-To refresh the toke, submit another POST request to the `/token` endpoint. This time, provide the `refresh_token` instead of the `code`:

-Applications must have the Intune SDK with policy assurance implemented and must meet certain other requirements to support this setting. Developers who are implementing applications with the Intune SDK can find more information on these requirements in the SDK documentation.

-The following client apps support this setting:

-This article defines authentication and authorization. It also briefly covers how you can use the Microsoft identity platform to authenticate and authorize users in your web apps, web APIs, or apps that call protected web APIs. If you see a term you aren't familiar with, try our [glossary](developer-glossary.md) or our [Microsoft identity platform videos](identity-videos.md), which cover basic concepts.

-*Authentication* is the process of proving that you are who you say you are. It's sometimes shortened to *AuthN*. The Microsoft identity platform uses the [OpenID Connect](https://openid.net/connect/) protocol for handling authentication.

-* To learn about the process of registering your application so it can integrate with the Microsoft identity platform, see [Application model](application-model.md).

-| Microsoft Teams (Free) | TEAMS_FREE | 16ddbbfc-09ea-4de2-b1d7-312db6112d70 | EXCHANGE_S_FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>MCOFREE (617d9209-3b90-4879-96e6-838c42b2701d)<br/>TEAMS_FREE (4fa4026d-ce74-4962-a151-8e96d57ea8e4)<br/>SHAREPOINTDESKLESS (902b47e5-dcb2-4fdc-858b-c63a90a2bdb9)<br/>TEAMS_FREE_SERVICE (bd6f2ac2-991a-49f9-b23c-18c96a02c228)<br/>WHITEBOARD_FIRSTLINE1 (36b29273-c6d0-477a-aca6-6fbe24f538e3) | EXCHANGE FOUNDATION (113feb6c-3fe4-4440-bddc-54d774bf0318)<br/>MCO FREE FOR MICROSOFT TEAMS (FREE) (617d9209-3b90-4879-96e6-838c42b2701d)<br/>MICROSOFT TEAMS (FREE) (4fa4026d-ce74-4962-a151-8e96d57ea8e4)<br/>SHAREPOINT KIOSK (902b47e5-dcb2-4fdc-858b-c63a90a2bdb9)<br/>TEAMS FREE SERVICE (bd6f2ac2-991a-49f9-b23c-18c96a02c228)<br/>WHITEBOARD (FIRSTLINE) (36b29273-c6d0-477a-aca6-6fbe24f538e3) |

-| Microsoft Teams Exploratory | TEAMS_EXPLORATORY | 710779e8-3d4a-4c88-adb9-386c958d1fdf | CDS_O365_P1 (bed136c6-b799-4462-824d-fc045d3a9d25)<br/>EXCHANGE_S_STANDARD (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>MYANALYTICS_P2 (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>FORMS_PLAN_E1 (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>PROJECTWORKMANAGEMENT (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT_SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>DESKLESS (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>STREAM_O365_E1 (743dd19e-1ce3-4c62-a3ad-49ba8f63a2f6)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MCO_TEAMS_IW (42a3ec34-28ba-46b6-992f-db53a675ac5b)<br/>INTUNE_O365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>SHAREPOINTWAC (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>OFFICEMOBILE_SUBSCRIPTION (c63d4d19-e8cb-460e-b37c-4d6c34603745)<br/>POWERAPPS_O365_P1 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>FLOW_O365_P1 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>POWER_VIRTUAL_AGENTS_O365_P1 (0683001c-0492-4d59-9515-d9a6426b5813)<br/>SHAREPOINTSTANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>BPOS_S_TODO_1 (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>WHITEBOARD_PLAN1 (b8afc642-032e-4de5-8c0a-507a7bba7e5d)<br/>YAMMER_ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653) | COMMON DATA SERVICE FOR TEAMS_P1 (bed136c6-b799-4462-824d-fc045d3a9d25)<br/>EXCHANGE ONLINE (PLAN 1) (9aaf7827-d63c-4b61-89c3-182f06f82e5c)<br/>INSIGHTS BY MYANALYTICS (33c4f319-9bdd-48d6-9c4d-410b750a4a5a)<br/>MICROSOFT FORMS (PLAN E1) (159f4cd6-e380-449f-a816-af1a9ef76344)<br/>MICROSOFT PLANNER (b737dad2-2f6c-4c65-90e3-ca563267e8b9)<br/>MICROSOFT SEARCH (94065c59-bc8e-4e8b-89e5-5138d471eaff)<br/>MICROSOFT STAFFHUB (8c7d2df8-86f0-4902-b2ed-a0458298f3b3)<br/>MICROSOFT STREAM FOR O365 E1 SKU (743dd19e-1ce3-4c62-a3ad-49ba8f63a2f6)<br/>MICROSOFT TEAMS (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MICROSOFT TEAMS (42a3ec34-28ba-46b6-992f-db53a675ac5b)<br/>MOBILE DEVICE MANAGEMENT FOR OFFICE 365 (882e1d05-acd1-4ccb-8708-6ee03664b117)<br/>OFFICE FOR THE WEB (e95bec33-7c88-4a70-8e19-b10bd9d0c014)<br/>OFFICE MOBILE APPS FOR OFFICE 365 (c63d4d19-e8cb-460e-b37c-4d6c34603745)<br/>POWER APPS FOR OFFICE 365 (92f7a6f3-b89b-4bbd-8c30-809e6da5ad1c)<br/>POWER AUTOMATE FOR OFFICE 365 (0f9b09cb-62d1-4ff4-9129-43f4996f83f4)<br/>POWER VIRTUAL AGENTS FOR OFFICE 365 P1 (0683001c-0492-4d59-9515-d9a6426b5813)<br/>SHAREPOINT STANDARD (c7699d2e-19aa-44de-8edf-1736da088ca1)<br/>SWAY (a23b959c-7ce8-4e57-9140-b90eb88a9e97)<br/>TO-DO (PLAN 1) (5e62787c-c316-451f-b873-1d05acd4d12c)<br/>WHITEBOARD (PLAN 1) (b8afc642-032e-4de5-8c0a-507a7bba7e5d)<br/>YAMMER ENTERPRISE (7547a3fe-08ee-4ccb-b430-5077c5041653 |

-| Microsoft Teams Rooms Standard | MEETING_ROOM | 6070a4c8-34c6-4937-8dfb-39bbc6397a60 | AAD_PREMIUM (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>MCOMEETADV (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>Teams_Room_Standard (92c6b761-01de-457a-9dd9-793a975238f7)<br/>WHITEBOARD_PLAN3 (4a51bca5-1eff-43f5-878c-177680f191af)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5) | Azure Active Directory Premium Plan 1 (41781fb2-bc02-4b7c-bd55-b576c07bb09d)<br/>Microsoft 365 Audio Conferencing (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>Microsoft 365 Phone System (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>Teams Room Standard (92c6b761-01de-457a-9dd9-793a975238f7)<br/>Whiteboard (Plan 3) (4a51bca5-1eff-43f5-878c-177680f191af)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5) |

-| Microsoft Teams Rooms Standard without Audio Conferencing | MEETING_ROOM_NOAUDIOCONF | 61bec411-e46a-4dab-8f46-8b58ec845ffe | MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>WHITEBOARD_PLAN3 (4a51bca5-1eff-43f5-878c-177680f191af)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5) | Microsoft 365 Phone System (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>Whiteboard (Plan 3) (4a51bca5-1eff-43f5-878c-177680f191af)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5) |

-| Teams Rooms Premium | MTR_PREM | 4fb214cb-a430-4a91-9c91-4976763aa78f | MMR_P1 (bdaa59a3-74fd-4137-981a-31d4f84eb8a0)<br/>MCOMEETADV (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>MCOEV (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>INTUNE_A (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>TEAMS1 (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>MCOSTANDARD (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>WHITEBOARD_PLAN3 (4a51bca5-1eff-43f5-878c-177680f191af) | Meeting Room Managed Services (bdaa59a3-74fd-4137-981a-31d4f84eb8a0)<br/>Microsoft 365 Audio Conferencing (3e26ee1f-8a5f-4d52-aee2-b81ce45c8f40)<br/>Microsoft 365 Phone System (4828c8ec-dc2e-4779-b502-87ac9ce28ab7)<br/>Microsoft Intune (c1ec4a95-1f05-45b3-a911-aa3fa01094f5)<br/>Microsoft Teams (57ff2da0-773e-42df-b2af-ffb7a2317929)<br/>Skype for Business Online (Plan 2) (0feaeb32-d00e-4d66-bd5a-43b5b83db82c)<br/>Whiteboard (Plan 3) (4a51bca5-1eff-43f5-878c-177680f191af) |

-* On-premises workloads have been replaced with cloud alternatives such as Windows Virtual Desktop, Azure Files, Cloud Print. SQL is replaced by SQL MI. Azure AD Kerberos is being migrated to Azure AD.

-> You can also use the regex transform feature as a filter, because any groups that don't match the regex pattern will not be emitted in the resulting claim.

-This article shows you how to assign users and groups to an enterprise application in Azure Active Directory (Azure AD) using PowerShell. When you assign a user to an application, the application appears in the user's [My Apps](https://myapps.microsoft.com/) portal for easy access. If the application exposes roles, you can also assign a specific role to the user.

-1. Sign in to the [Azure portal](https://portal.azure.com) with one of the roles listed in the prerequisites.

-# Disable how a user signs in for an application

-In this article, you disable how a user signs in to an application in Azure Active Directory.

-If you know the AppId of an app that doesn't appear on the Enterprise apps list (for example, because you deleted the app or the service principal hasn't yet been created due to the app being pre-authorized by Microsoft), you can manually create the service principal for the app and then disable it by using [AzureAD PowerShell cmdlet](/powershell/module/azuread/New-AzureADServicePrincipal).

- In this article, you'll learn how to grant tenant-wide admin consent to an application in Azure Active Directory (Azure AD).

-When you grant tenant-wide admin consent to an application, all users can sign in to the app. To restrict which users can sign in to an application, configure the app to require user assignment and then assign users or groups to the application.

-Granting tenant-wide admin consent may revoke any permissions which had previously been granted tenant-wide. Permissions which have previously been granted by users on their own behalf will not be affected.

-## May 2022

-### New articles

-### Updated articles

-* Confluence: 5.0 to 7.17.0

-* Jira Core and Software: 6.0 to 7.12

-* Jira Service Desk: 3.0.0 to 3.5.0

-* Confluence: 6.0.1

-* Confluence: 6.1.1

-* Confluence: 6.2.1

-* Confluence: 6.3.4

-* Confluence: 6.4.0

-* Confluence: 6.5.0

-* Confluence: 6.6.2

-* Confluence: 6.7.0

-* Confluence: 6.8.1

-* Confluence: 6.9.0

-* Confluence: 6.10.0

-* Confluence: 6.11.0

-* Confluence: 6.12.0

-Once you configure Azure AD SAML Toolkit you can enforce session control, which protects exfiltration and infiltration of your organizationΓÇÖs sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-aad).

-* **Verifiable credentials**: The end result of an issuance flow is to produce a verifiable credential but you may also ask the user to Present a verifiable credential in order to issue one. The rules definition is able to take specific claims from the presented verifiable credential and include those claims in the newly issued verifiable credential from your organization.

-## Prerequisites

-To use the Microsoft Entra Verified ID quickstart, you need only to complete the verifiable credentials onboarding process.

-## What is the quickstart?

-Entra Verified ID now come with quickstarts in the Azure portal for creating custom credentials. When you use the quickstart, you don't need to edit and upload rules and display files to Azure Storage. Instead, you enter all details in the Azure portal and create the credential on a single page.

->[!NOTE]

->When you work with custom credentials, you provide display definitions and rules definitions in JSON documents. These definitions are stored with the credential details.

-> This feature enables higher control over how to create and manage multiple node pools. As a result, separate commands are required for create/update/delete. Previously cluster operations through `az aks create` or `az aks update` used the managedCluster API and were the only option to change your control plane and a single node pool. This feature exposes a separate operation set for agent pools through the agentPool API and require use of the `az aks nodepool` command set to execute operations on an individual node pool.

-> [!Important]

-### Add an ARM64 node pool (preview)

-The ARM64 processor provides low power compute for your Kubernetes workloads. To create an ARM64 node pool, you will need to choose an [ARM capable instance SKU][arm-sku-vm].

-#### Install the `aks-preview` Azure CLI

-You also need the *aks-preview* Azure CLI extension version 0.5.23 or later. Install the *aks-preview* Azure CLI extension by using the [az extension add][az-extension-add] command. Or install any available updates by using the [az extension update][az-extension-update] command.

-```azurecli-interactive

-# Install the aks-preview extension

-az extension add --name aks-preview

-# Update the extension to make sure you have the latest version installed

-az extension update --name aks-preview

-```

-#### Register the `AKSARM64Preview` preview feature

-To use the feature, you must also enable the `AKSARM64Preview` feature flag on your subscription.

-Register the `AKSARM64Preview` feature flag by using the [az feature register][az-feature-register] command, as shown in the following example:

-```azurecli-interactive

-az feature register --namespace "Microsoft.ContainerService" --name "AKSARM64Preview"

-```

-It takes a few minutes for the status to show *Registered*. Verify the registration status by using the [az feature list][az-feature-list] command:

-```azurecli-interactive

-az feature list -o table --query "[?contains(name, 'Microsoft.ContainerService/AKSARM64Preview')].{Name:name,State:properties.state}"

-```

-When ready, refresh the registration of the *Microsoft.ContainerService* resource provider by using the [az provider register][az-provider-register] command:

-```azurecli-interactive

-az provider register --namespace Microsoft.ContainerService

-```

-Learn more about [system node pools][use-system-pool].

-In this article, you learned how to create and manage multiple node pools in an AKS cluster. For more information about how to control pods across node pools, see [Best practices for advanced scheduler features in AKS][operator-best-practices-advanced-scheduler].

-To create and use Windows Server container node pools, see [Create a Windows Server container in AKS][aks-quickstart-windows-cli].

-Use [proximity placement groups][reduce-latency-ppg] to reduce latency for your AKS applications.

-[arm-vm-sku]: https://azure.microsoft.com/updates/public-preview-arm64based-azure-vms-can-deliver-up-to-50-better-priceperformance/

-For available CPU and Memory SKUs in each region, please check the [Azure Container Instances Resource availability for Azure Container Instances in Azure regions - Linux container groups](../container-instances/container-instances-region-availability.md#linux-container-groups)

-Apps can access on-premises resources by integrating with virtual networks that have site-to-site connections. If you use gateway-required virtual network integration, update your on-premises VPN gateway routes with your point-to-site address blocks. When the site-to-site VPN is first set up, the scripts used to configure it should set up routes properly. If you add the point-to-site addresses after you create your site-to-site VPN, you need to update the routes manually. Details on how to do that vary per gateway and aren't described here. BGP routes won't be propagated automatically.

-* [**Python**](https://github.com/Azure/azure-sdk-for-python/blob/main/sdk/formrecognizer/azure-ai-formrecognizer/samples/v3.2-beta/sample_compose_model.py)

-|**C#**|[**StartBuildModel**](/dotnet/api/azure.ai.formrecognizer.documentanalysis.documentmodeladministrationclient.startbuildmodel?view=azure-dotnet#azure-ai-formrecognizer-documentanalysis-documentmodeladministrationclient-startbuildmodel&preserve-view=true)|

-|**Java**| [**beginBuildModel**](/java/api/com.azure.ai.formrecognizer.administration.documentmodeladministrationclient.beginbuildmodel?view=azure-java-preview&preserve-view=true)|

-| _**Composed model**_| <ul><li>[Form Recognizer Studio](https://formrecognizer.appliedai.azure.com/studio/custommodel/projects)</li><li>[REST API](https://westus.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-2022-08-31/operations/ComposeDocumentModel)</li><li>[C# SDK](/dotnet/api/azure.ai.formrecognizer.documentanalysis.documentmodeladministrationclient.startcreatecomposedmodel?view=azure-dotnet&preserve-view=true)</li><li>[Java SDK](/java/api/com.azure.ai.formrecognizer.administration.documentmodeladministrationclient.begincreatecomposedmodel?view=azure-java-stable&preserve-view=true)</li><li>[JavaScript SDK](/javascript/api/@azure/ai-form-recognizer/documentmodeladministrationclient?view=azure-node-latest#@azure-ai-form-recognizer-documentmodeladministrationclient-begincomposemodel&preserve-view=true)</li><li>[Python SDK](/python/api/azure-ai-formrecognizer/azure.ai.formrecognizer.formtrainingclient?view=azure-python#azure-ai-formrecognizer-formtrainingclient-begin-create-composed-model&preserve-view=true)</li></ul>|

-|Java| [DocumentBuildMode Class](/java/api/com.azure.ai.formrecognizer.administration.models.documentbuildmode?view=azure-java-preview&preserve-view=true#fields) | [BuildModel.java](https://github.com/Azure/azure-sdk-for-java/blob/main/sdk/formrecognizer/azure-ai-formrecognizer/src/samples/java/com/azure/ai/formrecognizer/administration/BuildModel.java)|

-|Python | [DocumentBuildMode Enum](/python/api/azure-ai-formrecognizer/azure.ai.formrecognizer.documentbuildmode?view=azure-python&preserve-view=true#fields)| [sample_build_model.py](https://github.com/Azure/azure-sdk-for-python/blob/azure-ai-formrecognizer_3.2.0b3/sdk/formrecognizer/azure-ai-formrecognizer/samples/v3.2-beta/sample_build_model.py)|

-|[C#/4.0.0-beta.5](quickstarts/get-started-v3-sdk-rest-api.md?pivots=programming-language-csharp#set-up)| [NuGet](https://www.nuget.org/packages/Azure.AI.FormRecognizer/4.0.0-beta.5) | [Azure SDK for .NET](https://azuresdkdocs.blob.core.windows.net/$web/dotnet/Azure.AI.FormRecognizer/4.0.0-beta.5/https://docsupdatetracker.net/index.html)|[2022-06-30-preview, 2022-01-30-preview, 2021-09-30-preview, **v2.1-ga**, v2.0](https://westus.dev.cognitive.microsoft.com/docs/services?pattern=form+recognizer) |[Windows, macOS, Linux, Docker](/dotnet.microsoft.com/download)|

-* The `get_words()` method has been added to the `DocumentLine` model. *See* our [How to get words contained in a Document line](https://github.com/Azure/azure-sdk-for-python/blob/main/sdk/formrecognizer/azure-ai-formrecognizer/samples/v3.2-beta/sample_get_words_on_document_line.py) sample on GitHub.

-An Azure Automation account is different from your Microsoft account or accounts created in your Azure subscription. For an introduction to creating an Automation account, see [Create an Automation account](./quickstarts/create-account-portal.md).

-To complete the steps in this article, you need an account in Azure Automation. See [Create an Azure Automation account](./quickstarts/create-account-portal.md).

-> [Create an Automation account](./quickstarts/create-account-portal.md)

-When you configure to be zone redundant, the platform automatically spreads the instances of the Azure App Service plan across all three zones in the selected region. If you specify a capacity larger than three, and the number of instances is divisible by three, the instances are spread evenly. Otherwise, instance counts beyond 3*N are spread across the remaining one or two zones.

- - All App Service plans created in that App Service Environment will automatically be zone redundant.

-| [Microsoft Defender for Cloud](../../security-center/security-center-introduction.md) | Preview | <ul><li>Azure Security Agent extension</li><li>SQL Advanced Threat Protection extension</li><li>SQL Vulnerability Assessment extension</li></ul> | [Sign-up link](https://aka.ms/AMAgent) |

-| Windows 11 client OS | X² | | |

-¹ Running the OS on server hardware, for example, machines that are always connected, always turned on, and not running other workloads (PC, office, browser)<br>

-² Using the Azure Monitor agent [client installer (Public preview)](./azure-monitor-agent-windows-client.md)

-| CentOS Linux 7 | X | X | X |

-| Debian 11 | X | | |

-| Ubuntu 20.04 LTS | X | X | X |

-| Ubuntu 18.04 LTS | X | X | X |

-If you don't have alert rules defined for the selected resource, you can [enable recommended out-of-the-box alert rules in the Azure portal](alerts-page.md#alert-rule-recommendations-preview).

-Please follow the guidance to deploy the sample application from its [GitHub repository.](https://github.com/solliancenet/appinsights-azurecafe).

-## Pre-requisites

-* Grant the `Storage Blob Data Contributor` role to the Azure AD application named `Diagnostic Services Trusted Storage Access` via the [Access Control (IAM)](/role-based-access-control/role-assignments-portal.md) page in your storage account.

-> Want to learn Bicep live from subject matter experts? [Learn Live with our experts every Tuesday (Pacific time) beginning March 8, 2022.](/events/learntv/learnlive-iac-and-bicep/)

-param settings object

-You can later create a paid account where you're not limited by the quota. Two types of paid accounts are available to you: Azure Resource Manager (ARM) (currently in preview) and classic (generally available). The main difference between the two is account management platform. While classic accounts are built on the API Management, ARM-based accounts management is built on Azure, which enables apply access control to all services with role-based access control (Azure RBAC) natively.

-**Log in VMware NSX-T**

- 1. Name the rule.

- 1. Select **DNAT** as the action.

- 1. Enter the reserved Public IP in the destination match. This IP is from the range of Public IPs reserved from the Azure VMware Solution Portal.

- 1. Enter the VM Private IP in the translated IP.

- 1. Select **SAVE**.

- 1. Optionally, configure the Translated Port or source IP for more specific matches.

-[VMware Cloud Director service Documentation](https://docs.vmware.com/en/VMware-Cloud-Director-service/https://docsupdatetracker.net/index.html)

-| [Choose co-organizers](/office/add-co-organizers-to-a-meeting-in-teams-0de2c31c-8207-47ff-ae2a-fc1792d466e2)| Not applicable to external users | ✔️ |

-|[Manage what attendees see](/office/spotlight-someone-s-video-in-a-teams-meeting-58be74a4-efac-4e89-a212-8d198182081e)|Teams organizer, co-organizer and presenter can spotlight videos for everyone. Azure Communication Services does not receive the spotlight signals. |❌|

-|[Allow mic for attendees](/office/manage-attendee-audio-and-video-permissions-in-teams-meetings-f9db15e1-f46f-46da-95c6-34f9f39e671a)|If external user is attendee, then this option controls whether external user can send local audio |✔️|

-|[Allow camera for attendees](/office/manage-attendee-audio-and-video-permissions-in-teams-meetings-f9db15e1-f46f-46da-95c6-34f9f39e671a)|If external user is attendee, then this option controls whether external user can send local video |✔️|

-|[Provide CART Captions](/office/use-cart-captions-in-a-microsoft-teams-meeting-human-generated-captions-2dd889e8-32a8-4582-98b8-6c96cf14eb47)|Communication access real-time translation (CART) is a service in which a trained CART captioner listens to the speech and instantaneously translates all speech to text. As a meeting organizer, you can set up and offer CART captioning to your audience instead of the Microsoft Teams built-in live captions that are automatically generated.|❌|

-Find more details in [Azure Active Directory documentation](/azure/active-directory/roles/permissions-reference.md).

->Azure Communication Services direct routing supports only TLS 1.2 (or a later version), make sure that the cipher suites you're using on an SBC are supported by Azure Front Door. Microsoft 365 and Azure Front Door have slight differences in cipher suite support. For details, see [What are the current cipher suites supported by Azure Front Door?](/azure/frontdoor/concept-end-to-end-tls#supported-cipher-suites).

-| `external` | When enabled, the environment is assigned a public IP and fully qualified domain name (FQDN) for external ingress and an internal IP and FQDN for internal ingress. When disabled, only an internal IP/FQDN is created. |`true` for external visibility, `false` for internal visibility (default) | Yes |

-7. Enable the RBAC capability on your existing API for MongoDB database account.

-Get your existing capabilities. Capabilities are account features. Some are optional and some can't be changed.

-```powershell

-az cosmosdb show -n <account_name> -g <azure_resource_group>

-```

-You should see a capability section similar to this

-```powershell

-"capabilities": [

- {

- "name": "EnableMongo"

- },

- {

- "name": "DisableRateLimitingResponses"

- }

-```

-Copy the existing capabilities and add the RBAC capability (EnableMongoRoleBasedAccessControl) to the list:

-```powershell

-az cosmosdb update -n <account_name> -g <azure_resource_group> --capabilities EnableMongoRoleBasedAccessControl, EnableMongo, DisableRateLimitingResponses

-```

-If you prefer a new database account instead, create a new database account with the RBAC capability set to true. Your subscription must be allow-listed in order to create an account with the EnableMongoRoleBasedAccessControl capability.

-> Currently this is only supported in mapping data flows.

-Your OT networks plan will be shown under the associated subscription in the **Plans** grid.

-By default, each sensor and on-premises management console is installed with a *cyberx, support* and *cyberx_host* user. These users have access to advanced tools for troubleshooting and setup. Administrator users should sign in with these user credentials, create an admin user, and then create extra users for security analysts and read-only users.

-**To calculate the number of devices you need to monitor**:

-1. Collect the total number of devices in your network.

-1. Remove any devices that are *not* considered as committed devices by Defender for IoT.

- If you are also a Defender for Endpoint customer, you can identify devices managed by Defender for Endpoint in the Defender for Endpoint **Device inventory** page. In the **Endpoints** tab, filter for devices by **Onboarding status**. For more information, see [Defender for Endpoint Device discovery overview](/microsoft-365/security/defender-endpoint/device-discovery).

-This article gives an overview of the Azure Digital Twins APIs available, and the methods for interacting with them. You can either use the REST APIs directly with their associated Swaggers (through a tool like [Postman](how-to-use-postman.md)), or through an SDK.

-* You can use an HTTP REST-testing tool like Postman to make direct calls to the Azure Digital Twins APIs. For more information about this process, see [Make API requests with Postman](how-to-use-postman.md).

-See how to make direct requests to the APIs using Postman:

-* [Make API requests with Postman](how-to-use-postman.md)

-If a user attempts to perform an action not allowed by their role, they may receive an error from the service request reading `403 (Forbidden)`. For more information and troubleshooting steps, see [Troubleshoot failed service request: Error 403 (Forbidden)](troubleshoot-error-403.md).

-To kick off the process, update the twin that's the source of the event flow. You can use the [Azure CLI](/cli/azure/dt/twin#az-dt-twin-update), [Azure Digital Twins SDK](how-to-manage-twin.md#update-a-digital-twin), or [Azure Digital Twins REST APIs](how-to-use-postman.md?tabs=data-plane) to make the update.

-The **StringBeginsWith** operator evaluates to true if the **key** value **begins with** any of the specified **filter** values. In the following example, it checks whether the value of the `key1` attribute in the `data` section begins with `event` or `grid`. For example, `event hubs` begins with `event`.

-> Azure Event Grid creates a system topic resource in the same Azure subscription that has the event source. For example, if you create a system topic for a storage account *ContosoStorage* in an Azure subscription *ContosoSubscription*, Event Grid creates the system topic in the *ContosoSubscription*. It's not possible to create a system topic in an Azure subscription that's different from the event source's Azure subscription.

-To get started using the Event Hubs management libraries, you must authenticate with Azure Active Directory (AAD). AAD requires that you authenticate as a service principal, which provides access to your Azure resources. For information about creating a service principal, see one of these articles:

-These tutorials provide you with an `AppId` (Client ID), `TenantId`, and `ClientSecret` (authentication key), all of which are used for authentication by the management libraries. You must have **Owner** permissions for the resource group on which you want to run.

-## Programming pattern

-1. Obtain a token from AAD using the `Microsoft.IdentityModel.Clients.ActiveDirectory` library.

- ```csharp

- var context = new AuthenticationContext($"https://login.microsoftonline.com/{tenantId}");

- var result = await context.AcquireTokenAsync(

- "https://management.core.windows.net/",

- new ClientCredential(clientId, clientSecret)

- );

- ```

- ```csharp

- var creds = new TokenCredentials(token);

- var ehClient = new EventHubManagementClient(creds)

- {

- SubscriptionId = SettingsCache["SubscriptionId"]

- };

- ```

-1. Set the `CreateOrUpdate` parameters to your specified values.

- ```csharp

- var ehParams = new EventHubCreateOrUpdateParameters()

- {

- Location = SettingsCache["DataCenterLocation"]

- };

- ```

-1. Execute the call.

- ```csharp

- await ehClient.EventHubs.CreateOrUpdateAsync(resourceGroupName, namespaceName, EventHubName, ehParams);

- ```

-[Java]: https://avro.apache.org/docs/current/gettingstartedjava.html

-[Python]: https://avro.apache.org/docs/current/gettingstartedpython.html

- > To learn more about advanced metrics display and sharing options, see [Getting started with Azure Metrics Explorer](/azure-monitor/essentials/metrics-getting-started)

- "Body": {

- "heartRate": "78"

- "templateType": "IotJsonPathContentTemplate",

- "template": {

- "typeName": "heartrate",

- "typeMatchExpression": "$..[?(@Body.heartRate)]"

- "values": [

- "required": "true",

- "valueExpression": "$.Body.heartRate",

- "valueName": "hr"

- ]

- }

-}

- "Body": {

- "systolic": "123",

- "diastolic" : "87"

- },

- "Properties": {

- "iothub-creation-time-utc" : "2021-02-01T22:46:01.8750000Z"

- },

- "SystemProperties": {

- "iothub-connection-device-id" : "device123"

- "templateType": "IotJsonPathContentTemplate",

- "template": {

- "typeName": "bloodpressure",

- "typeMatchExpression": "$..[?(@Body.systolic && @Body.diastolic)]",

- "values": [

- {

- },

- {

- ]

- }

->[How to use FHIR destination mapping](how-to-use-fhir-mappings.md)

-| Python - Digital Twins service | [pip 2.2.3](https://pypi.org/project/azure-iot-hub) | [GitHub](https://github.com/Azure/azure-iot-sdk-python) | [Samples](https://github.com/Azure/azure-iot-sdk-python/tree/main/samples) | [Interact with IoT Hub Digital Twins API](tutorial-service.md) | N/A |

-| Node - Digital Twins service | [npm 1.13.0](https://www.npmjs.com/package/azure-iot-digitaltwins-service) | [GitHub](https://github.com/Azure/azure-iot-sdk-node) | [Samples](https://github.com/Azure/azure-iot-sdk-node/tree/main/service/samples/javascript) | [Interact with IoT Hub Digital Twins API](tutorial-service.md) | N/A |

- cd azure-iot-sdk-python\azure-iot-device\samples\async-hub-scenarios

- D:\azure-iot-sdk-python\azure-iot-device\samples\async-hub-scenarios>python provision_symmetric_key.py

- cp device-cert.pem ./azure-iot-sdk-python/azure-iot-device/samples/async-hub-scenarios

- cp device-key.pem ./azure-iot-sdk-python/azure-iot-device/samples/async-hub-scenarios

- cd ./azure-iot-sdk-python/azure-iot-device/samples/async-hub-scenarios

- $ python azure-iot-sdk-python/azure-iot-device/samples/async-hub-scenarios/provision_x509.py

-| IoT Edge runtime in a container | iotedgec | Windows, Linux, macOS, ARM | Testing on a device that may not support the runtime. |

-### IoT Edge device container

-The IoT Edge device container is a complete IoT Edge device, ready to be launched on any machine with a container engine. The device container includes the IoT Edge runtime and a container engine itself. Each instance of the container is a fully functional self-provisioning IoT Edge device. The device container supports remote debugging of modules, as long as there is a network route to the module. The device container is good for quickly creating large numbers of IoT Edge devices to test at-scale scenarios or Azure Pipelines. It also supports deployment to kubernetes via helm.

-For more information, see [Azure IoT Edge device container](https://github.com/toolboc/azure-iot-edge-device-container).

-1. Set the execution policy on the target device to `AllSigned` if it is not already.

-| vmLogSize | **Small** or **Large** | Specificy the log partition size. Small = 1GB, Large = 6GB.<br><br>**Default value**: Small. |

-| 1.3 | Continuous release (CR) | TBA | |

-| 1.2 | [Continuous release (CR)](https://github.com/Azure/iotedge-eflow/releases/tag/1.2.7.07022) | January 2022 | **Public Preview** |

- "interfaceId": "dtmi:azure:iot:deviceUpdateModel;1",

-| Python | [pip](https://pypi.org/project/azure-iot-hub) | [GitHub](https://github.com/Azure/azure-iot-sdk-python) | [Samples](https://github.com/Azure/azure-iot-sdk-python/tree/main/samples) | [Reference](/python/api/azure-iot-hub) |

-|Python | 60 seconds | [Yes](https://github.com/Azure/azure-iot-sdk-python/blob/main/azure-iot-device/azure/iot/device/iothub/abstract_clients.py#L339) |

-* `TLS_RSA_WITH_3DES_EDE_CBC_SHA`

-This section lists basic quotas and limits for Azure Load Testing Preview.

-## Limits

-|Resource |Limit |

-|Maximum concurrent engine instances that can be utilized per region per subscription | 100 |

-|Maximum concurrent test runs per region per subscription | 25 |

-## Increase quotas

-You can increase the default limits and quotas by requesting the increase through an [Azure support request](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/newsupportrequest).

-description: Make data-driven decisions and policies with the Responsible AI dashboard's integration of the Causal Analysis tool EconML.

-# Make data-driven policies and influence decision making (preview)

-While machine learning models are powerful in identifying patterns in data and making predictions, they offer little support for estimating how the real-world outcome changes in the presence of an intervention. Practitioners have become increasingly focused on using historical data to inform their future decisions and business interventions. For example, how would the revenue be affected if a corporation pursues a new pricing strategy? Would a new medication improve a patientΓÇÖs condition, all else equal?

-The Causal Inference component of the [Responsible AI dashboard](concept-responsible-ai-dashboard.md) addresses these questions by estimating the effect of a feature on an outcome of interest on average, across a population or a cohort, and on an individual level. It also helps to construct promising interventions by simulating different feature responses to various interventions and creating rules to determine which population cohorts would benefit from a particular intervention. Collectively, these functionalities allow decision-makers to apply new policies and affect real-world change.

-The capabilities of this component are founded by the [EconML](https://github.com/Microsoft/EconML) package, which estimates heterogeneous treatment effects from observational data via [double machine learning](https://econml.azurewebsites.net/spec/estimation/dml.html) technique.

-Use Causal Inference when you need to:

-> Only historic data is required to generate causal insights. The causal effects computed based on the treatment features are purely a data property. Hence, a trained model is optional when computing the causal effects.

-Double Machine Learning is a method for estimating (heterogeneous) treatment effects when all potential confounders/controls (factors that simultaneously had a direct effect on the treatment decision in the collected data and the observed outcome) are observed but are either too many (high-dimensional) for classical statistical approaches to be applicable or their effect on the treatment and outcome can't be satisfactorily modeled by parametric functions (non-parametric). Both latter problems can be addressed via machine learning techniques (to see an example, check out [Chernozhukov2016](https://econml.azurewebsites.net/spec/references.html#chernozhukov2016)).

-The method reduces the problem by first estimating two predictive tasks:

-Then the method combines these two predictive models in a final stage estimation to create a model of the heterogeneous treatment effect. The approach allows for arbitrary machine learning algorithms to be used for the two predictive tasks while maintaining many favorable statistical properties related to the final model (for example, small mean squared error, asymptotic normality, and construction of confidence intervals).

-[Project Azua](https://www.microsoft.com/research/project/project_azua/) provides a novel framework focusing on end-to-end causal inference. AzuaΓÇÖs technology DECI (deep end-to-end causal inference) is a single model that can simultaneously do causal discovery and causal inference. We only require the user to provide data, and the model can output the causal relationships among all different variables. By itself, this can provide insights into the data and enables metrics such as individual treatment effect (ITE), average treatment effect (ATE), and conditional average treatment effect (CATE) to be calculated, which can then be used to make optimal decisions. The framework is scalable for large data, both in terms of the number of variables and the number of data points; it can also handle missing data entries with mixed statistical types.

-[EconML](https://www.microsoft.com/research/project/econml/) (powering the backend of the Responsible AI dashboard's causal inference component) is a Python package that applies the power of machine learning techniques to estimate individualized causal responses from observational or experimental data. The suite of estimation methods provided in EconML represents the latest advances in causal machine learning. By incorporating individual machine learning steps into interpretable causal models, these methods improve the reliability of what-if predictions and make causal analysis quicker and easier for a broad set of users.

-[DoWhy](https://py-why.github.io/dowhy/) is a Python library that aims to spark causal thinking and analysis. DoWhy provides a principled four-step interface for causal inference that focuses on explicitly modeling causal assumptions and validating them as much as possible. The key feature of DoWhy is its state-of-the-art refutation API that can automatically test causal assumptions for any estimation method, thus making inference more robust and accessible to non-experts. DoWhy supports estimation of the average causal effect for backdoor, front-door, instrumental variable, and other identification methods, and estimation of the conditional effect (CATE) through an integration with the EconML library.

-description: Generate diverse counterfactual examples with feature perturbations to see minimal changes required to achieve desired prediction with the Responsible AI dashboard's integration of DiceML.

-What-if counterfactuals address the question of ΓÇ£what would the model predict if the action input is changedΓÇ¥, enabling understanding and debugging of a machine learning model in terms of how it reacts to input (feature) changes. Compared with approximating a machine learning model or ranking features by their predictive importance (which standard interpretability techniques do), counterfactual analysis ΓÇ£interrogatesΓÇ¥ a model to determine what changes to a particular datapoint would flip the model decision. Such an analysis helps in disentangling the impact of different correlated features in isolation or for acquiring a more nuanced understanding of how much of a feature change is needed to see a model decision flip for classification models and decision change for regression models.

-The Counterfactual Analysis and what-if component of the [Responsible AI dashboard](concept-responsible-ai-dashboard.md) consists of two functionalities:

-One of the top differentiators of the Responsible AI dashboard's counterfactual analysis component is the fact that you can identify which features to vary and their permissible ranges for valid and logical counterfactual examples.

-The capabilities of this component are founded by the [DiCE](https://github.com/interpretml/DiCE) package.

-Use What-If Counterfactuals when you need to:

-description: Perform exploratory data analysis to understand feature biases and imbalances with the Responsible AI dashboard's Data Explorer.

-Machine learning models "learn" from historical decisions and actions captured in training data. As a result, their performance in real-world scenarios is heavily influenced by the data they're trained on. When feature distribution in a dataset is skewed, it can cause a model to incorrectly predict data points belonging to an underrepresented group or to be optimized along an inappropriate metric. For example, while training a housing price prediction AI, the training set was representing 75% of newer houses that have less than median prices. As a result, it was much less accurate in successfully identifying more expensive historic houses. The fix was to add older and expensive houses to the training data and augment the features to include insights about the historic value of the house. Upon incorporating that data augmentation, results improved.

-The Data Explorer component of the [Responsible AI dashboard](concept-responsible-ai-dashboard.md) helps visualize datasets based on predicted and actual outcomes, error groups, and specific features. This enables you to identify issues of over- and under-representation and to see how data is clustered in the dataset. Data visualizations consist of aggregate plots or individual data points.

-## When to use data explorer?

-Use Data Explorer when you need to:

-description: Assess model error distributions in different cohorts of your dataset with the Responsible AI dashboard's integration of Error Analysis.

-# Assess errors in ML models (preview)

-One of the most apparent challenges with current model debugging practices is using aggregate metrics to score models on a benchmark dataset. Model accuracy may not be uniform across subgroups of data, and there might exist input cohorts for which the model fails more often. The direct consequences of these failures are a lack of reliability and safety, appearance of fairness issues, and a loss of trust in machine learning altogether.

-Error Analysis moves away from aggregate accuracy metrics, exposes the distribution of errors to developers in a transparent way, and enables them to identify & diagnose errors efficiently.

-The Error Analysis component of the [Responsible AI dashboard](concept-responsible-ai-dashboard.md) provides machine learning practitioners with a deeper understanding of model failure distribution and assists them with quickly identifying erroneous cohorts of data. It contributes to the ΓÇ£identifyΓÇ¥ stage of the model lifecycle workflow through a decision tree that reveals cohorts with high error rates and a heatmap that visualizes how input features impact the error rate across cohorts. Discrepancies in error might occur when the system underperforms for specific demographic groups or infrequently observed input cohorts in the training data.

-The capabilities of this component are founded by [Error Analysis](https://erroranalysis.ai/)) package, generating model error profiles.

-Use Error Analysis when you need to:

-## How are error analyses generated?

-Error Analysis identifies the cohorts of data with a higher error rate versus the overall benchmark error rate. The dashboard allows for error exploration by using either a decision tree or a heatmap guided by errors.

-Often, error patterns may be complex and involve more than one or two features. Therefore, it may be difficult for developers to explore all possible combinations of features to discover hidden data pockets with critical failure. To alleviate the burden, the binary tree visualization automatically partitions the benchmark data into interpretable subgroups, which have unexpectedly high or low error rates. In other words, the tree uses the input features to maximally separate model error from success. For each node defining a data subgroup, users can investigate the following information:

-## Error Heatmap

-The view slices the data based on a one- or two-dimensional grid of input features. Users can choose the input features of interest for analysis. The heatmap visualizes cells with higher error with a darker red color to bring the userΓÇÖs attention to regions with high error discrepancy. This is beneficial especially when the error themes are different in different partitions, which happen frequently in practice. In this error identification view, the analysis is highly guided by the users and their knowledge or hypotheses of what features might be most important for understanding failure.

-This article describes methods you can use for understanding your model performance and fairness in Azure Machine Learning.

-Artificial intelligence and machine learning systems can display unfair behavior. One way to define unfair behavior is by its harm, or impact on people. There are many types of harm that AI systems can give rise to. To learn more, [NeurIPS 2017 keynote by Kate Crawford](https://www.youtube.com/watch?v=fMym_BKWQzk).

-To reduce unfair behavior in AI systems, you have to assess and mitigate these harms. The model overview component of the [Responsible AI dashboard](concept-responsible-ai-dashboard.md) contributes to the ΓÇ£identifyΓÇ¥ stage of the model lifecycle by generating various model performance metrics for your entire dataset, your identified cohorts of data, and across subgroups identified in terms of **sensitive features** or sensitive attributes.

-> Fairness is a socio-technical challenge. Many aspects of fairness, such as justice and due process, are not captured in quantitative fairness metrics. Also, many quantitative fairness metrics can't all be satisfied simultaneously. The goal of the Fairlearn open-source package is to enable humans to assess the different impact and mitigation strategies. Ultimately, it is up to the human users building artificial intelligence and machine learning models to make trade-offs that are appropriate to their scenario.

-In this component of the Responsible AI dashboard, fairness is conceptualized through an approach known as **group fairness**, which asks: Which groups of individuals are at risk for experiencing harm? The term **sensitive features** suggests that the system designer should be sensitive to these features when assessing group fairness.

-During the assessment phase, fairness is quantified through disparity metrics. **Disparity metrics** can evaluate and compare model behavior across different groups either as ratios or as differences. The Responsible AI dashboard supports two classes of disparity metrics:

- - disparity in accuracy rate

- - disparity in error rate

- - disparity in precision

- - disparity in recall

- - disparity in MAE

- - many others

-The fairness assessment capabilities of this component are founded by the [Fairlearn](https://fairlearn.org/) package, providing a collection of model fairness assessment metrics and unfairness mitigation algorithms.

-> A fairness assessment is not a purely technical exercise. The Fairlearn open-source package can help you assess the fairness of a model, but it will not perform the assessment for you. The Fairlearn open-source package helps identify quantitative metrics to assess fairness, but developers must also perform a qualitative analysis to evaluate the fairness of their own models. The sensitive features noted above is an example of this kind of qualitative analysis.

-## Mitigate unfairness in machine learning models

-Upon understanding your model's fairness issues, you can use [Fairlearn](https://fairlearn.org/)'s mitigation algorithms to mitigate your observed fairness issues.

-The Fairlearn open-source package includes various unfairness mitigation algorithms. These algorithms support a set of constraints on the predictor's behavior called **parity constraints** or criteria. Parity constraints require some aspects of the predictor behavior to be comparable across the groups that sensitive features define (for example, different races). The mitigation algorithms in the Fairlearn open-source package use such parity constraints to mitigate the observed fairness issues.

-> Mitigating unfairness in a model means reducing the unfairness, but this technical mitigation cannot eliminate this unfairness completely. The unfairness mitigation algorithms in the Fairlearn open-source package can provide suggested mitigation strategies to help reduce unfairness in a machine learning model, but they are not solutions to eliminate unfairness completely. There may be other parity constraints or criteria that should be considered for each particular developer's machine learning model. Developers using Azure Machine Learning must determine for themselves if the mitigation sufficiently eliminates any unfairness in their intended use and deployment of machine learning models.

-The Fairlearn open-source package supports the following types of parity constraints:

-|Demographic parity | Mitigate allocation harms | Binary classification, Regression |

-### Mitigation algorithms

-The Fairlearn open-source package provides postprocessing and reduction unfairness mitigation algorithms:

-| Algorithm | Description | Machine learning task | Sensitive features | Supported parity constraints | Algorithm Type |

-| `ExponentiatedGradient` | Black-box approach to fair classification described in [A Reductions Approach to Fair Classification](https://arxiv.org/abs/1803.02453) | Binary classification | Categorical | Demographic parity, equalized odds| Reduction |

-| `GridSearch` | Black-box approach described in [A Reductions Approach to Fair Classification](https://arxiv.org/abs/1803.02453)| Binary classification | Binary | Demographic parity, equalized odds | Reduction |

-| `GridSearch` | Black-box approach that implements a grid-search variant of Fair Regression with the algorithm for bounded group loss described in [Fair Regression: Quantitative Definitions and Reduction-based Algorithms](https://arxiv.org/abs/1905.12843) | Regression | Binary | Bounded group loss| Reduction |

-| `ThresholdOptimizer` | Postprocessing algorithm based on the paper [Equality of Opportunity in Supervised Learning](https://arxiv.org/abs/1610.02413). This technique takes as input an existing classifier and the sensitive feature, and derives a monotone transformation of the classifier's prediction to enforce the specified parity constraints. | Binary classification | Categorical | Demographic parity, equalized odds| Post-processing |

-> [!NOTE]

-> Custom applications are currently not supported in private link workspaces.

-3. Select **Create** to set up RStudio as a custom application on your compute instance.

-* Learn more about [how and where to deploy a model](how-to-deploy-and-where.md).

- 1. Look at the default __IPv4 address space__ value. In the screenshot, the value is __172.17.0.0/16__. __The value may be different for you__. While you can use a different value, the rest of the steps in this tutorial are based on the __172.16.0.0/16 value__.

- > We do not recommend using an address in the 172.17.0.1/16 range if you plan on using Azure Kubernetes Services for deployment with this cluster. The Docker bridge in Azure Kubernetes Services uses 172.17.0.1/16 as its default. Other ranges may also conflict depending on what you want to connect to the virtual network. For example, if you plan to connect your on premises network to the VNet, and your on-premises network also uses the 172.16.0.0/16 range. Ultimately, it is up to __you__ to plan your network infrastructure.

-The pipeline uses [flake8](https://pypi.org/project/flake8/) to do the Python code linting. It runs the unit tests defined in the source code and publishes the linting and test results so they're available in the Azure Pipeline execution screen.

-The CD Azure Pipeline consists of multiple stages representing the environments. Each stage contains [deployments](/azure/devops/pipelines/process/deployment-jobs) and [jobs](/azure/devops/pipelines/process/phases?tabs=yaml) that perform the following steps:

-* [DevOps for Azure Databricks](https://marketplace.visualstudio.com/items?itemName=riserrad.azdo-databricks)

->[!NOTE]

->The supported version of SAP S4/HANA is 6.0.

-In this quickstart you will learn how to:

-In this quickstart we will deploy the sample project from [Quickstart: Render a model with Unity](render-model.md).

-1. When pressing **Build** (or 'Build And Run'), you will be asked to select some folder where the solution should be stored

-In the next quickstart, we will take a look at converting a custom model.

-You can also use Azure PowerShell to add role assignment conditions. The following commands show how to add conditions. For information, see [Tutorial: Add a role assignment condition to restrict access to blobs using Azure PowerShell (preview)](../storage/common/storage-auth-abac-powershell.md).

-You can also use Azure CLI to add role assignments conditions. The following commands show how to add conditions. For information, see [Tutorial: Add a role assignment condition to restrict access to blobs using Azure CLI (preview)](../storage/common/storage-auth-abac-cli.md).

-For a list of the blob storage actions you can use in conditions, see [Actions and attributes for Azure role assignment conditions in Azure Storage (preview)](../storage/common/storage-auth-abac-attributes.md).

-> | **Attributes support** | [Encryption scope name](../storage/common/storage-auth-abac-attributes.md#encryption-scope-name)<br/>[Snapshot](../storage/common/storage-auth-abac-attributes.md#snapshot)<br/>[Version ID](../storage/common/storage-auth-abac-attributes.md#version-id) |

-For more information about how to create these examples, see [Examples of Azure role assignment conditions](../storage/common/storage-auth-abac-examples.md).

-Here are some of the [blob storage attributes](../storage/common/storage-auth-abac-attributes.md#azure-blob-storage-attributes) you can use in your conditions.

-| Use the following [attributes](../storage/common/storage-auth-abac-attributes.md#azure-blob-storage-attributes) in a condition: Account name, Blob prefix, Encryption scope name, Is Current Version, Is hierarchical namespace enabled, Snapshot, Version ID | Preview | May 2022 |

-To determine the conditions you need, review the examples in [Example Azure role assignment conditions](../storage/common/storage-auth-abac-examples.md).

-Currently, conditions can be added to built-in or custom role assignments that have [storage blob data actions](../storage/common/storage-auth-abac-attributes.md). These include the following built-in roles:

-In the **Add action** section, select an action that applies to the selected attribute. For a list of storage actions that each storage attribute supports, see [Actions and attributes for Azure role assignment conditions in Azure Storage (preview)](../storage/common/storage-auth-abac-attributes.md).

-In the **Build expression** section, select an attribute that applies to the currently selected actions. For a list of storage attributes that each storage action supports, see [Actions and attributes for Azure role assignment conditions in Azure Storage (preview)](../storage/common/storage-auth-abac-attributes.md).

- - [Post a message in a Microsoft Teams channel](https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Post-Message-Teams)

-Queues, topics, and subscriptions can be temporarily suspended. Suspension puts the entity into a disabled state in which all messages are maintained in storage. However, messages cannot be removed or added, and the respective protocol operations yield errors.

-A suspension or reactivation can be performed either by the user or by the system. The system only suspends entities because of grave administrative reasons such as hitting the subscription spending limit. System-disabled entities cannot be reactivated by the user, but are restored when the cause of the suspension has been addressed.

-You can also disable the send and receive operations using the Service Bus [NamespaceManager](/dotnet/api/microsoft.servicebus.namespacemanager) APIs in the .NET SDK, or using an Azure Resource Manager template through Azure CLI or Azure PowerShell.

-description: Learn how to protect your Spring application from regional outages

-# Azure Spring Apps disaster recovery

-> [!NOTE]

-> Azure Spring Apps is the new name for the Azure Spring Cloud service. Although the service has a new name, you'll see the old name in some places for a while as we work to update assets such as screenshots, videos, and diagrams.

-**This article applies to:** ✔️ Java ✔️ C#

-**This article applies to:** ✔️ Basic/Standard tier ✔️ Enterprise tier

-This article explains some strategies you can use to protect your applications in Azure Spring Apps from experiencing downtime. Any region or data center may experience downtime caused by regional disasters, but careful planning can mitigate impact on your customers.

-## Plan your application deployment

-Applications in Azure Spring Apps run in a specific region. Azure operates in multiple geographies around the world. An Azure geography is a defined area of the world that contains at least one Azure Region. An Azure region is an area within a geography, containing one or more data centers. Each Azure region is paired with another region within the same geography, together making a regional pair. Azure serializes platform updates (planned maintenance) across regional pairs, ensuring that only one region in each pair is updated at a time. In the event of an outage affecting multiple regions, at least one region in each pair will be prioritized for recovery.

-Ensuring high availability and protection from disasters requires that you deploy your Spring applications to multiple regions. Azure provides a list of [paired regions](../availability-zones/cross-region-replication-azure.md) so that you can plan your Spring app deployments to regional pairs. We recommend that you consider three key factors when designing your architecture: region availability, Azure paired regions, and service availability.

-* Region availability: Choose a geographic area close to your users to minimize network lag and transmission time.

-* Azure paired regions: Choose paired regions within your chosen geographic area to ensure coordinated platform updates and prioritized recovery efforts if needed.

-* Service availability: Decide whether your paired regions should run hot/hot, hot/warm, or hot/cold.

-## Use Azure Traffic Manager to route traffic

-[Azure Traffic Manager](../traffic-manager/traffic-manager-overview.md) provides DNS-based traffic load-balancing and can distribute network traffic across multiple regions. Use Azure Traffic Manager to direct customers to the closest Azure Spring Apps service instance to them. For best performance and redundancy, direct all application traffic through Azure Traffic Manager before sending it to your Azure Spring Apps service.

-If you have applications in Azure Spring Apps running in multiple regions, use Azure Traffic Manager to control the flow of traffic to your applications in each region. Define an Azure Traffic Manager endpoint for each service using the service IP. Customers should connect to an Azure Traffic Manager DNS name pointing to the Azure Spring Apps service. Azure Traffic Manager load balances traffic across the defined endpoints. If a disaster strikes a data center, Azure Traffic Manager will direct traffic from that region to its pair, ensuring service continuity.

-## Create Azure Traffic Manager for Azure Spring Apps

-1. Create Azure Spring Apps in two different regions.

-You will need two service instances of Azure Spring Apps deployed in two different regions (East US and West Europe). Launch an existing application in Azure Spring Apps using the Azure portal to create two service instances. Each will serve as primary and fail-over endpoint for Traffic.

-**Two service instances info:**

-| Service Name | Location | Application |

-|--|--|--|

-| service-sample-a | East US | gateway / auth-service / account-service |

-| service-sample-b | West Europe | gateway / auth-service / account-service |

-2. Set up Custom Domain for Service

-Follow [Custom Domain Document](./tutorial-custom-domain.md) to set up custom domain for these two existing service instances. After successful set up, both service instances will bind to custom domain: bcdr-test.contoso.com

-3. Create a traffic manager and two endpoints: [Create a Traffic Manager profile using the Azure portal](../traffic-manager/quickstart-create-traffic-manager-profile.md).

-Here is the traffic manager profile:

-* Traffic Manager DNS Name: `http://asa-bcdr.trafficmanager.net`

-* Endpoint Profiles:

-| Profile | Type | Target | Priority | Custom Header Settings |

-|--|--|--|--|--|

-| Endpoint A Profile | External Endpoint | service-sample-a.azuremicroservices.io | 1 | host: bcdr-test.contoso.com |

-| Endpoint B Profile | External Endpoint | service-sample-b.azuremicroservices.io | 2 | host: bcdr-test.contoso.com |

-4. Create a CNAME record in DNS Zone: bcdr-test.contoso.com CNAME asa-bcdr.trafficmanager.net.

-5. Now, the environment is completely set up. Customers should be able to access the app via: bcdr-test.contoso.com

-## Next steps

-* [Quickstart: Deploy your first Spring Boot app in Azure Spring Apps](./quickstart.md)

-East US, East US 2, Central US, South Central US, North Central US, West US, West US 2, West US 3, West Europe, North Europe, UK South, Southeast Asia, Australia East, Canada Central, UAE North, Central India, Korea Central, East Asia, Japan East, South Africa North, Brazil South, France Central, Germany West Central, Switzerland North, China East 2 (Mooncake), and China North 2 (Mooncake). [Learn More](https://azure.microsoft.com/global-infrastructure/services/?products=spring-cloud)

-description: How to create an Azure Spring Apps instance with availability zone enabled.

-# Create Azure Spring Apps instance with availability zone enabled

-> [!NOTE]

-> Azure Spring Apps is the new name for the Azure Spring Cloud service. Although the service has a new name, you'll see the old name in some places for a while as we work to update assets such as screenshots, videos, and diagrams.

-**This article applies to:** ✔️ Standard tier ✔️ Enterprise tier

-> [!NOTE]

-> This feature is not available in Basic tier.

-This article explains availability zones in Azure Spring Apps, and how to enable them.

-In Microsoft Azure, [Availability Zones (AZ)](../availability-zones/az-overview.md) are unique physical locations within an Azure region. Each zone is made up of one or more data centers that are equipped with independent power, cooling, and networking. Availability zones protect your applications and data from data center failures.

-When an Azure Spring Apps service instance is created with availability zone enabled, Azure Spring Apps will automatically distribute fundamental resources across logical sections of underlying Azure infrastructure. This distribution provides a higher level of availability to protect against a hardware failure or a planned maintenance event.

-## How to create an instance in Azure Spring Apps with availability zone enabled

->[!NOTE]

-> You can only enable availability zone when creating your instance. You can't enable or disable availability zone after creation of the service instance.

-You can enable availability zone in Azure Spring Apps using the [Azure CLI](/cli/azure/install-azure-cli) or [Azure portal](https://portal.azure.com).

-### [Azure CLI](#tab/azure-cli)

-To create a service in Azure Spring Apps with availability zone enabled using the Azure CLI, include the `--zone-redundant` parameter when you create your service in Azure Spring Apps.

-```azurecli

-az spring create \

- --resource-group <your-resource-group-name> \

- --name <your-Azure-Spring-Apps-instance-name> \

- --location <location> \

- --zone-redundant true

-```

-### [Azure portal](#tab/portal)

-To create a service in Azure Spring Apps with availability zone enabled using the Azure portal, enable the Zone Redundant option when creating the instance.

-

-## Region availability

-Azure Spring Apps currently supports availability zones in the following regions:

-> [!NOTE]

-> The following regions could only be created with availability zone enabled by using Azure CLI, and Azure Portal will coming soon.

->

-> - Canada Central

-> - Germany West Central

-> - Japan East

-> - Korea Central

-> - South Africa North

-> - Southeast Asia

-> - West US 3

-## Pricing

-There's no extra cost for enabling the availability zone.

-## Next steps

-description: In this quickstart, we deploy an application to Azure Spring Apps.

-zone_pivot_groups: programming-languages-spring-apps

->[!NOTE]

-> Steeltoe support for Azure Spring Apps is currently offered as a public preview. Public preview offerings allow customers to experiment with new features prior to their official release. Public preview features and services aren't meant for production use. For more information about support during previews, see the [FAQ](https://azure.microsoft.com/support/faq/) or file a [Support request](../azure-portal/supportability/how-to-create-azure-support-request.md).

-By following this quickstart, you'll learn how to:

-> [!div class="checklist"]

-> * Generate a basic Steeltoe .NET Core project

-> * Provision an Azure Spring Apps service instance

-> * Build and deploy the app with a public endpoint

-> * Stream logs in real time

-The application code used in this quickstart is a simple app built with a .NET Core Web API project template. When you've completed this example, the application will be accessible online and can be managed via the Azure portal and the Azure CLI.

-## Prerequisites

-* An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).

-* [.NET Core 3.1 SDK](https://dotnet.microsoft.com/download/dotnet-core/3.1). The Azure Spring Apps service supports .NET Core 3.1 and later versions.

-* [Azure CLI version 2.0.67 or later](/cli/azure/install-azure-cli).

-* [Git](https://git-scm.com/).

-## Install Azure CLI extension

-Verify that your Azure CLI version is 2.0.67 or later:

-```azurecli

-az --version

-```

-Install the Azure Spring Apps extension for the Azure CLI using the following command:

-```azurecli

-az extension add --name spring

-```

-## Sign in to Azure

-1. Sign in to the Azure CLI:

- ```azurecli

- az login

- ```

-1. If you have more than one subscription, choose the one you want to use for this quickstart.

- ```azurecli

- az account list -o table

- ```

- ```azurecli

- az account set --subscription <Name or ID of a subscription from the last step>

- ```

-## Generate a Steeltoe .NET Core project

-In Visual Studio, create an ASP.NET Core Web application named as "hello-world" with API project template. Please notice there will be an auto-generated WeatherForecastController that will be our test endpoint later on.

-1. Create a folder for the project source code and generate the project.

- ```console

- mkdir source-code

- ```

- ```console

- cd source-code

- ```

- ```dotnetcli

- dotnet new webapi -n hello-world --framework netcoreapp3.1

- ```

-1. Navigate into the project directory.

- ```console

- cd hello-world

- ```

-1. Edit the *appSettings.json* file to add the following settings:

- ```json

- "spring": {

- "application": {

- "name": "hello-world"

- }

- },

- "eureka": {

- "client": {

- "shouldFetchRegistry": true,

- "shouldRegisterWithEureka": true

- }

- }

- ```

-1. Also in *appsettings.json*, change the log level for the `Microsoft` category from `Warning` to `Information`. This change ensures that logs will be produced when you view streaming logs in a later step.

- The *appsettings.json* file now looks similar to the following example:

- ```json

- {

- "Logging": {

- "LogLevel": {

- "Default": "Information",

- "Microsoft": "Information",

- "Microsoft.Hosting.Lifetime": "Information"

- }

- },

- "AllowedHosts": "*",

- "spring": {

- "application": {

- "name": "hello-world"

- }

- },

- "eureka": {

- "client": {

- "shouldFetchRegistry": true,

- "shouldRegisterWithEureka": true

- }

- }

- }

- ```

-1. Add dependencies and a `Zip` task to the *.csproj* file:

- ```xml

- <ItemGroup>

- <PackageReference Include="Steeltoe.Discovery.ClientCore" Version="3.1.0" />

- <PackageReference Include="Microsoft.Azure.SpringCloud.Client" Version="2.0.0-preview.1" />

- </ItemGroup>

- <Target Name="Publish-Zip" AfterTargets="Publish">

- <ZipDirectory SourceDirectory="$(PublishDir)" DestinationFile="$(MSBuildProjectDirectory)/deploy.zip" Overwrite="true" />

- </Target>

- The packages are for Steeltoe Service Discovery and the Azure Spring Apps client library. The `Zip` task is for deployment to Azure. When you run the `dotnet publish` command, it generates the binaries in the *publish* folder, and this task zips the *publish* folder into a *.zip* file that you upload to Azure.

-1. In the *Program.cs* file, add a `using` directive and code that uses the Azure Spring Apps client library:

- ```csharp

- using Microsoft.Azure.SpringCloud.Client;

- ```

- ```csharp

- public static IHostBuilder CreateHostBuilder(string[] args) =>

- Host.CreateDefaultBuilder(args)

- .UseAzureSpringCloudService()

- .ConfigureWebHostDefaults(webBuilder =>

- {

- webBuilder.UseStartup<Startup>();

- });

-1. In the *Startup.cs* file, add a `using` directive and code that uses the Steeltoe Service Discovery at the end of the `ConfigureServices` method:

- ```csharp

- using Steeltoe.Discovery.Client;

- ```csharp

- public void ConfigureServices(IServiceCollection services)

- {

- // Template code not shown.

- services.AddDiscoveryClient(Configuration);

- }

-1. Build the project to make sure there are no compile errors.

- ```dotnetcli

- dotnet build

-## Provision a service instance

-The following procedure creates an instance of Azure Spring Apps using the Azure portal.

-1. Open the [Azure portal](https://portal.azure.com/).

-1. From the top search box, search for **Azure Spring Apps**.

-1. Select **Azure Spring Apps** from the results.

- :::image type="content" source="media/quickstart/spring-apps-start.png" alt-text="Screenshot of Azure portal showing Azure Spring Apps service in search results." lightbox="media/quickstart/spring-apps-start.png":::

-1. On the Azure Spring Apps page, select **Create**.

- :::image type="content" source="media/quickstart/spring-apps-create.png" alt-text="Screenshot of Azure portal showing Azure Spring Apps resource with Create button highlighted." lightbox="media/quickstart/spring-apps-create.png":::

-1. Fill out the form on the Azure Spring Apps **Create** page. Consider the following guidelines:

- * **Subscription**: Select the subscription you want to be billed for this resource.

- * **Resource group**: Create a new resource group. The name you enter here will be used in later steps as **\<resource group name\>**.

- * **Service Details/Name**: Specify the **\<service instance name\>**. The name must be between 4 and 32 characters long and can contain only lowercase letters, numbers, and hyphens. The first character of the service name must be a letter and the last character must be either a letter or a number.

- * **Region**: Select the region for your service instance.

- :::image type="content" source="media/quickstart/portal-start.png" alt-text="Screenshot of Azure portal showing Azure Spring Apps Create page." lightbox="media/quickstart/portal-start.png":::

-1. Select **Review and create**.

-1. Select **Create**.

-## Build and deploy the app

-The following procedure builds and deploys the project that you created earlier.

-1. Make sure the command prompt is still in the project folder.

-1. Run the following command to build the project, publish the binaries, and store the binaries in a *.zip* file in the project folder.

- ```dotnetcorecli

- dotnet publish -c release -o ./publish

-1. Create an app in your Azure Spring Apps instance with a public endpoint assigned. Use the same application name "hello-world" that you specified in *appsettings.json*.

- ```azurecli

- az spring app create -n hello-world -s <service instance name> -g <resource group name> --assign-endpoint --runtime-version NetCore_31

-1. Deploy the *.zip* file to the app.

- ```azurecli

- az spring app deploy -n hello-world -s <service instance name> -g <resource group name> --runtime-version NetCore_31 --main-entry hello-world.dll --artifact-path ./deploy.zip

- The `--main-entry` option identifies the *.dll* file that contains the application's entry point. After the service uploads the *.zip* file, it extracts all the files and folders and tries to execute the entry point in the *.dll* file specified by `--main-entry`.

- It takes a few minutes to finish deploying the application. To confirm that it has deployed, go to the **Apps** section in the Azure portal.

-## Test the app

-Once deployment has completed, access the app at the following URL:

-```url

-https://<service instance name>-hello-world.azuremicroservices.io/weatherforecast

-```

-The app returns JSON data similar to the following example:

-```json

-[{"date":"2020-09-08T21:01:50.0198835+00:00","temperatureC":14,"temperatureF":57,"summary":"Bracing"},{"date":"2020-09-09T21:01:50.0200697+00:00","temperatureC":-14,"temperatureF":7,"summary":"Bracing"},{"date":"2020-09-10T21:01:50.0200715+00:00","temperatureC":27,"temperatureF":80,"summary":"Freezing"},{"date":"2020-09-11T21:01:50.0200717+00:00","temperatureC":18,"temperatureF":64,"summary":"Chilly"},{"date":"2020-09-12T21:01:50.0200719+00:00","temperatureC":16,"temperatureF":60,"summary":"Chilly"}]

-```

-## Stream logs in real time

-Use the following command to get real-time logs from the App.

-```azurecli

-az spring app logs -n hello-world -s <service instance name> -g <resource group name> --lines 100 -f

-```

-Logs appear in the output:

-```output

-[Azure Spring Apps] The following environment variables are loaded:

-2020-09-08 20:58:42,432 INFO supervisord started with pid 1

-2020-09-08 20:58:43,435 INFO spawned: 'event-gather_00' with pid 9

-2020-09-08 20:58:43,436 INFO spawned: 'dotnet-app_00' with pid 10

-2020-09-08 20:58:43 [Warning] No managed processes are running. Wait for 30 seconds...

-2020-09-08 20:58:44,843 INFO success: event-gather_00 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)

-2020-09-08 20:58:44,843 INFO success: dotnet-app_00 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)

-←[40m←[32minfo←[39m←[22m←[49m: Steeltoe.Discovery.Eureka.DiscoveryClient[0]

- Starting HeartBeat

-info: Microsoft.Hosting.Lifetime[0]

- Now listening on: http://[::]:1025

-info: Microsoft.Hosting.Lifetime[0]

- Application started. Press Ctrl+C to shut down.

-info: Microsoft.Hosting.Lifetime[0]

- Hosting environment: Production

-info: Microsoft.Hosting.Lifetime[0]

- Content root path: /netcorepublish/6e4db42a-b160-4b83-a771-c91adec18c60

-2020-09-08 21:00:13 [Information] [10] Start listening...

-info: Microsoft.AspNetCore.Hosting.Diagnostics[1]

- Request starting HTTP/1.1 GET http://asa-svc-hello-world.azuremicroservices.io/weatherforecast

-info: Microsoft.AspNetCore.Routing.EndpointMiddleware[0]

- Executing endpoint 'hello_world.Controllers.WeatherForecastController.Get (hello-world)'

-info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[3]

- Route matched with {action = "Get", controller = "WeatherForecast"}. Executing controller action with signature System.Collections.Generic.IEnumerable`1[hello_world.WeatherForecast] Get() on controller hello_world.Controllers.WeatherForecastController (hello-world).

-info: Microsoft.AspNetCore.Mvc.Infrastructure.ObjectResultExecutor[1]

- Executing ObjectResult, writing value of type 'hello_world.WeatherForecast[]'.

-info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[2]

- Executed action hello_world.Controllers.WeatherForecastController.Get (hello-world) in 1.8902ms

-info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1]

- Executed endpoint 'hello_world.Controllers.WeatherForecastController.Get (hello-world)'

-info: Microsoft.AspNetCore.Hosting.Diagnostics[2]

- Request finished in 4.2591ms 200 application/json; charset=utf-8

-> [!TIP]

-> Use `az spring app logs -h` to explore more parameters and log stream functionalities.

-For advanced log analytics features, visit **Logs** tab in the menu on the [Azure portal](https://portal.azure.com/). Logs here have a latency of a few minutes.

-This quickstart explains how to deploy a small application to Azure Spring Apps.

-The application code used in this tutorial is a simple app built with Spring Initializr. When you've completed this example, the application will be accessible online and can be managed via the Azure portal.

-This quickstart explains how to:

-> [!div class="checklist"]

-> * Generate a basic Spring project

-> * Provision a service instance

-> * Build and deploy the app with a public endpoint

-> * Stream logs in real time

-To complete this quickstart:

-* [Install JDK 8 or JDK 11](/java/azure/jdk/)

-* [Sign up for an Azure subscription](https://azure.microsoft.com/free/)

-* (Optional) [Install the Azure CLI version 2.0.67 or higher](/cli/azure/install-azure-cli) and the Azure Spring Apps extension with the command: `az extension add --name spring`

-* (Optional) [Install IntelliJ IDEA](https://www.jetbrains.com/idea/)

-* (Optional) [Install the Azure Toolkit for IntelliJ](https://plugins.jetbrains.com/plugin/8053-azure-toolkit-for-intellij/) and [sign-in](/azure/developer/java/toolkit-for-intellij/create-hello-world-web-app#installation-and-sign-in)

-* (Optional) [Install Maven](https://maven.apache.org/guides/getting-started/maven-in-five-minutes.html). If you use the Azure Cloud Shell, this installation isn't needed.

-Start with [Spring Initializr](https://start.spring.io/#!type=maven-project&language=java&platformVersion=2.5.7&packaging=jar&jvmVersion=1.8&groupId=com.example&artifactId=hellospring&name=hellospring&description=Demo%20project%20for%20Spring%20Boot&packageName=com.example.hellospring&dependencies=web,cloud-eureka,actuator,cloud-config-client) to generate a sample project with recommended dependencies for Azure Spring Apps. This link uses the following URL to provide default settings for you.

-https://start.spring.io/#!type=maven-project&language=java&platformVersion=2.5.7&packaging=jar&jvmVersion=1.8&groupId=com.example&artifactId=hellospring&name=hellospring&description=Demo%20project%20for%20Spring%20Boot&packageName=com.example.hellospring&dependencies=web,cloud-eureka,actuator,cloud-config-client

-The following image shows the recommended Initializr set up for this sample project.

-This example uses Java version 8. If you want to use Java version 11, change the option under **Project Metadata**.

-1. Select **Generate** when all the dependencies are set.

-1. Download and unpack the package, then create a web controller for a simple web application by adding the file *src/main/java/com/example/hellospring/HelloController.java* with the following contents:

-The following procedure creates an instance of Azure Spring Apps using the Azure portal.

- - **Resource group**: Creating new resource groups for new resources is a best practice. You will use this resource group in later steps as **\<resource group name\>**.

- - **Service Details/Name**: Specify the **\<service instance name\>**. The name must be between 4 and 32 characters long and can contain only lowercase letters, numbers, and hyphens. The first character of the service name must be a letter and the last character must be either a letter or a number.

- - **Location**: Select the region for your service instance.

-## Build and deploy the app

-#### [CLI](#tab/Azure-CLI)

-The following procedure builds and deploys the application using the Azure CLI. Execute the following command at the root of the project.

-1. Sign in to Azure and choose your subscription.

- ```azurecli

- az login

- ```

- If you have more than one subscription, use the following command to list the subscriptions you have access to, then choose the one you want to use for this quickstart.

- ```azurecli

- az account list -o table

- ```

- Use the following command to set the default subscription to use with the Azure CLI commands in this quickstart.

- ```azurecli

- az account set --subscription <Name or ID of a subscription from the last step>

- ```

-1. Build the project using Maven:

- ```console

- mvn clean package -DskipTests

- ```

-1. Create the app with a public endpoint assigned. If you selected Java version 11 when generating the Spring project, include the `--runtime-version=Java_11` switch.

- ```azurecli

- az spring app create -n hellospring -s <service instance name> -g <resource group name> --assign-endpoint true

- ```

-1. Deploy the Jar file for the app (`target\hellospring-0.0.1-SNAPSHOT.jar` on Windows):

- ```azurecli

- az spring app deploy -n hellospring -s <service instance name> -g <resource group name> --artifact-path <jar file path>/hellospring-0.0.1-SNAPSHOT.jar

- ```

-1. It takes a few minutes to finish deploying the application. To confirm that it has deployed, go to the **Apps** section in the Azure portal. You should see the status of the application.

-#### [IntelliJ](#tab/IntelliJ)

-The following procedure uses the IntelliJ plug-in for Azure Spring Apps to deploy the sample app in IntelliJ IDEA.

-### Import project

-1. Open the IntelliJ **Welcome** dialog, then select **Open** to open the import wizard.

-1. Select the **hellospring** folder.

- :::image type="content" source="media/spring-cloud-quickstart-java/intellij-new-project.png" alt-text="Screenshot of IntelliJ IDEA showing Open File or Project dialog box.":::

-### Deploy the app

-In order to deploy to Azure, you must sign in with your Azure account, then choose your subscription. For sign-in details, see [Installation and sign-in](/azure/developer/java/toolkit-for-intellij/create-hello-world-web-app#installation-and-sign-in).

-1. Right-click your project in IntelliJ project explorer, then select **Azure** -> **Deploy to Azure Spring Apps**.

- :::image type="content" source="media/spring-cloud-quickstart-java/intellij-deploy-azure-1.png" alt-text="Screenshot of IntelliJ IDEA menu showing Deploy to Azure Spring Apps option." lightbox="media/spring-cloud-quickstart-java/intellij-deploy-azure-1.png":::

-1. Accept the name for the app in the **Name** field. **Name** refers to the configuration, not the app name. Users don't usually need to change it.

-1. In the **Subscription** textbox, verify your subscription is correct.

-1. In the **Service** textbox, select the instance of Azure Spring Apps that you created in [Provision an instance of Azure Spring Apps](./quickstart-provision-service-instance.md).

-1. In the **App** textbox, select **+** to create a new app.

- :::image type="content" source="media/spring-cloud-quickstart-java/intellij-create-new-app.png" alt-text="Screenshot of IntelliJ IDEA showing Deploy Azure Spring Apps dialog box.":::

-1. In the **App name:** textbox, enter *hellospring*, then check the **More settings** check box.

-1. Select the **Enable** button next to **Public endpoint**. The button will change to *Disable \<to be enabled\>*.

-1. If you used Java 11, select **Java 11** in **Runtime**.

- :::image type="content" source="media/spring-cloud-quickstart-java/intellij-create-new-app-2.png" alt-text="Screenshot of IntelliJ IDEA Create Azure Spring Apps dialog box with public endpoint Disable button highlighted.":::

-1. Under **Before launch**, select the **Run Maven Goal 'hellospring:package'** line, then select the pencil to edit the command line.

- :::image type="content" source="media/spring-cloud-quickstart-java/intellij-edit-maven-goal.png" alt-text="Screenshot of IntelliJ IDEA Create Azure Spring Apps dialog box with Maven Goal edit button highlighted.":::

-1. In the **Command line** textbox, enter *-DskipTests* after *package*, then select **OK**.

- :::image type="content" source="media/spring-cloud-quickstart-java/intellij-maven-goal-command-line.png" alt-text="Screenshot of IntelliJ IDEA Select Maven Goal dialog box with Command Line value highlighted.":::

-1. Start the deployment by selecting the **Run** button at the bottom of the **Deploy Azure Spring Apps app** dialog. The plug-in will run the command `mvn package -DskipTests` on the `hellospring` app and deploy the jar generated by the `package` command.

-#### [Visual Studio Code](#tab/VS-Code)

-To deploy a simple Spring Boot web app to Azure Spring Apps, follow the steps in [Build and Deploy Java Spring Boot Apps to Azure Spring Apps with Visual Studio Code](https://code.visualstudio.com/docs/java/java-spring-cloud#_download-and-test-the-spring-boot-app).

-Once deployment has completed, you can access the app at `https://<service instance name>-hellospring.azuremicroservices.io/`.

-## Streaming logs in real time

-#### [CLI](#tab/Azure-CLI)

-Use the following command to get real-time logs from the App.

-```azurecli

-az spring app logs -n hellospring -s <service instance name> -g <resource group name> --lines 100 -f

-```

-Logs appear in the results:

->[!TIP]

-> Use `az spring app logs -h` to explore more parameters and log stream functionalities.

-#### [IntelliJ](#tab/IntelliJ)

-1. Select **Azure Explorer**, then **Spring Cloud**.

-1. Right-click the running app.

-1. Select **Streaming Logs** from the drop-down list.

-1. Select instance.

- :::image type="content" source="media/spring-cloud-quickstart-java/intellij-get-streaming-logs.png" alt-text="Screenshot of IntelliJ IDEA showing Select instance dialog box." lightbox="media/spring-cloud-quickstart-java/intellij-get-streaming-logs.png":::

-1. The streaming log will be visible in the output window.

- :::image type="content" source="media/spring-cloud-quickstart-java/intellij-streaming-logs-output.png" alt-text="Screenshot of IntelliJ IDEA showing streaming log output." lightbox="media/spring-cloud-quickstart-java/intellij-streaming-logs-output.png":::

-#### [Visual Studio Code](#tab/VS-Code)

-To get real-time application logs with Visual Studio Code, follow the steps in [Stream your application logs](https://code.visualstudio.com/docs/java/java-spring-cloud#_stream-your-application-logs).

-For advanced logs analytics features, visit the **Logs** tab in the menu on the [Azure portal](https://portal.azure.com/). Logs here have a latency of a few minutes.

-If you plan to continue working with subsequent quickstarts and tutorials, you might want to leave these resources in place. When no longer needed, delete the resource group, which deletes the resources in the resource group. To delete the resource group by using Azure CLI, use the following commands:

-```azurecli

-In this quickstart, you learned how to:

-> [!div class="checklist"]

-> * Generate a basic Spring project

-> * Provision a service instance

-> * Build and deploy the app with a public endpoint

-> * Stream logs in real time

-In some cases you may need to enable fine-grained access to blob resources or to simplify permissions when you have a large number of role assignments for a storage resource. You can use Azure attribute-based access control (Azure ABAC) to configure conditions on role assignments. You can use conditions with a [custom role](../../role-based-access-control/custom-roles.md) or select built-in roles. For more information about configuring conditions for Azure storage resources with ABAC, see [Authorize access to blobs using Azure role assignment conditions (preview)](../common/storage-auth-abac.md). For details about supported conditions for blob data operations, see [Actions and attributes for Azure role assignment conditions in Azure Storage (preview)](../common/storage-auth-abac-attributes.md).

-| [Immutable storage](immutable-storage-overview.md) | &#x2705; | &#x1F7E6; | &nbsp;&#x2B24; | &#x1F7E6; |

-| [Immutable storage](immutable-storage-overview.md) | &#x2705; | &#x1F7E6; | &nbsp;&#x2B24; | &#x1F7E6; |

-The Azurite open-source emulator provides a free local environment for testing your Azure blob, queue storage, and table storage applications. When you're satisfied with how your application is working locally, switch to using an Azure Storage account in the cloud. The emulator provides cross-platform support on Windows, Linux, and macOS.

-The procedure is [here](../automation/quickstarts/create-account-portal.md). Here we can select to use a system-assigned managed identity directly in the `advanced` tab.

-A simple pass-through query can be used to copy the input stream data into the output. For example, if a stream of data containing real-time vehicle information needs to be saved in a SQL database for letter analysis, a simple pass-through query will do the job.

-# Tutorial: Machine learning model scoring wizard (preview) for dedicated SQL pools

-|  |**MicroStrategy**<br>The MicroStrategy platform offers a complete set of business intelligence and analytics capabilities that enable organizations to get value from their business data. MicroStrategy's powerful analytical engine, comprehensive toolsets, variety of data connectors, and open architecture ensures you have everything you need to extend access to analytics across every team.|[Product page](https://www.microstrategy.com/us/product/analytics)<br> [Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/microstrategy.microstrategy_enterprise_platform_vm)<br> |

-|  |**Pyramid Analytics**<br>Pyramid 2020 is the trusted analytics platform that connects your teams, drives confident decisions, and produces winning results. Business users can do high-end, cloud-scale analytics and data science without IT help ΓÇö on any browser or device. Data scientists can take advantage of machine learning algorithms and scripting to understand difficult business problems. Power users can prepare and model their own data to create illuminating analytic content. Non-technical users can benefit from stunning visualizations and guided analytic presentations. It's the next generation of self-service analytics with governance. |[Product page](https://www.pyramidanalytics.com/resources/analyst-reports/)<br> [Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/pyramidanalytics.pyramid2020v4) |

-Azure Synapse Analytics is compatible with Linux Foundation Delta Lake. Delta Lake is an open-source storage layer that brings ACID (atomicity, consistency, isolation, and durability) transactions to Apache Spark and big data workloads.

-The current version of Delta Lake included with Azure Synapse has language support for Scala, PySpark, and .NET. There are links at the bottom of the page to more detailed examples and documentation.

-1. In your Azure DevOps Organization, create a project that will host your SSDT database project via an Azure Repo repository.

-4. Now that you have the changes committed locally in the cloned repository, sync and push your changes to your Azure Repo repository in your Azure DevOps project.

-1. Verify changes have been pushed to your Azure Repo by updating a table column in your database project from Visual Studio SQL Server Data Tools (SSDT).

-3. Verify the change has been pushed in your Azure Repo repository.

-4. (**Optional**) Use Schema Compare and update the changes to your target dedicated SQL pool using SSDT to ensure the object definitions in your Azure Repo repository and local repository reflect your dedicated SQL pool.

-description: In this article, you'll learn how to query files stored in Apache Delta Lake format using serverless SQL pool.

-In this article, you'll learn how to write a query using serverless Synapse SQL pool to read Apache Delta Lake files.

-You can also select an Apache Spark pool in the settings. It should be noted that the Apache spark pool set here will replace the Apache spark pool used in the notebook. If Apache spark pool is not selected in the settings of notebook content for current activity, the Apache spark pool selected in that notebook will be used to run.

-

-| MicrosoftCBLMariner | CBL-Mariner | 1-gen2 |

-| MicrosoftCBLMariner | CBL-Mariner | CBL-Mariner-2-gen2 |

-| OpenLogic | CentOS | 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7_8, 7_9, 7-LVM |

-| OpenLogic | CentOS | 8.0, 8_1, 8_2, 8_3, 8-lvm |

-| MicrosoftWindowsServer | WindowsServer | 2019-Datacenter-gensecond |

-| MicrosoftWindowsServer | WindowsServer | 2019-Datacenter-smalldisk-g2 |

-| MicrosoftWindowsServer | WindowsServer | 2019-Datacenter-with-Containers |

-For more information on configuring your `~/.ssh/config` and SSH public and private keys, see [Create SSH keys](/linux/mac-create-ssh-keys.md).

-The following command copies the local *.azure/config* file to an Azure VM with FQDN *myserver.eastus.cloudapp.azure.com*. If you don't have an [FQDN set](/create-fqdn.md), you can also use the IP address of the VM. The admin user name on the Azure VM is *azureuser*. The file is targeted to the */home/azureuser/* directory. Substitute your own values in this command.

-* [Manage users, SSH, and check or repair disks on Azure Linux VMs using the VMAccess Extension](/extensions/vmaccess.md?toc=/azure/virtual-machines/linux/toc.json)

-[Nested Virtualization](/virtualization/hyper-v-on-windows/user-guide/nested-virtualization): Supported <br>

-[Nested Virtualization](/virtualization/hyper-v-on-windows/user-guide/nested-virtualization): Supported <br>

-Here's a comparison of SSE, ADE, encryption at host, and Confidential disk encryption.

-| **Encryption at rest with platform-managed key (SSE+PMK)** | &#x2705; | &#10060; | &#10060; | &#10060; | &#10060; | &#x2705; | &#x2705; | &#10060; | Unhealthy, not applicable if exempt |

-| **Encryption at rest with customer-managed key (SSE+CMK)** | &#x2705; | &#10060; | &#10060; | &#10060; | &#x2705; | &#x2705; | &#x2705; | &#10060; | Unhealthy, not applicable if exempt |

-||||||||

-||||||||

-||||||||

-||||||||

-[Nested Virtualization](/virtualization/hyper-v-on-windows/user-guide/nested-virtualization): Supported <br>

-[Nested Virtualization](/virtualization/hyper-v-on-windows/user-guide/nested-virtualization): Supported <br>

-You can deploy Azure VM extensions by using Azure Resource Manager templates. The JSON schema detailed in the previous section can be used in an Azure Resource Manager template to run the Custom Script Extension during the template's deployment. You can find a sample template that includes the Custom Script Extension on [GitHub](https://github.com/Microsoft/dotnet-core-sample-templates/tree/master/dotnet-core-music-linux).

-If it's not, please install it from https://cacert.omniroot.com/bc2025.crt

-[Nested Virtualization](/virtualization/hyper-v-on-windows/user-guide/nested-virtualization): No Supported <br>

-[Ephemeral OS Disks](ephemeral-os-disks.md): Not Supported <br>

-| **AzureCloud** | All [datacenter public IP addresses](https://www.microsoft.com/download/details.aspx?id=56519). | Outbound | Yes | Yes |

-| **AzureDevOps** | Azure DevOps. | Inbound | No | Yes |

-* While the virtual hub router exchanges BGP routes with your NVA and propagates them to your virtual network, it directly facilitates propagating routes from on-premises via the virtual hub hosted gateways (VPN Gateway/ExpressRoute Gateway/Managed NVA gateways).

-* This feature is not supported for setting up BGP peering between NVA in spoke VNET and Virtual hub with Azure Firewall.