.0.0 - 10.0.0.255** (size: **/24**) |

+1. Select the **Review + create** tab or select the **Review + create** button at the bottom of the page.

+1. Select **+ Create** and then select **Azure virtual machine**.

+1. In **Create a virtual machine**, enter or select the following values in the **Basics** tab:

+1. Select the **Networking** tab, or select **Next: Disks**, then **Next: Networking**.

+1. In the Networking tab, enter or select the following values:

+ | Public IP | Select **(new) myVM-ip**. |

+ | Public inbound ports | Select **Allow selected ports**. |

+ | Select inbound ports | Select **RDP (3389)**. |

+ [!INCLUDE [RDP Caution](../../includes/network-watcher-rdp.md)]

+1. Select **Review + create**.

+1. Review the settings, and then select **Create**.

+1. Once the deployment is complete, select **Go to resource** to go to the **Overview** page of **myVM**.

+1. Select **Connect**, then select **select** under **Native RDP**.

+1. Select **Download RDP file** and open the downloaded file.

+1. Select **Connect** and then enter the username and password that you created in the previous steps. Accept the certificate if prompted.

+1. Once logged in, open a web browser and go to `www.bing.com` to verify it's reachable.

+Follow the previous steps (1-6) and use ***myNVA*** for the virtual machine name to create the second virtual machine.

+ Title: IP flow verify overview

+description: Learn about Azure Network Watcher IP flow verify to check if traffic is allowed or denied to and from your Azure virtual machines (VMs).

+#CustomerIntent: As an Azure administrator, I want learn about IP flow verify so I can use it to check the security rules applied on the VMs to confirm if traffic is allowed or denied.

+# IP flow verify overview

+IP flow verify is a feature in Azure Network Watcher that you can use to check if a packet is allowed or denied to or from an Azure virtual machine based on the configured security and admin rules. It helps you to troubleshoot virtual machine connectivity issues by checking network security group (NSG) rules and Azure Virtual Network Manager admin rules. It's a quick and simple tool to diagnose connectivity issues to or from other Azure resources, the internet and on-premises environment.

+IP flow verify looks at the rules of all network security groups applied to a virtual machine's network interface, whether the network security group is associated to the virtual machine's subnet or network interface. It additionally, looks at the Azure Virtual Network Manager rules applied to the virtual network of the virtual machine.

+IP flow verify uses traffic direction, protocol, local IP, remote IP, local port, and remote port to test security and admin rules that apply to the virtual machine's network interface.

+IP flow verify returns **Access denied** or **Access allowed**, the name of the security rule that denies or allows the traffic, and the network security group with a link to it so you can edit it if you need to. It doesn't provide a link if a default security rule is denying or allowing the traffic. For more information, see [Default security rules](../virtual-network/network-security-groups-overview.md?toc=/azure/network-watcher/toc.json#default-security-rules).

+## Considerations

+- You must have a Network Watcher instance in the Azure subscription and region of the virtual machine. For more information, see [Enable or disable Azure Network Watcher](network-watcher-create.md).

+- You must have the necessary permissions to access the feature. For more information, see [RBAC permissions required to use Network Watcher capabilities](required-rbac-permissions.md).

+- IP flow verify only tests TCP and UDP rules, to test ICMP traffic rules, use [NSG diagnostics](network-watcher-network-configuration-diagnostics-overview.md).

+- IP flow verify only tests security and admin rules applied to a virtual machine's network interface, to test rules applied to virtual machine scale sets, use [NSG diagnostics](network-watcher-network-configuration-diagnostics-overview.md).

+## Next step

+To learn how to use IP flow verify, continue to:

+> [!div class="nextstepaction"]

+> [Diagnose a virtual machine network traffic filter problem](diagnose-vm-network-traffic-filtering-problem.md)

+# CustomerIntent: As someone with basic Azure network experience, I want to understand how Azure Network Watcher can help me resolve some of the network-related problems I've encountered and provide insight into how I use Azure networking.

+**Connection monitor** provides end-to-end connection monitoring for Azure and hybrid endpoints. It helps you understand network performance between various endpoints in your network infrastructure. For more information, see [Connection monitor overview](connection-monitor-overview.md) and [Monitor network communication between two virtual machines](monitor-vm-communication.md).

+**IP flow verify** allows you to detect traffic filtering issues at a virtual machine level. It checks if a packet is allowed or denied to or from an IP address (IPv4 or IPv6 address). It also tells you which security rule allowed or denied the traffic. For more information, see [IP flow verify overview](ip-flow-verify-overview.md) and [Diagnose a virtual machine network traffic filter problem](diagnose-vm-network-traffic-filtering-problem.md).

+# Accelerated connections and NVAs (Limited GA)

+This article helps you understand the **Accelerated Connections** feature. When Accelerated Connections is enabled on the virtual network interface (vNIC) with Accelerated Networking, networking performance is improved. This high-performance feature is available on Network Virtual Appliances (NVAs) deployed from Azure Marketplace and offers competitive performance in Connections Per Second (CPS) optimization, along with improvements to handling large amounts of simultaneous connections. To access this feature during limited GA, use the [sign-up form](https://go.microsoft.com/fwlink/?linkid=2223706).

+> This feature is currently in limited general availability (GA), and customer sign-up is needed to use it.

+> During limited GA, this feature is only supported for NVAs available on the [Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps?search=network%20virtual%20appliance&page=1&filters=virtual-machine-images%3Bpartners).

+* This feature is available only for NVAs deployed from Azure Marketplace during limited GA.

+* To enable this feature, you must sign up using the [sign-up form](https://go.microsoft.com/fwlink/?linkid=2223706).

+* During limited GA, this feature is only available on Resource Groups created after sign-up.

+* Marketplace portal isn't supported for the limited GA.

+* This feature is free during the limited GA, and chargeable after GA.

+* You've signed up for the limited GA using the [sign-up form](https://go.microsoft.com/fwlink/?linkid=2223706).

+* East US 2

+* Central US

+This feature is supported on all SKUs supported by Accelerated Networking except the Dv5 VM family, which isn't yet supported during limited GA.

+## Supported enablement methods

+This feature enablement and deployment is supported using following methods:

+* PowerShell

+* ARM templates via Azure portal

+* Azure CLI

+* Terraform

+* SDK Package Deployment

+Sign up for the [Limited GA](https://go.microsoft.com/fwlink/?linkid=2223706).

+This dataset includes approximately 144 TB of data, and is updated monthly during the first week of every month.

+ "privateIPAllocationMethod": "Dynamic",

+ "privateIPAllocationMethod": "Static",

+ "privateIPAllocationMethod": "Dynamic",

+ "privateIPAllocationMethod": "Static",

+## Extensions and Major Version Upgrade

+Azure Database for PostgreSQL Flexible Server Postgres has introduced [in-place major version upgrade](./concepts-major-version-upgrade.md#overview) feature that performs an in-place upgrade of the Postgres server with just a click. In-place major version upgrade simplifies Postgres upgrade process minimizing the disruption to users and applications accessing the server. In-place major version upgrade doesn't support certain extensions and there are some limitations to upgrading certain extensions. The extensions **Timescaledb**, **pgaudit**, **dblink**, **orafce** and **postgres_fdw** are unsupported for all PostgreSQL versions when using [in-place majpr version update feature](./concepts-major-version-upgrade.md#overview).

+| US Gov Texas | :heavy_check_mark: (v3/v4 only) | :x: | :heavy_check_mark: | :x: |

+| West US | :heavy_check_mark: | :x: | :heavy_check_mark: | :heavy_check_mark: |

+| ![Quadrant Resource][12] |**Quadrant Resource**<br>Quadrant Resource is cloud and data company with its expertise in App& Data Migrations, DevSecOps, SAP Migrations and Microsoft Fabric implementations. In space of Data Migrations, we have our in- house web-based tool Q-Migrator for migrating on-prem or cloud databases such as Oracle/SQL Server/PostgreSQL to Open-source databases like PostgreSQL / MySQL / MariaDB in Azure. Q-Migrator is a highly secured tool that can be deployed in client environment and can handle all the aspects of Database migration from code conversion, data migration, deployment, functional and performance testing. Automated code conversion for heterogeneous database migrations and migration testing is the main differentiator that no other tool in the marketplace offers. The entire migration process is streamlined to expedite migration from months to weeks.|[Website][quadrant_website]<br>[Marketplace Implementation][quadrant_marketplace_implementation]<br>[Marketplace Assessment][quadrant_marketplace_assessment]<br>[Marketplace POC][quadrant_marketplace_poc]<br>[LinkedIn][quadrant_linkedin]<br>[Contact][quadrant_contact] | |

+[12]:./media/partner-migration-postgresql/quadrant-resource-logo.jpg

+[quadrant_website]:https://qmigrator.ai/

+[quadrant_marketplace_implementation]:https://azuremarketplace.microsoft.com/en-us/marketplace/apps/quadrantresourcellc.quadrant_database_migration_to_oss_implementation?tab=Overview

+[quadrant_marketplace_assessment]:https://azuremarketplace.microsoft.com/en-us/marketplace/apps/quadrantresourcellc.qmigrator_db_migration_tool?tab=Overview

+[quadrant_marketplace_poc]:https://azuremarketplace.microsoft.com/en-us/marketplace/apps/quadrantresourcellc.database_migration_to_oss_proof_of_concept?tab=Overview

+[quadrant_linkedin]:https://www.linkedin.com/company/quadrant-resource-llc_2/

+[quadrant_contact]:mailto:migrations@quadrantresource.com

+openssl s_client -starttls postgres -showcerts -connect <your-postgresql-server-name>:5432

+| Azure Arc (Microsoft.HybridCompute) | hybridcompute | privatelink.his.arc.azure.com <br/> privatelink.guestconfiguration.azure.com </br> privatelink.dp.kubernetesconfiguration.azure.com | his.arc.azure.com <br/> guestconfiguration.azure.com </br> dp.kubernetesconfiguration.azure.com |

+| Azure Synapse Analytics Workspace | Yes | Yes | | You must update the tenant ID associated with the Synapse Analytics Workspace. If the workspace is associated with a Git repository, you must update the [workspace's Git configuration](../synapse-analytics/cicd/source-control.md#switch-to-a-different-git-repository). For more information, see [Recovering Synapse Analytics workspace after transferring a subscription to a different Azure AD directory (tenant)](../synapse-analytics/how-to-recover-workspace-after-tenant-move.md). |

+[

+ "worldΓÇÖs glaciers",

+ "huge rivers of ice",

+ "Canadian Rockies",

+ "iconic landscapes",

+ "Mount Everest region",

+ "Continued warming"

+]

+{

+ "apiVersion": "[variables('sfApiVersion')]",

+ "type": "Microsoft.ServiceFabric/managedclusters/nodetypes",

+ "name": "[concat(parameters('clusterName'), '/', parameters('nodeTypeName'))]",

+ "location": "[resourcegroup().location]",

+ "properties": {

+ ...

+ "vmInstanceCount": "[parameters('nodeTypeVmInstanceCount')]",

+ ...

+ }

+{

+ "apiVersion": "[variables('sfApiVersion')]",

+ "type": "Microsoft.ServiceFabric/managedclusters/nodetypes",

+ "name": "[concat(parameters('clusterName'), '/', parameters('nodeTypeName'))]",

+ "location": "[resourcegroup().location]",

+ "properties": {

+ ...

+ "vmImagePublisher": "[parameters('vmImagePublisher')]",

+ "vmImageOffer": "[parameters('vmImageOffer')]",

+ "vmImageSku": "[parameters('vmImageSku')]",

+ "vmImageVersion": "[parameters('vmImageVersion')]",

+ ...

+ }

+{

+ "apiVersion": "[variables('sfApiVersion')]",

+ "type": "Microsoft.ServiceFabric/managedclusters/nodetypes",

+ "name": "[concat(parameters('clusterName'), '/', parameters('nodeTypeName'))]",

+ "location": "[resourcegroup().location]",

+ "properties": {

+ "placementProperties": {

+ "PremiumSSD": "true",

+ "NodeColor": "green",

+ "SomeProperty": "5"

+ }

+ }

+{

+ "apiVersion": "[variables('sfApiVersion')]",

+ "type": "Microsoft.ServiceFabric/managedclusters/nodetypes",

+ "name": "[concat(parameters('clusterName'), '/', parameters('nodeTypeName'))]",

+ "location": "[resourcegroup().location]",

+ "properties": {

+ ...

+ "vmSize": "[parameters('vmImageVersion')]",

+ ...

+ }

+{

+ "apiVersion": "[variables('sfApiVersion')]",

+ "type": "Microsoft.ServiceFabric/managedclusters/nodetypes",

+ "name": "[concat(parameters('clusterName'), '/', parameters('nodeTypeName'))]",

+ "location": "[resourcegroup().location]",

+ "properties": {

+ "additionalDataDisks": {

+ "lun": "1",

+ "diskSizeGB": "50",

+ "diskType": "Standard_LRS",

+ "diskLetter": "S"

+ }

+ }

+}

+{

+ {

+ "apiVersion": "[variables('sfApiVersion')]",

+ "type": "Microsoft.ServiceFabric/managedclusters/nodetypes",

+ "name": "[concat(parameters('clusterName'), '/', parameters('nodeTypeName'))]",

+ "location": "[resourcegroup().location]",

+ "properties": {

+ "dataDiskLetter": "S"

+ }

+ }

+}

+{

+ "name": "Diagnostics",

+ "parameters": [

+ {

+ "name": "MaxDiskQuotaInMB",

+ "value": "65536"

+ }

+ ]

+}

+{

+ "name": "Diagnostics",

+ "parameters": [

+ {

+ "name": "MaxDiskQuotaInMB",

+ "value": "65536"

+ }

+ ]

+}

+ ```json

+ "scheduledTransferKeywordFilter": "4611686018427387904"

+ ```json

+ "scheduledTransferKeywordFilter": "4611686018427387912"

+ ```json

+ "scheduledTransferKeywordFilter": "4611686018427387928"

+ ```json

+ "scheduledTransferKeywordFilter": "4611686018427387944"

+{

+ "provider": "My-Eventsource",

+ "scheduledTransferPeriod": "PT5M",

+ "DefaultEvents": {

+ "eventDestination": "MyDestinationTableName"

+ }

+}

+{

+ "nodeName": "vm0",

+ "ipAddress": "172.31.27.1",

+ "nodeTypeRef": "NodeType0",

+ "faultDomain": "fd:/dc1/r0",

+ "upgradeDomain": "UD0"

+}

+Oracle Linux | 6.4, 6.5, 6.6, 6.7, 6.8, 6.9, 6.10, 7.0, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, [7.7](https://support.microsoft.com/help/4531426/update-rollup-42-for-azure-site-recovery), [7.8](https://support.microsoft.com/help/4573888/), [7.9](https://support.microsoft.com/help/4597409), [8.0](https://support.microsoft.com/help/4573888/), [8.1](https://support.microsoft.com/help/4573888/), [8.2](https://support.microsoft.com/topic/update-rollup-55-for-azure-site-recovery-kb5003408-b19c8190-5f88-43ea-85b1-d9e0cc5ca7e8), [8.3](https://support.microsoft.com/topic/update-rollup-55-for-azure-site-recovery-kb5003408-b19c8190-5f88-43ea-85b1-d9e0cc5ca7e8) (running the Red Hat compatible kernel or Unbreakable Enterprise Kernel Release 3, 4, 5, and 6 (UEK3, UEK4, UEK5, UEK6), [8.4](https://support.microsoft.com/topic/update-rollup-59-for-azure-site-recovery-kb5008707-66a65377-862b-4a4c-9882-fd74bdc7a81e), 8.5, 8.6, 8.7 <br> **Note:** Support for Oracle Linux 9.1 is removed from support matrix as issues were observed while using Azure Site Recovery with Oracle Linux 9.1. <br/><br/>8.1 (running on all UEK kernels and RedHat kernel <= 3.10.0-1062.* are supported in [9.35](https://support.microsoft.com/help/4573888/) Support for rest of the RedHat kernels is available in [9.36](https://support.microsoft.com/help/4578241/)).

+**Workloads** | You can replicate any workload running on a machine that's supported for replication. Learn more about the app-specific [workload summary](site-recovery-workload.md#workload-summary).

+Oracle Linux | 6.4, 6.5, 6.6, 6.7, 6.8, 6.9, 6.10, 7.0, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, [7.7](https://support.microsoft.com/help/4531426/update-rollup-42-for-azure-site-recovery), [7.8](https://support.microsoft.com/help/4573888/), [7.9](https://support.microsoft.com/help/4597409/), [8.0](https://support.microsoft.com/help/4573888/), [8.1](https://support.microsoft.com/help/4573888/), [8.2](https://support.microsoft.com/topic/b19c8190-5f88-43ea-85b1-d9e0cc5ca7e8), [8.3](https://support.microsoft.com/topic/b19c8190-5f88-43ea-85b1-d9e0cc5ca7e8), [8.4](https://support.microsoft.com/topic/update-rollup-59-for-azure-site-recovery-kb5008707-66a65377-862b-4a4c-9882-fd74bdc7a81e), 8.5, 8.6, 8.7 <br/><br/> **Note:** Support for Oracle Linux `9.0` and `9.1` is removed from support matrix, as issues were observed using Azure Site Recovery with Oracle Linux 9.0 and 9.1. <br><br> Running the Red Hat compatible kernel or Unbreakable Enterprise Kernel Release 3, 4 & 5 (UEK3, UEK4, UEK5)<br/><br/>8.1<br/>Running on all UEK kernels and RedHat kernel <= 3.10.0-1062.* are supported in [9.35](https://support.microsoft.com/help/4573888/) Support for rest of the RedHat kernels is available in [9.36](https://support.microsoft.com/help/4578241/).

+This article shows you how to use [Application Accelerator for VMware Tanzu](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.5/tap/application-accelerator-about-application-accelerator.html) (App Accelerator) with the Azure Spring Apps Enterprise plan to bootstrap developing your applications in a discoverable and repeatable way.

+App Accelerator helps you bootstrap developing your applications and deploying them in a discoverable and repeatable way. You can use App Accelerator to create new projects based on published accelerator projects. For more information, see [Application Accelerator for VMware Tanzu](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.5/tap/application-accelerator-about-application-accelerator.html) in the VMware documentation.

+Use the following steps to create and maintain your own accelerators:

+You can use the *accelerator.yaml* file to declare input options that users fill in using a form in the UI. These option values control processing by the template engine before it returns the zipped output files. If you don't include an *accelerator.yaml* file, the repository still works as an accelerator, but the files are passed unmodified to users. For more information, see [Creating an accelerator.yaml file](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.5/tap/application-accelerator-creating-accelerators-accelerator-yaml.html).

+Use the following command to create your own accelerator in Azure CLI:

+| **Git sub path** | `git-sub-path` | The folder path inside the Git repository to consider as the root of the accelerator or fragment. | Optional |

+| **Type** | `type` | The type of customized accelerator. The type can be `Accelerator` or `Fragment`. The default value is `Accelerator`. | Optional |

+### Reference a fragment in your own accelerators

+Writing and maintaining accelerators can become repetitive and verbose as new accelerators are added. Some people create new projects by copying existing ones and making modifications, but this process can be tedious and error prone. To make the creation and maintenance of accelerators easier, Application Accelerator supports a feature named Composition that allows the reuse of parts of an accelerator, called *fragments*.

+Use following steps to reference a fragment in your accelerator:

+1. Publish the new accelerator of type `Fragment` using the Azure portal or the Azure CLI.

+ #### [Azure portal](#tab/Portal)

+ To create a fragment accelerator, open the **Accelerators** section, select **Add Accelerator** under the **Customized Accelerators** section, and then select **Fragment**.

+ :::image type="content" source="media/how-to-use-accelerator/add-fragment.png" alt-text="Screenshot of the Azure portal that shows the Customized Accelerators of type `Fragment`." lightbox="media/how-to-use-accelerator/add-fragment.png":::

+ #### [Azure CLI](#tab/Azure-CLI)

+ Use the following command to create a customized accelerator of type `Fragment`:

+ ```azurecli

+ az spring application-accelerator customized-accelerator create \

+ --resource-group <resource-group-name> \

+ --service <service-instance-name> \

+ --name <fragment-accelerator-name> \

+ --display-name <display-name> \

+ --type Fragment \

+ [--git-sub-path <sub project path>] \

+ --git-url <git-repo-URL>

+ ```

+1. Change the *accelerator.yaml* file in your accelerator project. Use the `imports` instruction in the `accelerator` section and the `InvokeFragment` instruction in the `engine` section to reference the fragment in the accelerator, as shown in the following example:

+ ```yaml

+ accelerator:

+ ...

+ # options for the UI

+ options:

+ ...

+ imports:

+ - name: <fragment-accelerator-name>

+ ...

+

+ engine:

+ chain:

+ ...

+ - merge:

+ - include: [ "**" ]

+ - type: InvokeFragment

+ reference: <fragment-accelerator-name>

+ ```

+1. Synchronize the change with the Dev Tools Portal.

+ To reflect the changes on the Dev Tools Portal more quickly, you can provide a value for the **Git interval** field of your customized accelerator. The **Git interval** value indicates how frequently the system checks for updates in the Git repository.

+1. Synchronize the change with your customized accelerator on the Azure portal by using the Azure portal or the Azure CLI.

+ #### [Azure portal](#tab/Portal)

+ The following list shows the two ways you can sync changes:

+ - Create or update your customized accelerator.

+ - Open the **Accelerators** section, and then select **Sync certificate**.

+ #### [Azure CLI](#tab/Azure-CLI)

+ Use the following command to sync changes for an accelerator:

+ ```azurecli

+ az spring application-accelerator customized-accelerator sync-cert \

+ --name <customized-accelerator-name> \

+ --service <service-instance-name> \

+ --resource-group <resource-group-name>

+ ```

+For more information, see [Use fragments in Application Accelerator](https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.5/tap/application-accelerator-creating-accelerators-composition.html) in the VMware documentation.

+When you set up a private Git repository and enable HTTPS with a self-signed certificate, you should configure the CA certificate name to the accelerator for client certificate verification from the accelerator to the Git repository.

+The accelerators won't automatically use the latest certificate. You should sync one or all certificates by using the Azure portal or the Azure CLI.

+If a Dev tools public endpoint has already been exposed, you can enable App Accelerator, and then press <kbd>Ctrl</kbd>+<kbd>F5</kbd> to deactivate the browser cache to view it on the Dev Tools Portal.

+> [!IMPORTANT]

+> You can set file/directory level ACLs for identities which are not synced to Azure AD. However, these ACLs will not be enforced because the Kerberos ticket used for authentication/authorization will not contain these not-synced identities. In order to enforce set ACLs, identities need to be synced to Azure AD.

+| August 2022 | **Azure OpenAI Service support** | SynapseML now allows users to tap into 175-Billion parameter language models (GPT-3) from OpenAI that can generate and complete text and code near human parity. For more information, see [Azure OpenAI for Big Data](https://microsoft.github.io/SynapseML/docs/Explore%20Algorithms/OpenAI/).|

+1. In the search box, enter *Microsoft Entra ID* and select the matching service entry.

+ "virtualMachineProfile": {

+ "storageProfile": {

+ "imageReference": {

+ "id": "[resourceId('Microsoft.Compute/images', omImage')]"

+ }

+ },

+ "osProfile": {

+ ...

+ }

+ }

+}

+ "resources": [

+ ...

+ ]

+{

+ "type": "Microsoft.Network/virtualNetworks",

+ "name": "myVnet",

+ "apiVersion": "2018-11-01",

+}

+ "location": "[resourceGroup().location]",

+ {

+ "properties": {

+ "addressSpace": {

+ "addressPrefixes": [

+ "10.0.0.0/16"

+ ]

+ },

+ "subnets": [

+ {

+ "name": "mySubnet",

+ "properties": {

+ "addressPrefix": "10.0.0.0/16"

+ }

+ }

+ ]

+ }

+ },

+ {

+ "type": "Microsoft.Compute/virtualMachineScaleSets",

+ "name": "myScaleSet",

+ "apiVersion": "2019-03-01",

+ "location": "[resourceGroup().location]",

+ "dependsOn": [

+ "Microsoft.Network/virtualNetworks/myVnet"

+ ],

+ ...

+ }

+ "sku": {

+ "name": "Standard_A1",

+ "capacity": 2

+ },

+ "properties": {

+ "upgradePolicy": {

+ "mode": "Manual"

+ },

+ }

+ "virtualMachineProfile": {

+ "storageProfile": {

+ "imageReference": {

+ "publisher": "Canonical",

+ "offer": "UbuntuServer",

+ "sku": "16.04-LTS",

+ "version": "latest"

+ }

+ },

+ }

+ "osProfile": {

+ "computerNamePrefix": "vm",

+ "adminUsername": "[parameters('adminUsername')]",

+ "adminPassword": "[parameters('adminPassword')]"

+ },

+ "networkProfile": {

+ "networkInterfaceConfigurations": [

+ {

+ "name": "myNic",

+ "properties": {

+ "primary": "true",

+ "ipConfigurations": [

+ {

+ "name": "myIpConfig",

+ "properties": {

+ "subnet": {

+ "id": "[concat(resourceId('Microsoft.Network/virtualNetworks', 'myVnet'), '/subnets/mySubnet')]"

+ }

+ }

+ }

+ ]

+ }

+ }

+ ]

+ }

+In rare cases if platform catchup host update window happens to coincide with the guest (VM) patching window and if the guest patching window don't get sufficient time to execute after host update then the system would show **Schedule timeout, waiting for an ongoing update to complete the resource** error since only a single update is allowed by the platform at a time.

+> If you move a VM to a different resource group or subscription, the scheduled patching for the VM stops working as this scenario is currently unsupported by the system.

+ :::image type="content" source="./media/tutorial-move-regional-zonal/scaling-pane.png" alt-text="Screenshot of Availability + scaling pane.":::

+

+ :::image type="content" source="./media/tutorial-move-regional-zonal/availability-scaling-home.png" alt-text="Screenshot of Availability + scaling homepage.":::

+

+| Size | vCPU | Memory: GiB | Temp storage (SSD) GiB | Max data disks | Max uncached disk throughput: IOPS/MBps | Burst uncached disk throughput: IOPS/MBps¹ | Max NICs | Expected network egress bandwidth (Mbps) |

+| Size | vCPU | Memory: GiB | Temp storage (SSD) GiB | Max data disk | Max cached and temp storage throughput: IOPS / MBps | Burst cached and temp storage throughput: IOPS/MBps¹ | Max uncached disk throughput: IOPS/MBps | Burst uncached disk throughput: IOPS/MBps¹ | Max NICs | Expected network egress bandwidth (Mbps) |

+{

+ "code": "PowerState/running",

+ "level": "Info",

+ "displayStatus": "VM running"

+}

+In order to deploy the configuration to the target network group, a Deployment Script is used to call the `Deploy-AzNetworkManagerCommit`ΓÇï PowerShell command. The Deployment Script needs an identity with sufficient permissions to execute the PowerShell script against the Virtual Network Manager, so the Bicep template creates a User Managed Identity and grants it the 'Contributor' role on the target resource group. For more information on Deployment Scripts and associated identities, see [Use deployment scripts in ARM templates](../azure-resource-manager/templates/deployment-script-template.md).

+ "networkProfile": {

+ "networkInterfaceConfigurations": [

+ {

+ "name": "[variables('nicName')]",

+ "properties": {

+ "primary": true,

+ },

+ "ipConfigurations": [

+ {

+ "name": "[variables('ipConfigName')]",

+ "properties": {

+ "primary": true,

+ "subnet": {

+ "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', 'MyvirtualNetwork','Mysubnet')]"

+ },

+ "privateIPAddressVersion":"IPv4",

+ "publicipaddressconfiguration": {

+ "name": "pub1",

+ "properties": {

+ "idleTimeoutInMinutes": 15

+ }

+ },

+ "loadBalancerBackendAddressPools": [

+ {

+ "id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', 'loadBalancer', 'bePool'))]"

+ }

+ ],

+ "loadBalancerInboundNatPools": [

+ {

+ "id": "[resourceId('Microsoft.Network/loadBalancers/inboundNatPools', 'loadBalancer', 'natPool')]"

+ }

+ ]

+ },

+ {

+ "name": "[variables('ipConfigNameV6')]",

+ "properties": {

+ "subnet": {

+ "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets','MyvirtualNetwork','Mysubnet')]"

+ },

+ "privateIPAddressVersion":"IPv6",

+ "loadBalancerBackendAddressPools": [

+ {

+ "id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', 'loadBalancer','bePoolv6')]"

+ }

+ ]

+ }

+ }

+ ]

+ }

+ }

+ ]

+ }