-This article describes application registration, application objects, and service principals in Azure Active Directory (Azure AD): what they're, how they're used, and how they're related to each other. A multi-tenant example scenario is also presented to illustrate the relationship between an application's application object and corresponding service principal objects.

-To assign a user-assigned identity to a VM, your account needs the [Virtual Machine Contributor](../../role-based-access-control/built-in-roles.md#virtual-machine-contributor) and [Managed Identity Operator](../../role-based-access-control/built-in-roles.md#managed-identity-operator) role assignments. No other Azure AD directory role assignments are required.

- set idp-entity-id <Azure AD Identifier>

- c. In the **Sign-on URL** text box, type one of the following URLs:

-

- | **Sign-on URL** |

- ||

- | `https://dashboard.avgonlinebackup.com/Account/SingleSignOn` |

- | `https://dashboard.infrascale.com/Account/SingleSignOn` |

- | `https://dashboard.managedoffsitebackup.net/Account/SingleSignOn` |

- | `https://dashboard.sosonlinebackup.com/Account/SingleSignOn` |

- |`https://dashboard.trustboxbackup.com/Account/SingleSignOn` |

- | `https://radialpoint-dashboard.managedoffsitebackup.net/Account/SingleSignOn` |

- | `https://dashboard-cw.infrascale.com/Account/SingleSignOn` |

- | `https://dashboard.digicelcloudbackup.com/Account/SingleSignOn` |

- | `https://dashboard-cw.sosonlinebackup.com/Account/SingleSignOn` |

- |`https://dashboard.my-data.dk/Account/SingleSignOn` |

- |`https://dashboard.beesafe.nu/Account/SingleSignOn` |

- |`https://dashboard.bekcloud.com/Account/SingleSignOn` |

- | `https://dashboard.alltimesecure.com/Account/SingleSignOn` |

- | `https://dashboard-ec1.sosonlinebackup.com/Account/SingleSignOn` |

- | `https://dashboard.glcsecurecloud.com/Account/SingleSignOninfrascalecloudbackup.com/infrascalecloudbackup.com/` |

- > The Identifier value is not real. Update this value with the actual Identifier URL. Contact [Infrascale Cloud Backup support team](mailto:support@infrascale.com) to get the value. You can also refer to the patterns shown in the **Basic SAML Configuration** section in the Azure portal.

-But identity data has too often been exposed in security breaches. These breaches affect our social, professional, and financial lives. Microsoft believes that thereΓÇÖs a better way. Every person has a right to an identity that they own and control, one that securely stores elements of their digital identity and preserves privacy. This primer explains how we are joining hands with a diverse community to build an open, trustworthy, interoperable, and standards-based Decentralized Identity (DID) solution for individuals and organizations.

-### [Azure REST API](#tab/azure-rest)

-You can use the Azure REST API [Abort](/rest/api/aks/managed-clusters) operation to stop an operation against the Managed Cluster.

-The following example terminates a process for a specified agent pool.

-```rest

-/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedclusters/{resourceName}/agentPools/{agentPoolName}/abort

-The following example terminates a process for a specified managed cluster.

-```rest

-/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedclusters/{resourceName}/abort

-### [Azure CLI](#tab/azure-cli)

-You can use the [az aks nodepool](/cli/azure/aks/nodepool) command with the `operation-abort` argument to abort an operation on a node pool or a managed cluster.

-The following example terminates an operation on a node pool on a specified cluster by its name and resource group that holds the cluster.

-```azurecli-interactive

-az aks nodepool operation-abort\

-The following example terminates an operation against a specified managed cluster its name and resource group that holds the cluster.

-```azurecli-interactive

-az aks operation-abort --name myAKSCluster --resource-group myResourceGroup

-# Quickstart: Subscribe to Azure Kubernetes Service (AKS) events with Azure Event Grid (Preview)

-### Register the `EventgridPreview` preview feature

-To use the feature, you must also enable the `EventgridPreview` feature flag on your subscription.

-### [Azure CLI](#tab/azure-cli)

-Register the `EventgridPreview` feature flag by using the [az feature register][az-feature-register] command, as shown in the following example:

-```azurecli-interactive

-az feature register --namespace "Microsoft.ContainerService" --name "EventgridPreview"

-```

-It takes a few minutes for the status to show *Registered*. Verify the registration status by using the [az feature list][az-feature-list] command:

-```azurecli-interactive

-az feature list -o table --query "[?contains(name, 'Microsoft.ContainerService/EventgridPreview')].{Name:name,State:properties.state}"

-```

-When ready, refresh the registration of the *Microsoft.ContainerService* resource provider by using the [az provider register][az-provider-register] command:

-```azurecli-interactive

-az provider register --namespace Microsoft.ContainerService

-```

-### [Azure PowerShell](#tab/azure-powershell)

-Register the `EventgridPreview` feature flag by using the [Register-AzProviderPreviewFeature][register-azproviderpreviewfeature] cmdlet, as shown in the following example:

-```azurepowershell-interactive

-Register-AzProviderPreviewFeature -ProviderNamespace Microsoft.ContainerService -Name EventgridPreview

-```

-It takes a few minutes for the status to show *Registered*. Verify the registration status by using the [Get-AzProviderPreviewFeature][get-azproviderpreviewfeature] cmdlet:

-```azurepowershell-interactive

-Get-AzProviderPreviewFeature -ProviderNamespace Microsoft.ContainerService -Name EventgridPreview |

- Format-Table -Property Name, @{name='State'; expression={$_.Properties.State}}

-```

-When ready, refresh the registration of the *Microsoft.ContainerService* resource provider by using the [Register-AzResourceProvider][register-azresourceprovider] command:

-```azurepowershell-interactive

-Register-AzResourceProvider -ProviderNamespace Microsoft.ContainerService

-```

-[az-feature-register]: /cli/azure/feature#az_feature_register

-[register-azproviderpreviewfeature]: /powershell/module/az.resources/register-azproviderpreviewfeature

-[az-feature-list]: /cli/azure/feature#az_feature_list

-[get-azproviderpreviewfeature]: /powershell/module/az.resources/get-azproviderpreviewfeature

-[az-provider-register]: /cli/azure/provider#az_provider_register

-[register-azresourceprovider]: /powershell/module/az.resources/register-azresourceprovider

-> Starting May 2021, the `context.Request.Certificate` property only requests the certificate when the API Management instance's [`hostnameConfiguration`](/rest/api/apimanagement/current-ga/api-management-service/create-or-update#hostnameconfiguration) sets the `negotiateClientCertificate` property to True. By default, `negotiateClientCertificate` is set to False.

-In the App Service diagnostics homepage, you can peform a search for a symptom with your app, or choose a diagnostic category that best describes the issue with your app. Next, there is a new feature called Risk Alerts that provides an actionable report to improve your App. Finally, this page is where you can find **Diagnostic Tools**. See [Diagnostic tools](#diagnostic-tools).

-<!--

-Other WP options on Azure:

-[WordPress](https://www.wordpress.org) is an open source content management system (CMS) that can be used to create websites, blogs, and other applications. Over 40% of the web uses WordPress from blogs to major news websites.

-In this quickstart, you'll learn how to create and deploy your first [WordPress](https://www.wordpress.org) site to [Azure App Service on Linux](overview.md#app-service-on-linux) using the [WordPress on the Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/WordPress.WordPress?tab=Overview). It uses the **Basic** tier and [**incurs a cost**](https://azure.microsoft.com/pricing/details/app-service/linux/) for your Azure subscription. The WordPress installation comes with pre-installed plugins for performance improvements, [W3TC](https://wordpress.org/plugins/w3-total-cache/) for caching and [Smush](https://wordpress.org/plugins/wp-smushit/) for image compression.

-> If you have feedback to improve this WordPress offering on App Service, submit your ideas at [Web Apps Community](https://feedback.azure.com/d365community/forum/b09330d1-c625-ec11-b6e6-000d3a4f0f1c).

-The WordPress configuration is modified to use [Application Settings](reference-app-settings.md#wordpress) to connect to the MySQL database. To change the MySQL database password, see [update admin password](../mysql/single-server/how-to-create-manage-server-portal.md#update-admin-password). Whenever the MySQL database credentials are changed, the [Application Settings](reference-app-settings.md#wordpress) also need to be updated. The [Application Settings for MySQL database](reference-app-settings.md#wordpress) begin with the **`DATABASE_`** prefix. For more information on updating MySQL passwords, see [WordPress on App Service](https://azure.github.io/AppService/2022/02/23/WordPress-on-App-Service-Public-Preview.html#known-limitations).

-The [Application Settings](reference-app-settings.md#wordpress) for WordPress admin credentials are only for deployment purposes. Modifying these values has no effect on the WordPress installation. To change the WordPress admin password, see [resetting your password](https://wordpress.org/support/article/resetting-your-password/#to-change-your-password). The [Application Settings for WordPress admin credentials](reference-app-settings.md#wordpress) begin with the **`WORDPRESS_ADMIN_`** prefix. For more information on updating the WordPress admin password, see [WordPress on App Service](https://azure.github.io/AppService/2022/02/23/WordPress-on-App-Service-Public-Preview.html#known-limitations).

-In this tutorial, you'll deploy a sample **Express.js** app using a **MongoDB** database to Azure. The Express.js app will be hosted in Azure App Service, which supports hosting Node.js apps in both Linux (Node versions 12, 14, and 16) and Windows (versions 12 and 14) server environments. The MongoDB database will be hosted in Azure Cosmos DB, a cloud native database offering a [100% MongoDB compatible API](../cosmos-db/mongodb/mongodb-introduction.md).

-Follow these steps to run the application locally:

-## 1 - Create the Azure App Service

-Azure App Service is used to host the Express.js web app. When setting up the App Service for the application, you'll specify:

-* The **Runtime** for the app. It's where you select the version of Node to use for your app.

-* The **App Service plan** which defines the compute resources (CPU, memory) available for the application.

-Create Azure resources using the [Azure portal](https://portal.azure.com/), VS Code using the [Azure Tools extension pack](https://marketplace.visualstudio.com/items?itemName=ms-vscode.vscode-node-azure-pack), or the Azure CLI.

-### [Azure portal](#tab/azure-portal)

-| Instructions | Screenshot |

-|:-|--:|

-| [!INCLUDE [Create app service step 1](<./includes/tutorial-nodejs-mongodb-app/create-app-service-azure-portal-1.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/create-app-service-azure-portal-1-240px.png" alt-text="A screenshot showing how to use the search box in the top tool bar to find App Services in Azure." lightbox="./media/tutorial-nodejs-mongodb-app/create-app-service-azure-portal-1.png"::: |

-| [!INCLUDE [Create app service step 2](<./includes/tutorial-nodejs-mongodb-app/create-app-service-azure-portal-2.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/create-app-service-azure-portal-2-240px.png" alt-text="A screenshot showing the create button on the App Services page used to create a new web app." lightbox="./media/tutorial-nodejs-mongodb-app/create-app-service-azure-portal-2.png"::: |

-| [!INCLUDE [Create app service step 3](<./includes/tutorial-nodejs-mongodb-app/create-app-service-azure-portal-3.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/create-app-service-azure-portal-3-240px.png" alt-text="A screenshot showing the form to fill out to create a web app in Azure." lightbox="./media/tutorial-nodejs-mongodb-app/create-app-service-azure-portal-3.png"::: |

-| [!INCLUDE [Create app service step 4](<./includes/tutorial-nodejs-mongodb-app/create-app-service-azure-portal-4.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/create-app-service-azure-portal-4-240px.png" alt-text="A screenshot of the Spec Picker dialog that lets you select the App Service plan to use for your web app." lightbox="./media/tutorial-nodejs-mongodb-app/create-app-service-azure-portal-4.png"::: |

-| [!INCLUDE [Create app service step 4](<./includes/tutorial-nodejs-mongodb-app/create-app-service-azure-portal-5.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/create-app-service-azure-portal-5-240px.png" alt-text="A screenshot of the main web app create page showing the button to select on to create your web app in Azure." lightbox="./media/tutorial-nodejs-mongodb-app/create-app-service-azure-portal-5.png"::: |

-### [VS Code](#tab/vscode-aztools)

-To create Azure resources in VS Code, you must have the [Azure Tools extension pack](https://marketplace.visualstudio.com/items?itemName=ms-vscode.vscode-node-azure-pack) installed and be signed into Azure from VS Code.

-> [!div class="nextstepaction"]

-> [Download Azure Tools extension pack](https://marketplace.visualstudio.com/items?itemName=ms-vscode.vscode-node-azure-pack)

-| Instructions | Screenshot |

-|:-|--:|

-| [!INCLUDE [Create app service step 1](<./includes/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-01.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-01-240px.png" alt-text="A screenshot showing the location of the Azure Tools icon in the left toolbar." lightbox="./media/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-01.png"::: |

-| [!INCLUDE [Create app service step 2](<./includes/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-02.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-02-240px.png" alt-text="A screenshot showing the App Service section of Azure Tools showing how to create a new web app." lightbox="./media/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-02.png"::: |

-| [!INCLUDE [Create app service step 3](<./includes/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-03.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-03-240px.png" alt-text="A screenshot showing the dialog box used to enter the name of the web app in Azure." lightbox="./media/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-03.png"::: |

-| [!INCLUDE [Create app service step 4](<./includes/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-04.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-04-240px.png" alt-text="A screenshot of dialog box used to select a resource group or create a new one for the web app." lightbox="./media/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-04.png"::: |

-| [!INCLUDE [Create app service step 5](<./includes/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-05.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-05-240px.png" alt-text="A screenshot of the dialog box in VS Code used enter a name for the resource group." lightbox="./media/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-05.png"::: |

-| [!INCLUDE [Create app service step 6](<./includes/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-06.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-06-240px.png" alt-text="A screenshot of the dialog box in VS Code used to select Node 14 LTS as the runtime for the web app." lightbox="./media/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-06.png"::: |

-| [!INCLUDE [Create app service step 7](<./includes/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-07.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-07-240px.png" alt-text="A screenshot of the dialog in VS Code used to select operating system to use for hosting the web app." lightbox="./media/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-07.png"::: |

-| [!INCLUDE [Create app service step 8](<./includes/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-08.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-08-240px.png" alt-text="A screenshot of the dialog in VS Code used to select location of the web app resources." lightbox="./media/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-08.png"::: |

-| [!INCLUDE [Create app service step 9](<./includes/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-09.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-09-240px.png" alt-text="A screenshot of the dialog in VS Code used to select an App Service plan or create a new one." lightbox="./media/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-09.png"::: |

-| [!INCLUDE [Create app service step 10](<./includes/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-10.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-10-240px.png" alt-text="A screenshot of the dialog in VS Code used to enter the name of the App Service plan." lightbox="./media/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-10.png"::: |

-| [!INCLUDE [Create app service step 11](<./includes/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-11.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-11-240px.png" alt-text="A screenshot of the dialog in VS Code used to select the pricing tier of the App Service plan." lightbox="./media/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-11.png"::: |

-| [!INCLUDE [Create app service step 12](<./includes/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-12.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-12-240px.png" alt-text="A screenshot of the dialog in VS Code asking if you want to create an App Insights resource for your web app." lightbox="./media/tutorial-nodejs-mongodb-app/create-app-service-visual-studio-code-12.png"::: |

-### [Azure CLI](#tab/azure-cli)

-## 2 - Create an Azure Cosmos DB in MongoDB compatibility mode

-Azure Cosmos DB is a fully managed NoSQL database for modern app development. Among its features are a 100% MongoDB compatible API allowing you to use your existing MongoDB tools, packages, and applications with Cosmos DB.

-### [Azure portal](#tab/azure-portal)

-You must sign in to the [Azure portal](https://portal.azure.com/) to finish these steps to create a Cosmos DB.

-| Instructions | Screenshot |

-|:-|--:|

-| [!INCLUDE [Create Cosmos DB step 1](<./includes/tutorial-nodejs-mongodb-app/create-cosmos-db-azure-portal-1.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/create-cosmos-db-azure-portal-1-240px.png" alt-text="A screenshot showing how to use the search box in the top tool bar to find Cosmos DB in Azure." lightbox="./media/tutorial-nodejs-mongodb-app/create-cosmos-db-azure-portal-1.png"::: |

-| [!INCLUDE [Create Cosmos DB step 2](<./includes/tutorial-nodejs-mongodb-app/create-cosmos-db-azure-portal-2.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/create-cosmos-db-azure-portal-2-240px.png" alt-text="A screenshot showing the create button on the Cosmos DB page used to create a database." lightbox="./media/tutorial-nodejs-mongodb-app/create-cosmos-db-azure-portal-2.png"::: |

-| [!INCLUDE [Create Cosmos DB step 3](<./includes/tutorial-nodejs-mongodb-app/create-cosmos-db-azure-portal-3.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/create-cosmos-db-azure-portal-3-240px.png" alt-text="A screenshot showing the page where you select the MongoDB API for your Cosmos DB." lightbox="./media/tutorial-nodejs-mongodb-app/create-cosmos-db-azure-portal-3.png"::: |

-| [!INCLUDE [Create Cosmos DB step 4](<./includes/tutorial-nodejs-mongodb-app/create-cosmos-db-azure-portal-4.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/create-cosmos-db-azure-portal-4-240px.png" alt-text="A screenshot showing how to fill out the page to create a new Cosmos DB." lightbox="./media/tutorial-nodejs-mongodb-app/create-cosmos-db-azure-portal-4.png"::: |

-### [VS Code](#tab/vscode-aztools)

-| Instructions | Screenshot |

-|:-|--:|

-| [!INCLUDE [Create Cosmos DB step 1](<./includes/tutorial-nodejs-mongodb-app/create-cosmos-db-visual-studio-code-1.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/create-cosmos-db-visual-studio-code-1-240px.png" alt-text="A screenshot showing the database component of the Azure Tools VS Code extension and the location of the button to create a new database." lightbox="./media/tutorial-nodejs-mongodb-app/create-cosmos-db-visual-studio-code-1.png"::: |

-| [!INCLUDE [Create Cosmos DB step 2](<./includes/tutorial-nodejs-mongodb-app/create-cosmos-db-visual-studio-code-2.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/create-cosmos-db-visual-studio-code-2-240px.png" alt-text="A screenshot showing the dialog box used to select the subscription for the new database in Azure." lightbox="./media/tutorial-nodejs-mongodb-app/create-cosmos-db-visual-studio-code-2.png"::: |

-| [!INCLUDE [Create Cosmos DB step 3](<./includes/tutorial-nodejs-mongodb-app/create-cosmos-db-visual-studio-code-3.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/create-cosmos-db-visual-studio-code-3-240px.png" alt-text="A screenshot showing the dialog box used to select the type of database you want to create in Azure." lightbox="./media/tutorial-nodejs-mongodb-app/create-cosmos-db-visual-studio-code-3.png"::: |

-| [!INCLUDE [Create Cosmos DB step 4](<./includes/tutorial-nodejs-mongodb-app/create-cosmos-db-visual-studio-code-4.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/create-cosmos-db-visual-studio-code-4-240px.png" alt-text="A screenshot of dialog box used to enter the name of the new database in Visual Studio Code." lightbox="./media/tutorial-nodejs-mongodb-app/create-cosmos-db-visual-studio-code-4.png"::: |

-| [!INCLUDE [Create Cosmos DB step 5](<./includes/tutorial-nodejs-mongodb-app/create-cosmos-db-visual-studio-code-5.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/create-cosmos-db-visual-studio-code-5-240px.png" alt-text="A screenshot of the dialog to select the throughput mode of the database." lightbox="./media/tutorial-nodejs-mongodb-app/create-cosmos-db-visual-studio-code-5.png"::: |

-| [!INCLUDE [Create Cosmos DB step 6](<./includes/tutorial-nodejs-mongodb-app/create-cosmos-db-visual-studio-code-6.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/create-cosmos-db-visual-studio-code-6-240px.png" alt-text="A screenshot of the dialog in VS Code used to select resource group to put the new database in." lightbox="./media/tutorial-nodejs-mongodb-app/create-cosmos-db-visual-studio-code-6.png"::: |

-| [!INCLUDE [Create Cosmos DB step 7](<./includes/tutorial-nodejs-mongodb-app/create-cosmos-db-visual-studio-code-7.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/create-cosmos-db-visual-studio-code-7-240px.png" alt-text="A screenshot of the dialog in VS Code used to select location for the new database." lightbox="./media/tutorial-nodejs-mongodb-app/create-cosmos-db-visual-studio-code-7.png"::: |

-### [Azure CLI](#tab/azure-cli)

-## 3 - Connect your App Service to your Cosmos DB

-To connect to your Cosmos DB database, you need to provide the connection string for the database to your application. It's done in the sample application by reading the `DATABASE_URL` environment variable. When you locally run it, the sample application uses the [dotenv package](https://www.npmjs.com/package/dotenv) to read the connection string value from the `.env` file.

-When you run in Azure, configuration values like connection strings can be stored in the *application settings* of the App Service hosting the web app. These values are then made available to your application as environment variables during runtime. In this way, the application uses the connection string from `process.env` the same way whether being run locally or in Azure. Further, it eliminates the need to manage and deploy environment specific config files with your application.

-### [Azure portal](#tab/azure-portal)

-| Instructions | Screenshot |

-|:-|--:|

-| [!INCLUDE [Connection string step 1](<./includes/tutorial-nodejs-mongodb-app/connection-string-azure-portal-1.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/connection-string-azure-portal-1-240px.png" alt-text="A screenshot showing the location of the Cosmos DB connection string on the Cosmos DB quick start page." lightbox="./media/tutorial-nodejs-mongodb-app/connection-string-azure-portal-1.png"::: |

-| [!INCLUDE [Connection string step 2](<./includes/tutorial-nodejs-mongodb-app/connection-string-azure-portal-2.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/connection-string-azure-portal-2-240px.png" alt-text="A screenshot showing how to search for and go to the App Service, where the connection string needs to store the connection string." lightbox="./media/tutorial-nodejs-mongodb-app/connection-string-azure-portal-2.png"::: |

-| [!INCLUDE [Connection string step 3](<./includes/tutorial-nodejs-mongodb-app/connection-string-azure-portal-3.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/connection-string-azure-portal-3-240px.png" alt-text="A screenshot showing how to use the Application settings within an App Service." lightbox="./media/tutorial-nodejs-mongodb-app/connection-string-azure-portal-3.png"::: |

-| [!INCLUDE [Connection string step 4](<./includes/tutorial-nodejs-mongodb-app/connection-string-azure-portal-4.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/connection-string-azure-portal-4-240px.png" alt-text="A screenshot showing the dialog used to set an application setting in Azure App Service." lightbox="./media/tutorial-nodejs-mongodb-app/connection-string-azure-portal-4.png"::: |

-### [VS Code](#tab/vscode-aztools)

-| Instructions | Screenshot |

-|:-|--:|

-| [!INCLUDE [Connection string step 1](<./includes/tutorial-nodejs-mongodb-app/connection-string-visual-studio-code-1.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/connection-string-visual-studio-code-1-240px.png" alt-text="A screenshot showing how to copy the connection string for a Cosmos database to your clipboard in VS Code." lightbox="./media/tutorial-nodejs-mongodb-app/connection-string-visual-studio-code-1.png"::: |

-| [!INCLUDE [Connection string step 2](<./includes/tutorial-nodejs-mongodb-app/connection-string-visual-studio-code-2.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/connection-string-visual-studio-code-2-240px.png" alt-text="A screenshot showing how to add a config setting to an App Service in VS Code." lightbox="./media/tutorial-nodejs-mongodb-app/connection-string-visual-studio-code-2.png"::: |

-| [!INCLUDE [Connection string step 3](<./includes/tutorial-nodejs-mongodb-app/connection-string-visual-studio-code-3.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/connection-string-visual-studio-code-3-240px.png" alt-text="A screenshot showing the dialog box used to give a name to an app setting in VS Code." lightbox="./media/tutorial-nodejs-mongodb-app/connection-string-visual-studio-code-3.png"::: |

-| [!INCLUDE [Connection string step 4](<./includes/tutorial-nodejs-mongodb-app/connection-string-visual-studio-code-4.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/connection-string-visual-studio-code-4-240px.png" alt-text="A screenshot showing the dialog used to set the value of an app setting in VS Code." lightbox="./media/tutorial-nodejs-mongodb-app/connection-string-visual-studio-code-4.png"::: |

-| [!INCLUDE [Connection string step 4](<./includes/tutorial-nodejs-mongodb-app/connection-string-visual-studio-code-5.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/connection-string-visual-studio-code-5-240px.png" alt-text="A screenshot showing how to view an app setting for an App Service in VS Code." lightbox="./media/tutorial-nodejs-mongodb-app/connection-string-visual-studio-code-5.png"::: |

-### [Azure CLI](#tab/azure-cli)

-## 4 - Deploy application code to Azure

-Azure App service supports multiple methods to deploy your application code to Azure including support for GitHub Actions and all major CI/CD tools. This article focuses on how to deploy your code from your local workstation to Azure.

-### [Deploy using VS Code](#tab/vscode-deploy)

-To deploy your application code directly from VS Code, you must have the [Azure Tools extension pack](https://marketplace.visualstudio.com/items?itemName=ms-vscode.vscode-node-azure-pack) installed and be signed into Azure from VS Code.

-> [!div class="nextstepaction"]

-> [Download Azure Tools extension pack](https://marketplace.visualstudio.com/items?itemName=ms-vscode.vscode-node-azure-pack)

-| Instructions | Screenshot |

-|:-|--:|

-| [!INCLUDE [Deploy from VS Code 1](<./includes/tutorial-nodejs-mongodb-app/deploy-visual-studio-code-1.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/deploy-visual-studio-code-1-240px.png" alt-text="A screenshot showing the location of the Azure Tool icon in Visual Studio Code." lightbox="./media/tutorial-nodejs-mongodb-app/deploy-visual-studio-code-1.png"::: |

-| [!INCLUDE [Deploy from VS Code 2](<./includes/tutorial-nodejs-mongodb-app/deploy-visual-studio-code-2.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/deploy-visual-studio-code-2-240px.png" alt-text="A screenshot showing how you deploy an application to Azure by right-clicking on a web app in VS Code and selecting deploy from the context menu." lightbox="./media/tutorial-nodejs-mongodb-app/deploy-visual-studio-code-2.png"::: |

-| [!INCLUDE [Deploy from VS Code 3](<./includes/tutorial-nodejs-mongodb-app/deploy-visual-studio-code-3.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/deploy-visual-studio-code-3-240px.png" alt-text="A screenshot showing the dialog box used to select the deployment directory in VS Code." lightbox="./media/tutorial-nodejs-mongodb-app/deploy-visual-studio-code-3.png"::: |

-| [!INCLUDE [Deploy from VS Code 3](<./includes/tutorial-nodejs-mongodb-app/deploy-visual-studio-code-4.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/deploy-visual-studio-code-4-240px.png" alt-text="A screenshot showing the Output window of VS Code while deploying an application to Azure." lightbox="./media/tutorial-nodejs-mongodb-app/deploy-visual-studio-code-4.png"::: |

-### [Deploy using Local Git](#tab/local-git-deploy)

-### [Deploy using a ZIP file](#tab/azure-cli-deploy)

-## 5 - Browse to the application

-The application will have a url of the form `https://<app name>.azurewebsites.net`. Browse to this URL to view the application.

-Use the form elements in the application to add and complete tasks.

-

-## 6 - Configure and view application logs

-The contents of the App Service diagnostic logs can be reviewed in the Azure portal, VS Code, or using the Azure CLI.

-### [Azure portal](#tab/azure-portal)

-| Instructions | Screenshot |

-|:-|--:|

-| [!INCLUDE [Stream logs from Azure portal 1](<./includes/tutorial-nodejs-mongodb-app/stream-logs-azure-portal-1.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/stream-logs-azure-portal-1-240px.png" alt-text="A screenshot showing the location of the Azure Tool icon in Visual Studio Code." lightbox="./media/tutorial-nodejs-mongodb-app/stream-logs-azure-portal-1.png"::: |

-| [!INCLUDE [Stream logs from Azure portal 2](<./includes/tutorial-nodejs-mongodb-app/stream-logs-azure-portal-2.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/stream-logs-azure-portal-2-240px.png" alt-text="A screenshot showing how you deploy an application to Azure by right-clicking on a web app in VS Code and selecting deploy from the context menu." lightbox="./media/tutorial-nodejs-mongodb-app//stream-logs-azure-portal-2.png"::: |

-### [VS Code](#tab/vscode-aztools)

-| Instructions | Screenshot |

-|:-|--:|

-| [!INCLUDE [Stream logs from VS Code 1](<./includes/tutorial-nodejs-mongodb-app/stream-logs-visual-studio-code-1.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/stream-logs-visual-studio-code-1-240px.png" alt-text="A screenshot showing the location of the Azure Tool icon in Visual Studio Code." lightbox="./media/tutorial-nodejs-mongodb-app/stream-logs-visual-studio-code-1.png"::: |

-| [!INCLUDE [Stream logs from VS Code 2](<./includes/tutorial-nodejs-mongodb-app/stream-logs-visual-studio-code-2.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/stream-logs-visual-studio-code-2-240px.png" alt-text="A screenshot showing how you deploy an application to Azure by right-clicking on a web app in VS Code and selecting deploy from the context menu." lightbox="./media/tutorial-nodejs-mongodb-app/stream-logs-visual-studio-code-2.png"::: |

-### [Azure CLI](#tab/azure-cli)

-## 7 - Inspect deployed files using Kudu

-To access Kudu, go to one of the following URLs. You'll need to sign into the Kudu site with your Azure credentials.

-* For apps deployed in Free, Shared, Basic, Standard, and Premium App Service plans - `https://<app-name>.scm.azurewebsites.net`.

-* For apps deployed in Isolated service plans - `https://<app-name>.scm.<ase-name>.p.azurewebsites.net`.

-From the main page in Kudu, you can access information about the application hosting environment, app settings, deployments, and browse the files in the wwwroot directory.

-

-Selecting the *Deployments* link under the REST API header will show you a history of deployments of your web app.

-

-Selecting the *Site wwwroot* link under the Browse Directory heading lets you browse and view the files on the web server.

-

-## Clean up resources

-When you're finished, you can delete all the resources from Azure by deleting the resource group for the application.

-### [Azure portal](#tab/azure-portal)

-Follow these steps while you're signed-in to the Azure portal to delete a resource group.

-| Instructions | Screenshot |

-|:-|--:|

-| [!INCLUDE [Remove resource group Azure portal 1](<./includes/tutorial-nodejs-mongodb-app/remove-resource-group-azure-portal-1.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/remove-resource-group-azure-portal-1-240px.png" alt-text="A screenshot showing how to search for and go to a resource group in the Azure portal." lightbox="./media/tutorial-nodejs-mongodb-app/remove-resource-group-azure-portal-1.png"::: |

-| [!INCLUDE [Remove resource group Azure portal 2](<./includes/tutorial-nodejs-mongodb-app/remove-resource-group-azure-portal-2.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/remove-resource-group-azure-portal-2-240px.png" alt-text="A screenshot showing the location of the Delete Resource Group button in the Azure portal." lightbox="./media/tutorial-nodejs-mongodb-app/remove-resource-group-azure-portal-2.png"::: |

-| [!INCLUDE [Remove resource group Azure portal 3](<./includes/tutorial-nodejs-mongodb-app/remove-resource-group-azure-portal-3.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/remove-resource-group-azure-portal-3-240px.png" alt-text="A screenshot of the confirmation dialog for deleting a resource group in the Azure portal." lightbox="./media/tutorial-nodejs-mongodb-app/remove-resource-group-azure-portal-3.png"::: |

-### [VS Code](#tab/vscode-aztools)

-| Instructions | Screenshot |

-|:-|--:|

-| [!INCLUDE [Remove resource group VS Code 1](<./includes/tutorial-nodejs-mongodb-app/remove-resource-group-visual-studio-code-1.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/remove-resource-group-visual-studio-code-1-240px.png" alt-text="A screenshot showing how to delete a resource group in VS Code using the Azure Tools extention." lightbox="./media/tutorial-nodejs-mongodb-app/remove-resource-group-visual-studio-code-1.png"::: |

-| [!INCLUDE [Remove resource group VS Code 2](<./includes/tutorial-nodejs-mongodb-app/remove-resource-group-visual-studio-code-2.md>)] | :::image type="content" source="./media/tutorial-nodejs-mongodb-app/remove-resource-group-visual-studio-code-2-240px.png" alt-text="A screenshot of the confirmation dialog for deleting a resource group from VS Code." lightbox="./media/tutorial-nodejs-mongodb-app/remove-resource-group-visual-studio-code-2.png"::: |

-### [Azure CLI](#tab/azure-cli)

-> Start/Stop VM during off-hours, version 1 is currently being deprecated and will be unavailable from the marketplace soon. We recommend that you start using version 2, which is now generally available.

-> [!NOTE]

-> Before you install version 1, we recommend you to learn about the [version 2](../azure-functions/start-stop-vms/overview.md), which is now generally available. The newer version offers all existing capabilities along with the support to use it with Azure. This also provides new capabilities, such as multi-subscription support from a single Start/Stop instance.

-> Start/Stop VMs during off-hours (v1) will be deprecated soon.

-> Because configuration and management of Azure Cache for Redis instances is managed by Microsoft, the following commands are disabled. If you try to invoke them, you receive an error message similar to `"(error) ERR unknown command"`.

->

->- BGREWRITEAOF

->- BGSAVE

->- CONFIG

->- DEBUG

->- MIGRATE

->- SAVE

->- SHUTDOWN

->- SLAVEOF

->- REPLICAOF

->- ACL

->- CLUSTER - Cluster write commands are disabled, but read-only Cluster commands are permitted.

->

-* Verify that you have the [Azure Storage Emulator](../../storage/common/storage-use-emulator.md) installed and running.

-*Last updated: August 2022*

- | Global | The action groups service decides where to store the action group. The action group is persisted in at least two regions to ensure regional resiliency. Processing of actions may be done in any [geographic region](https://azure.microsoft.com/en-in/global-infrastructure/geographies/#overview).<br></br>Voice, SMS and email actions performed as the result of [service health alerts](https://docs.microsoft.com/en-us/azure/service-health/alerts-activity-log-service-notifications-portal) are resilient to Azure live-site-incidents. |

- | Regional | The action group is stored within the selected region. The action group is [zone-redundant](https://docs.microsoft.com/en-us/azure/availability-zones/az-region#highly-available-services). Processing of actions is performed within the region.</br></br>Use this option if you want to ensure that the processing of your action group is performed within a specific [geographic boundary](https://azure.microsoft.com/en-in/global-infrastructure/geographies/#overview). |

- - (Optional) If you want to make sure that the data processing for the alert rule takes place within a specific region, and you're creating a metric alert rule that monitors a custom metric, you can select to process the alert rule in one of these regions.

-

-# Troubleshooting problems in Azure Monitor metric alerts

-This article discusses common problems in Azure Monitor [metric alerts](alerts-metric-overview.md) and how to troubleshoot them.

-Given that Autoscale settings can have multiple profiles, and each profile can have multiple metric rules, it is important to understand how an Autoscale setting is evaluated. Each time the Autoscale job runs, it begins by choosing the profile that is applicable. Then Autoscale evaluates the minimum and maximum values, and any metric rules in the profile, and decides if a scale action is necessary.

-az aks show -g <resourceGroupName> -n <clusterName>

-az aks show -g <resourceGroupName> -n <clusterName>

-## July, 2022

-## June, 2022

-Azure Monitor Workbooks documentation previously resided on an external GitHub repository. We have migrated all Azure Workbooks content to the same repo as all other Azure Monitor content.

-## May, 2022

-> To increase the quota for a volume with a quota of at least 4 TiB, you must initiate [a support request](#request-limit-increase).

-## August 2022 release updates

-Any edition of VMware HCX supports 25 site pairings (on-premises to cloud or cloud to cloud) in a single HCX manager system. The default is HCX Advanced, but you can open a [support request](https://rc.portal.azure.com/#create/Microsoft.Support) to have HCX Enterprise Edition enabled. Once the service is generally available, you'll have 30 days to decide on your next steps. You can turn off or opt out of the HCX Enterprise Edition service but keep HCX Advanced as it's part of the node cost.

-> To assess more than 5 seconds of speech with your own script, sign in with an Azure account and use your Speech or Cognitive Services resource.

-| `pitch` | Indicates the baseline pitch for the text. You can express the pitch as:<ul><li>An absolute value, expressed as a number followed by "Hz" (Hertz). For example, `<prosody pitch="600Hz">some text</prosody>`.</li><li>A relative value, expressed as a number preceded by "+" or "-" and followed by "Hz" or "st" that specifies an amount to change the pitch. For example: `<prosody pitch="+80Hz">some text</prosody>` or `<prosody pitch="-2st">some text</prosody>`. The "st" indicates the change unit is semitone, which is half of a tone (a half step) on the standard diatonic scale.</li><li>A constant value:<ul><li>x-low</li><li>low</li><li>medium</li><li>high</li><li>x-high</li><li>default</li></ul></li></ul> | Optional |

-| `rate` | Indicates the speaking rate of the text. You can express `rate` as:<ul><li>A relative value, expressed as a number that acts as a multiplier of the default. For example, a value of *1* results in no change in the rate. A value of *0.5* results in a halving of the rate. A value of *3* results in a tripling of the rate.</li><li>A constant value:<ul><li>x-slow</li><li>slow</li><li>medium</li><li>fast</li><li>x-fast</li><li>default</li></ul></li></ul> | Optional |

-| `volume` | Indicates the volume level of the speaking voice. You can express the volume as:<ul><li>An absolute value, expressed as a number in the range of 0.0 to 100.0, from *quietest* to *loudest*. An example is 75. The default is 100.0.</li><li>A relative value, expressed as a number preceded by "+" or "-" that specifies an amount to change the volume. Examples are +10 or -5.5.</li><li>A constant value:<ul><li>silent</li><li>x-soft</li><li>soft</li><li>medium</li><li>loud</li><li>x-loud</li><li>default</li></ul></li></ul> | Optional |

-Speaking rate can be applied at the word or sentence level.

-Volume changes can be applied at the sentence level.

-Pitch changes can be applied at the sentence level.

-> - If your dictionary contains more than 250,000 sentences, our Document Translator is a better choice. Please refer to [Document Translator](../document-translation/overview.md).

-The following headers are included with each Document Translator API request:

-The following headers are included with each Document Translator API request:

-|Adobe PDF|pdf|Portable document file format.|

-| X-RequestId | Value generated by the service to identify the request. It's used for troubleshooting purposes. |

-| X-MT-System | Specifies the system type that was used for translation for each 'to' language requested for translation. The value is a comma-separated list of strings. Each string indicates a type: <br><br>* Custom - Request includes a custom system and at least one custom system was used during translation.<br>* Team - All other requests |

- - English to/from any other language except Chinese Traditional, Cantonese (Traditional) or Serbian (Cyrillic).

- - from Japanese to Korean or from Korean to Japanese.

- - from Japanese to Chinese Simplified and Chinese Simplified to Japanese.

- - from Chinese Simplified to Chinese Traditional and Chinese Traditional to Chinese Simplified.

-```

-## Setup your application

-1. Delete the pre-existing code, including the line `Console.Writeline("Hello World!")`. You will copy and paste the code samples into your application's Program.cs file. For each code sample, make sure you update the key and endpoint variables with values from your Azure portal Translator instance.

-1. You will copy and paste the code samples into your **text-translator.go** file. Make sure you update the key variable with the value from your Azure portal Translator instance.

-1. You will copy and paste the code samples `TranslatorText.java` file. **Make sure you update the key with one of the key values from your Azure portal Translator instance**.

-1. You will copy and paste the code samples into your `index.js` file. **Make sure you update the key variable with the value from your Azure portal Translator instance**.

-* Document Translator uses optical character recognition (OCR) technology to extract and translate text in scanned PDF document while retaining the original layout.

- "parameters": {

- "fhirVersion": "4.0.1"

- }

-Support for streaming, timeouts, platforms, and browsers is shared with [Communication Services calling SDK overview](./../voice-video-calling/calling-sdk-features.md).

-## Detailed Teams capabilities

-The following list presents the set of Teams capabilities, which are currently available in the Azure Communication Services Calling SDK for JavaScript.

-|Group of features | Teams capability | JS |

-|-|--||

-| Core Capabilities | Placing a call honors Teams external access configuration | ✔️ |

-| | Placing a call honors Teams guest access configuration | ✔️ |

-| | Joining Teams meeting honors configuration for automatic people admit in the Lobby | ✔️ |

-| | Actions available in the Teams meeting are defined by assigned role | ✔️ |

-| Mid call control | Receive forwarded call | ✔️ |

-| | Receive simultaneous ringing | ✔️ |

-| | Play music on hold | ❌ |

-| | Park a call | ❌ |

-| | Transfer a call to a person | ✔️ |

-| | Transfer a call to a call | ✔️ |

-| | Transfer a call to Voicemail | ❌ |

-| | Merge ongoing calls | ❌ |

-| | Place a call on behalf of the user | ❌ |

-| | Start call recording | ❌ |

-| | Start call transcription | ❌ |

-| | Start live captions | ❌ |

-| | Receive information of call being recorded | ✔️ |

-| PSTN | Make an Emergency call | ✔️ |

-| | Place a call honors location-based routing | ❌ |

-| | Support for survivable branch appliance | ❌ |

-| Phone system | Receive a call from Teams auto attendant | ✔️ |

-| | Transfer a call to Teams auto attendant | ✔️ |

-| | Receive a call from Teams call queue (only conference mode) | ✔️ |

-| | Transfer a call from Teams call queue (only conference mode) | ✔️ |

-| Compliance | Place a call honors information barriers | ✔️ |

-| | Support for compliance recording | ✔️ |

-| Meeting | [Include participant in Teams meeting attendance report](https://support.microsoft.com/office/view-and-download-meeting-attendance-reports-in-teams-ae7cf170-530c-47d3-84c1-3aedac74d310) | ❌ |

-## Teams meeting options

-Teams meeting organizers can configure the Teams meeting options to adjust the experience for participants. The following options are supported in Azure Communication Services for Teams users:

-|Option name|Description| Supported |

-| | | |

-| [Automatically admit people](/microsoftteams/meeting-policies-participants-and-guests#automatically-admit-people) | Teams user can bypass the lobby, if Teams meeting organizer set value to include "people in my organization" for single tenant meetings and "people in trusted organizations" for cross-tenant meetings. Otherwise, Teams users have to wait in the lobby until an authenticated user admits them.| ✔️ |

-| [Always let callers bypass the lobby](/microsoftteams/meeting-policies-participants-and-guests#allow-dial-in-users-to-bypass-the-lobby)| Participants joining through phone can bypass lobby | Not applicable |

-| Announce when callers join or leave| Participants hear announcement sounds when phone participants join and leave the meeting | ✔️ |

-| [Choose co-organizers](https://support.microsoft.com/office/add-co-organizers-to-a-meeting-in-teams-0de2c31c-8207-47ff-ae2a-fc1792d466e2)| Teams user can be selected as co-organizer. It affects the availability of actions in Teams meetings. | ✔️ |

-| [Who can present in meetings](/microsoftteams/meeting-policies-in-teams-general#designated-presenter-role-mode) | Controls who in the Teams meeting can share screen. | ❌ |

-|[Manage what attendees see](https://support.microsoft.com/office/spotlight-someone-s-video-in-a-teams-meeting-58be74a4-efac-4e89-a212-8d198182081e)|Teams organizer, co-organizer and presenter can spotlight videos for everyone. Azure Communication Services does not receive the spotlight signals. |❌|

-|[Allow mic for attendees](https://support.microsoft.com/office/manage-attendee-audio-and-video-permissions-in-teams-meetings-f9db15e1-f46f-46da-95c6-34f9f39e671a)|If Teams user is attendee, then this option controls whether Teams user can send local audio |✔️|

-|[Allow camera for attendees](https://support.microsoft.com/office/manage-attendee-audio-and-video-permissions-in-teams-meetings-f9db15e1-f46f-46da-95c6-34f9f39e671a)|If Teams user is attendee, then this option controls whether Teams user can send local video |✔️|

-|[Record automatically](/graph/api/resources/onlinemeeting)|Records meeting when anyone starts the meeting. The user in the lobby does not start a recording.|✔️|

-|Allow meeting chat|If enabled, Teams users can use the chat associated with the Teams meeting.|✔️|

-|[Allow reactions](/microsoftteams/meeting-policies-in-teams-general#meeting-reactions)|If enabled, Teams users can use reactions in the Teams meeting. Azure Communication Services doesn't support reactions. |❌|

-|[RTMP-IN](/microsoftteams/stream-teams-meetings)|If enabled, organizers can stream meetings and webinars to external endpoints by providing a Real-Time Messaging Protocol (RTMP) URL and key to the built-in Custom Streaming app in Teams. |Not applicable|

-|[Provide CART Captions](https://support.microsoft.com/office/use-cart-captions-in-a-microsoft-teams-meeting-human-generated-captions-2dd889e8-32a8-4582-98b8-6c96cf14eb47)|Communication access real-time translation (CART) is a service in which a trained CART captioner listens to the speech and instantaneously translates all speech to text. As a meeting organizer, you can set up and offer CART captioning to your audience instead of the Microsoft Teams built-in live captions that are automatically generated.|❌|

-For a smaller number of services, systems, and protocols, Azure Logic Apps provides a built-in version alongside the managed version. The number and range of built-in connectors vary based on whether you create a Consumption logic app workflow that runs in multi-tenant Azure Logic Apps or a Standard logic app workflow that runs in single-tenant Azure Logic Apps. In most cases, the built-in version provides better performance, capabilities, pricing, and so on. In a few cases, some built-in connectors are available only in one logic app type and not the other.

-For example, a Standard logic app workflow provides both managed connectors and built-in connectors for Azure Blob, Azure Cosmos DB, Azure Event Hubs, Azure Service Bus, DB2, FTP, MQ, SFTP, and SQL Server. A Consumption logic app workflow doesn't have the built-in versions. A Consumption logic app workflow provides built-in connectors for Azure API Management, Azure App Services, and Batch, while a Standard logic app workflow doesn't have these built-in connectors.

-Also, in Standard logic app workflows, some [built-in connectors with specific attributes are informally known as *service providers*](../logic-apps/custom-connector-overview.md#service-provider-interface-implementation). Some built-in connectors support only a single way to authenticate a connection to the underlying service. Other built-in connectors can offer a choice, such as using a connection string, Azure Active Directory (Azure AD), or a managed identity. All built-in connectors run in the same process as the Azure Logic Apps runtime. For more information, review [Single-tenant versus multi-tenant and integration service environment (ISE)](../logic-apps/single-tenant-overview-compare.md).

-This article provides a general overview about built-in connectors in Consumption logic app workflows versus Standard logic app workflows.

-The following table lists the current and expanding galleries of built-in connectors available for Consumption versus Standard logic app workflows. For Standard workflows, an asterisk (**\***) marks [built-in connectors based on the *service provider* model](#service-provider-interface-implementation), which is described in more detail later.

-| Azure API Management<br>Azure App Services <br>Azure Functions <br>Azure Logic Apps <br>Batch <br>Control <br>Data Operations <br>Date Time <br>Flat File <br>HTTP <br>Inline Code <br>Integration Account <br>Liquid <br>Request <br>Schedule <br>Variables <br>XML | Azure Blob* <br>Azure Cosmos DB* <br>Azure Functions <br>Azure Queue* <br>Azure Table Storage* <br>Control <br>Data Operations <br>Date Time <br>DB2* <br>Event Hubs* <br>Flat File <br>FTP* <br>HTTP <br>IBM Host File* <br>Inline Code <br>Liquid operations <br>MQ* <br>Request <br>Schedule <br>Service Bus* <br>SFTP* <br>SQL Server* <br>Variables <br>Workflow operations <br>XML operations |

-In Standard logic app workflows, a built-in connector that has the following attributes is informally known as a *service provider*:

-* Provides access from a Standard logic app workflow to a service, such as Azure Blob Storage, Azure Service Bus, Azure Event Hubs, SFTP, and SQL Server.

-For Standard logic apps, you can create your own built-in connector with the same [built-in connector extensibility model](../logic-apps/custom-connector-overview.md#built-in-connector-extensibility-model) that's used by service provider-based built-in connectors, such as Azure Blob, Azure Event Hubs, Azure Service Bus, SQL Server, and more. This interface implementation is based on the [Azure Functions extensibility model](../azure-functions/functions-bindings-register.md) and provides the capability for you to create custom built-in connectors that anyone can use in Standard logic apps.

-For Consumption logic apps, you can't create your own built-in connectors, but you create your own managed connectors.

-* [Create custom built-in connectors for Standard logic apps](../logic-apps/create-custom-built-in-connector-standard.md)

- [**Sliding Window**][schedule-sliding-window-doc]<br>(*Consumption logic app only*): <br>Trigger a workflow that needs to handle data in continuous chunks.

- [**Batch**][batch-doc]<br>(*Consumption logic app only*)

- **FTP**<br>(*Standard logic app only*)

- **SFTP-SSH**<br>(*Standard logic app only*)

-You can use the following built-in connectors to access specific services and systems. In Standard logic app workflows, some of these built-in connectors are also informally known as *service providers*, which can differ from their managed connector counterparts in some ways.

- [**Azure API Management**][azure-api-management-doc]<br>(*Consumption logic app only*)

- Call your own triggers and actions in APIs that you define, manage, and publish using [Azure API Management](../api-management/api-management-key-concepts.md). <p><p>**Note**: Not supported when using [Consumption tier for API Management](../api-management/api-management-features.md).

- [**Azure App Services**][azure-app-services-doc]<br>(*Consumption logic app only*)

- **Azure Blob**<br>(*Standard logic app only*)

- **Azure Cosmos DB**<br>(*Standard logic app only*)

- **Azure Event Hubs**<br>(*Standard logic app only*)

- Consume and publish events through an event hub. For example, get output from your logic app with Event Hubs, and then send that output to a real-time analytics provider.

- [**Azure Logic Apps**][nested-logic-app-doc]<br>(*Consumption logic app*) <br><br>-or-<br><br>**Workflow operations**<br>(*Standard logic app*)

- **Azure Service Bus**<br>(*Standard logic app only*)

- **Azure Table Storage**<br>(*Standard logic app only*)

- **DB2**<br>(*Standard logic app only*)

- **IBM Host File**<br>(*Standard logic app only*)

- **IBM MQ**<br>(*Standard logic app only*)

- [**SQL Server**][sql-server-doc]<br>(*Standard logic app only*)

- Stop an actively running logic app workflow.

-Integration account operations specifically support business-to-business (B2B) communication scenarios in Azure Logic Apps. After you create an integration account and define your B2B artifacts, such as trading partners, agreements, maps, and schemas, you can use integration account built-in actions to encode and decode messages, transform content, and more.

-* Consumption logic apps

- Before you use any integration account operations in a Consumption logic app, you have to [link your logic app to your integration account](../logic-apps/logic-apps-enterprise-integration-create-integration-account.md).

-* Standard logic apps

- Integration account operations don't require that you link your logic app to your integration account. Instead, you create a connection to your integration account when you add the operation to your Standard logic app workflow. Actually, the built-in Liquid operations and XML operations don't even need an integration account. However, you have to upload Liquid maps, XML maps, or XML schemas through the respective operations in the Azure portal or add these files to your Visual Studio Code project's **Artifacts** folder using the respective **Maps** and **Schemas** folders.

- [**Integration Account Artifact Lookup**][integration-account-doc]<br>(*Consumption logic app only*)

- Convert the following formats by using Liquid templates: <p><p>- JSON to JSON <br>- JSON to TEXT <br>- XML to JSON <br>- XML to TEXT

- :::column:::

- :::column-end:::

-[azure-app-services-doc]: ../logic-apps/logic-apps-custom-api-host-deploy-call.md "Integrate logic apps with App Service API Apps"

-[azure-event-hubs-doc]: ./connectors-create-api-azure-event-hubs.md "Connect to Azure Event Hubs so that you can receive and send events between logic apps and Event Hubs"

-[azure-functions-doc]: ../logic-apps/logic-apps-azure-functions.md "Integrate logic apps with Azure Functions"

-[http-doc]: ./connectors-native-http.md "Call HTTP or HTTPS endpoints from your logic apps"

-[http-request-doc]: ./connectors-native-reqres.md "Receive HTTP requests in your logic apps"

-[http-response-doc]: ./connectors-native-reqres.md "Respond to HTTP requests from your logic apps"

-[http-swagger-doc]: ./connectors-native-http-swagger.md "Call REST endpoints from your logic apps"

-[inline-code-doc]: ../logic-apps/logic-apps-add-run-inline-code.md "Add and run JavaScript code snippets from your logic apps"

-[nested-logic-app-doc]: ../logic-apps/logic-apps-http-endpoint.md "Integrate logic apps with nested workflows"

-[schedule-doc]: ../logic-apps/concepts-schedule-automated-recurring-tasks-workflows.md "Run logic apps based a schedule"

-[schedule-recurrence-doc]: ./connectors-native-recurrence.md "Run logic apps on a recurring schedule"

-[schedule-sliding-window-doc]: ./connectors-native-sliding-window.md "Run logic apps that need to handle data in contiguous chunks"

-[terminate-doc]: ../logic-apps/logic-apps-workflow-actions-triggers.md#terminate-action "Stop or cancel an actively running workflow for your logic app"

-[flat-file-decode-doc]:../logic-apps/logic-apps-enterprise-integration-flatfile.md "Learn about enterprise integration flat file"

-[flat-file-encode-doc]:../logic-apps/logic-apps-enterprise-integration-flatfile.md "Learn about enterprise integration flat file"

-[json-liquid-transform-doc]: ../logic-apps/logic-apps-enterprise-integration-liquid-transform.md "Transform JSON with Liquid templates"

-[xml-transform-doc]: ../logic-apps/logic-apps-enterprise-integration-transform.md "Transform XML messages"

-[xml-validate-doc]: ../logic-apps/logic-apps-enterprise-integration-xml-validation.md "Validate XML messages"

-> (Legacy), migrate to the current Microsoft Dataverse connector. You can use the current Dataverse connector

-> in any existing or new logic app workflows. For backward compatibility, existing workflows continue to work

-For a smaller number of services, systems and protocols, Azure Logic Apps provides a built-in version alongside the managed version. The number and range of built-in connectors vary based on whether you create a Consumption logic app that runs in multi-tenant Azure Logic Apps, or a Standard logic app that runs in single-tenant Azure Logic Apps. In most cases, the built-in version provides better performance, capabilities, pricing, and so on. In a few cases, some built-in connectors are available only in one logic app type, and not the other.

-For example, a Standard logic app provides both managed connectors and built-in connectors for Azure Blob, Azure Cosmos DB, Azure Event Hubs, Azure Service Bus, DB2, FTP, MQ, SFTP, and SQL Server, while a Consumption logic app doesn't have the built-in versions. A Consumption logic app provides built-in connectors for Azure API Management, Azure App Services, and Batch, while a Standard logic app doesn't have these built-in connectors. For more information, review the following documentation: [Built-in connectors in Azure Logic Apps](built-in.md) and [Single-tenant versus multi-tenant and integration service environment (ISE)](../logic-apps/single-tenant-overview-compare.md).

-This article provides a general overview about managed connectors and how they're organized in Consumption logic apps versus Standard logic apps with examples. For technical reference information about each managed connector in Azure Logic Apps, review [Connectors reference for Azure Logic Apps](/connectors/connector-reference/connector-reference-logicapps-connectors).

-In a *Standard* logic app, all managed connectors are organized into the **Azure** group. In a *Consumption* logic app, managed connectors are organized into the **Standard** group or **Enterprise** group. However, pricing for managed connectors works the same in both Standard and Consumption logic apps. For more information, review [Trigger and action operations in the Consumption model](../logic-apps/logic-apps-pricing.md#consumption-operations) and [Trigger and action operations in the Standard model](../logic-apps/logic-apps-pricing.md#standard-operations).

-Some managed connectors also belong to the following informal groups:

-For a *Consumption* logic app, this section lists *some* of the popular connectors in the **Standard** group. In a *Standard* logic app, all managed connectors are in the **Azure** group, but pricing works the same as Consumption logic apps. For more information, review [Trigger and action operations in the Standard model](../logic-apps/logic-apps-pricing.md#standard-operations).

- Consume and publish events through an event hub. For example, get output from your logic app with Event Hubs, and then send that output to a real-time analytics provider.

-For a *Consumption* logic app, this section lists connectors in the **Enterprise** group, which can access enterprise systems for an additional cost. In a *Standard* logic app, all managed connectors are in the **Azure** group, but pricing is the same as for Consumption logic apps. For more information, review [Trigger and action operations in the Standard model](../logic-apps/logic-apps-pricing.md#standard-operations).

-For a *Consumption* logic app, this section lists example [Standard connectors](#standard-connectors) that can access on-premises systems. For the expanded on-premises connectors list, review [Supported data sources](../logic-apps/logic-apps-gateway-connection.md#supported-connections).

-Integration account operations specifically support business-to-business (B2B) communication scenarios in Azure Logic Apps. After you create an integration account and define your B2B artifacts, such as trading partners, agreements, maps, and schemas, you can use integration account connectors to encode and decode messages, transform content, and more.

-* Consumption logic apps

- Before you use any integration account operations in a Consumption logic app, you have to [link your logic app to your integration account](../logic-apps/logic-apps-enterprise-integration-create-integration-account.md).

-* Standard logic apps

- Integration account operations don't require that you link your logic app to your integration account. Instead, you create a connection to your integration account when you add the operation to your Standard logic app workflow.

-> Logic apps that run in an ISE and their connectors, regardless where those connectors run, follow a fixed pricing plan versus the consumption-based pricing plan. For more information, see [Logic Apps pricing model](../logic-apps/logic-apps-pricing.md) and [Logic Apps pricing details](https://azure.microsoft.com/pricing/details/logic-apps/).

-* [Logic Apps pricing model](../logic-apps/logic-apps-pricing.md)

-[azure-event-hubs-doc]: ./connectors-create-api-azure-event-hubs.md "Connect to Azure Event Hubs so that you can receive and send events between logic apps and Event Hubs"

-[gateway-doc]: ../logic-apps/logic-apps-gateway-connection.md "Connect to data sources on-premises from logic apps with on-premises data gateway"

-The subnet associated with a Container App Environment must have a CIDR prefix of /23.

-| **Cost Analysis / Forecast / Query API** | Read only | Read only | Read only | Read only | Read only |

-| **Cost Analysis / Forecast / Query API** | Read only | Read only |

-| **Cost Analysis / Forecast / Query API** | Read only | Read only | Read only | Read only |

-| **Cost Analysis / Forecast / Query API** | Read only | Read only | Read only | Read only | Read only |

-| **Cost Analysis / Forecast / Query API** | Read only | Read only | Read only |

-| **Cost Analysis / Forecast / Query API** | Read only | Read only | Read only | Read only |

-| **Cost Analysis / Forecast / Query API** | Read only | Read only | Read only | Read only |

-### Use AAD service principal authentication

-| aadResourceId | Specify the AAD resource you are requesting for authorization, for example, `https://management.core.windows.net`.| Yes |

-| azureCloudType | For service principal authentication, specify the type of Azure cloud environment to which your AAD application is registered. <br/> Allowed values are **AzurePublic**, **AzureChina**, **AzureUsGovernment**, and **AzureGermany**. By default, the data factory's cloud environment is used. | No |

- "aadResourceId": "<AAD resource URL e.g. https://management.core.windows.net>"

-| aadResourceId | Specify the AAD resource you are requesting for authorization, for example, `https://management.core.windows.net`.| Yes |

- "aadResourceId": "<AAD resource URL e.g. https://management.core.windows.net>",

- Set the end condition rule as **"EndCondition:$.data": "NonExist"** to end the pagination when the value of the specific node in response dose not exist.

- - You can get the object type code by referring to [How to Find the Object Type Code for Any Entity](https://powerobjects.com/tips-and-tricks/find-object-type-code-entity/) and [Dynamics 365 blog](https://dynamicscrmdotblog.wordpress.com/).

-body | Represents the payload that is sent to the endpoint. | String (or expression with resultType of string). <br/><br/>See the schema of the request payload in [Request payload schema](#request-payload-schema) section. | Required for POST/PUT/PATCH methods.

-## Threat protection for Azure Cosmos DB<a name="cosmos-db"></a>

-The Azure Cosmos DB alerts are generated by unusual and potentially harmful attempts to access or exploit Azure Cosmos DB accounts.

-For more information, see:

- :::image type="content" source="media/quickstart-onboard-gcp/google-cloud.png" border="false" alt-text="Screenshot of the location of the Google cloud environment button.":::

- :::image type="content" source="media/quickstart-onboard-gcp/unique-numeric-id.png" alt-text="Screenshot showing the Azure-Arc for servers onboarding section of the screen.":::

-| Single Server Pricing Tier | Single Server VCores | Flexible Server Compute Size | Flexible Server Compute Tier |

-| - | - |:-:|:-:|

-| Basic\* | 1 | General Purpose | Standard_D16ds_v4 |

-| Basic\* | 2 | General Purpose | Standard_D16ds_v4 |

-| General Purpose\* | 4 | General Purpose | Standard_D16ds_v4 |

-| General Purpose\* | 8 | General Purpose | Standard_D16ds_v4 |

-| General Purpose | 16 | General Purpose | Standard_D16ds_v4 |

-| General Purpose | 32 | General Purpose | Standard_D32ds_v4 |

-| General Purpose | 64 | General Purpose | Standard_D64ds_v4 |

-| Memory Optimized | 4 | Business Critical | Standard_E4ds_v4 |

-| Memory Optimized | 8 | Business Critical | Standard_E8ds_v4 |

-| Memory Optimized | 16 | Business Critical | Standard_E16ds_v4 |

-| Memory Optimized | 32 | Business Critical | Standard_E32ds_v4 |

- * query_store_capture_mode ΓÇô set to NONE to turn off the Query Store. This will eliminate the overhead caused by sampling activities by Query Store.

- * innodb_buffer_pool_size ΓÇô Innodb_buffer_pool_size can only be increased by scaling up compute for Azure Database for MySQL server. Scale up the server to 64 vCore General Purpose SKU from the Pricing tier of the portal during migration to increase the innodb_buffer_pool_size.

- * innodb_io_capacity & innodb_io_capacity_max - Change to 9000 from the Server parameters in Azure portal to improve the IO utilization to optimize for migration speed.to-flex-offlinealt-text="Screenshot of a

- * innodb_write_io_threads & innodb_write_io_threads - Change to 4 from the Server parameters in Azure portal to improve the speed of migration.

- :::image type="content" source="media/tutorial-azure-mysql-single-to-flex-offline/1-subscriptions.png" alt-text="Screenshot of a Azure Marketplace.":::

- :::image type="content" source="media/tutorial-Azure-mysql-single-to-flex-offline/2-resource-provider.png" alt-text="Screenshot of a Screenshot of a Select resource provider.":::

- :::image type="content" source="media/tutorial-azure-mysql-single-to-flex-offline/13-select-source-offline.png" alt-text="Screenshot of a Add source details screen.":::

- When performing an offline migration, itΓÇÖs important to stop incoming traffic on the source when configuring the migration project.

- :::image type="content" source="media/tutorial-azure-mysql-single-to-flex-offline/16-select-db.png" alt-text="Screenshot of a Select databases.":::

- :::image type="content" source="media/tutorial-azure-mysql-single-to-flex-offline/19-running-project-offline.png" alt-text="Screenshot of a Running status.":::

- :::image type="content" source="media/tutorial-azure-mysql-single-to-flex-offline/20-monitor-migration-offline.png" alt-text="Screenshot of a Monitoring migration.":::

-| Single Server Pricing Tier | Single Server VCores | Flexible Server Compute Size | Flexible Server Compute Tier |

-| - | - |:-:|:-:|

-| Basic\* | 1 | General Purpose | Standard_D16ds_v4 |

-| Basic\* | 2 | General Purpose | Standard_D16ds_v4 |

-| General Purpose\* | 4 | General Purpose | Standard_D16ds_v4 |

-| General Purpose\* | 8 | General Purpose | Standard_D16ds_v4 |

-| General Purpose | 16 | General Purpose | Standard_D16ds_v4 |

-| General Purpose | 32 | General Purpose | Standard_D32ds_v4 |

-| General Purpose | 64 | General Purpose | Standard_D64ds_v4 |

-| Memory Optimized | 4 | Business Critical | Standard_E4ds_v4 |

-| Memory Optimized | 8 | Business Critical | Standard_E8ds_v4 |

-| Memory Optimized | 16 | Business Critical | Standard_E16ds_v4 |

-| Memory Optimized | 32 | Business Critical | Standard_E32ds_v4 |

- * query_store_capture_mode ΓÇô set to NONE to turn off the Query Store. This will eliminate the overhead caused by sampling activities by Query Store.

- * innodb_buffer_pool_size ΓÇô Innodb_buffer_pool_size can only be increased by scaling up compute for Azure Database for MySQL server. Scale up the server to 64 vCore General Purpose SKU from the Pricing tier of the portal during migration to increase the innodb_buffer_pool_size.

- * innodb_write_io_threads & innodb_write_io_threads - Change to 4 from the Server parameters in Azure portal to improve the speed of migration.

- :::image type="content" source="media/tutorial-azure-mysql-single-to-flex-online/13-select-source-online.png" alt-text="Screenshot of a Add source details screen.":::

- :::image type="content" source="media/tutorial-azure-mysql-single-to-flex-online/16-select-db.png" alt-text="Screenshot of a Select databases.":::

-* Single-labeled private DNS zones aren't supported. Your private DNS zone must have two or more labels. For example, contoso.com has two labels separated by a dot. A private DNS zone can have a maximum of 34 labels.

- |cloudapp.net | usgovcloudapp.net | chinacloudapp.cn

- |azclient.ms | azclient.us | azclient.cn

- |msidentity.com | msidentity.us | msidentity.cn

- |core.windows.net | core.usgovcloudapi.net | core.chinacloudapi.cn

-1. The deployment may take a few minutes to complete. After the deployment has succeeded, view your web app to make sure it's running. In a web browser, navigate to:

- 

-1. From the upper left corner of the main Azure menu,

- choose **All services** > search for **Event Grid** > select **Event Grid topics**.

- 

- Select the star next to Event Grid topics to add it to resource menu for easier access in the future.

-1. In the Event Grid topics Menu, select **+ADD** to create the primary topic.

- * Give the topic a logical name and add "-primary" as a suffix to make it easy to track.

- * This topic's region will be your primary region.

- 

-1. Once the Topic has been created, navigate to it and copy the **Topic Endpoint**. you'll need the URI later.

- 

- 

-1. In the **Topic** page, click **+Event Subscription** to create a subscription connecting your subscribing the event receiver website you made in the pre-requisites to the tutorial.

- * Give the event subscription a logical name and add "-primary" as a suffix to make it easy to track.

- * Select Endpoint Type Web Hook.

- * Set the endpoint to your event receiver's event URL, which should look something like: `https://<your-event-reciever>.azurewebsites.net/api/updates`

- 

-1. Repeat the same flow to create your secondary topic and subscription. This time, replace the "-primary" suffix with "-secondary" for easier tracking. Finally, make sure you put it in a different Azure Region. While you can put it anywhere you want, it's recommended that you use the [Azure Paired Regions](../availability-zones/cross-region-replication-azure.md). Putting the secondary topic and subscription in a different region ensures that your new events will flow even if the primary region goes down.

-

-# Azure Kubernetes Service (AKS) as an Event Grid source (Preview)

-> * If a custom domain is validated in one of the Azure Front Door Standard, Premium, classic or classic Microsoft CDN profiles, then it can't be added to another profile.

-A custom domain is managed by Domains section in the portal. A custom domain can be created and validated before association to an endpoint. A custom domain and its subdomains can be associated with only a single endpoint at a time. However, you can use different subdomains from the same custom domain for different Front Doors. You can also map custom domains with different subdomains to the same Front Door endpoint.

-1. The **Add a domain** page will appear where you can enter information about of the custom domain. You can choose Azure-managed DNS, which is recommended or you can choose to use your own DNS provider. If you choose Azure-managed DNS, select an existing DNS zone and then select a custom subdomain or create a new one. If you're using another DNS provider, manually enter the custom domain name. Select **Add** to add your custom domain.

- > [!NOTE]

- > Azure Front Door supports both Azure managed certificate and customer-managed certificates. If you want to use customer-managed certificate, see [Configure HTTPS on a custom domain](how-to-configure-https-custom-domain.md).

- :::image type="content" source="../media/how-to-add-custom-domain/add-domain-page.png" alt-text="Screenshot of add a domain page.":::

- A new custom domain is created with a validation state of **Submitting**.

- Wait until the validation state changes to **Pending**. This operation could take a few minutes.

-1. Select the **Pending** validation state. A new page will appear with DNS TXT record information needed to validate the custom domain. The TXT record is in the form of `_dnsauth.<your_subdomain>`. If you're using Azure DNS-based zone, select the **Add** button and a new TXT record with the displayed record value will be created in the Azure DNS zone. If you're using another DNS provider, manually create a new TXT record of name `_dnsauth.<your_subdomain>` with the record value as shown on the page.

-| -- | -- |

-| Pending | A domain goes to pending state once the DNS TXT record challenge is generated. Please add the DNS TXT record to your DNS provider and wait for the validation to complete. If it is in ΓÇÿPendingΓÇÖ even after the TXT record is updated in the DNS provider, please try to click ΓÇÿRegenerateΓÇÖ to refresh the TXT record and add the TXT record to your DNS provider again. |

-| Rejected | This state is applicable when the certificate provider/authority rejects the issuance for the managed certificate, e.g. when the domain is invalid. Please click on the ΓÇÿRejectedΓÇÖ link and click ΓÇÿRegenerateΓÇÖ on the ΓÇÿValidate the custom domainΓÇÖ page, as shown in the screenshots below this table. Then click on Add to add the TXT record in the DNS provider. |

-| TimeOut | The domain validation state will become from ΓÇÿPendingΓÇÖ to ΓÇÿTimeoutΓÇÖ if you do not add it to your DNS provider within 7 days or add an invalid DNS TXT record. Please click on the Timeout and hit ΓÇÿRegenerateΓÇÖ on the ΓÇÿValidate the custom domainΓÇÖ page, as shown in the screenshots below this table. Then click on Add. Repeat step 3 and 4. |

-| Approved | This means the domain has been successfully validated. |

-| Pending re-validation | This happens when the managed certificate is 45 days or less from expiry. If you have a CNAME record pointing to the AFD endpoint, no action is required for certificate renewal. If the custom domain is pointing to other CNAME records, please click on ΓÇÿPending RevalidationΓÇÖ and hit ΓÇÿRegenerateΓÇÖ on the ΓÇÿValidate the custom domainΓÇÖ page, as shown in the screenshots below this table. Then click on Add or add the TXT record with your own DNS providerΓÇÖs DNS management. |

-| Refreshing validation token | A domain goes to ΓÇ£Refreshing Validation TokenΓÇÖ stage for a brief period after Regenerate button is clicked. Once a new TXT record challenge is issued, the state changes to Pending. |

-| Internal error | If you see this error, retry by clicking the **Refresh** or **Regenerate** buttons. If you're still experiencing issues, raise a support request. |

-## Associate the custom domain with your Front Door Endpoint

-After you've validated your custom domain, you can then add it to your Azure Front Door Standard/Premium endpoint.

-1. Once custom domain is validated, you can associate it to an existing Azure Front Door endpoint and route. Select the **Unassociated** link to open the **Associate endpoint and routes** page. Select an endpoint and routes you want to associate with. Then select **Associate**. Close the page once the associate operation completes.

-Then lastly, validate that your application content is getting served using a browser.

-Azure Front Door enables secure TLS delivery to your applications by default when a custom domain is added. By using the HTTPS protocol on your custom domain, you ensure your sensitive data get delivered securely with TLS/SSL encryption when it's sent across the internet. When your web browser is connected to a web site via HTTPS, it validates the web site's security certificate and verifies it gets issued by a legitimate certificate authority. This process provides security and protects your web applications from attacks.

-Azure Front Door supports both Azure managed certificate and customer-managed certificates. Azure Front Door by default automatically enables HTTPS to all your custom domains using Azure managed certificates. No extra steps are required for getting an Azure managed certificate. A certificate is created during the domain validation process. You can also use your own certificate by integrating Azure Front Door Standard/Premium with your Key Vault.

-## Azure managed certificates

-1. On the **Add a domain** page, for *DNS management* select the **Azure managed DNS** option.

- :::image type="content" source="../media/how-to-configure-https-custom-domain/add-domain-azure-managed.png" alt-text="Screen shot of add a domain page with Azure managed DNS selected.":::

-1. Once the custom domain gets associated to endpoint successfully, an Azure managed certificate gets deployed to Front Door. This process may take from several minutes to an hour to complete.

-### Azure-managed certificate

-Azure-managed certificates are automatically rotated when your custom domain uses a CNAME record that points to an Azure Front Door standard or premium endpoint.

-* The custom domain's CNAME record is pointing to other DNS resources.

-* The custom domain points to Azure Front Door through a long chain. For example, if you put Azure Traffic Manager before Azure Front Door, the CNAME chain is `contoso.com` CNAME in `contoso.trafficmanager.net` CNAME in `contoso.z01.azurefd.net`.

-In order for the certificate to be automatically rotated to the latest version when a newer version of the certificate is available in your key vault, set the secret version to 'Latest'. If a specific version is selected, you have to reselect the new version manually for certificate rotation. It takes up to 24 hours for the new version of the certificate/secret to be automatically deployed.

-A custom rate limit rule controls access based on matching conditions and the rates of incoming requests. For more information, see [configure rate limit](../web-application-firewall/afds/waf-front-door-rate-limit-powershell.md).

-> The add-ons for AKS Engine and Arc enabled Kubernetes are in **preview**. Azure Policy for

-> Kubernetes only supports Linux node pools and built-in policy definitions (custom policy

-> definitions is a _public preview_ feature). Built-in policy definitions are in the **Kubernetes**

-> category. The limited preview policy definitions with **EnforceOPAConstraint** and

-> **EnforceRegoPolicy** effect and the related **Kubernetes Service** category are _deprecated_.

-> Instead, use the effects _audit_ and _deny_ with Resource Provider mode

-> `Microsoft.Kubernetes.Data`.

-> [!NOTE]

-> Custom policy definitions is a _public preview_ feature.

- > cluster resource. For an AKS Engine cluster, the **Scope** must be the resource group of the

- > cluster.

-### Remove the add-on from Azure Arc enabled Kubernetes

-### Remove the add-on from AKS Engine

-The default storage, either an Azure Storage account or Azure Data Lake Storage, must be in the same location as your cluster. Azure Storage is available at all locations. Data Lake Storage Gen1 is available in some regions - see the current [Data Lake Storage availability](https://azure.microsoft.com/global-infrastructure/services/?products=storage).

-On a deployed cluster, you can attach additional Azure Storage accounts or access other Data Lake Storage. All your storage accounts must live in the same location as your cluster. A Data Lake Storage can be in a different location, though great distances may introduce some latency.

-Azure Storage has some [capacity limits](../azure-resource-manager/management/azure-subscription-service-limits.md#storage-limits), while Data Lake Storage Gen1 is almost unlimited.

-A cluster's scale is determined by the quantity of its VM nodes. For all cluster types, there are node types that have a specific scale, and node types that support scale-out. For example, a cluster may require exactly three [Apache ZooKeeper](https://zookeeper.apache.org/) nodes or two Head nodes. Worker nodes that do data processing in a distributed fashion benefit from the additional worker nodes.

-Depending on your cluster type, increasing the number of worker nodes adds additional computational capacity (such as more cores). More nodes will increase the total memory required for the entire cluster to support in-memory storage of data being processed. As with the choice of VM size and type, selecting the right cluster scale is typically reached empirically. Use simulated workloads or canary queries.

-PUT https://{subdomain}.{baseDomain}/api/dataExport/destinations/{destinationId}?api-version=1.2-preview

-GET https://{subdomain}.{baseDomain}/api/dataExport/destinations/{destinationId}?api-version=1.2-preview

-GET https://{subdomain}.{baseDomain}/api/dataExport/destinations?api-version=1.2-preview

-PATCH https://{subdomain}.{baseDomain}/api/dataExport/destinations/{destinationId}?api-version=1.2-preview

-DELETE https://{subdomain}.{baseDomain}/api/dataExport/destinations/{destinationId}?api-version=1.2-preview

-PUT https://{subdomain}.{baseDomain}/api/dataExport/exports/{exportId}?api-version=1.2-preview

-GET https://{subdomain}.{baseDomain}/api/dataExport/exports/{exportId}?api-version=1.2-preview

-GET https://{subdomain}.{baseDomain}/api/dataExport/exports?api-version=1.2-preview

-PATCH https://{subdomain}.{baseDomain}/dataExport/exports/{exportId}?api-version=1.2-preview

-DELETE https://{subdomain}.{baseDomain}/api/dataExport/destinations/{destinationId}?api-version=1.2-preview

-> [!NOTE]

-> Currently, ODATA support is only available for `api-version=1.2-preview`.

-GET https://{subdomain}.{baseDomain}/api/deviceTemplates?api-version=1.2-preview&$top=10

- "nextLink": "https://custom-12qmyn6sm0x.azureiotcentral.com/api/deviceTemplates?api-version=1.2-preview&%24top=1&%24skiptoken=%7B%22token%22%3A%22%2BRID%3A%7EJWYqAKZQKp20qCoAAAAACA%3D%3D%23RT%3A1%23TRC%3A1%23ISV%3A2%23IEO%3A65551%23QCF%3A4%22%2C%22range%22%3A%7B%22min%22%3A%2205C1DFFFFFFFFC%22%2C%22max%22%3A%22FF%22%7D%7D"

-GET https://{subdomain}.{baseDomain}/api/deviceTemplates?api-version=1.2-preview&$filter=contains(displayName, 'thermostat')

-GET https://{subdomain}.{baseDomain}/api/deviceTemplates?api-version=1.2-preview&$orderby=displayName

-GET https://{subdomain}.{baseDomain}/api/deviceTemplates?api-version=1.2-preview&$filter=contains(displayName, 'thermostat')&$top=2

-> [!NOTE]

-> Currently, ODATA support is only available for `api-version=1.2-preview`

-GET https://{subdomain}.{baseDomain}/api/devices?api-version=1.2-preview&$top=10

- "nextLink": "https://custom-12qmyn6sm0x.azureiotcentral.com/api/devices?api-version=1.2-preview&%24top=1&%24skiptoken=%257B%2522token%2522%253A%2522%252BRID%253A%7EJWYqAOis7THQbBQAAAAAAg%253D%253D%2523RT%253A1%2523TRC%253A1%2523ISV%253A2%2523IEO%253A65551%2523QCF%253A4%2522%252C%2522range%2522%253A%257B%2522min%2522%253A%2522%2522%252C%2522max%2522%253A%252205C1D7F7591D44%2522%257D%257D"

-| Less than or equals | le | indexof(displayName, 'device1') le -1 |

-| Less than | lt | indexof(displayName, 'device1') lt 0 |

-| Greater than or equals | ge | indexof(displayName, 'device1') ge 0 |

-| Greater than | gt | indexof(displayName, 'device1') gt 0 |

-Currently, the only supported filter function for device lists is the `indexof` function:

-$filter=indexof(displayName, 'device1') ge 0

-The following example shows how to retrieve all the devices where the display name has index the string `thermostat`:

-GET https://{subdomain}.{baseDomain}/api/deviceTemplates?api-version=1.2-preview&$filter=index(displayName, 'thermostat')

-GET https://{subdomain}.{baseDomain}/api/devices?api-version=1.2-preview&$orderby=displayName

-GET https://{subdomain}.{baseDomain}/api/deviceTemplates?api-version=1.2-preview&$filter=contains(displayName, 'thermostat')&$top=2

-> [!IMPORTANT]

-> The jobs API is currently in preview. All The REST API calls described in this article should include `?api-version=1.2-preview`.

-GET https://{your app subdomain}.azureiotcentral.com/api/jobs?api-version=1.2-preview

-GET https://{your app subdomain}.azureiotcentral.com/api/jobs/job-004?api-version=1.2-preview

-GET https://{your app subdomain}.azureiotcentral.com/api/jobs/job-004/devices?api-version=1.2-preview

-PUT https://{your app subdomain}.azureiotcentral.com/api/jobs/job-006?api-version=1.2-preview

-PUT https://{subdomain}.{baseDomain}/api/deviceGroups/group1?api-version=1.2-preview

-POST https://{your app subdomain}.azureiotcentral.com/api/jobs/job-006/stop?api-version=1.2-preview

-POST https://{your app subdomain}.azureiotcentral.com/api/jobs/job-006/resume?api-version=1.2-preview

-PUT https://{your app subdomain}.azureiotcentral.com/api/jobs/job-006/rerun/rerun-001?api-version=1.2-preview

-POST https://{your app subdomain}.azureiotcentral.com/api/query?api-version=1.2-preview

-Each IoT Edge parent device in gateway hierarchies can have up to 100 connected child devices by default. This limit can be changed by setting the **MaxConnectedClients** environment variable in the parent device's edgeHub module.

-Azure IoT Edge is governed by Microsoft's [Modern Lifecycle Policy](/lifecycle/policies/modern).

- | Region | Select **West Europe** |

- | AzureBastionSubnet address space | Enter **10.1.1.0/27** |

- | Region | Select **West Europe**. |

-7. Select **IPv4** or **IPv6** for the **IP version**.

- > [!NOTE]

- > IPv6 isn't currently supported with Routing Preference or Cross-region load-balancing (Global Tier).

-19. Select **NIC** or **IP Address** for **Backend Pool Configuration**.

-20. Select **IPv4** or **IPv6** for **IP version**.

-21. Select **Add**.

-23. In **Load balancing rule** in the **Inbound rules** tab, select **+ Add a load balancing rule**.

- | Frontend IP address | Select **myFrontend**. |

- > In this example we'll create a NAT gateway to provide outbound Internet access. The outbound rules tab in the configuration is bypassed as it's optional isn't needed with the NAT gateway. For more information on Azure NAT gateway, see [What is Azure Virtual Network NAT?](../virtual-network/nat-gateway/nat-overview.md)

-In this section, you'll create a NAT gateway for outbound internet access for resources in the virtual network.

- | Region | Select **West Europe**. |

-2. In **Virtual machines**, select **+ Create** > **Virtual machine**.

- | Region | Select **(Europe) West Europe** |

- | Configure network security group | Select **Create new**. </br> In the **Create network security group**, enter **myNSG** in **Name**. </br> Under **Inbound rules**, select **+Add an inbound rule**. </br> Under **Service**, select **HTTP**. </br> Under **Priority**, enter **100**. </br> In **Name**, enter **myNSGRule** </br> Select **Add** </br> Select **OK** |

- | Place this virtual machine behind an existing load-balancing solution? | Select the check box. |

- | **Load balancing settings** |

-6. On the server desktop, navigate to **Windows Administrative Tools** > **Windows PowerShell**.

-When you run a load test, Azure Load Testing stores both client-side and [server-side metrics](./how-to-monitor-server-side-metrics.md) for the test run. Azure Load Testing has a per-test-run limit on the retention period for this data:

-| Resource | Limit |

-|||

-| Server-side metrics | 90 days |

-| Client-side metrics | 365 days |

-The test run associated with the load test isn't removed.

-For example, a typical machine learning project includes the steps of data collection, data preparation, model training, model evaluation, and model deployment. Usually, the data engineers concentrate on data steps, data scientists spend most time on model training and evaluation, the machine learning engineers are focus on model deployment and automation of the entire workflow. By leveraging machine learning pipeline, each team only needs to work on building their own steps. The best way of building steps is using [Azure Machine Learning component](concept-component.md), a self-contained piece of code that does one step in a machine learning pipeline. All these steps built by different users are finally integrated into one workflow through the pipeline definition. The pipeline is a collaboration tool for everyone in the project. The process of defining a pipeline and all its steps can be standardized by each company's preferred DevOps practice. The pipeline can be further versioned and automated. If the ML projects are described as a pipeline, then the best MLOps practice is already applied.

- > This is not a complete list of the hosts required for all Python resources on the internet, only the most commonly used. For example, if you need access to a GitHub repository or other host, you must identify and add the required hosts for that scenario.

- | **update.code.visualstudio.com**</br></br>**\*.vo.msecnd.net** | Used to retrieve VS Code server bits that are installed on the compute instance through a setup script.|

-| **update.code.visualstudio.com**</br></br>**\*.vo.msecnd.net** | Used to retrieve VS Code server bits that are installed on the compute instance through a setup script.|

-* Install and configure the Azure CLI and ML extension. For more information, see [Install, set up, and use the CLI (v2)](how-to-configure-cli.md).

-* To deploy locally, you must have [Docker engine](https://docs.docker.com/engine/install/) running locally. This step is **highly recommended**. It will help you debug issues.

-## Create a YAML file for your endpoint and deployment

-There are a few important concepts to notice in this YAML:

-### Readiness route vs. liveness route

-### Locating the mounted model

-You can optionally configure your `model_mount_path`. It enables you to change the path where the model is mounted. For example, you can have `model_mount_path` parameter in your _tfserving-deployment.yml_:

-```azurecli

-az ml online-deployment create --name tfserving-deployment -f endpoints/online/custom-container/tfserving-deployment.yml

-### Delete endpoint and model

-```azurecli

-az ml model delete -n tfserving-mounted --version 1

-1. User sets up the `launch.json` in the VSCode and start the AzureML Inference Server within VSCode.

-You have **Flask 2** installed in your python environment but are running a server (< 0.7.0) that does not support Flask 2. To resolve, please upgrade to the latest version of server.

-### 2. I encountered an ``ImportError`` or ``ModuleNotFoundError`` on modules ``opencensus``, ``jinja2``, ``MarkupSafe``, or ``click`` during startup like the following:

-Older versions (<= 0.4.10) of the server did not pin Flask's dependency to compatible versions. This is fixed in the latest version of the server.

-* Learn about [Prebuilt docker images for inference](concept-prebuilt-docker-images-inference.md)

-## Test the 'green' deployment

-1. Test the new deployment with a small percentage of live traffic:

- Once you've tested your green deployment, allocate a small percentage of traffic to it:

- ```python

- endpoint.traffic = {"blue": 90, "green": 10}

- ml_client.begin_create_or_update(endpoint)

- ```

- Now, your green deployment will receive 10% of requests.

-1. Send all traffic to your new deployment:

- Once you're satisfied that your green deployment is fully satisfactory, switch all traffic to it.

- ```python

- endpoint.traffic = {"blue": 0, "green": 100}

- ml_client.begin_create_or_update(endpoint)

- ```

-1. Remove the old deployment:

- ```python

- ml_client.online_deployments.delete(name="blue", endpoint_name=online_endpoint_name)

- ```

-* Explore online endpoint samples - [https://github.com/Azure/azureml-examples/tree/main/sdk/endpoints](https://github.com/Azure/azureml-examples/tree/main/sdk/endpoints)

-* The [Install, set up, and use the CLI (v2)](how-to-configure-cli.md).

-Local deployment supports creation, update, and deletion of a local endpoint. It also allows you to invoke and get logs from the endpoint. To use local deployment, add `--local` to the appropriate CLI command:

- az ml online-deployment get-logs --endpoint-name <endpoint-name> --name <deployment-name> --lines 100

-* [OperationCancelled](#error-operationcancelled)

-* [Unable to download user model or code artifacts](#unable-to-download-user-model-or-code-artifacts)

-After provisioning the compute resource, during deployment creation, Azure tries to pull the user container image from the workspace private Azure Container Registry (ACR) and mount the user model and code artifacts into the user container from the workspace storage account.

-First, check if there is a permissions issue accessing ACR.

-It is possible that the user container could not be found. Check [container logs](#get-container-logs) to get more details.

-#### Unable to download user model or code artifacts

-It is possible that the user model or code artifacts can't be found. Check [container logs](#get-container-logs) to get more details.

-Make sure model and code artifacts are registered to the same workspace as the deployment. Use the `show` command to show details for a model or code artifact in a workspace.

- az ml model show --name <model-name>

- az ml code show --name <code-name> --version <version>

- ```azurecli

- az storage blob exists --account-name foobar --container-name 210212154504-1517266419 --name WebUpload/210212154504-1517266419/GaussianNB.pkl --subscription <sub-name>`

- ```

-This component should be healthy on cluster, at least one healthy replica. You will get this error message if it's not avaliable when you trigger kubernetes online endpoint and deployment creation/update request.

-Please check the pod status and logs to fix this issue, you can also try to update the k8s-extension intalled on the cluster.

- - A package that was imported but is not in the conda environment.

-This error occurs when Azure Resource Manager can't find a required resource. For example, you will receive this error if a storage account was referred to but is not able to be found at the specified path. Be sure to double-check the spelling of exact paths or resource names.

-1. Grant your private registry's `acrPull` role to the system identity of your online enpdoint.

-### ERROR: OperationCancelled

-* [Operation was cancelled by another operation which has a higher priority](#operation-cancelled-by-another-higher-priority-operation)

-* [Operation was cancelled due to a previous operation waiting for lock confirmation](#operation-cancelled-waiting-for-lock-confirmation)

-#### Operation cancelled by another higher priority operation

-#### Operation cancelled waiting for lock confirmation

-Azure operations have a brief waiting period after being submitted during which they retrieve a lock to ensure that we do not run into race conditions. This error happens when the operation you submitted is the same as another operation that is currently still waiting for confirmation that it has received the lock to proceed. It may indicate that you have submitted a very similar request too soon after the initial request.

-If you are having trouble with autoscaling, see [Troubleshooting Azure autoscale](../azure-monitor/autoscale/autoscale-troubleshoot.md).

-| 429 | Too many pending requests | Your model is getting more requests than it can handle. We allow 2 * `max_concurrent_requests_per_instance` * `instance_count` requests at any time. Additional requests are rejected. You can confirm these settings in your model deployment config under `request_settings` and `scale_settings`. If you are using auto-scaling, your model is getting requests faster than the system can scale up. With auto-scaling, you can try to resend requests with [exponential backoff](https://aka.ms/exponential-backoff). Doing so can give the system time to adjust. |

-This tutorial shows you how to discover the servers that are running in your VMware environment by using the Azure Migrate: Discovery and assessment tool, a lightweight Azure Migrate appliance. You deploy the appliance as a server running in your vCenter Server instance, to continuously discover servers and their performance metadata, applications that are running on servers, server dependencies, ASP.NET web apps, and SQL Server instances and databases.

-In the managed attribute management experience, managed attributes can't be deleted, only expired. Expired asset can't be applied to any assets and are, by default, hidden in the user experience. By default, expired managed attributes aren't removed from an asset. If an asset has an expired managed attribute applied, it can only be removed, not edited.

-description: This Quickstart describes how to create a Microsoft Purview (formerly Azure Purview) account using Bicep.

-# Quickstart: Create a Microsoft Purview (formerly Azure Purview) account using Bicep

-This quickstart describes the steps to deploy a Microsoft Purview (formerly Azure Purview) account using Bicep.

-After you've created the account, you can begin registering your data sources and using the Microsoft Purview governance portal to understand and govern your data landscape. By connecting to data across your on-premises, multi-cloud, and software-as-a-service (SaaS) sources, the Microsoft Purview Data Map creates an up-to-date map of your information. It identifies and classifies sensitive data, and provides end-to-end data linage. Data consumers are able to discover data across your organization and data administrators are able to audit, secure, and ensure right use of your data.

-For more information about the governance capabilities of Microsoft Purview, formerly Azure Purview, [see our overview page](overview.md). For more information about deploying Microsoft Purview across your organization, [see our deployment best practices](deployment-best-practices.md).

-To deploy a Microsoft Purview account to your subscription, follow the prerequisites guide below.

-## Review the Bicep file

-The Bicep file used in this quickstart is from [Azure Quickstart Templates](https://azure.microsoft.com/resources/templates/data-share-share-storage-account/).

-The following resources are defined in the Bicep file:

-* [**Microsoft.Purview/accounts**](/azure/templates/microsoft.purview/accounts)

-The Bicep performs the following tasks:

-* Creates a Microsoft Purview account in the specified resource group.

-## Deploy the Bicep file

-1. Save the Bicep file as `main.bicep` to your local computer.

-1. Deploy the Bicep file using Azure CLI or Azure PowerShell.

- > [!NOTE]

- > Replace **\<project-name\>** with a project name that will be used to generate resource names. Replace **\<invitation-email\>** with an email address for receiving data share invitations.

- # [CLI](#tab/CLI)

-

- ```azurecli-interactive

- az group create --name exampleRG --location eastus

- az deployment group create --resource-group exampleRG --template-file main.bicep --parameters projectName=<project-name> invitationEmail=<invitation-email>

- ```

- # [PowerShell](#tab/PowerShell)

- ```powershell-interactive

- New-AzResourceGroup -Name exampleRG -Location eastus

- New-AzResourceGroupDeployment -ResourceGroupName exampleRG -TemplateFile ./main.bicep -projectName "<project-name>" -invitationEmail "<invitation-email>"

- ```

-

- When the deployment finishes, you should see a message indicating the deployment succeeded.

-## Open Microsoft Purview governance portal

-After your Microsoft Purview account is created, you'll use the Microsoft Purview governance portal to access and manage it. There are two ways to open Microsoft Purview governance portal:

-* Open your Microsoft Purview account in the [Azure portal](https://portal.azure.com). Select the "Open Microsoft Purview governance portal" tile on the overview page.

- :::image type="content" source="media/create-catalog-portal/open-purview-studio.png" alt-text="Screenshot showing the Microsoft Purview account overview page, with the Microsoft Purview governance portal tile highlighted.":::

-* Alternatively, you can browse to [https://web.purview.azure.com](https://web.purview.azure.com), select your Microsoft Purview account, and sign in to your workspace.

-## Get started with your Purview resource

-After deployment, the first activities are usually:

-* [Create a collection](quickstart-create-collection.md)

-* [Register a resource](azure-purview-connector-overview.md)

-* [Scan the resource](concept-scans-and-ingestion.md)

-At this time, these actions aren't able to be taken through a Bicep file. Follow the guides above to get started!

-## Clean up resources

-To clean up the resources deployed in this quickstart, delete the resource group, which deletes all resources in the group.

-You can delete the resources through the Azure portal, Azure CLI, or Azure PowerShell.

-# [CLI](#tab/CLI)

-```azurecli-interactive

-az group delete --name exampleRG

-```

-# [PowerShell](#tab/PowerShell)

-```powershell-interactive

-Remove-AzResourceGroup -Name exampleRG

-```

-## Next steps

-In this quickstart, you learned how to create a Microsoft Purview (formerly Azure Purview) account using Bicep and how to access the Microsoft Purview governance portal.

-Next, you can create a user-assigned managed identity (UAMI) that will enable your new Microsoft Purview account to authenticate directly with resources using Azure Active Directory (Azure AD) authentication.

-To create a UAMI, follow our [guide to create a user-assigned managed identity](manage-credentials.md#create-a-user-assigned-managed-identity).

-Follow these next articles to learn how to navigate the Microsoft Purview governance portal, create a collection, and grant access to Microsoft Purview:

-> [!div class="nextstepaction"]

-> [Using the Microsoft Purview governance portal](use-azure-purview-studio.md)

-> [Create a collection](quickstart-create-collection.md)

-> [Add users to your Microsoft Purview account](catalog-permissions.md)

-You can set up authentication for an Azure Synapse source in either of two ways. Select your scenario below for steps to apply permissions.

-|`defaultLanguageCode` | (Optional) Language code of the input text used to tokenize and delineate input text. The following languages are supported: `da, de, en, es, fi, fr, it, ko, pt`. The default is English (`en`). If you pass a `languagecode-countrycode` format, only the `languagecode` part of the format is used. |

-| <li> [Threat protection for Cosmos DB](../../defender-for-cloud/other-threat-protections.md#threat-protection-for-azure-cosmos-db) | GA | Not Available |

-|**DNS logs** | - | Collection only |

-Each organization will have different metrics of success and internal migration processes. This section provides suggested guidance to considered when migrating from the Log Analytics MMA/OMS agent to the AMA, specifically for Microsoft Sentinel.

- |

-**See [Windows DNS Server (Preview)](#windows-dns-server-preview).**

-See also: [**Security events via legacy agent**](#security-events-via-legacy-agent-windows) connector.

-| **Checkpoint Firewall-1** | Collected using CEF. | `__Im_NetworkSession_CheckPointFirewallVxx` |

-| **Corelight Zeek** | Collected using the Corelight Zeek connector. | `_im_NetworkSession_CorelightZeekVxx` |

-| **Watchguard FirewareOW** | Collected using Syslog. | `_Im_NetworkSession_WatchGuardFirewareOSVxx` |

-First, it provides some basic details about the resource: where it is located, when it was created, to which resource group it belongs, the Azure tags it contains, etc. Further, it surfaces information about access management: how many owners, contributors, and other roles are authorized to access the resource, and what networks are allowed access to it; what is the permission model of the key vault, is public access to blobs allowed in the storage account, and more. Finally, the page also includes some integrations, such as Microsoft Defender for Cloud, Defender for Endpoint, and Purview, that enrich the information about the resource.

-When triaging or investigating an incident, the context of the entirety of incidents in your SOC can be extremely useful. For example, other incidents involving the same entities can represent useful context that will allow you to reach the right decision faster. Now there's a new tab in the incident page that lists other incidents that are similar to the incident you are investigating. Some common use cases for using similar incidents are:

-When creating or editing [analytics rules](detect-threats-custom.md), map the rule to one or more specific tactics *and* techniques. When searching for rules on the **Analytics** page, filter by tactic and technique to narrow your search results.

-The new **Advanced KQL for Microsoft Sentinel** interactive workbook is designed to help you improve your Kusto Query Language proficiency by taking a use case-driven approach based on:

-If more than one of these identities applies to a security principal, then the permission level associated with the first identity is granted. For example, if a security principal is both the owning user and a named user, then the permission level associated with the owning user applies.

-> To a set the ACL of a specific group or user, use their respective object IDs. For example, `group:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx` or `user:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`.

-> To a set the ACL of a specific group or user, use their respective object IDs. For example, `group:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx` or `user:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`.

-For more information about creating and using shared access signatures, see [How a shared access signature works](../common/storage-sas-overview.md?toc=%2fazure%2fstorage%2ffiles%2ftoc.json#how-a-shared-access-signature-works).

-You can also use AzCopy to copy one file to another or to copy a blob to a file or the other way around. See [Get started with AzCopy](../common/storage-use-azcopy-v10.md?toc=%2fazure%2fstorage%2ffiles%2ftoc.json).

- No, this scenario isn't supported.

-| [Troubleshoot performance issues](../common/troubleshoot-storage-performance.md?toc=%2fazure%2fstorage%2fqueues%2ftoc.json)| Common performance issues and guidance about how to troubleshoot them. |

-| [Troubleshoot availability issues](../common/troubleshoot-storage-availability.md?toc=%2fazure%2fstorage%2fqueues%2ftoc.json)| Common availability issues and guidance about how to troubleshoot them.|

-| [Troubleshoot client application errors](../common/troubleshoot-storage-client-application-errors.md?toc=%2fazure%2fstorage%2fqueues%2ftoc.json)| Common issues with connecting clients and how to troubleshoot them.|

-An Azure Storage client uses a storage connection string to store endpoints and credentials for accessing data management services. When running in a client application, you must provide the storage connection string in the following format, using the name of your storage account and the storage access key for the storage account listed in the [Azure portal](https://portal.azure.com) for the `AccountName` and `AccountKey` values. For information on storage accounts and access keys, see [About Azure Storage accounts](../common/storage-account-create.md?toc=%2fazure%2fstorage%2fqueues%2ftoc.json). This example shows how you can declare a static field to hold the connection string:

-To test your application in your local Windows computer, you can use the [Azurite storage emulator](../common/storage-use-azurite.md?toc=%2fazure%2fstorage%2fqueues%2ftoc.json). Azurite is a utility that simulates Azure Blob Storage and Queue Storage on your local development machine. The following example shows how you can declare a static field to hold the connection string to your local storage emulator:

-| [Troubleshoot performance issues](../common/troubleshoot-storage-performance.md?toc=%2fazure%2fstorage%2ftables%2ftoc.json)| Common performance issues and guidance about how to troubleshoot them. |

-| [Troubleshoot availability issues](../common/troubleshoot-storage-availability.md?toc=%2fazure%2fstorage%2ftables%2ftoc.json)| Common availability issues and guidance about how to troubleshoot them.|

-| [Troubleshoot client application errors](../common/troubleshoot-storage-client-application-errors.md?toc=%2fazure%2fstorage%2ftables%2ftoc.json)| Common issues with connecting clients and how to troubleshoot them.|

-The first step is to enable a **system-assigned managed identity** for the Function, following that [procedure](../app-service/overview-managed-identity.md?tabs=ps%2cportal&toc=%2fazure%2fazure-functions%2ftoc.json).

-You can use [Azure SQL Database](https://azure.microsoft.com/services/sql-database/) as an output for data that's relational in nature or for applications that depend on content being hosted in a relational database. Azure Stream Analytics jobs write to an existing table in SQL Database. The table schema must exactly match the fields and their types in your job's output. The Azure portal experience for Stream Analytics allows you to [test your streaming query and also detect if there are any mismatches between the schema](sql-db-table.md) of the results produced by your job and the schema of the target table in your SQL database. To learn about ways to improve write throughput, see the [Stream Analytics with Azure SQL Database as output](stream-analytics-sql-output-perf.md) article. While you can also specify [Azure Synapse Analytics SQL pool](https://azure.microsoft.com/documentation/services/sql-data-warehouse/) as an output via the SQL Database output option, it is recommended to use the dedicated [Azure Synapse Analytics output connector](azure-synapse-analytics-output.md) for best performance.

-[azure.blob.storage]: https://azure.microsoft.com/documentation/services/storage/

-[Azure Data Factory](https://azure.microsoft.com/documentation/services/data-factory/) can be used to orchestrate the task of creating the updated blobs required by Stream Analytics to update reference data definitions.

-|`spark.sql.hive.metastore.jars`|<ul><li>Version 0.13: `/opt/hive-metastore/lib-0.13/*:/usr/hdp/current/hadoop-client/lib/*` </li><li>Version 1.2: `/opt/hive-metastore/lib-1.2/*:/usr/hdp/current/hadoop-client/lib/*` </li><li>Version 2.1: `/opt/hive-metastore/lib-2.1/*:/usr/hdp/current/hadoop-client/lib/*` </li><li>Version 2.3: `/opt/hive-metastore/lib-2.3/*:/usr/hdp/current/hadoop-client/lib/*` </li><li>Version 3.1: `/opt/hive-metastore/lib-3.1/*:/usr/hdp/current/hadoop-client/lib/*`</li></ul>|

-A Spark pool is a set of metadata that defines the compute resource requirements and associated behavior characteristics when a Spark instance is instantiated. These characteristics include but aren't limited to name, number of nodes, node size, scaling behavior, and time to live. A Spark pool in itself does not consume any resources. There are no costs incurred with creating Spark pools. Charges are only incurred once a Spark job is executed on the target Spark pool and the Spark instance is instantiated on demand.

-The Isolated Compute option provides additional security to Spark compute resources from untrusted services by dedicating the physical compute resource to a single customer.

-Isolated compute option is best suited for workloads that require a high degree of isolation from other customer's workloads for reasons that include meeting compliance and regulatory requirements.

-The Isolate Compute option is only available with the XXXLarge (80 vCPU / 504 GB) node size and only available in the following regions. The isolated compute option can be enabled or disabled after pool creation although the instance may need to be restarted. If you expect to enable this feature in the future, ensure that your Synapse workspace is created in an isolated compute supported region.

-Apache Spark pool instance consists of one head node and two or more worker nodes with a minimum of three nodes in a Spark instance. The head node runs additional management services such as Livy, Yarn Resource Manager, Zookeeper, and the Spark driver. All nodes run services such as Node Agent and Yarn Node Manager. All worker nodes run the Spark Executor service.

-A Spark pool can be defined with node sizes that range from a Small compute node with 4 vCore and 32 GB of memory up to a XXLarge compute node with 64 vCore and 512 GB of memory per node. Node sizes can be altered after pool creation although the instance may need to be restarted.

-Apache Spark pools provide the ability to automatically scale up and down compute resources based on the amount of activity. When the autoscale feature is enabled, you can set the minimum and maximum number of nodes to scale. When the autoscale feature is disabled, the number of nodes set will remain fixed. This setting can be altered after pool creation although the instance may need to be restarted.

-Apache Spark pools utilize temporary disk storage while the pool is instantiated. For many Spark jobs, it is difficult to estimate cluster storage requirements, which may cause your Spark jobs to fail if the worker nodes exhaust storage. Elastic pool storage allows the Spark engine to monitor worker node temporary cluster storage, and attach additional disks if needed. No action is required by customers. Customers should see fewer job failures as a result of elastic pool storage.

-> Azure Synapse Elastic pool storage is currently in Public Preview. During Public Preview there is no charge for use of Elastic Pool Storage.

-The automatic pause feature releases resources after a set idle period, reducing the overall cost of an Apache Spark pool. The number of minutes of idle time can be set once this feature is enabled. The automatic pause feature is independent of the autoscale feature. Resources can be paused whether the autoscale is enabled or disabled. This setting can be altered after pool creation although active sessions will need to be restarted.

-1. Provide a name for your Azure Synapse Link connection, and select the number of cores. These cores will be used for the movement of data from the source to the target.

-* [Get started with Azure Synapse Link for SQL Server 2022](connect-synapse-link-sql-server-2022.md)

- * Select your **Core count**. We recommend starting from small number and increasing as needed.

-* [Get started with Azure Synapse Link for Azure SQL Database](connect-synapse-link-sql-database.md)

-[Azure App Service](https://azure.microsoft.com/documentation/services/app-service/web/)

-[1]: /powershell/module/az.trafficmanager

-Any [Remote Desktop clients](user-documentation/connect-windows-7-10.md?toc=%2Fazure%2Fvirtual-desktop%2Ftoc.json&bc=%2Fazure%2Fvirtual-desktop%2Fbreadcrumb%2Ftoc.json) you use to connect to Azure Virtual Desktop must have access to the following URLs. Select the relevant tab based on which cloud you're using. Opening these URLs is essential for a reliable client experience. Blocking access to these URLs is unsupported and will affect service functionality.

- - Read-access to the Azure subscriptions that hold your Azure Virtual Desktop resources

-## Scheduled agent updates now generally available

-## FSLogix 2201 hotfix 2

-## Japan and Australia metadata service now generally available

-## Azure Virtual Desktop moving away from Storage Blob image type

-## Azure Virtual Desktop Custom Configuration changing to PowerShell

-Azure Disk Encryption is integrated with [Azure Key Vault](https://azure.microsoft.com/documentation/services/key-vault/) to help you control and manage the disk-encryption keys and secrets in your key vault subscription. You can create a key vault or use an existing one for Azure Disk Encryption. For more information about key vaults, see [Get started with Azure Key Vault](../../key-vault/general/overview.md) and [Secure your key vault](../../key-vault/general/security-features.md). You can use a Resource Manager template, Azure PowerShell, or the Azure CLI to create a key vault.

-If you're already familiar with the prerequisites for Azure Disk Encryption, you can use the [Azure Disk Encryption prerequisites PowerShell script](https://raw.githubusercontent.com/Azure/azure-powershell/master/src/Compute/Compute/Extension/AzureDiskEncryption/Scripts/AzureDiskEncryptionPreRequisiteSetup.ps1 ). For an example of using this PowerShell script, see the [Encrypt a VM Quickstart](disk-encryption-powershell-quickstart.md). You can remove the comments from a section of the script, starting at line 211, to encrypt all disks for existing VMs in an existing resource group.

-To register for the feature, use the following command:

-```azurecli

-az feature register --namespace Microsoft.Compute --name LiveResize

-```

-It may take a few minutes for registration to take complete. To confirm that you've registered, use the following command:

-```azurecli

-az feature show --namespace Microsoft.Compute --name LiveResize

-```

-> If you've enabled **LiveResize** and your disk meets the requirements in [Expand without downtime](#expand-without-downtime), you can skip step 1 and 3.

- To generate the sha256Checksum, using a PowerShell on Windows [Get-Hash](/powershell/module/microsoft.powershell.utility/get-filehash)

-* [Azure Storage](https://azure.microsoft.com/documentation/services/storage/)

-* [Azure Virtual Machines](https://azure.microsoft.com/documentation/services/virtual-machines/)

-[15]:./media/migrate-to-premium-storage-using-azure-site-recovery/migrate-to-premium-storage-using-azure-site-recovery-14.png

-The NP-series virtual machines are powered by [Xilinx U250 ](https://www.xilinx.com/products/boards-and-kits/alveo/u250.html) FPGAs for accelerating workloads including machine learning inference, video transcoding, and database search & analytics. NP-series VMs are also powered by Intel Xeon 8171M (Skylake) CPUs with all core turbo clock speed of 3.2 GHz.

-Azure Disk Encryption is integrated with [Azure Key Vault](https://azure.microsoft.com/documentation/services/key-vault/) to help you control and manage the disk-encryption keys and secrets in your key vault subscription. You can create a key vault or use an existing one for Azure Disk Encryption. For more information about key vaults, see [Get started with Azure Key Vault](../../key-vault/general/overview.md) and [Secure your key vault](../../key-vault/general/security-features.md). You can use a Resource Manager template, Azure PowerShell, or the Azure CLI to create a key vault.

-To register for the feature, use the following command:

-```azurepowershell

-Register-AzProviderFeature -FeatureName "LiveResize" -ProviderNamespace "Microsoft.Compute"

-```

-It may take a few minutes for registration to complete. To confirm that you've registered, use the following command:

-```azurepowershell

-Get-AzProviderFeature -FeatureName "LiveResize" -ProviderNamespace "Microsoft.Compute"

-```

-> If you've enabled **LiveResize** and your disk meets the requirements in [Expand without downtime](#expand-without-downtime), you can skip step 1.

-> If you've enabled **LiveResize** and your disk meets the requirements in [expand without downtime](#expand-without-downtime), you can skip step 4 and 6.

-* [Azure Storage](https://azure.microsoft.com/documentation/services/storage/)

-* [Azure Virtual Machines](https://azure.microsoft.com/documentation/services/virtual-machines/)

-[15]:./media/migrate-to-premium-storage-using-azure-site-recovery/migrate-to-premium-storage-using-azure-site-recovery-14.png

-High availability and disaster recovery for Oracle Database Enterprise Edition (without relying on Oracle RAC) can be achieved on Azure using [Data Guard, Active Data Guard](https://www.oracle.com/database/technologies/high-availability/dataguard.html), or [Oracle GoldenGate](https://www.oracle.com/technetwork/middleware/goldengate), with two databases on two separate virtual machines. Both virtual machines should be in the same [virtual network](https://azure.microsoft.com/documentation/services/virtual-network/) to ensure they can access each other over the private persistent IP address. Additionally, we recommend placing the virtual machines in the same availability set to allow Azure to place them into separate fault domains and upgrade domains. Should you want to have geo-redundancy, set up the two databases to replicate between two different regions and connect the two instances with a VPN Gateway.

-| **SAP S/4HANA 2021, Fully-Activated Appliance** December 20 2021 | [Create Appliance](https://cal.sap.com/registration?sguid=b8a9077c-f0f7-47bd-977c-70aa6a6a2aa7&provider=208b780d-282b-40ca-9590-5dd5ad1e52e8) |

-|This appliance contains SAP S/4HANA 2021 (SP00) with pre-activated SAP Best Practices for SAP S/4HANA core functions, and further scenarios for Service, Master Data Governance (MDG), Transportation Mgmt. (TM), Portfolio Mgmt. (PPM), Human Capital Management (HCM), Analytics, Migration Cockpit, and more. User access happens via SAP Fiori, SAP GUI, SAP HANA Studio, Windows remote desktop, or the backend operating system for full administrative access. | [Details]( https://cal.sap.com/catalog?provider=208b780d-282b-40ca-9590-5dd5ad1e52e8#/applianceTemplates/b8a9077c-f0f7-47bd-977c-70aa6a6a2aa7) |

-We just announced our new services of Azure Center for SAP solutions and Azure Monitor for SAP 2.0 entering the public previev stage. These services will give you the possibility to deploy SAP workload on Azure in a highly automated manner in an optimal architecture and configuration. And monitor your Azure infrastructure, OS, DBMS, and ABAP stack deployments on one single pane of glass.

-More details can be found in [this article][resource-groups-networking] and on [this page](https://azure.microsoft.com/documentation/services/virtual-network/).

-* [ExpressRoute documentation](https://azure.microsoft.com/documentation/services/expressroute/)

-This article describes how to deploy a highly available SAP HANA system in a scale-out configuration with HANA system replication (HSR) and Pacemaker on Azure SUSE Linux Enterprise Server virtual machines (VMs). The shared file systems in the presented architecture are provided by [Azure NetApp Files](../../../azure-netapp-files/azure-netapp-files-introduction.md) and are mounted over NFS.

-In the example configurations, installation commands, and so on, the HANA instance is **03** and the HANA system ID is **HN1**. The examples are based on HANA 2.0 SP4 and SUSE Linux Enterprise Server 12 SP5.

-* [Azure NetApp Files documentation][anf-azure-doc]

-The HANA shared file system `/han). It is mounted via NFSv4.1 on each HANA node in the same HANA system replication site. File systems `/hana/data` and `/hana/log` are local file systems and are not shared between the HANA DB nodes. SAP HANA will be installed in non-shared mode.

-> [!TIP]

-The Azure NetApp volumes are deployed in a separate subnet, [delegated to Azure NetApp Files](../../../azure-netapp-files/azure-netapp-files-delegate-subnet.md): `anf` 10.23.1.0/26.

- > Make sure that the OS you select is SAP-certified for SAP HANA on the specific VM types you're using. For a list of SAP HANA certified VM types and OS releases for those types, go to the [SAP HANA certified IaaS platforms](https://www.sap.com/dmc/exp/2014-09-02-hana-hardware/enEN/#/solutions?filters=v:deCertified;ve:24;iaas;v:125;v:105;v:99;v:120) site. Click into the details of the listed VM type to get the complete list of SAP HANA-supported OS releases for that type.

- 1. Select **TCP** as the protocol and port 625**03**. Keep the **Interval** value set to 5, and the **Unhealthy threshold** value set to 2.

-### Deploy the Azure NetApp Files infrastructure

-Deploy the ANF volumes for the `/han#set-up-the-azure-netapp-files-infrastructure).

-3. **[A]** Prepare the OS for running SAP HANA on NetApp Systems with NFS, as described in SAP note [3024346 - Linux Kernel Settings for NetApp NFS](https://launchpad.support.sap.com/#/notes/3024346). Create configuration file */etc/sysctl.d/91-NetApp-HANA.conf* for the NetApp configuration settings.

- <pre><code>

- vi /etc/sysctl.d/91-NetApp-HANA.conf

- # Add the following entries in the configuration file

- net.core.rmem_max = 16777216

- net.core.wmem_max = 16777216

- net.ipv4.tcp_rmem = 4096 131072 16777216

- net.ipv4.tcp_wmem = 4096 16384 16777216

- net.core.netdev_max_backlog = 300000

- net.ipv4.tcp_slow_start_after_idle=0

- net.ipv4.tcp_no_metrics_save = 1

- net.ipv4.tcp_moderate_rcvbuf = 1

- net.ipv4.tcp_window_scaling = 1

- net.ipv4.tcp_sack = 1

- </code></pre>

-4. **[A]** Create configuration file */etc/sysctl.d/ms-az.conf* with Microsoft for Azure configuration settings.

-4. **[A]** Adjust the sunrpc settings, as recommended in SAP note [3024346 - Linux Kernel Settings for NetApp NFS](https://launchpad.support.sap.com/#/notes/3024346).

- <pre><code>

- vi /etc/modprobe.d/sunrpc.conf

- # Insert the following line

- options sunrpc tcp_max_slot_table_entries=128

- </code></pre>

-2. **[A]** SUSE delivers special resource agents for SAP HANA and by default agents for SAP HANA ScaleUp are installed. Uninstall the packages for ScaleUp, if installed and install the packages for scenario SAP HANAScaleOut. The step needs to be performed on all cluster VMs, including the majority maker.

-3. **[AH]** Prepare the VMs - apply the recommended settings per SAP note [2205917] for SUSE Linux Enterprise Server for SAP Applications.

-### Mount the shared file systems

-In this example, the shared HANA file systems are deployed on Azure NetApp Files and mounted over NFSv4.

-1. **[AH]** Create mount points for the HANA database volumes.

-2. **[AH]** Verify the NFS domain setting. Make sure that the domain is configured as the default Azure NetApp Files domain, that is, **`defaultv4iddomain.com`** and the mapping is set to **nobody**.

-3. **[AH]** Verify `nfs4_disable_idmapping`. It should be set to **Y**. To create the directory structure where `nfs4_disable_idmapping` is located, execute the mount command. You won't be able to manually create the directory under /sys/modules, because access is reserved for the kernel / drivers.

-4. **[AH1]** Mount the shared Azure NetApp Files volumes on the SITE1 HANA DB VMs.

- # Add the following entries

-5. **[AH2]** Mount the shared Azure NetApp Files volumes on the SITE2 HANA DB VMs.

- # Add the following entries

-10. **[AH]** Verify that the corresponding `/hana/shared/` file systems are mounted on all HANA DB VMs with NFS protocol version **NFSv4**.

- Flags: rw,noatime,vers=4.1,rsize=262144,wsize=262144,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.23.0.11,local_lock=none,addr=10.23.1.7

- Flags: rw,noatime,vers=4.1,rsize=262144,wsize=262144,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.23.0.14,local_lock=none,addr=10.23.1.7

-In this example for deploying SAP HANA in scale-out configuration with HSR on Azure VMs, we've used HANA 2.0 SP4.

-5. **[AH]** Install additional packages, which are required for HANA 2.0 SP4. For more information, see SAP Note [2593824](https://launchpad.support.sap.com/#/notes/2593824) for your SLES version.

-1. **[1]** Install SAP HANA by following the instructions in the [SAP HANA 2.0 Installation and Update guide](https://help.sap.com/viewer/2c1988d620e04368aa4103bf26f17727/2.0.04/en-US/7eb0167eb35e4e2885415205b8383584.html). In the instructions that follow, we show the SAP HANA installation on the first node on SITE 1.

-4. **[1,2]** Change the HANA configuration so that communication for HANA system replication if directed though the HANA system replication virtual network interfaces.

- For more information, see [Host Name resolution for System Replication](https://help.sap.com/viewer/eb3777d5495d46c5b2fa773206bbfb46/1.0.12/en-US/c0cba1cb2ba34ec89f45b48b2157ec7b.html).

-2. **[1,2]** Create the directory on the ANF /hana/sahred volume, which will be used in the special file system monitoring resource. The directories need to be created on both sites.

- The SAP HANA resource agents depend on binaries, stored on `/hana/shared` to perform operations during failover. File system `/hana/shared` is mounted over NFS in the presented configuration. A test that can be performed, is to create a temporary firewall rule to block access to the `/hana/shared` ANF volume on one of the primary site VMs. This approach validates that the cluster will fail over, if access to `/hana/shared` is lost on the active system replication site.

- **Expected result**: When you block the access to the `/hana/shared` ANF volume on one of the primary site VMs, the monitoring operation that performs read/write operation on file system, will fail, as it is not able to access the file system and will trigger HANA resource failover. The same result is expected when your HANA node loses access to the NFS share.

- To simulate failure for `/hana/shared`, first confirm the IP address for the `/hana/shared` ANF volume on the primary site. You can do that by running `df -kh|grep /hana/shared`.

- Then, set up a temporary firewall rule to block access to the IP address of the `/hana/shared` ANF volume by executing the following command on one of the primary HANA system replication site VMs.

- In this example the command was executed on hana-s1-db1.

-To set the needed permissions, uses can be assigned built-in roles with [role-based access control](../role-based-access-control/quickstart-assign-role-user-portal.md):

-description: Learn how to assign multiple IP addresses to a virtual machine via the Azure CLI.

-# Assign multiple IP addresses to virtual machines via the Azure CLI

-This article explains how to create a virtual machine (VM) through the Azure Resource Manager deployment model using the Azure CLI. Multiple IP addresses cannot be assigned to resources created through the classic deployment model. To learn more about Azure deployment models, read the [Understand deployment models](../../azure-resource-manager/management/deployment-models.md) article.

-## <a name = "create"></a>Create a VM with multiple IP addresses

-The steps that follow explain how to create an example virtual machine with multiple IP addresses, as described in the scenario. Change variable values in "" and IP address types, as required, for your implementation.

-1. Install the [Azure CLI](/cli/azure/install-azure-cli) if you don't already have it installed.

-2. Create an SSH public and private key pair for Linux VMs by completing the steps in the [Create an SSH public and private key pair for Linux VMs](../../virtual-machines/linux/mac-create-ssh-keys.md?toc=/azure/virtual-network/toc.json).

-3. From a command shell, login with the command `az login` and select the subscription you're using.

-4. Create the VM by executing the script that follows on a Linux or Mac computer. The script creates a resource group, one virtual network (VNet), one NIC with three IP configurations, and a VM with the two NICs attached to it. The NIC, public IP address, virtual network, and VM resources must all exist in the same location and subscription. Though the resources don't all have to exist in the same resource group, in the following script they do.

-```azurecli

-

-#!/bin/sh

-

-RgName="myResourceGroup"

-Location="westcentralus"

-az group create --name $RgName --location $Location

-

-# Create a public IP address resource with a static IP address using the `--allocation-method Static` option. If you

-# do not specify this option, the address is allocated dynamically. The address is assigned to the resource from a pool

-# of IP addresses unique to each Azure region. Download and view the file from

-# https://www.microsoft.com/en-us/download/details.aspx?id=41653 that lists the ranges for each region.

-PipName="myPublicIP"

-# This name must be unique within an Azure location.

-DnsName="myDNSName"

-az network public-ip create \

-# Create a virtual network with one subnet

-VnetName="myVnet"

-VnetPrefix="10.0.0.0/16"

-VnetSubnetName="mySubnet"

-VnetSubnetPrefix="10.0.0.0/24"

-az network vnet create \

-# Create a network interface connected to the subnet and associate the public IP address to it. Azure will create the

-# first IP configuration with a static private IP address and will associate the public IP address resource to it.

-NicName="MyNic1"

-az network nic create \

-

-# Create a second public IP address, a second IP configuration, and associate it to the NIC. This configuration has a

-# static public IP address and a static private IP address.

-az network public-ip create \

-az network nic ip-config create \

-# Create a third IP configuration, and associate it to the NIC. This configuration has static private IP address and # no public IP address.

-az network nic ip-config create \

-# Note: Though this article assigns all IP configurations to a single NIC, you can also assign multiple IP configurations

-# to any NIC in a VM. To learn how to create a VM with multiple NICs, read the Create a VM with multiple NICs

-# article: https://docs.microsoft.com/azure/virtual-network/virtual-network-deploy-multinic-arm-cli.

-# Create a VM and attach the NIC.

-VmName="myVm"

-# Replace the value for the following **VmSize** variable with a value from the

-# https://docs.microsoft.com/azure/virtual-machines/sizes article. The script fails if the VM size

-# is not supported in the location you select. Run the `azure vm sizes --location eastcentralus` command to get a full list

-# of VMs in US West Central, for example.

-VmSize="Standard_DS1"

-# Replace the value for the OsImage variable value with a value for *urn* from the output returned by entering the

-# `az vm image list` command.

-OsImage="credativ:Debian:8:latest"

-Username="adminuser"

-# Replace the following value with the path to your public key file. If you're creating a Windows VM, remove the following

-# line and you'll be prompted for the password you want to configure for the VM.

-SshKeyValue="~/.ssh/id_rsa.pub"

-az vm create \

-In addition to creating a VM with a NIC with 3 IP configurations, the script creates:

-Public IP addresses have a nominal fee. To learn more about IP address pricing, read the [IP address pricing](https://azure.microsoft.com/pricing/details/ip-addresses) page. There is a limit to the number of public IP addresses that can be used in a subscription. To learn more about the limits, read the [Azure limits](../../azure-resource-manager/management/azure-subscription-service-limits.md#networking-limits) article.

-After the VM is created, enter the `az network nic show --name MyNic1 --resource-group myResourceGroup` command to view the NIC configuration. Enter the `az network nic ip-config list --nic-name MyNic1 --resource-group myResourceGroup --output table` to view a list of the IP configurations associated to the NIC.

-Add the private IP addresses to the VM operating system by completing the steps for your operating system in the [Add IP addresses to a VM operating system](#os-config) section of this article.

-## <a name="add"></a>Add IP addresses to a VM

-You can add additional private and public IP addresses to an existing Azure network interface by completing the steps that follow. The examples build upon the scenario described in this article.

-1. Open a command shell and complete the remaining steps in this section within a single session. If you don't already have Azure CLI installed and configured, complete the steps in the [Azure CLI installation](/cli/azure/install-az-cli2?toc=/azure/virtual-network/toc.json) article and login to your Azure account with the `az-login` command.

-2. Complete the steps in one of the following sections, based on your requirements:

- **Add a private IP address**

-

- To add a private IP address to a NIC, you must create an IP configuration using the command that follows. The static IP address must be an unused address for the subnet.

- ```azurecli

- az network nic ip-config create \

- --resource-group myResourceGroup \

- --nic-name myNic1 \

- --private-ip-address 10.0.0.7 \

- --name IPConfig-4

- ```

-

- Create as many configurations as you require, using unique configuration names and private IP addresses (for configurations with static IP addresses).

- **Add a public IP address**

-

- A public IP address is added by associating it to either a new IP configuration or an existing IP configuration. Complete the steps in one of the sections that follow, as you require.

- Public IP addresses have a nominal fee. To learn more about IP address pricing, read the [IP address pricing](https://azure.microsoft.com/pricing/details/ip-addresses) page. There is a limit to the number of public IP addresses that can be used in a subscription. To learn more about the limits, read the [Azure limits](../../azure-resource-manager/management/azure-subscription-service-limits.md#networking-limits) article.

- - **Associate the resource to a new IP configuration**

-

- Whenever you add a public IP address in a new IP configuration, you must also add a private IP address, because all IP configurations must have a private IP address. You can either add an existing public IP address resource, or create a new one. To create a new one, enter the following command:

-

- ```azurecli

- az network public-ip create \

- --resource-group myResourceGroup \

- --location westcentralus \

- --name myPublicIP3 \

- --dns-name mypublicdns3

- ```

- To create a new IP configuration with a static private IP address and the associated *myPublicIP3* public IP address resource, enter the following command:

- ```azurecli

- az network nic ip-config create \

- --resource-group myResourceGroup \

- --nic-name myNic1 \

- --name IPConfig-5 \

- --private-ip-address 10.0.0.8

- --public-ip-address myPublicIP3

- ```

- - **Associate the resource to an existing IP configuration**

- A public IP address resource can only be associated to an IP configuration that doesn't already have one associated. You can determine whether an IP configuration has an associated public IP address by entering the following command:

- ```azurecli

- az network nic ip-config list \

- --resource-group myResourceGroup \

- --nic-name myNic1 \

- --query "[?provisioningState=='Succeeded'].{ Name: name, PublicIpAddressId: publicIpAddress.id }" --output table

- ```

- Returned output:

-

- ```output

- Name PublicIpAddressId

-

- ipconfig1 /subscriptions/[Id]/resourceGroups/myResourceGroup/providers/Microsoft.Network/publicIPAddresses/myPublicIP1

- IPConfig-2 /subscriptions/[Id]/resourceGroups/myResourceGroup/providers/Microsoft.Network/publicIPAddresses/myPublicIP2

- IPConfig-3

- ```

- Since the **PublicIpAddressId** column for *IpConfig-3* is blank in the output, no public IP address resource is currently associated to it. You can add an existing public IP address resource to IpConfig-3, or enter the following command to create one:

- ```azurecli

- az network public-ip create \

- --resource-group myResourceGroup

- --location westcentralus \

- --name myPublicIP3 \

- --dns-name mypublicdns3 \

- --allocation-method Static

- ```

-

- Enter the following command to associate the public IP address resource to the existing IP configuration named *IPConfig-3*:

-

- ```azurecli

- az network nic ip-config update \

- --resource-group myResourceGroup \

- --nic-name myNic1 \

- --name IPConfig-3 \

- --public-ip myPublicIP3

- ```

-3. View the private IP addresses and the public IP address resource Ids assigned to the NIC by entering the following command:

- ```azurecli

- az network nic ip-config list \

- --resource-group myResourceGroup \

- --nic-name myNic1 \

- --query "[?provisioningState=='Succeeded'].{ Name: name, PrivateIpAddress: privateIpAddress, PrivateIpAllocationMethod: privateIpAllocationMethod, PublicIpAddressId: publicIpAddress.id }" --output table

- ```

- Returned output: <br>

- ```output

- Name PrivateIpAddress PrivateIpAllocationMethod PublicIpAddressId

-

- ipconfig1 10.0.0.4 Static /subscriptions/[Id]/resourceGroups/myResourceGroup/providers/Microsoft.Network/publicIPAddresses/myPublicIP1

- IPConfig-2 10.0.0.5 Static /subscriptions/[Id]/resourceGroups/myResourceGroup/providers/Microsoft.Network/publicIPAddresses/myPublicIP2

- IPConfig-3 10.0.0.6 Static /subscriptions/[Id]/resourceGroups/myResourceGroup/providers/Microsoft.Network/publicIPAddresses/myPublicIP3

- ```

-

-4. Add the private IP addresses you added to the NIC to the VM operating system by following the instructions in the [Add IP addresses to a VM operating system](#os-config) section of this article. Do not add the public IP addresses to the operating system.

-This article helps you configure an Azure Virtual WAN hub router to peer with a Network Virtual Appliance (NVA) in your virtual network using BGP Peering via the Azure portal. The virtual hub router learns routes from the NVA in a spoke VNet that is connected to a virtual WAN hub. The virtual hub router also advertises the virtual network routes to the NVA. For more information, see [Scenario: BGP peering with a virtual hub](scenario-bgp-peering-hub.md).

-## <a name="openvwan"></a>Create a virtual WAN

-## <a name="hub"></a>Create a hub

-## <a name="vnet"></a>Connect the VNet to the hub

-# Custom rules for Web Application Firewall with Azure Front Door

-Azure Web Application Firewall (WAF) with Front Door allows you to control access to your web applications based on the conditions you define. A custom WAF rule consists of a priority number, rule type, match conditions, and an action. There are two types of custom rules: match rules and rate limit rules. A match rule controls access based on a set of matching conditions while a rate limit rule controls access based on matching conditions and the rates of incoming requests. You may disable a custom rule to prevent it from being evaluated, but still keep the configuration.

-### WAF custom rules example based on http parameters

-Here is an example that shows the configuration of a custom rule with two match conditions. Requests are from a specified site as defined by referrer, and query string doesn't contain "password".

-```

-# http rules example

- "action": "Allow",

- "transforms": []

-An example configuration for blocking "PUT" method is shown as below:

-```

-# http Request Method custom rules

- "action": "Block",

- "transforms": []

-You may build a custom rule that specifies size constraint on part of an incoming request. For example, below rule blocks a Url that is longer than 100 characters.

-```

-# http parameters size constraint

- "action": "Block",

- "transforms": []

-description: Learn how to configure a rate limit rule for an existing Front Door endpoint.

-# Configure a Web Application Firewall rate limit rule using Azure PowerShell

-The Azure Web Application Firewall (WAF) rate limit rule for Azure Front Door controls the number of requests allowed from a particular client IP address to the application during a rate limit duration. This article shows how to configure a WAF rate limit rule that controls the number of requests allowed from a particular client to a web application that contains */promo* in the URL using Azure PowerShell.

-If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.

-> [!NOTE]

-> Rate limits are applied for each client IP address. If you have multiple clients accessing your Front Door from different IP addresses, they will have their own rate limits applied.

-## Prerequisites

-Before you begin to set up a rate limit policy, set up your PowerShell environment and create a Front Door profile.

-### Set up your PowerShell environment

-Azure PowerShell provides a set of cmdlets that use the [Azure Resource Manager](../../azure-resource-manager/management/overview.md) model for managing your Azure resources.

-You can install [Azure PowerShell](/powershell/azure/) on your local machine and use it in any PowerShell session. Follow the instructions on the page, to sign in with your Azure credentials, and install Az PowerShell module.

-#### Connect to Azure with an interactive dialog for sign in

-```

-Connect-AzAccount

-```

-Before install Front Door module, make sure the current version of PowerShellGet is installed. Run the following command and reopen PowerShell.

-```

-Install-Module PowerShellGet -Force -AllowClobber

-```

-#### Install Az.FrontDoor module

-```

-Install-Module -Name Az.FrontDoor

-```

-### Create a Front Door profile

-Create a Front Door profile by following the instructions described in [Quickstart: Create a Front Door profile](../../frontdoor/quickstart-create-front-door.md)

-## Define URL match conditions

-Define a URL match condition (URL contains /promo) using [New-AzFrontDoorWafMatchConditionObject](/powershell/module/az.frontdoor/new-azfrontdoorwafmatchconditionobject).

-The following example matches */promo* as the value of the *RequestUri* variable:

-```powershell-interactive

- $promoMatchCondition = New-AzFrontDoorWafMatchConditionObject `

- -MatchVariable RequestUri `

- -OperatorProperty Contains `

- -MatchValue "/promo"

-```

-## Create a custom rate limit rule

-Set a rate limit using [New-AzFrontDoorWafCustomRuleObject](/powershell/module/az.frontdoor/new-azfrontdoorwafcustomruleobject).

-In the following example, the limit is set to 1000. Requests from a particular client IP address client to the promo page exceeding 1000 during one minute are blocked until the next minute starts.

-```powershell-interactive

- $promoRateLimitRule = New-AzFrontDoorWafCustomRuleObject `

- -Name "rateLimitRule" `

- -RuleType RateLimitRule `

- -MatchCondition $promoMatchCondition `

- -RateLimitThreshold 1000 `

- -Action Block -Priority 1

-```

-## Configure a security policy

-Find the name of the resource group that contains the Front Door profile using `Get-AzureRmResourceGroup`. Next, configure a security policy with a custom rate limit rule using [New-AzFrontDoorWafPolicy](/powershell/module/az.frontdoor/new-azfrontdoorwafpolicy) in the specified resource group that contains the Front Door profile.

-The below example uses the Resource Group name *myResourceGroupFD1* with the assumption that you've created the Front Door profile using instructions provided in the [Quickstart: Create a Front Door](../../frontdoor/quickstart-create-front-door.md) article, using [New-AzFrontDoorWafPolicy](/powershell/module/az.frontdoor/new-azfrontdoorwafpolicy).

-```powershell-interactive

- $ratePolicy = New-AzFrontDoorWafPolicy `

- -Name "RateLimitPolicyExamplePS" `

- -resourceGroupName myResourceGroupFD1 `

- -Customrule $promoRateLimitRule `

- -Mode Prevention `

- -EnabledState Enabled

-```

-## Link policy to a Front Door front-end host

-Link the security policy object to an existing Front Door front-end host and update Front Door properties. First retrieve the Front Door object using [Get-AzFrontDoor](/powershell/module/Az.FrontDoor/Get-AzFrontDoor) command.

-Next, set the front-end *WebApplicationFirewallPolicyLink* property to the *resourceId* of the "$ratePolicy" created in the previous step using [Set-AzFrontDoor](/powershell/module/Az.FrontDoor/Set-AzFrontDoor) command.

-The below example uses the Resource Group name *myResourceGroupFD1* with the assumption that you've created the Front Door profile using instructions provided in the [Quickstart: Create a Front Door](../../frontdoor/quickstart-create-front-door.md) article. Also, in the below example, replace $frontDoorName with the name of your Front Door profile.

-```powershell-interactive

- $FrontDoorObjectExample = Get-AzFrontDoor `

- -ResourceGroupName myResourceGroupFD1 `

- -Name $frontDoorName

- $FrontDoorObjectExample[0].FrontendEndpoints[0].WebApplicationFirewallPolicyLink = $ratePolicy.Id

- Set-AzFrontDoor -InputObject $FrontDoorObjectExample[0]

- ```

-> [!NOTE]

-> You only need to set *WebApplicationFirewallPolicyLink* property once to link a security policy to a Front Door front-end. Subsequent policy updates are automatically applied to the front-end.

-## Next steps