Tell us about your PDF experience.

Azure for .NET developers

Learn to use the Azure SDK for .NET. Browse API reference, sample code, tutorials, quickstarts,
conceptual articles and more. Know that .NET 💜 Azure.

OVERVIEW QUICKSTART
Introduction to Azure and .NET Create an ASP.NET Core web app
in Azure

QUICKSTART TUTORIAL
Build a serverless function ASP.NET Core and Docker

DEPLOY TUTORIAL
Deploy a .NET app with Azure Authentication end-to-end in
DevOps App Service

TRAINING GET STARTED

Secure custom APIs with Azure SDK for .NET
Microsoft Identity

Featured content
Learn to develop .NET apps leveraging a variety of Azure services.

Create web apps Create cloud native Create intelligent apps

apps with AI
ｅ App Service overview
ｅ Azure Functions overview ｅ Build cloud native apps ｅ AI for .NET overview
using .NET Aspire
ｄ Host a web app with Azure ｆ Build a chat app
App Service ｆ Build your first .NET Aspire
ｆ Generate images
app
ｄ Develop, test, and deploy ｆ Run and debug a ｐ Understand prompt
an Azure Function with microservice in Kubernetes engineering
Visual Studio ｄ Create and deploy a cloud- ｐ Understand generative AI
ｄ Publish and manage your native ASP.NET Core and LLMs
APIs with Azure API microservice ｇ Implement RAG using
Management ｇ Deploy and debug multiple vector search
ｇ ASP.NET Core web app containers in AKS ｇ Get started with the .NET
with App Service and Azure
ｇ Dynamic configuration and enterprise chat sample
SQL Database
feature flags using Azure ｅ Learning resources and
ｇ Managed identity with App Config
samples
ASP.NET and Azure SQL ｃ Deploy a .NET Core app to
Database
Azure Container Registry
ｇ Web API with CORS in
Azure App Service

Create mobile apps Work with storage & Authentication and

data security
ｄ Consume REST web
services in .NET MAUI apps ｐ Choose the right data ｅ Microsoft identity platform
ｅ Mobile architecture design storage option (Azure AD) overview
ｆ Use .NET to query an Azure ｄ Secure your application by
SQL Database or Azure using OpenID Connect and
SQL Managed Instance Azure AD
ｆ Use .NET to query Azure ｄ Secure custom APIs with
PostgreSQL Microsoft Identity
ｐ Use the Repository Pattern ｄ Secure an ASP.NET Core
with Azure Cosmos DB web app with the ASP.NET
ｇ Connect to and query an Identity framework
Azure Database for ｇ Add sign-in to Microsoft to
PostgreSQL database an ASP.NET web app
ｄ Persist and retrieve ｇ End-to-end authentication
relational data with Entity in App Service
Framework Core ｇ Use Azure Key Vault with
ｄ Build a .NET Core app with ASP.NET Core
Azure Cosmos DB in Visual ｇ Integrate Azure AD B2C
Studio Code
with a web API
ｄ Store application data with ｉ Azure Identity client library
Azure Blob storage
for .NET

Messaging on Azure Diagnostics and Azure SDK for .NET

monitoring
ｅ Storing messages with ａ Packages
Azure queues ｆ Azure Monitor Application ｐ Authentication for apps
ｅ Inter-application Insights quickstart
ｐ Logging
messaging with Azure ｄ Capture and view page
Service Bus ｓ SDK example app
load times in your Azure
ｅ Streaming big data with web app ａ Tools checklist
Event Hubs
 ｅ Building event-based ｃ Troubleshoot ASP.NET ｉ API reference
applications with Event Core on Azure App Service
Grid and IIS
ｆ Use Azure Queue Storage ｃ Capture Application
ｆ Use Azure Service Bus Insights telemetry with
.NET Core ILogger
queues
ｃ Application Insights for
ｆ Ingest data in real-time
Worker Service
through Azure Event Hubs
applications
ｆ Route custom events with
ｃ Troubleshoot an app in
Event Grid
Azure App Service using
Visual Studio

.NET and Azure community resources

.NET Webcasts and shows Open Source

.NET documentation Azure Friday Azure SDK for .NET
ASP.NET documentation The Cloud Native Show Microsoft Identity Web
On .NET .NET Platform
.NET Community Standup
On .NET Live

Are you interested in contributing to the .NET docs? For more information, see our contributor guide.
Introduction to Azure and .NET
Article • 08/15/2024

Azure is a cloud platform designed to simplify the process of building modern

applications. Whether you choose to host your applications entirely in Azure or extend
your on-premises applications with Azure services, Azure helps you create applications
that are scalable, reliable, and maintainable. With extensive support in tools you already
use like Visual Studio and Visual Studio Code and a comprehensive SDK library, Azure is
designed to make you, the .NET developer, productive right from the start.

Application development scenarios on Azure

You can incorporate Azure into your application in different ways depending on your
needs.

Application hosting on Azure - Azure can host your entire application stack from
web applications and APIs to databases to storage services. Azure supports a
variety of hosting models from fully managed services to containers to virtual
machines. When using fully managed Azure services, your applications can take
advantage of the scalability, high-availability, and security built in to Azure.

Consuming cloud services from applications - Existing apps can incorporate

Azure services to extend their capabilities. This could include adding full-text
searching capability with Azure Cognitive Search, securely storing application
secrets in Azure Key Vault or adding vision, speech and language understanding
capabilities with Azure Cognitive Services. These services are fully managed by
Azure and can be easily added to your application without changing your current
application architecture or deployment model.

Modern serverless architectures - Azure Functions simplify building solutions to

handle event-driven workflows, whether responding to HTTP requests, handling
file uploads in Blob storage, or processing events in a queue. You write only the
code necessary to handle your event without worrying about servers or framework
code. Further, you can take advantage of over 250 connectors to other Azure and
third-party services to tackle your toughest integration problems.

Access Azure services from .NET applications

Whether your app is hosted in Azure or on-premises, access to most Azure services is
provided through the Azure SDK for .NET. The Azure SDK for .NET is provided as a
series of NuGet packages and can be used in both .NET Core (2.1 and higher) and .NET
Framework (4.6.1 and higher) applications. The Azure SDK for .NET makes incorporating
Azure services into your application as easy as installing the correct NuGet package,
instantiating a client object and calling the appropriate methods. More information on
the Azure SDK for .NET can be found in the Azure SDK for .NET Overview.

Next steps
Next, learn about the most commonly used Azure services for .NET development.
Key Azure Services for .NET developers
Article • 08/21/2024

While Azure contains over 100 services, the following Azure services are the services you
will use most frequently as a .NET developer.

ﾉ Expand table

Icon Service Description

Azure AI Azure AI Services are a collection of cloud-based services that allow you to
Services add AI based capabilities to your application. Examples include Azure
OpenAI, Azure Vision, Azure Speech, Azure Language, and Azure Translator.

Azure App Azure App Service is a fully managed platform for hosting web applications
Service and APIs in Azure. It features automatic load balancing and auto-scaling in a
highly available environment. You pay only for the compute resources you
use and free tiers are available.

Azure Azure Container Apps are fully managed environments that enable you to
Container run microservices and containerized applications on a serverless platform.
Apps Applications built on Container Apps provide scalability, resiliency, and
other advantages of complex container orchestrators while leaving behind
many of the complexities.

Azure Azure Functions is a serverless compute service that lets you write small,
Functions discrete segments of code that can be executed in a scalable and cost-
effective manner, all without managing any servers or runtimes. Functions
can be invoked by a variety of different events and easily integrate with
other Azure services through the use of input and output bindings.

Azure SQL Azure SQL is a fully managed cloud based version of SQL Server. Azure
automatically performs traditional administrative tasks like patching and
backups for you and features built-in high availability.

Azure Azure Cosmos DB is a fully managed NoSQL database with single digit
Cosmos DB response times, automatic scaling, and a MongoDB compatible API.

Azure Blob Azure Blob Storage allows your applications to store and retrieve files in the
Storage cloud. Azure Storage is highly scalable to store massive amounts of data
and data is stored redundantly to ensure high availability.

Azure Azure Service Bus is a fully managed enterprise message broker supporting
Service Bus both point to point and publish-subscribe integrations. It is ideal for
building decoupled applications, queue based load leveling, or facilitating
communication between microservices.
 Icon Service Description

Azure Key Every application has application secrets like connection strings and API
Vault keys it must store. Azure Key Vault helps you store and access those secrets
securely, in an encrypted vault with restricted access to make sure your
secrets and your application are not compromised.

For the full list of Azure products and services, visit the Azure documentation home
page.

Next steps
Start configuring your Azure development environment by Creating an Azure Account.
Create an Azure account
Article • 08/15/2024

To use Azure, you need an Azure account. Your Azure account is the credential you use
to sign into Azure services like the Azure Portal or Cloud Shell .

Option 1: Use monthly Azure credits for Visual

Studio subscribers
If you have a Visual Studio subscription, your subscription includes credits for using
Azure. Activate your credits by visiting the Monthly Azure credits for Visual Studio
subscribers page.

Option 2: Sign up for a free Azure account

You can create an Azure account for free and receive 12 months of popular services
for free and a $200 credit to explore Azure for 30 days.

Option 3: Sign up for a pay-as-you-go account

You can also create a pay-as-you-go Azure account . This option includes monthly
amounts of select services for free, and charges you for what you use beyond the free
limits. There is no upfront commitment and you can cancel anytime.

Option 4: Use a corporate account

If you are using Azure at work, talk to your company's cloud administrator to get your
Azure credentials and then sign in to your account with the Azure Portal .

Next steps
After creating an Azure account, be sure to bookmark the Azure Portal in your web
browser for easy access to Azure.

Next, you will want to configure Visual Studio or Visual Studio Code for Azure
development depending on which IDE you use.

Configure Visual Studio for Azure development

Configure Visual Studio Code for Azure development
Configure Visual Studio for Azure
development with .NET
Article • 03/21/2025

Visual Studio includes tooling to help with the development and deployment of
applications on Azure. This guide helps you make sure that Visual Studio is properly
configured for Azure development.

Download Visual Studio

If you already have Visual Studio installed, you can skip this step.

Download Visual Studio

Install Azure workloads

Open Visual Studio Installer and validate that the workloads Azure development† and
ASP.NET and web development are installed. If either of these workloads isn't installed,
select them to be installed.

†The Azure development workload is currently unavailable in the Windows 11 Arm64

build of Visual Studio 2022.
Authenticate Visual Studio with Azure
Developers using Visual Studio 2017 or later can authenticate using their developer
account through the IDE. Apps using DefaultAzureCredential or VisualStudioCredential
can discover and use this account to authenticate app requests when running locally.
This account is also used when you publish apps directly from Visual Studio to Azure.

） Important

You'll need to install the Azure development workload to enable Visual Studio
tooling for Azure authentication, development, and deployment.

1. Inside Visual Studio, navigate to Tools > Options to open the options dialog.

2. In the Search Options box at the top, type Azure to filter the available options.

3. Under Azure Service Authentication, choose Account Selection.

4. Select the drop-down menu under Choose an account and choose to add a
Microsoft account.

5. In the window that opens, enter the credentials for your desired Azure account,
and then confirm your inputs.

6. Select OK to close the options dialog.

Next steps
If you also use Visual Studio Code for development in .NET or any other language,
you should configure Visual Studio Code for Azure development. Otherwise, proceed to
Installing the Azure CLI.
Configure Visual Studio Code for Azure
development
Article • 08/15/2024

If you're using Visual Studio Code, whether for .NET development, for building single
page applications using frameworks like Angular, React or Vue, or for writing
applications in another language like Python, you'll want to configure Visual Studio
Code for Azure development.

Download Visual Studio Code

If you already have Visual Studio Code installed, you can skip this step

Download Visual Studio Code

Install the Azure Tools Extension Pack

The Azure Tools Extension Pack contains extensions for working with Azure App
Service, Azure Functions, Azure Storage, Cosmos DB, and Azure Virtual Machines all in
one convenient package.

To install the extension from Visual Studio Code:

1. Press Ctrl+Shift+X to open the Extensions window.

2. Search for the Azure Tools extension.
3. Select the Install button.
 

To learn more about installing extensions in Visual Studio Code, refer to the Extension
Marketplace document on the Visual Studio Code website.

Sign in to your Azure account with Azure Tools

On the left hand panel, you'll see an Azure icon. Select this icon, and a control panel for
Azure services will appear. Choose Sign in to Azure... to complete the authentication
process for the Azure tools in Visual Studio Code.


After you've signed-in, you'll see all of your existing resources in the Resources view.
You can create and manage these services directly from Visual Studio Code. You'll also
see a Workspace view that includes local tasks specific to your workspace and files on
your machine, such as attaching to a Database or deploying your current workspace to
Azure.

Next steps
Next, you'll want to install the Azure CLI on your workstation.

Install the Azure CLI

Install the Azure CLI
Article • 08/15/2024

In addition to the Azure portal, Azure also offers the Azure CLI as a command-line tool
to create and manage Azure resources. The Azure CLI offers the benefits of efficiency,
repeatability, and the ability to script recurring tasks.

In practice, most developers use both the Azure portal and the Azure CLI. Whereas the
Azure portal is useful when exploring new services and getting an overview of all of the
resources in your Azure account, most developers find the Azure CLI to be faster and
more efficient. The Azure CLI can often accomplish in a single command what takes
multiple steps in the Azure portal. In addition, since Azure CLI commands can be saved
to a file, you can ensure that recurrent tasks are run the same way each time.

The Azure CLI is available for Windows, macOS, and Linux.

Install the Azure CLI for Windows

Install the Azure CLI for macOS

Install the Azure CLI for Linux

Azure Cloud Shell

You can also use the Azure CLI in the Azure Cloud Shell at https://shell.azure.com . The
Azure Cloud Shell is a fully functional, browser-based shell for managing Azure
resources. The Azure Cloud Shell is useful when you need a command line environment
but are working on a device where you're unable to install the Azure CLI.
Next steps
Next, you'll want to install other Azure tools like Azure Storage Explorer and Azure Data
Studio to make you more productive with Azure.
Additional Tools for Azure Developers
Article • 08/21/2024

In addition to configuring your IDE and installing the Azure CLI, multiple other tools and
utilities are available to help you be more productive with Azure.

Azure PowerShell
Azure PowerShell is a PowerShell module of cmdlets for managing Azure resource
directly from PowerShell, either from the command line or from within PowerShell
scripts. Azure PowerShell supports PowerShell features like PowerShell objects and
combining commands into pipelines. If you have used PowerShell before or need to
write complex automation scripts to manage Azure resources, you will want to install
Azure PowerShell.

Install Azure PowerShell

Azure Developer CLI

Azure Developer CLI ( azd ) is an open-source tool that accelerates the time it takes for
you to get your application from local development environment to Azure. The CLI
provides best practice, developer-friendly commands that map to key stages in your
workflow, whether you're working in the terminal, your editor or integrated
development environment (IDE), or DevOps.

You can use azd with extensible templates that include everything you need to get an
application up and running in Azure. These templates include application code, and
reusable infrastructure as code assets.

Install Azure Developer CLI

Azure Storage Explorer

Azure Storage Explorer is a free, GUI tool for managing storage resources and data in
Azure. You can upload, download and manage blobs and files, as well as manage data in
Azure queues, tables and CosmosDB. If you plan on working with any storage resources
in Azure, installation of Azure Storage Explorer is recommended. Versions are available
for Windows, macOS and Linux.
 Download Azure Storage Explorer

Azure Data Studio

Azure Data Studio is a cross-platform database tool for accessing both on-premises and
cloud databases. It allows you to edit and execute SQL queries in addition to charting
and visualizing result sets. It supports all versions of SQL Server from SQL Server 2014
and later and Azure SQL. Azure Data Studio extensions also provide support for other
database options such as MySQL, PostgreSQL, and Azure Cosmos DB. If you plan to
work with Azure SQL, download and install Azure Data Studio.

Download Azure Data Studio

Next steps
Validate your development environment is set up correctly using the .NET on Azure
development environment checklist.
.NET on Azure development
environment checklist
Article • 08/21/2024

This checklist is provided to help you make sure you have your development
environment correctly configured for .NET development with Azure

Create an Azure account

To access Azure services or run applications in Azure, you need an Azure account.

If you are a Visual Studio subscriber, you have monthly free Azure credits
available to you every month
Create a free Azure account and receive $200 in credits and select services free
for 12 months
Use an account assigned to you by your company's Azure administrator

Configure your IDE

Popular tools like Visual Studio and Visual Studio Code have extensions available to let
you work with Azure right from your IDE.

Configure Visual Studio for .NET development using Azure

Configure Visual Studio Code for .NET Development using Azure

Install the Azure CLI

In addition to using the Azure portal, you will want to install the Azure CLI to create and
manage Azure resources.

Install the Azure CLI for Windows

Install the Azure CLI for macOS
Install the Azure CLI for Linux

Install additional tools and utilities

These additional tools are designed to make you more productive when working with
Azure.
 Install Azure PowerShell if you plan on using PowerShell scripts to create and
manage Azure resources.
Install Azure Developer CLI if you plan on using the Developer CLI to streamline
development workflows.
Install Azure Storage Explorer to upload, download, and manage data in Azure
storage resources including blobs, queues, tables, and CosmosDB.
Install Azure Data Studio if you are working with Azure SQL. Azure Data Studio
extensions also provide support for other database options such as MySQL,
PostgreSQL, and Azure Cosmos DB.

Bookmark the following sites

You will use these sites frequently when doing Azure development. Bookmark them for
quick reference.

Azure Portal - https://portal.azure.com/

Azure Cloud Shell - https://shell.azure.com/
Assess your .NET applications for
migration to Azure
Article • 11/14/2023

This guide describes how to use the application and code assessment for .NET to
evaluate how ready your .NET applications are for moving to Azure and what changes
you need to make for a successful cloud migration.

What is the application and code assessment

for .NET?
The utility is used to assess .NET source code to identify replatforming and migration
opportunities to Azure.

It discovers application technology usage through static code analysis, supports effort
estimation, and accelerates code replatforming by giving you recommendations on how
to overcome any potential issues and make your code cloud-compatible.

Application and code assessment is available in a Visual Studio extension and in a CLI
tool.

Application and code assessment for .NET bundles a set of tools, engines, and rules to
assess and replatform .NET applications to various Azure targets such as Azure App
Service, Azure Kubernetes Service and Azure Container Apps.

When should I use the application and code assessment?

The utility is designed to help organizations modernize their .NET applications in a way
that reduces costs and enables faster innovation. It uses advanced analysis techniques to
understand the structure and dependencies of any .NET application, and provides
guidance on how to refactor and migrate the applications to Azure.

With it you can:

Assess the code compatibility with Azure: get notified about every part of your
code that might not work when you move your application to Azure.

Get recommendations on refactoring your code: receive guidance and effort

estimates on how to update your code to make it Azure-compatible, what
 verifications you should make to ensure your applications will work properly, and
how to improve your applications performance, scalability, security, etc.

Supported languages
Application and code assessment for .NET can analyze projects written in the following
languages:

C#
Visual Basic

Supported project types

It analyzes your code in the following project types:

ASP.NET
Class libraries

Supported Azure targets

Currently application identifies potential issues for migration to Azure App Service, AKS,
and Azure Container Apps. In the future the tool might have an ability to set the target
explicitly and filter the exact issues and recommendations for each target separately.

Next steps

Install the Visual Studio extension or the CLI tool

For information on how to install the Azure Migrate application and code assessment
for .NET extension for Visual Studio or CLi tool, see installation instructions.
Install Azure Migrate application and
code assessment for .NET
Article • 11/14/2023

Application and code assessment can be installed as a Visual Studio extension or as a

.NET command-line tool. When installed as a Visual Studio extension, loaded projects
can be analyzed through the context menu in Solution Explorer. The command-line
version of the tool provides an interactive step-by-step experience.

Prerequisites
Windows operating system
Visual Studio 2022 version 17.1 or later - for the Visual Studio extension
.NET SDK - for the command-line tool

Install the Visual Studio extension

The application and code assessment for .NET can be installed as a Visual Studio
extension, which lets you analyze an open projects in your solution. Use the following
steps to install it from inside Visual Studio. Alternatively, you can download and install
the extension from the Visual Studio Marketplace .

1. With Visual Studio opened, press the Extensions > Manage Extensions menu item,
which opens the Manage Extensions window.
2. In the Manage Extensions window, enter "Azure Migrate" into the search input
box.
3. Select the Azure Migrate application and code assessment item, and then select
Download.
4. Once the extension has been downloaded, close Visual Studio. This starts the
installation of the extension.
5. In the VSIX Installer dialog select Modify and follow the directions to install the
extension.

Install the .NET global tool

Azure Migrate application and code assessment for .NET is also available as a .NET
global tool. You can install the tool with the following command.
 .NET CLI

dotnet tool install -g dotnet-appcat

Similarly, to update the tool, use the following command:

.NET CLI

dotnet tool update -g dotnet-appcat

） Important

Installing this tool may fail if you've configured additional NuGet feed sources. Use
the --ignore-failed-sources parameter to treat those failures as warnings instead
of errors.

.NET CLI

dotnet tool install -g --ignore-failed-sources dotnet-appcat

Next steps

Use with Visual Studio

For information on how to use and interpret results with Visual Studio, see Use the
application and code assessment with Visual Studio.

Use with .NET CLI

For information on how to use and interpret results with the .NET CLI, see Use the
application and code assessment with the .NET CLI.
Analyze applications with Visual Studio
Article • 11/14/2023

Azure Migrate application and code assessment for .NET helps you to identify any issues
your application might have when it is ported to Azure and improve the performance,
scalability and security by suggesting modern, cloud-native solutions.

The tool is available as a Visual Studio extension and a CLI tool.

This guide describes how to use the Visual Studio extension to scan your application for
possible incompatibilities with Azure.

If you have not installed the Visual Studio extension, please follow these instructions
first.

Scan your application

The application and code assessment lets you decide which projects in your solution to
scan to identify migration opportunities to Azure. Follow these steps to scan your
application.

1. Open the solution containing the projects you want to migrate to Azure in Visual
Studio 2022.
2. Right-click on any of the projects in the Solution Explorer window and select Re-
platform to Azure.

3. The utility will start and give you the option to start a new analysis report or open
an existing one. It will also display any recent analysis reports.
4. Click on New report and it will display the projects in your solution in a treeview. It
will give you an option to select which projects to analyze. You will find web
projects pre-selected for you and you can change the selection by checking or
unchecking the boxes next to the projects. When the tool runs, it also analyzes the
 dependencies your selected projects has.

5. Click the Next button and you'll be presented with the option to analyze Source
code and settings, Binary dependencies, or both.
 ７ Note

The source code and settings option will only scan the source code in the
projects you selected on the previous screen. The Binary dependencies
option will scan any dependencies (such as NuGet packages or referenced
dlls) your projects rely on. You can expect to see many more issues identified
when binary dependencies is selected. Scanning binaries can be valuable
because the issues detected may identify potential problem in dependencies,
but also might not be as useful because source code is not available for these
dependencies, so the issues can't be fixed and, in the case of potential issues,
it may not be an issues in your case.

It might be helpful to generate two different reports: for action items and for your
awareness. >

1. Click the Analyze button to start the scan. The selected projects are scanned to
look for potential issues when migrating to Azure. When finished, you'll see a
 dashboard of results.

Next steps

Interpret the results

For information on how to interpret results, see Interpret the analysis results from the
Azure Migrate application and code assessment for .NET.
Use Copilot Conversational Assessment
with the Azure Migrate application and
code assessment tool
Article • 10/31/2024

Azure Migrate application and code assessment for .NET integrates with the GitHub
Copilot extension for Visual Studio. Together, they provide conversational analysis about
your migration reports. GitHub Copilot can help you learn more about the overall results
and specific issues and determine next steps. In this article, you learn how to use GitHub
Copilot to analyze the results of a completed Azure migration report.

７ Note

Copilot integration is not available natively using the .NET CLI version of Azure
Migrate application and code assessment for .NET.

Prerequisites
Install Visual Studio 2022 version 17.10 or later
Install GitHub Copilot for Visual Studio extension
Install a version of .NET that supports the app you're trying to migrate
Scan your application in Visual Studio to use Copilot conversational analysis.
Copilot relies on a completed scan report to provide suggestions.

Analyze the Azure compatibility report with

Copilot
Visual Studio displays the results of the Azure Migrate application and code assessment
tool scan using an interactive dashboard. If you have the GitHub Copilot extension
installed, additional options are available to start a chat with your Copilot. You can start
a chat about the overall results of the report, or prompt Copilot about a specific issue.

Chat about the dashboard results

The main dashboard of the Azure compatibility report shows a summary of the scan,
including next steps, issue severity, and issue categories. You can use GitHub Copilot to
chat about these results and specific follow-up tasks.

1. In the NEXT STEPS section of the Azure compatibility report, select the Open chat
button to launch a chat session with GitHub Copilot.

2. Visual Studio sends a default prompt asking for assistance with migrating the
scanned solution. Copilot responds with a summary of the identified issues and
provides clickable links to select specific issues to follow up on.

3. Select one of the proposed issues in the chat response to begin further analysis.
You can also send your own custom chat prompts to Copilot using the input box at
the bottom of the Copilot extension window.

4. Continue chatting with Copilot to explore solutions to the discovered issues.

Chat about a specific issue

The Azure compatibility report also provides specific details about the aggregate issues
discovered during the scan. You can use Copilot to investigate and learn more about
these issues, as well as discover options or next steps to resolve them.

1. On the main dashboard page of the Azure compatibility report, select Aggregate
issues on the left navigation to switch to the issues view. The new view displays a
list of issues and related information, such as their estimated severity and state.

2. Select the arrow icon next to an issue you're interested in to see more details, and
then select the Ask Copilot button to start a new Copilot chat about that specific
 issue.

７ Note

The Ask Copilot feature shares the description of the issue and details about
the code snippet that triggered the issue with GitHub Copilot. Only select Ask
Copilot if you're comfortable sending the details of that issue to Copilot.

In the preceding screenshot, the scan discovered that the app is using Windows
authentication, which is not available on Azure, so Copilot responds with
alternatives and general implementation steps.

3. Ask clarifying questions using the chat input at the bottom of the Copilot
extension window.

Next steps
Interpret the analysis results from the Azure Migrate application and code
assessment for .NET.
Customize analysis using run configs
Frequently asked questions
Analyze applications with the .NET CLI
Article • 11/14/2023

Azure Migrate application and code assessment for .NET helps you to identify any issues
your application might have when it is ported to Azure and improve the performance,
scalability and security by suggesting modern, cloud-native solutions.

The tool is available as a Visual Studio extension and a CLI tool.

This guide describes how to use the CLI tool to scan your application for possible
incompatibilities with Azure.

If you have not installed the .NET CLI tool, please follow these instructions first.

Scan your application

The application and code assessment for .NET CLI tool lets you decide which projects in
your solution to scan to identify migration opportunities to Azure. Follow these steps to
scan your application.

1. In CLI type appcat analyze and press Enter.

７ Note

If this is your first time running application and code assessment for .NET, you
will see an informational message about telemetry and how to opt-out if you
should want to.

2. A screen is presented that allows you to pick the projects in your solution to
analyze. Use the arrow keys to highlight individual projects and press Space to
 select them. Press Enter when you're ready.

3. Next you'll be presented with the option to analyze Source code and settings,
Binary dependencies, or both. Make your choice and press Enter.

７ Note

The source code and settings option will only scan the source code in the
projects you selected on the previous screen. The Binary dependencies
option will scan any dependencies (such as NuGet packages) your projects
rely on. You can expect to see many more issues identified when binary
dependencies is selected. This option can create some "noise" since it will also
identify potential compatibility issues of the binaries that are not necessarily
apply to your application.
4. You'll then be prompted to generate a report with the results of the analysis. The
output can be formatted as CSV, HTML, or JSON. Press Enter.

5. You'll be prompted for a report name. Input the name and press Enter.

6. Finally, you'll be asked whether you want to perform the scan. Press y to continue,
or n to go back and change options.

7. Once the analysis completes, the report is saved, and a summary of the results are
displayed.
Next Steps

Interpret the results

For information on how to interpret results, see Interpret the analysis results from the
Azure Migrate application and code assessment for .NET.
Interpret the analysis results
Article • 11/14/2023

Both CLI tool and Visual Studio allow you to create HTML, CSV and JSON reports. This
section describes how to interpret these reports.

For the purposes of this document we're going to use the HTML report.

Dashboard view
The report presents its results in a dashboard format.

The main dashboard shows a Summary section with the results of the scan, Severity
graph and Categories of the issues and incidents.

The Summary section of the dashboard contains several terms that are worth defining
as you'll see them in other screens.

Projects: the number of projects scanned.

Issues: an incompatibility with Azure or a potential problem.
Incidents: an occurrence of the issue in your code. For example, an issue could be
a call to a database that is not accessible from Azure, and the incidents are the
times when you make that call in your code. That way one issue might have many
incidents (implementation) across your code.
Story points: the estimated effort to fix all of the issues found. This is a relative
measure of effort and is not meant to be an exact estimate.

Here are the issue severity classifications:

Mandatory - the issue has to be resolved for the migration to be successful.

Optional - the issue discovered is a real issue and fixing it could improve the
application work after migration, however it is not blocking.
Potential - it could or could not be a blocking problem depending on the specifics
of your app and the migration scenario, so the tool draws your attention and
suggests what checks could be made to ensure the application will work in Azure.
Informational - the issue was raised only for informational purpose and is not
required to be resolved.
Categories section displays a graph with issues grouped by different categories such as
HTTP, database, scaling, and so on.

Projects: the number of projects scanned.

Issues: the number of unique encounters of a rule that may need to be addressed.
Incidents: the total number of occurrences of all issues found.
Story points: the estimated effort to fix all of the issues found. This is a relative
measure of effort and is not meant to be an exact estimate.

Projects view
Click on the Projects link below the Dashboard on the left side of the report to see the
number of issues, incidents, and the estimated effort to fix those incidents by each
project scanned.
You can drill down to see the issues found in each project by clicking on the project
name. This will show a screen similar to the overall dashboard but scoped to the
selected project.

At the top of the project dashboard you'll find 3 tabs: Dashboard, Components, and
Issues.

Click on the Components tab to see which files the incidents of the issues identified
reside in. You can drill down into the file to see the issues that triggered the incident, a
description of the issue, the exact position in the code where the incidents exist, and an
estimation of the effort it will take to fix the incidents.

Finally, by clicking on the Issues tab, you can see the incidents organized by the issues
which triggered them. You can drill down into the issues to see the exact file location
that needs to be addressed and the effort to fix.

Aggregate Issues view

Click on the Aggregate issues link below the Projects on the left side of the report's
screen to see the incidents organized by the issues that triggered them. These are all of
the issues across all of the projects scanned, including the number of incidents and an
estimated story points effort. You can drill down into each issue to see the exact files
and locations that needs to be addressed and the effort to fix.

In the section on the right, you will find an explanation for the selected issue with
suggestions on how to fix it or the verifications you should make to ensure your
application will work properly in Azure. There are also links to the detailed
documentation in the bottom part of that section.
How to customize analysis using run
configs
Article • 09/06/2024

The Azure Migrate application and code assessment tool supports custom analysis using
run configs. Before the tool runs an analysis, it discovers all available rules and analyzers
and then uses the ones that match current project's traits. However, some results might
be too noisy for some applications.

To control/scope rules and/or analyzers used, you can provide a JSON run configuration
file. This allows you to:

Change default settings to include or exclude some binaries.

Disable existing specific rules or specific analyzers.
Change properties in existing rules.
Add new rules.
Add new analyzers for existing or new rules.

How to provide a JSON run configuration

.NET CLI

The Azure Migrate application and code assessment tool enables you to Analyze
applications with the .NET CLI. When using the CLI, there are two options to provide
a run config:

Interactive mode: The CLI asks if you want to provide run config. Select Yes
and then provide the path to the run config file.
Non-interactive mode: Provide the -c or --config argument, which allows
you to provide the path to the run config JSON.

Run config schema

Consider the following sample run config:

JSON

{
"analysis": {
 "settings": {
"binaries": {
"useDefaultExclusions": true,
"include": [
"**/*webmvc.dll",
"**/*Transit.dll"
],
"exclude": [
]
}
},
"rules": [
{
"id": "Identity.0001",
"severity": "potential",
"effort": 5
},
{
"id": "Local.0001",
"enabled": false
},
{
"id": "Local.0003",
"enabled": false
}
],
"analyzers": [
{
"id": "Identity.0001.Types",
"enabled": false
},
{
"ruleId": "Local.0004",
"id": "Local.0004.Profiles",
"kind": "namespace",
"properties": {
"namespaces": [
"Microsoft.Win32"
]
}
}
]
}
}

analysis.settings contains global includes or excludes. These include and exclude

binaries to be analyzed. It's recommended to run binary analysis once to see any
red flags, but results for binaries tend to be verbose. Some of the results could flag
problems inside dependencies your application is consuming. Other results could
be valid problems in your app, but located in unused code paths. These can be
ignored to reduce the verbosity of the results.
 analysis.rules contains rules definitions. These definitions override or disable

existing rules, as well as define new rules.

analysis.analyzers contains analyzers. Similarly to the rules definitions, these can

be disabled, overridden, or added on to.

Examples for common scenarios

Add new rule

JSON

{
"rules": [
{
"id": "Category.NumericId",
"severity": "potential",
"effort": 5
}
]
}

Modify existing rule

JSON

{
"rules": [
{
"id": "Category.NumericId",
// specify new property values
}
]
}

Disable existing rule

JSON

{
"rules": [
{
"id": "Category.NumericId",
"enabled": false
}
 ]
}

Disable existing analyzer

JSON

{
"analyzers": [
{
"id": "analyzerId",
"enabled": false
}
]
}

Add new analyzer for some existing or new rule

JSON

{
"analyzers": [
{
"ruleId": "rule id",
"id": "analyzer id",
"kind": "analyzer kind",
"properties": {
// properties specific for analyzer kind
}
}
]
}
Frequently asked questions
Article • 09/06/2024

This page answers some of the most common questions about the Azure Migrate
application and code assessment tool.

What is Azure Migrate application and code assessment?

Azure Migrate application and code assessment for .NET is a free tool by Microsoft that
focuses on code and application analysis and recommendations for planning cloud
deployments. The tool improves confidence in running business-critical solutions in the
cloud through a developer-oriented assessment experience of source code. It also
provides recommendations and examples to optimize code and configurations for the
cloud. The recommendations align with industry-proven practices to build reliable,
modern, and innovative applications on Azure.

What scenarios should I use Azure Migrate application

and code assessment for?
For scenarios that require deeper analysis of the application and migration guidance,
several other dimensions such as source code, application configuration and
dependency analysis become necessary. Azure Migrate application and code assessment
for .NET assists with full source code level scanning and application scanning to produce
a comprehensive report for your migration needs.

When should I use Azure Migrate application and code

assessment?
Use this tool if you manage application development projects and have access to source
code written in .NET and you want to move to Azure. The tool can help you learn about
how to replatform your applications to be cloud ready. Azure Migrate application and
code assessment for.NET can help you generate deep analysis with dependencies clearly
laid out with a dashboard. It tells you what the mandatory changes are that you need to
apply for it to run on Azure.

Do I need to pay to use Azure Migrate application and

code assessment?
No, it's a free tool.
Do I need Visual Studio to use the Azure Migrate
application and code assessment CLI tool?
No, the only prerequisite for using the CLI tool is that you have the .NET SDK (6.0 or
greater) installed.

Which target destinations does it cover today?

The tool covers various Azure services including Azure App Service, Azure Spring Apps,
Azure Container Apps, and Azure Kubernetes Service.
Choose the right Azure hosting option
Article • 12/19/2023

This article provides considerations and comparisons between the multiple choices you
have in Azure when migrating your existing .NET Framework applications from on-
premises to Azure.

The fundamental areas to consider when migrating existing .NET applications to Azure
are:

1. Compute choices
2. Database choices
3. Networking and security considerations
4. Authentication and authorization considerations

Compute choices
When migrating existing .NET Framework applications to Azure you have multiple
choices. However, since .NET Framework depends on Windows, the following choices
are limited to Windows-based compute services.

The following table shows several comparisons and recommendations to help you
choose the right compute migration path for your existing .NET application.

ﾉ Expand table

Azure VMs Azure App Service Windows Containers

When to use Application has App has no Application has

strong dependencies on the dependencies on
dependencies on server, it is just a clean the original server
the server and ASP.NET web app (MVC, but those
local .msi WebForm) or N-Tier app dependencies can
installations. (Web API, WCf) be included in the
You want the accessing a database Docker Windows
easiest application server. image.
migration path

Pros & Easiest migration Ongoing PaaS Prepared for the

benefits path maintenance, simplest future, Cloud
Familiar way to manage and DevOps-Ready
environment. scale apps in Azure. with dependencies
Deployment
 Azure VMs Azure App Service Windows Containers

environment is a included in the

VM, so it's similar app's containers.
to on-premises Almost no need to
servers. refactor .NET /C#
code.

Cons It is IaaS. Maintenance is Not all apps are Docker's skills

costly. You have to supported learning curve
manage the VM's Some apps might Some code and
infrastructure about need to be app configuration
networking, load- refactored and settings changes
balancer, scale-out, IIS even slightly
management, and so on. rearchitected, so
they support
Azure App Service.

Requirements Windows Server VM with Azure App Service Docker Engine -

the same requirements requirements specified Enterprise for
than the app for on- in Readiness checks . Windows Server
premises 2019
or
Azure Container
Service (AKS)
(That is
Kubernetes
orchestrator)
or
Azure Service
Fabric
orchestrator

How to See Migrate to Azure See Migrate Azure App Follow considerations,
migrate Virtual Machines Service scenarios, and
walkthroughs explained
in the Modernizing
existing .NET apps with
Azure and Windows
Containers eBook

The following flowchart diagram shows a decision tree when planning a migration to
Azure for your existing .NET Framework applications. If it's viable, try option A first, but
option B is the easiest path to perform.
Database choices
When migrating relational databases to Azure you have multiple choices. See Migrate
your SQL Server database to Azure to help you choose the right database migration
path for your existing .NET application.

Networking and security considerations

When deploying applications to a public cloud like Microsoft Azure, you might want to
isolate and secure certain networks by creating network DMZs, such as a DMZ between
Azure and on-premises or a DMZ between Azure and the Internet. DMZs can be
implemented with Azure Virtual Network.

Azure Virtual networks enable you to:

Build a hybrid infrastructure that you control

Bring your own IP addresses and DNS servers
Secure your connections with an IPsec VPN or ExpressRoute
Get granular control over traffic between subnets
Create sophisticated network topologies using virtual appliances
Get an isolated and highly secure environment for your applications

To get started building your own virtual network, see the Azure Virtual Network
documentation.
Authentication and authorization
considerations when migrating to Azure
A top concern of any organization moving to the cloud is security. Most companies have
invested a substantial amount of time, money, and engineering into designing and
developing a security model, and it's important that they're able to leverage existing
investments such as identity stores and single sign-on solutions.

Many existing enterprise B2E .NET applications running on-premises use Active
Directory for authentication and identity management. Azure AD Connect enables you
to integrate your on-premises directories with Azure Active Directory. To get started, see
Integrate your on-premises directories with Azure Active Directory.

See Identity requirements for your hybrid identity solution for further planning related
to Azure Active Directory.

Other authentication protocol choices are OAuth and OpenID , which are common
in consumer-facing applications. When using autonomous identity databases, such as
an ASP.NET Identity SQL database wrapped by IdentityServer4 using OAuth, no
connectivity to on-premises databases or directories is usually required.

Next steps
Migrate an ASP.NET web application to Azure App Service
Migrate your .NET web app or service to
Azure App Service
Article • 07/30/2022

App Service is a fully managed compute platform service that's optimized for hosting
scalable websites and web applications. This article provides information on how to lift-
and-shift an existing application to Azure App Service, modifications to consider, and
additional resources for moving to the cloud . Most ASP.NET websites (Webforms,
MVC) and services (Web API, WCF) can move directly to Azure App Service with no
changes. Some may need minor changes while others may need some refactoring.

Ready to get started? Publish your ASP.NET + SQL application to Azure App Service.

Considerations

On-premises resources (including SQL Server)

Verify access to on-premises resources as these may need to be migrated or changed.
The following are options for mitigating access to on-premises resources:

Create a VPN connecting App Service to on-premises resources using Azure Virtual
Networks.
Securely expose on-premises services to the cloud without firewall changes using
Azure Relay.
Migrate dependencies such as a SQL database to Azure.
Use platform-as-a-service offerings in the cloud to reduce dependencies. For
example, rather than connect to an on-premises mail server, consider using
SendGrid.

Port Bindings
Azure App Service supports port 80 for HTTP and port 443 for HTTPS traffic.

For WCF, the following bindings are supported:

ﾉ Expand table

Binding Notes

BasicHttp
 Binding Notes

WSHttp

WSDualHttpBinding Web socket support must be enabled.

NetHttpBinding Web socket support must be enabled for duplex contracts.

NetHttpsBinding Web socket support must be enabled for duplex contracts.

BasicHttpContextBinding

WebHttpBinding

WSHttpContextBinding

Authentication
Azure App Service supports anonymous authentication by default and Forms
authentication when intended. Windows authentication can be used by integrating with
Azure Active Directory and ADFS only. Learn more about how to integrate your on-
premises directories with Azure Active Directory.

Assemblies in the GAC (Global Assembly Cache)

This isn't supported. Consider copying required assemblies to the app's \bin folder.
Custom .msi files installed on the server (for example, PDF generators) cannot be used.

IIS settings
Everything traditionally configured via applicationHost.config in your application can
now be configured through the Azure portal. This applies to AppPool bitness,
enable/disable WebSockets, managed pipeline version, .NET Framework version
(2.0/4.0), and so on. To modify your application settings, navigate to the Azure portal ,
open the blade for your web app, and then select the Application Settings tab.

IIS5 Compatibility Mode

IIS5 Compatibility Mode is not supported. In Azure App Service, each web app and all of
the applications under it run in the same worker process with a specific set of
application pools.

IIS7+ schema compliance

Some elements and attributes are not defined in the Azure App Service IIS schema. If
you encounter issues, consider using XDT transforms.

Single application pool per site

In Azure App Service, each web app and all of the applications under it run in the same
application pool. Consider establishing a single application pool with common settings
or creating a separate web app for each application.

COM and COM+ components

Azure App Service does not allow the registration of COM components on the platform.
If your app makes use of any COM components, these need to be rewritten in managed
code and deployed with the site or application.

Physical directories
Azure App Service does not allow physical drive access. You may need to use Azure Files
to access files via SMB. Azure Blob Storage can store files for access via HTTPS.

ISAPI filters
Azure App Service can support the use of ISAPI Filters, however, the ISAPI DLL must be
deployed with your site and registered via web.config.

HTTPS bindings and SSL

HTTPS bindings are not migrated, nor are the SSL certificates associated with your web
sites. SSL certificates can be manually uploaded after site migration is completed,
however.

SharePoint and FrontPage

SharePoint and FrontPage Server Extensions (FPSE) are not supported.

Web site size

Free sites have a size limit of 1 GB of content. If your site is greater than 1 GB, you must
upgrade to a paid SKU. See App Service pricing .
Database size
For SQL Server databases, please check the current SQL Database pricing .

Azure Active Directory (AAD) integration

AAD does not work with free apps. To use AAD, you must upgrade the app SKU. See
App Service pricing .

Monitoring and diagnostics

Your current on-premises solutions for monitoring and diagnostics are unlikely to work
in the cloud. However, Azure provides tools for logging, monitoring, and diagnostics so
that you can identify and debug issues with web apps. You can easily enable diagnostics
for your web app in its configuration, and you can view the logs recorded in Azure
Application Insights. Learn more about enabling diagnostics logging for web apps.

Connection strings and application settings

Consider using Azure KeyVault, a service that securely stores sensitive information used
in your application. Alternatively, you can store this data as an App Service setting.

DNS
You may need to update DNS configurations based on the requirements of your
application. These DNS settings can be configured in the App Service custom domain
settings.

Azure App Service with Windows Containers

If your app cannot be migrated directly to App Service, consider App Service using
Windows Containers, which enables usage of the GAC, COM components, MSIs, full
access to .NET FX APIs, DirectX, and more.

See also
How to determine if your app qualifies for App Service
Moving your database to the cloud
Azure web app sandbox details and restrictions
Migrate an ASP.NET Web application to
an Azure Virtual Machine
Article • 06/04/2024

This document provides an overview of how to migrate an ASP.NET web application

from on-premises to an Azure Virtual Machine.

Quickstart
Learn how to create a virtual machine and publish your app to it: Publish to an Azure
VM

Get Started
These tutorials demonstrate the steps to create (or migrate) a virtual machine, publish
your web application to it, and other tasks that may be required to support your
application in Azure.

Create a virtual machine for your ASP.NET application in Azure using one of the
following options:
Create a new virtual machine for ASP.NET Applications
Migrate an existing on-premises VMWare virtual machine
Migrate an existing on-premises Hyper-V virtual machine
Publish a cloud service using Visual Studio
Create a secure virtual network for your VMs
Create a CI/CD pipeline for your application
Move to a VM scale set for high availability and scalability

Considerations

Benefits
Virtual machines offer the easiest path to migrate an application from on-premises to
the cloud. They enable you to replicate the same environment your application uses on-
premises, while removing the need to maintain your own data centers. Virtual Machine
Scale Sets provide high availability and scalability for applications running in Virtual
Machines.
Virtual Machine Size
Choose the virtual machine size and type that is best optimized for your workload. For
more information, see Sizes for Windows virtual machines in Azure.

Maintenance
Just like an on-premises machine, you are responsible for maintaining and updating the
virtual machine*. If your application can run in a Platform as a Service (PaaS)
environment such as Azure App Service or in a container, that will remove this need.

*Automatic OS upgrades for virtual machine scale sets is currently available as a Preview
service.

Virtual Networks
Azure Virtual Networks enable you to:

Build a hybrid infrastructure that you control

Bring your own IP addresses and DNS servers
Create an isolated and highly secure environment for your applications
Connect your VM to your on-premises network using one of several connectivity
options
Integrate your virtual machine into your on-premises network using ExpressRoute

To get started, see the Virtual Network documentation.

Active Directory
Many applications use Active Directory for authentication and identity management.

Microsoft Entra Connect enables you to integrate your on-premises directories

with Microsoft Entra ID. To get started, see Integrate your on-premises directories
with Microsoft Entra ID.
Alternatively, ExpressRoute enables your application to access your on-premises
Active Directory.

SQL Databases
If your application is using an on-premises database, your app will not be able to talk to
it by default. You can either:
 Configure a hybrid network that enables your application to access your database
running on-premises.
Migrate your database to the Azure. For more information, see Migrate your SQL
Server database to Azure.

High Availability and Scalability

Virtual Machine Scale Sets

You want to make sure that your application is highly available and can scale, migrate
your VM image to an Azure Virtual Machine Scale Set to improve the availability and
scalability of your application. VM Scale Sets provide the ability to use an existing VM
you've already configured or set up a build pipeline to build an image with your
application.

To get started, see Deploy your application on virtual machine scale sets.

Centralized Logging

When running your application across multiple instances, consider storing your logs in a
centralized location such as Azure Storage.

Next steps
Migrate a SQL Server database to Azure
Migrate a SQL Server database to Azure
Article • 05/12/2022

This article provides a brief outline of two options for migrating a SQL Server database
to Azure. Azure has three primary options for migrating a production SQL Server
database. This article focuses on the following two options:

1. SQL Server on Azure VMs: A SQL Server instance installed and hosted on a
Windows Virtual Machine running in Azure, also known as Infrastructure as a
Service (IaaS).
2. Azure SQL Database: A fully managed SQL database Azure service, also known as
Platform as a Service (PaaS).

Both come with pros and cons that you will need to evaluate before migrating. The third
option is Azure SQL Database managed instances.

Get started
The following migration guides will be useful, depending on which service you use:

Migrate a SQL Server database to SQL Server in an Azure VM

Migrate your SQL Server database to Azure SQL Database

Additionally, the following links to conceptual content will help you understand VMs
better:

High availability and disaster recovery for SQL Server in Azure Virtual Machines
Performance best practices for SQL Server in Azure Virtual Machines
Application Patterns and Development Strategies for SQL Server in Azure Virtual
Machines

And the following links will help you understand Azure SQL Database better:

Create and manage Azure SQL Database servers and databases

Database Transaction Units (DTUs) and elastic Database Transaction Units (eDTUs)
Azure SQL Database resource limits

Choosing IaaS or PaaS

When evaluating where to migrate your database, determine if IaaS or PaaS is more
appropriate for you.
Choose SQL Server in Azure VMs if:

You are looking to "lift and shift" your database and applications with minimal to
no changes.
You prefer having full control over your database server and the VM it runs on.
You already have SQL Server and Windows Server licenses that you intend to use.

Choose Azure SQL Database if:

You are looking to modernize your applications and are migrating to use other
PaaS services in Azure.
You do not wish to manage your database server and the VM it runs on.
You do not have SQL Server or Windows Server licenses, or you intend to let
licenses you have expire.

The following table describes differences between each service based on a set of
scenarios.

ﾉ Expand table

Scenario SQL Server in Azure VMs Azure SQL Database

Migration Requires minimal changes to May require changes to your database if

your database. you use features unavailable in Azure SQL,
as determined by the Data Migration
Assistant , or if you have other
dependencies such as locally installed
executables.

Managing Availability and recovery are Automatically managed for you.

availability, configured manually.
recovery, and Upgrades can be automated
upgrades with VM Scale Sets.

Underlying OS Manual configuration. Automatically managed for you.

configuration

Managing Supports up to 256 TB of Supports 8 TB of storage before needing a

database size storage per SQL Server horizontal partition.
instance.

Managing costs You must manage SQL Server You must manage service costs (based on
license costs, Windows Server eDTUs or DTUs, storage, and number of
license costs, and VM costs databases if using an elastic pool). You
(based on cores, RAM, and must also manage the cost of any SLA.
storage).
To learn more about the differences between the two, see Choose the right deployment
option in Azure SQL.

FAQ
Can I still use tools such as SQL Server Management Studio and SQL Server
Reporting Services (SSRS) with SQL Server in Azure VMs or Azure SQL Database?

Yes. All Microsoft SQL tooling works with both services. SSRS is not part of Azure
SQL Database, though, and it's recommended that you run it in an Azure VM and
then point it to your database instance.

I want to go PaaS but I'm not sure if my database is compatible. Are there tools
to help?

Yes. The Data Migration Assistant is a tool that is used as a part of migrating to
Azure SQL Database. The Azure Database Migration Service is a preview service
that you can use for either IaaS or PaaS.

Can I estimate costs?

Yes. The Azure Pricing Calculator can be used for estimating costs for all Azure
services, including VMs and database services.

Next steps
Choose the right Azure hosting option
Develop .NET apps with AI features
Article • 05/02/2025

With .NET, you can use artificial intelligence (AI) to automate and accomplish complex tasks in
your applications using the tools, platforms, and services that are familiar to you.

Why choose .NET to build AI apps?

Millions of developers use .NET to create applications that run on the web, on mobile and
desktop devices, or in the cloud. By using .NET to integrate AI into your applications, you can
take advantage of all that .NET has to offer:

A unified story for building web UIs, APIs, and applications.

Supported on Windows, macOS, and Linux.
Is open-source and community-focused.
Runs on top of the most popular web servers and cloud platforms.
Provides powerful tooling to edit, debug, test, and deploy.

What can you build with AI and .NET?

The opportunities with AI are near endless. Here are a few examples of solutions you can build
using AI in your .NET applications:

Language processing: Create virtual agents or chatbots to talk with your data and
generate content and images.
Computer vision: Identify objects in an object or video.
Audio generation: Use synthesized voices to interact with customers.
Classification: Label the severity of a customer-reported issue.
Task automation: Automatically perform the next step in a workflow as tasks are
completed.

Recommended learning path

We recommend the following sequence of tutorials and articles for an introduction to
developing applications with AI and .NET:

ﾉ Expand table

Scenario Tutorial

Create a chat application Build an Azure AI chat app with .NET

 Scenario Tutorial

Summarize text Summarize text using Azure AI chat app with .NET

Chat with your data Get insight about your data from an .NET Azure AI chat app

Call .NET functions with AI Extend Azure AI using tools and execute a local function with .NET

Generate images Generate images using Azure AI with .NET

Train your own model ML.NET tutorial

Browse the table of contents to learn more about the core concepts, starting with How
generative AI and LLMs work.

Next steps
Quickstart: Build an Azure AI chat app with .NET
Video series: Machine Learning and AI with .NET
Azure SDK for .NET overview
Article • 04/25/2025

What is the Azure SDK for .NET

The Azure SDK for .NET is designed to make it easy to use Azure services from your .NET
applications. Whether it's uploading and downloading files to Blob Storage, retrieving
application secrets from Azure Key Vault, or processing notifications from Azure Event Hubs,
the Azure SDK for .NET provides a consistent and familiar interface to access Azure services.

The Azure SDK for .NET is a collection of NuGet packages that can be used in applications
targeting .NET variants that implement .NET Standard 2.0.

Use the Azure SDK for .NET in your applications

To use an Azure SDK package in one of your .NET applications, you want to follow these steps.

1. Locate the appropriate SDK package - Use the package list to find the appropriate
package for the Azure service you are working with. Be advised that most services have a
client package for working with the service and a management package for creating and
managing instances of the service. In most cases, you will want the client package. Install
this package in your application using NuGet.

2. Set up authentication for your application - To access Azure resources, your application
will need to have the appropriate credentials and access rights assigned in Azure. Learn
how to configure authentication in Authenticating .NET applications to Azure.

3. Write code using the SDK in your application - When working with Azure services, your
code will first create a client object to work with the service and then call methods on that
client object to interact with the service. Both synchronous and asynchronous methods
 are provided. Examples of using each individual SDK package are provided throughout
the Azure documentation.

4. Configure logging for the SDK (optional) - If you need to diagnose issues between your
application and Azure, you can enable logging in the Azure SDK for .NET.
Authenticate .NET apps to Azure
services using the Azure Identity library
Article • 02/20/2025

Apps can use the Azure Identity library to authenticate to Microsoft Entra ID, which
allows the apps to access Azure services and resources. This authentication requirement
applies whether the app is deployed to Azure, hosted on-premises, or running locally on
a developer workstation. The sections ahead describe the recommended approaches to
authenticate an app to Microsoft Entra ID across different environments when using the
Azure SDK client libraries.

Recommended approach for app

authentication
Token-based authentication via Microsoft Entra ID is the recommended approach for
authenticating apps to Azure, instead of using connection strings or key-based options.
The Azure Identity library provides classes that support token-based authentication and
allow apps to authenticate to Azure resources whether the app runs locally, on Azure, or
on an on-premises server.

Advantages of token-based authentication

Token-based authentication offers the following advantages over connection strings:

Token-based authentication ensures only the specific apps intended to access the
Azure resource are able to do so, whereas anyone or any app with a connection
string can connect to an Azure resource.
Token-based authentication allows you to further limit Azure resource access to
only the specific permissions needed by the app. This follows the principle of least
privilege . In contrast, a connection string grants full rights to the Azure resource.
When using a managed identity for token-based authentication, Azure handles
administrative functions for you, so you don't have to worry about tasks like
securing or rotating secrets. This makes the app more secure because there's no
connection string or application secret that can be compromised.
The Azure Identity library acquires and manages Microsoft Entra tokens for you.

Use of connection strings should be limited to scenarios where token-based

authentication is not an option, initial proof-of-concept apps, or development
prototypes that don't access production or sensitive data. When possible, use the token-
based authentication classes available in the Azure Identity library to authenticate to
Azure resources.

Authentication across different environments

The specific type of token-based authentication an app should use to authenticate to
Azure resources depends on where the app runs. The following diagram provides
guidance for different scenarios and environments:

When an app is:

Hosted on Azure: The app should authenticate to Azure resources using a

managed identity. This option is discussed in more detail at authentication in
server environments.
Running locally during development: The app can authenticate to Azure using
either an application service principal for local development or by using the
developer's Azure credentials. Each option is discussed in more detail at
authentication during local development.
Hosted on-premises: The app should authenticate to Azure resources using an
application service principal, or a managed identity in the case of Azure Arc. On-
premises workflows are discussed in more detail at authentication in server
environments.

Authentication for Azure-hosted apps

When your app is hosted on Azure, it can use managed identities to authenticate to
Azure resources without needing to manage any credentials. There are two types of
managed identities: user-assigned and system-assigned.
Use a user-assigned managed identity
A user-assigned managed identity is created as a standalone Azure resource. It can be
assigned to one or more Azure resources, allowing those resources to share the same
identity and permissions. To authenticate using a user-assigned managed identity,
create the identity, assign it to your Azure resource, and then configure your app to use
this identity for authentication by specifying its client ID, resource ID, or object ID.

Authenticate using a user-assigned managed identity

Use a system-assigned managed identity

A system-assigned managed identity is enabled directly on an Azure resource. The

identity is tied to the lifecycle of that resource and is automatically deleted when the
resource is deleted. To authenticate using a system-assigned managed identity, enable
the identity on your Azure resource and then configure your app to use this identity for
authentication.

Authenticate using a system-assigned managed identity

Authentication during local development

During local development, you can authenticate to Azure resources using your
developer credentials or a service principal. This allows you to test your app's
authentication logic without deploying it to Azure.

Use developer credentials

You can use your own Azure credentials to authenticate to Azure resources during local
development. This is typically done using a development tool, such as Azure CLI or
Visual Studio, which can provide your app with the necessary tokens to access Azure
services. This method is convenient but should only be used for development purposes.

Authenticate locally using developer credentials

Use a service principal

A service principal is created in a Microsoft Entra tenant to represent an app and be

used to authenticate to Azure resources. You can configure your app to use service
principal credentials during local development. This method is more secure than using
developer credentials and is closer to how your app will authenticate in production.
However, it's still less ideal than using a managed identity due to the need for secrets.

Authenticate locally using a service principal

Authentication for apps hosted on-premises

For apps hosted on-premises, you can use a service principal to authenticate to Azure
resources. This involves creating a service principal in Microsoft Entra ID, assigning it the
necessary permissions, and configuring your app to use its credentials. This method
allows your on-premises app to securely access Azure services.

Authenticate your on-prem app using a service principal

Authenticate .NET apps to Azure
services during local development using
developer accounts
Article • 03/20/2025

During local development, applications need to authenticate to Azure to access various

Azure services. Two common approaches for local authentication are to use a service
principal or to use a developer account. This article explains how to use a developer
account. In the sections ahead, you learn:

How to use Microsoft Entra groups to efficiently manage permissions for multiple
developer accounts
How to assign roles to developer accounts to scope permissions
How to sign-in to supported local development tools
How to authenticate using a developer account from your app code

For an app to authenticate to Azure during local development using the developer's
Azure credentials, the developer must be signed-in to Azure from one of the following
developer tools:

Azure CLI
Azure Developer CLI
Azure PowerShell
Visual Studio

The Azure Identity library can detect that the developer is signed-in from one of these
tools. The library can then obtain the Microsoft Entra access token via the tool to
authenticate the app to Azure as the signed-in user.
This approach takes advantage of the developer's existing Azure accounts to streamline
the authentication process. However, a developer's account likely has more permissions
than required by the app, therefore exceeding the permissions the app runs with in
production. As an alternative, you can create application service principals to use during
local development, which can be scoped to have only the access needed by the app.

Create a Microsoft Entra group for local

development
Create a Microsoft Entra group to encapsulate the roles (permissions) the app needs in
local development rather than assigning the roles to individual service principal objects.
This approach offers the following advantages:

Every developer has the same roles assigned at the group level.
If a new role is needed for the app, it only needs to be added to the group for the
app.
If a new developer joins the team, a new application service principal is created for
the developer and added to the group, ensuring the developer has the right
permissions to work on the app.

Azure portal

1. Navigate to the Microsoft Entra ID overview page in the Azure portal.

2. Select All groups from the left-hand menu.

3. On the Groups page, select New group.

4. On the New group page, fill out the following form fields:

Group type: Select Security.

Group name: Enter a name for the group that includes a reference to the
app or environment name.
Group description: Enter a description that explains the purpose of the
group.
 5. Select the No members selected link under Members to add members to the
group.

6. In the flyout panel that opens, search for the service principal you created
earlier and select it from the filtered results. Choose the Select button at the
bottom of the panel to confirm your selection.

7. Select Create at the bottom of the New group page to create the group and
return to the All groups page. If you don't see the new group listed, wait a
moment and refresh the page.

Assign roles to the group

Next, determine what roles (permissions) your app needs on what resources and assign
those roles to the Microsoft Entra group you created. Groups can be assigned a role at
the resource, resource group, or subscription scope. This example shows how to assign
roles at the resource group scope, since most apps group all their Azure resources into a
single resource group.

Azure portal

1. In the Azure portal, navigate to the Overview page of the resource group that
contains your app.

2. Select Access control (IAM) from the left navigation.

 3. On the Access control (IAM) page, select + Add and then choose Add role
assignment from the drop-down menu. The Add role assignment page
provides several tabs to configure and assign roles.

4. On the Role tab, use the search box to locate the role you want to assign.
Select the role, and then choose Next.

5. On the Members tab:

For the Assign access to value, select User, group, or service principal .
For the Members value, choose + Select members to open the Select
members flyout panel.
Search for the Microsoft Entra group you created earlier and select it
from the filtered results. Choose Select to select the group and close the
flyout panel.
Select Review + assign at the bottom of the Members tab.

6. On the Review + assign tab, select Review + assign at the bottom of the
page.

Sign-in to Azure using developer tooling

Next, sign-in to Azure using one of several developer tools that can be used to perform
authentication in your development environment. The account you authenticate should
also exist in the Microsoft Entra group you created and configured earlier.

Visual Studio
 Developers using Visual Studio 2017 or later can authenticate using their developer
account through the IDE. Apps using DefaultAzureCredential or
VisualStudioCredential can discover and use this account to authenticate app
requests when running locally. This account is also used when you publish apps
directly from Visual Studio to Azure.

） Important

You'll need to install the Azure development workload to enable Visual Studio
tooling for Azure authentication, development, and deployment.

1. Inside Visual Studio, navigate to Tools > Options to open the options dialog.

2. In the Search Options box at the top, type Azure to filter the available options.

3. Under Azure Service Authentication, choose Account Selection.

4. Select the drop-down menu under Choose an account and choose to add a
Microsoft account.

5. In the window that opens, enter the credentials for your desired Azure
account, and then confirm your inputs.

6. Select OK to close the options dialog.

Authenticate to Azure services from your app

The Azure Identity library provides various credentials—implementations of
TokenCredential adapted to supporting different scenarios and Microsoft Entra

authentication flows. The steps ahead demonstrate how to use DefaultAzureCredential

when working with user accounts locally.

Implement the code

DefaultAzureCredential is an opinionated, ordered sequence of mechanisms for
authenticating to Microsoft Entra ID. Each authentication mechanism is a class derived
from the TokenCredential class and is known as a credential. At runtime,
DefaultAzureCredential attempts to authenticate using the first credential. If that

credential fails to acquire an access token, the next credential in the sequence is
attempted, and so on, until an access token is successfully obtained. In this way, your
app can use different credentials in different environments without writing environment-
specific code.

To use DefaultAzureCredential , add the Azure.Identity and optionally the

Microsoft.Extensions.Azure packages to your application:

Command Line

In a terminal of your choice, navigate to the application project directory and run
the following commands:

.NET CLI

dotnet add package Azure.Identity

dotnet add package Microsoft.Extensions.Azure

Azure services are accessed using specialized client classes from the various Azure SDK
client libraries. These classes and your own custom services should be registered so they
can be accessed via dependency injection throughout your app. In Program.cs ,
complete the following steps to register a client class and DefaultAzureCredential :

1. Include the Azure.Identity and Microsoft.Extensions.Azure namespaces via

using directives.

2. Register the Azure service client using the corresponding Add -prefixed extension
method.
3. Pass an instance of DefaultAzureCredential to the UseCredential method.

C#
 builder.Services.AddAzureClients(clientBuilder =>
{
clientBuilder.AddBlobServiceClient(
new Uri("https://<account-name>.blob.core.windows.net"));

clientBuilder.UseCredential(new DefaultAzureCredential());
});

An alternative to the UseCredential method is to provide the credential to the service

client directly:

C#

builder.Services.AddSingleton<BlobServiceClient>(_ =>
new BlobServiceClient(
new Uri("https://<account-name>.blob.core.windows.net"),
new DefaultAzureCredential()));
Authenticate .NET apps to Azure
services during local development using
service principals
Article • 03/12/2025

During local development, applications need to authenticate to Azure to access various

Azure services. Two common approaches for local authentication are to use a developer
account or a service principal. This article explains how to use an application service
principal. In the sections ahead, you learn:

How to register an application with Microsoft Entra to create a service principal

How to use Microsoft Entra groups to efficiently manage permissions
How to assign roles to scope permissions
How to authenticate using a service principal from your app code

Using dedicated application service principals allows you to adhere to the principle of
least privilege when accessing Azure resources. Permissions are limited to the specific
requirements of the app during development, preventing accidental access to Azure
resources intended for other apps or services. This approach also helps avoid issues
when the app is moved to production by ensuring it isn't over-privileged in the
development environment.

When the app is registered in Azure, an application service principal is created. For local
development:

Create a separate app registration for each developer working on the app to
ensure each developer has their own application service principal, avoiding the
need to share credentials.
 Create a separate app registration for each app to limit the app's permissions to
only what is necessary.

During local development, environment variables are set with the application service
principal's identity. The Azure Identity library reads these environment variables to
authenticate the app to the required Azure resources.

Register the app in Azure

Application service principal objects are created through an app registration in Azure
using either the Azure portal or Azure CLI.

Azure portal

1. In the Azure portal, use the search bar to navigate to the App registrations
page.

2. On the App registrations page, select + New registration.

3. On the Register an application page:

For the Name field, enter a descriptive value that includes the app name
and the target environment.
For the Supported account types, select Accounts in this organizational
directory only (Microsoft Customer Led only - Single tenant), or
whichever option best fits your requirements.

4. Select Register to register your app and create the service principal.
5. On the App registration page for your app, copy the Application (client) ID
and Directory (tenant) ID and paste them in a temporary location for later use
in your app code configurations.

6. Select Add a certificate or secret to set up credentials for your app.

7. On the Certificates & secrets page, select + New client secret.

8. In the Add a client secret flyout panel that opens:

For the Description, enter a value of Current.

For the Expires value, leave the default recommended value of 180 days.
Select Add to add the secret.

9. On the Certificates & secrets page, copy the Value property of the client
secret for use in a future step.

７ Note

The client secret value is only displayed once after the app registration is
created. You can add more client secrets without invalidating this client
secret, but there's no way to display this value again.
Create a Microsoft Entra group for local
development
Create a Microsoft Entra group to encapsulate the roles (permissions) the app needs in
local development rather than assigning the roles to individual service principal objects.
This approach offers the following advantages:

Every developer has the same roles assigned at the group level.
If a new role is needed for the app, it only needs to be added to the group for the
app.
If a new developer joins the team, a new application service principal is created for
the developer and added to the group, ensuring the developer has the right
permissions to work on the app.

Azure portal

1. Navigate to the Microsoft Entra ID overview page in the Azure portal.

2. Select All groups from the left-hand menu.

3. On the Groups page, select New group.

4. On the New group page, fill out the following form fields:

Group type: Select Security.

Group name: Enter a name for the group that includes a reference to the
app or environment name.
Group description: Enter a description that explains the purpose of the
group.
 5. Select the No members selected link under Members to add members to the
group.

6. In the flyout panel that opens, search for the service principal you created
earlier and select it from the filtered results. Choose the Select button at the
bottom of the panel to confirm your selection.

7. Select Create at the bottom of the New group page to create the group and
return to the All groups page. If you don't see the new group listed, wait a
moment and refresh the page.

Assign roles to the group

Next, determine what roles (permissions) your app needs on what resources and assign
those roles to the Microsoft Entra group you created. Groups can be assigned a role at
the resource, resource group, or subscription scope. This example shows how to assign
roles at the resource group scope, since most apps group all their Azure resources into a
single resource group.

Azure portal

1. In the Azure portal, navigate to the Overview page of the resource group that
contains your app.

2. Select Access control (IAM) from the left navigation.

 3. On the Access control (IAM) page, select + Add and then choose Add role
assignment from the drop-down menu. The Add role assignment page
provides several tabs to configure and assign roles.

4. On the Role tab, use the search box to locate the role you want to assign.
Select the role, and then choose Next.

5. On the Members tab:

For the Assign access to value, select User, group, or service principal .
For the Members value, choose + Select members to open the Select
members flyout panel.
Search for the Microsoft Entra group you created earlier and select it
from the filtered results. Choose Select to select the group and close the
flyout panel.
Select Review + assign at the bottom of the Members tab.

6. On the Review + assign tab, select Review + assign at the bottom of the
page.

Set the app environment variables

At runtime, certain credentials from the Azure Identity library, such as
DefaultAzureCredential , EnvironmentCredential , and ClientSecretCredential , search

for service principal information by convention in the environment variables. There are
multiple ways to configure environment variables when working with .NET, depending
on your tooling and environment.
Regardless of the approach you choose, configure the following environment variables
for a service principal:

AZURE_CLIENT_ID : Used to identify the registered app in Azure.

AZURE_TENANT_ID : The ID of the Microsoft Entra tenant.

AZURE_CLIENT_SECRET : The secret credential that was generated for the app.

Windows

You can set environment variables for Windows from the command line. However,
the values are accessible to all apps running on that operating system and could
cause conflicts, so use caution with this approach. Environment variables can be set
at the user or system level.

Bash

# Set user environment variables

setx ASPNETCORE_ENVIRONMENT "Development"
setx AZURE_CLIENT_ID "<your-client-id>"
setx AZURE_TENANT_ID "<your-tenant-id>"
setx AZURE_CLIENT_SECRET "<your-client-secret>"

# Set system environment variables - requires running as admin

setx ASPNETCORE_ENVIRONMENT "Development" /m
setx AZURE_CLIENT_ID "<your-client-id>" /m
setx AZURE_TENANT_ID "<your-tenant-id>" /m
setx AZURE_CLIENT_SECRET "<your-client-secret>" /m

PowerShell can also be used to set environment variables at the user or system
level:

PowerShell

# Set user environment variables

[Environment]::SetEnvironmentVariable("ASPNETCORE_ENVIRONMENT",
"Development", "User")
[Environment]::SetEnvironmentVariable("AZURE_CLIENT_ID", "<your-client-
id>", "User")
[Environment]::SetEnvironmentVariable("AZURE_TENANT_ID", "<your-tenant-
id>", "User")
[Environment]::SetEnvironmentVariable("AZURE_CLIENT_SECRET", "<your-
client-secret>", "User")

# Set system environment variables - requires running as admin

[Environment]::SetEnvironmentVariable("ASPNETCORE_ENVIRONMENT",
"Development", "Machine")
[Environment]::SetEnvironmentVariable("AZURE_CLIENT_ID", "<your-client-
id>", "Machine")
 [Environment]::SetEnvironmentVariable("AZURE_TENANT_ID", "<your-tenant-
id>", "Machine")
[Environment]::SetEnvironmentVariable("AZURE_CLIENT_SECRET", "<your-
client-secret>", "Machine")

Authenticate to Azure services from your app

The Azure Identity library provides various credentials—implementations of
TokenCredential adapted to supporting different scenarios and Microsoft Entra

authentication flows. The steps ahead demonstrate how to use ClientSecretCredential

when working with service principals locally and in production.

Implement the code

Add the Azure.Identity package. In an ASP.NET Core project, also install the
Microsoft.Extensions.Azure package:

Command Line

In a terminal of your choice, navigate to the application project directory and run
the following commands:

.NET CLI

dotnet add package Azure.Identity

dotnet add package Microsoft.Extensions.Azure

Azure services are accessed using specialized client classes from the various Azure SDK
client libraries. These classes and your own custom services should be registered for
dependency injection so they can be used throughout your app. In Program.cs ,
complete the following steps to configure a client class for dependency injection and
token-based authentication:

1. Include the Azure.Identity and Microsoft.Extensions.Azure namespaces via

using directives.

2. Register the Azure service client using the corresponding Add -prefixed extension
method.
3. Configure ClientSecretCredential with the tenantId , clientId , and clientSecret .
4. Pass the ClientSecretCredential instance to the UseCredential method.
 C#

builder.Services.AddAzureClients(clientBuilder =>
{
var tenantId = Environment.GetEnvironmentVariable("AZURE_TENANT_ID");
var clientId = Environment.GetEnvironmentVariable("AZURE_CLIENT_ID");
var clientSecret =
Environment.GetEnvironmentVariable("AZURE_CLIENT_SECRET");

clientBuilder.AddBlobServiceClient(
new Uri("https://<account-name>.blob.core.windows.net"));

clientBuilder.UseCredential(new ClientSecretCredential(tenantId,
clientId, clientSecret));
});

An alternative to the UseCredential method is to provide the credential to the service

client directly:

C#

var tenantId = Environment.GetEnvironmentVariable("AZURE_TENANT_ID");

var clientId = Environment.GetEnvironmentVariable("AZURE_CLIENT_ID");
var clientSecret =
Environment.GetEnvironmentVariable("AZURE_CLIENT_SECRET");

builder.Services.AddSingleton<BlobServiceClient>(_ =>
new BlobServiceClient(
new Uri("https://<account-name>.blob.core.windows.net"),
new ClientSecretCredential(tenantId, clientId, clientSecret)));
Authenticate Azure-hosted .NET apps to
Azure resources using a system-
assigned managed identity
Article • 02/20/2025

The recommended approach to authenticate an Azure-hosted app to other Azure

resources is to use a managed identity. This approach is supported for most Azure
services, including apps hosted on Azure App Service, Azure Container Apps, and Azure
Virtual Machines. Discover more about different authentication techniques and
approaches on the authentication overview page. In the sections ahead, you'll learn:

Essential managed identity concepts

How to create a system-assigned managed identity for your app
How to assign roles to the system-assigned managed identity
How to authenticate using the system-assigned managed identity from your app
code

Essential managed identity concepts

A managed identity enables your app to securely connect to other Azure resources
without the use of secret keys or other application secrets. Internally, Azure tracks the
identity and which resources it's allowed to connect to. Azure uses this information to
automatically obtain Microsoft Entra tokens for the app to allow it to connect to other
Azure resources.

There are two types of managed identities to consider when configuring your hosted
app:

System-assigned managed identities are enabled directly on an Azure resource

and are tied to its life cycle. When the resource is deleted, Azure automatically
deletes the identity for you. System-assigned identities provide a minimalistic
approach to using managed identities.
User-assigned managed identities are created as standalone Azure resources and
offer greater flexibility and capabilities. They're ideal for solutions involving
multiple Azure resources that need to share the same identity and permissions. For
example, if multiple virtual machines need to access the same set of Azure
resources, a user-assigned managed identity provides reusability and optimized
management.
  Tip

Learn more about selecting and managing system-assigned managed identities

and user-assigned managed identities in the Managed identity best practice
recommendations article.

The sections ahead describe the steps to enable and use a system-assigned managed
identity for an Azure-hosted app. If you need to use a user-assigned managed identity,
visit the user-assigned managed identities article for more information.

Enable a system-assigned managed identity on

the Azure hosting resource
To get started using a system-assigned managed identity with your app, enable the
identity on the Azure resource hosting your app, such as an Azure App Service, Azure
Container App, or Azure Virtual Machine.

You can enable a system-assigned managed identity for an Azure resource using either
the Azure portal or the Azure CLI.

Azure portal

1. In the Azure portal, navigate to the resource that hosts your application code,
such as an Azure App Service or Azure Container App instance.

2. From the resource's Overview page, expand Settings and select Identity from
the navigation.

3. On the Identity page, toggle the Status slider to On.

4. Select Save to apply your changes.

Assign roles to the managed identity
Next, determine which roles your app needs and assign those roles to the managed
identity. You can assign roles to a managed identity at the following scopes:

Resource: The assigned roles only apply to that specific resource.

Resource group: The assigned roles apply to all resources contained in the
resource group.
Subscription: The assigned roles apply to all resources contained in the
subscription.

The following example shows how to assign roles at the resource group scope, since
many apps manage all their related Azure resources using a single resource group.

Azure portal

1. Navigate to the Overview page of the resource group that contains the app
with the system-assigned managed identity.

2. Select Access control (IAM) on the left navigation.

3. On the Access control (IAM) page, select + Add on the top menu and then
choose Add role assignment to navigate to the Add role assignment page.
 4. The Add role assignment page presents a tabbed, multi-step workflow to
assign roles to identities. On the initial Role tab, use the search box at the top
to locate the role you want to assign to the identity.

5. Select the role from the results and then choose Next to move to the
Members tab.

6. For the Assign access to option, select Managed identity.

7. For the Members option, choose + Select members to open the Select
managed identities panel.

8. On the Select managed identities panel, use the Subscription and Managed
identity dropdowns to filter the search results for your identities. Use the
Select search box to locate the system-identity you enabled for the Azure
resource hosting your app.

9. Select the identity and choose Select at the bottom of the panel to continue.

10. Select Review + assign at the bottom of the page.

11. On the final Review + assign tab, select Review + assign to complete the
workflow.
Authenticate to Azure services from your app
The Azure Identity library provides various credentials—implementations of
TokenCredential adapted to supporting different scenarios and Microsoft Entra

authentication flows. Since managed identity is unavailable when running locally, the
steps ahead demonstrate which credential to use in which scenario:

Local dev environment: During local development only, use a class called
DefaultAzureCredential for an opinionated, preconfigured chain of credentials.
DefaultAzureCredential discovers user credentials from your local tooling or IDE,

such as the Azure CLI or Visual Studio. It also provides flexibility and convenience
for retries, wait times for responses, and support for multiple authentication
options. Visit the Authenticate to Azure services during local development article
to learn more.
Azure-hosted apps: When your app is running in Azure, use
ManagedIdentityCredential to safely discover the managed identity configured for
your app. Specifying this exact type of credential prevents other available
credentials from being picked up unexpectedly.

Implement the code

Add the Azure.Identity package. In an ASP.NET Core project, also install the
Microsoft.Extensions.Azure package:

Command Line

In a terminal of your choice, navigate to the application project directory and run
the following commands:

.NET CLI

dotnet add package Azure.Identity

dotnet add package Microsoft.Extensions.Azure

Azure services are accessed using specialized client classes from the various Azure SDK
client libraries. These classes and your own custom services should be registered for
dependency injection so they can be used throughout your app. In Program.cs ,
complete the following steps to configure a client class for dependency injection and
token-based authentication:
 1. Include the Azure.Identity and Microsoft.Extensions.Azure namespaces via
using directives.

2. Register the Azure service client using the corresponding Add -prefixed extension
method.
3. Pass an appropriate TokenCredential instance to the UseCredential method:

Use DefaultAzureCredential when your app is running locally.

Use ManagedIdentityCredential when your app is running in Azure.

C#

builder.Services.AddAzureClients(clientBuilder =>
{
clientBuilder.AddBlobServiceClient(
new Uri("https://<account-name>.blob.core.windows.net"));

TokenCredential credential = null;

if (builder.Environment.IsProduction())
{
// Managed identity token credential discovered when running in
Azure environments
credential = new ManagedIdentityCredential();
}
else
{
// Running locally on dev machine - DO NOT use in production or
outside of local dev
credential = new DefaultAzureCredential();
}

clientBuilder.UseCredential(credential);
});

An alternative to the UseCredential method is to provide the credential to the service

client directly:

C#

TokenCredential credential = null;

if (builder.Environment.IsProduction() || builder.Environment.IsStaging())
{
// Managed identity token credential discovered when running in Azure
environments
credential = new ManagedIdentityCredential();
}
else
{
 // Running locally on dev machine - DO NOT use in production or outside
of local dev
credential = new DefaultAzureCredential();
}

builder.Services.AddSingleton<BlobServiceClient>(_ =>
new BlobServiceClient(
new Uri("https://<account-name>.blob.core.windows.net"),
credential));

The preceding code behaves differently depending on the environment where it's
running:

On your local development workstation, DefaultAzureCredential looks in the

environment variables for an application service principal or at locally installed
developer tools, such as Visual Studio, for a set of developer credentials.
When deployed to Azure, ManagedIdentityCredential discovers your managed
identity configurations to authenticate to other services automatically.
Authenticate Azure-hosted .NET apps to
Azure resources using a user-assigned
managed identity
Article • 02/20/2025

The recommended approach to authenticate an Azure-hosted app to other Azure

resources is to use a managed identity. This approach is supported for most Azure
services, including apps hosted on Azure App Service, Azure Container Apps, and Azure
Virtual Machines. Discover more about different authentication techniques and
approaches on the authentication overview page. In the sections ahead, you'll learn:

Essential managed identity concepts

How to create a user-assigned managed identity for your app
How to assign roles to the user-assigned managed identity
How to authenticate using the user-assigned managed identity from your app
code

Essential managed identity concepts

A managed identity enables your app to securely connect to other Azure resources
without the use of secret keys or other application secrets. Internally, Azure tracks the
identity and which resources it's allowed to connect to. Azure uses this information to
automatically obtain Microsoft Entra tokens for the app to allow it to connect to other
Azure resources.

There are two types of managed identities to consider when configuring your hosted
app:

System-assigned managed identities are enabled directly on an Azure resource

and are tied to its life cycle. When the resource is deleted, Azure automatically
deletes the identity for you. System-assigned identities provide a minimalistic
approach to using managed identities.
User-assigned managed identities are created as standalone Azure resources and
offer greater flexibility and capabilities. They're ideal for solutions involving
multiple Azure resources that need to share the same identity and permissions. For
example, if multiple virtual machines need to access the same set of Azure
resources, a user-assigned managed identity provides reusability and optimized
management.
  Tip

Learn more about selecting and managing system-assigned managed identities

and user-assigned managed identities in the Managed identity best practice
recommendations article.

The sections ahead describe the steps to enable and use a user-assigned managed
identity for an Azure-hosted app. If you need to use a system-assigned managed
identity, visit the system-assigned managed identities article for more information.

Create a user-assigned managed identity

User-assigned managed identities are created as standalone resources in your Azure
subscription using the Azure portal or the Azure CLI. Azure CLI commands can be run in
the Azure Cloud Shell or on a workstation with the Azure CLI installed.

Azure portal

1. In the Azure portal, enter Managed identities in the main search bar and select
the matching result under the Services section.

2. On the Managed Identities page, select + Create.

3. On the Create User Assigned Managed Identity page, select a subscription,

resource group, and region for the user-assigned managed identity, and then
provide a name.

4. Select Review + create to review and validate your inputs.

 5. Select Create to create the user-assigned managed identity.

6. After the identity is created, select Go to resource.

7. On the new identity's Overview page, copy the Client ID value to use for later
when you configure the application code.

Assign the managed identity to your app

A user-assigned managed identity can be associated with one or more Azure resources.
All of the resources that use that identity gain the permissions applied through the
identity's roles.

Azure portal

1. In the Azure portal, navigate to the resource that hosts your app code, such as
an Azure App Service or Azure Container App instance.

2. From the resource's Overview page, expand Settings and select Identity from
the navigation.

3. On the Identity page, switch to the User assigned tab.

4. Select + Add to open the Add user assigned managed identity panel.

5. On the Add user assigned managed identity panel, use the Subscription
dropdown to filter the search results for your identities. Use the User assigned
 managed identities search box to locate the user-assigned managed identity
you enabled for the Azure resource hosting your app.

6. Select the identity and choose Add at the bottom of the panel to continue.

Assign roles to the managed identity

Next, determine which roles your app needs and assign those roles to the managed
identity. You can assign roles to a managed identity at the following scopes:

Resource: The assigned roles only apply to that specific resource.

Resource group: The assigned roles apply to all resources contained in the
resource group.
Subscription: The assigned roles apply to all resources contained in the
subscription.

The following example shows how to assign roles at the resource group scope, since
many apps manage all their related Azure resources using a single resource group.

Azure portal

1. Navigate to the Overview page of the resource group that contains the app
with the user-assigned managed identity.

2. Select Access control (IAM) on the left navigation.

3. On the Access control (IAM) page, select + Add on the top menu and then
choose Add role assignment to navigate to the Add role assignment page.
 4. The Add role assignment page presents a tabbed, multi-step workflow to
assign roles to identities. On the initial Role tab, use the search box at the top
to locate the role you want to assign to the identity.

5. Select the role from the results and then choose Next to move to the
Members tab.

6. For the Assign access to option, select Managed identity.

7. For the Members option, choose + Select members to open the Select
managed identities panel.

8. On the Select managed identities panel, use the Subscription and Managed
identity dropdowns to filter the search results for your identities. Use the
Select search box to locate the user-assigned managed identity you enabled
for the Azure resource hosting your app.

9. Select the identity and choose Select at the bottom of the panel to continue.

10. Select Review + assign at the bottom of the page.

11. On the final Review + assign tab, select Review + assign to complete the
workflow.
Authenticate to Azure services from your app
The Azure Identity library provides various credentials—implementations of
TokenCredential adapted to supporting different scenarios and Microsoft Entra

authentication flows. Since managed identity is unavailable when running locally, the
steps ahead demonstrate which credential to use in which scenario:

Local dev environment: During local development only, use a class called
DefaultAzureCredential for an opinionated, preconfigured chain of credentials.
DefaultAzureCredential discovers user credentials from your local tooling or IDE,

such as the Azure CLI or Visual Studio. It also provides flexibility and convenience
for retries, wait times for responses, and support for multiple authentication
options. Visit the Authenticate to Azure services during local development article
to learn more.
Azure-hosted apps: When your app is running in Azure, use
ManagedIdentityCredential to safely discover the managed identity configured for
your app. Specifying this exact type of credential prevents other available
credentials from being picked up unexpectedly.

Implement the code

Add the Azure.Identity package. In an ASP.NET Core project, also install the
Microsoft.Extensions.Azure package:

Command Line

In a terminal of your choice, navigate to the application project directory and run
the following commands:

.NET CLI

dotnet add package Azure.Identity

dotnet add package Microsoft.Extensions.Azure

Azure services are accessed using specialized client classes from the various Azure SDK
client libraries. These classes and your own custom services should be registered for
dependency injection so they can be used throughout your app. In Program.cs ,
complete the following steps to configure a client class for dependency injection and
token-based authentication:
 1. Include the Azure.Identity and Microsoft.Extensions.Azure namespaces via
using directives.

2. Register the Azure service client using the corresponding Add -prefixed extension
method.
3. Pass an appropriate TokenCredential instance to the UseCredential method:

Use DefaultAzureCredential when your app is running locally

Use ManagedIdentityCredential when your app is running in Azure and
configure either the client ID, resource ID, or object ID.

Client ID

The client ID is used to identify a managed identity when configuring applications

or services that need to authenticate using that identity.

1. Retrieve the client ID assigned to a user-assigned managed identity using the

following command:

Azure CLI

az identity show \
--resource-group <resource-group-name> \
--name <identity-name> \
--query 'clientId'

2. Configure ManagedIdentityCredential with the client ID:

C#

builder.Services.AddAzureClients(clientBuilder =>
{
clientBuilder.AddBlobServiceClient(
new Uri("https://<account-name>.blob.core.windows.net"));

TokenCredential credential = null;

if (builder.Environment.IsProduction() ||
builder.Environment.IsStaging())
{
// Managed identity token credential discovered when
running in Azure environments
credential = new ManagedIdentityCredential(
ManagedIdentityId.FromUserAssignedClientId("<client-
id>"));
}
else
{
 // Running locally on dev machine - DO NOT use in
production or outside of local dev
credential = new DefaultAzureCredential();
}

clientBuilder.UseCredential(credential);
});

An alternative to the UseCredential method is to provide the credential to the

service client directly:

C#

TokenCredential credential = null;

if (builder.Environment.IsProduction() ||
builder.Environment.IsStaging())
{
// Managed identity token credential discovered when running in
Azure environments
credential = new ManagedIdentityCredential(
ManagedIdentityId.FromUserAssignedClientId("<client-id>"));
}
else
{
// Running locally on dev machine - DO NOT use in production or
outside of local dev
credential = new DefaultAzureCredential();
}

builder.Services.AddSingleton<BlobServiceClient>(_ =>
new BlobServiceClient(
new Uri("https://<account-name>.blob.core.windows.net"),
credential));

The preceding code behaves differently depending on the environment where it's
running:

On your local development workstation, DefaultAzureCredential looks in the

environment variables for an application service principal or at locally installed
developer tools, such as Visual Studio, for a set of developer credentials.
When deployed to Azure, ManagedIdentityCredential discovers your managed
identity configurations to authenticate to other services automatically.
Authenticate to Azure resources from
.NET apps hosted on-premises
Article • 03/14/2025

Apps hosted outside of Azure, such as on-premises or in a third-party data center,

should use an application service principal through Microsoft Entra ID to authenticate to
Azure services. In the sections ahead, you learn:

How to register an application with Microsoft Entra to create a service principal

How to assign roles to scope permissions
How to authenticate using a service principal from your app code

Using dedicated application service principals allows you to adhere to the principle of
least privilege when accessing Azure resources. Permissions are limited to the specific
requirements of the app during development, preventing accidental access to Azure
resources intended for other apps or services. This approach also helps avoid issues
when the app is moved to production by ensuring it isn't over-privileged in the
development environment.

A different app registration should be created for each environment the app is hosted
in. This allows environment specific resource permissions to be configured for each
service principal and make sure an app deployed to one environment doesn't talk to
Azure resources that are part of another environment.

Register the app in Azure

Application service principal objects are created through an app registration in Azure
using either the Azure portal or Azure CLI.

Azure portal

1. In the Azure portal, use the search bar to navigate to the App registrations
page.

2. On the App registrations page, select + New registration.

3. On the Register an application page:

For the Name field, enter a descriptive value that includes the app name
and the target environment.
 For the Supported account types, select Accounts in this organizational
directory only (Microsoft Customer Led only - Single tenant), or
whichever option best fits your requirements.

4. Select Register to register your app and create the service principal.

5. On the App registration page for your app, copy the Application (client) ID
and Directory (tenant) ID and paste them in a temporary location for later use
in your app code configurations.

6. Select Add a certificate or secret to set up credentials for your app.

7. On the Certificates & secrets page, select + New client secret.

8. In the Add a client secret flyout panel that opens:

For the Description, enter a value of Current.

For the Expires value, leave the default recommended value of 180 days.
Select Add to add the secret.

9. On the Certificates & secrets page, copy the Value property of the client
secret for use in a future step.

７ Note
 The client secret value is only displayed once after the app registration is
created. You can add more client secrets without invalidating this client
secret, but there's no way to display this value again.

Assign roles to the application service principal

Next, determine what roles (permissions) your app needs on what resources and assign
those roles to the service principal you created. Roles can be assigned at the resource,
resource group, or subscription scope. This example shows how to assign roles at the
resource group scope, since most apps group all their Azure resources into a single
resource group.

Azure portal

1. In the Azure portal, navigate to the Overview page of the resource group that
contains your app.

2. Select Access control (IAM) from the left navigation.

3. On the Access control (IAM) page, select + Add and then choose Add role
assignment from the drop-down menu. The Add role assignment page
provides several tabs to configure and assign roles.

4. On the Role tab, use the search box to locate the role you want to assign.
Select the role, and then choose Next.

5. On the Members tab:

For the Assign access to value, select User, group, or service principal .
For the Members value, choose + Select members to open the Select
members flyout panel.
Search for the service principal you created earlier and select it from the
filtered results. Choose Select to select the group and close the flyout
panel.
Select Review + assign at the bottom of the Members tab.
 6. On the Review + assign tab, select Review + assign at the bottom of the
page.

Set the app environment variables

At runtime, certain credentials from the Azure Identity library, such as
DefaultAzureCredential , EnvironmentCredential , and ClientSecretCredential , search

for service principal information by convention in the environment variables. There are
multiple ways to configure environment variables when working with .NET, depending
on your tooling and environment.

Regardless of the approach you choose, configure the following environment variables
for a service principal:

AZURE_CLIENT_ID : Used to identify the registered app in Azure.

AZURE_TENANT_ID : The ID of the Microsoft Entra tenant.

AZURE_CLIENT_SECRET : The secret credential that was generated for the app.

Windows

You can set environment variables for Windows from the command line. However,
the values are accessible to all apps running on that operating system and could
cause conflicts, so use caution with this approach. Environment variables can be set
at the user or system level.

Bash
 # Set user environment variables
setx ASPNETCORE_ENVIRONMENT "Development"
setx AZURE_CLIENT_ID "<your-client-id>"
setx AZURE_TENANT_ID "<your-tenant-id>"
setx AZURE_CLIENT_SECRET "<your-client-secret>"

# Set system environment variables - requires running as admin

setx ASPNETCORE_ENVIRONMENT "Development" /m
setx AZURE_CLIENT_ID "<your-client-id>" /m
setx AZURE_TENANT_ID "<your-tenant-id>" /m
setx AZURE_CLIENT_SECRET "<your-client-secret>" /m

PowerShell can also be used to set environment variables at the user or system
level:

PowerShell

# Set user environment variables

[Environment]::SetEnvironmentVariable("ASPNETCORE_ENVIRONMENT",
"Development", "User")
[Environment]::SetEnvironmentVariable("AZURE_CLIENT_ID", "<your-client-
id>", "User")
[Environment]::SetEnvironmentVariable("AZURE_TENANT_ID", "<your-tenant-
id>", "User")
[Environment]::SetEnvironmentVariable("AZURE_CLIENT_SECRET", "<your-
client-secret>", "User")

# Set system environment variables - requires running as admin

[Environment]::SetEnvironmentVariable("ASPNETCORE_ENVIRONMENT",
"Development", "Machine")
[Environment]::SetEnvironmentVariable("AZURE_CLIENT_ID", "<your-client-
id>", "Machine")
[Environment]::SetEnvironmentVariable("AZURE_TENANT_ID", "<your-tenant-
id>", "Machine")
[Environment]::SetEnvironmentVariable("AZURE_CLIENT_SECRET", "<your-
client-secret>", "Machine")

Authenticate to Azure services from your app

The Azure Identity library provides various credentials—implementations of
TokenCredential adapted to supporting different scenarios and Microsoft Entra

authentication flows. The steps ahead demonstrate how to use ClientSecretCredential

when working with service principals locally and in production.

Implement the code

Add the Azure.Identity package. In an ASP.NET Core project, also install the
Microsoft.Extensions.Azure package:

Command Line

In a terminal of your choice, navigate to the application project directory and run
the following commands:

.NET CLI

dotnet add package Azure.Identity

dotnet add package Microsoft.Extensions.Azure

Azure services are accessed using specialized client classes from the various Azure SDK
client libraries. These classes and your own custom services should be registered for
dependency injection so they can be used throughout your app. In Program.cs ,
complete the following steps to configure a client class for dependency injection and
token-based authentication:

1. Include the Azure.Identity and Microsoft.Extensions.Azure namespaces via

using directives.

2. Register the Azure service client using the corresponding Add -prefixed extension
method.
3. Configure ClientSecretCredential with the tenantId , clientId , and clientSecret .
4. Pass the ClientSecretCredential instance to the UseCredential method.

C#

builder.Services.AddAzureClients(clientBuilder =>
{
var tenantId = Environment.GetEnvironmentVariable("AZURE_TENANT_ID");
var clientId = Environment.GetEnvironmentVariable("AZURE_CLIENT_ID");
var clientSecret =
Environment.GetEnvironmentVariable("AZURE_CLIENT_SECRET");

clientBuilder.AddBlobServiceClient(
new Uri("https://<account-name>.blob.core.windows.net"));

clientBuilder.UseCredential(new ClientSecretCredential(tenantId,
clientId, clientSecret));
});

An alternative to the UseCredential method is to provide the credential to the service

client directly:
C#

var tenantId = Environment.GetEnvironmentVariable("AZURE_TENANT_ID");

var clientId = Environment.GetEnvironmentVariable("AZURE_CLIENT_ID");
var clientSecret =
Environment.GetEnvironmentVariable("AZURE_CLIENT_SECRET");

builder.Services.AddSingleton<BlobServiceClient>(_ =>
new BlobServiceClient(
new Uri("https://<account-name>.blob.core.windows.net"),
new ClientSecretCredential(tenantId, clientId, clientSecret)));
Create Azure Identity library credentials
via configuration files
Article • 03/15/2025

The Azure client library integration for ASP.NET Core ( Microsoft.Extensions.Azure )

supports creating different Azure.Core.TokenCredential types from key-value pairs
defined in appsettings.json and other configuration files. The credentials correspond to a
subset of the credential classes in the Azure Identity client library. This article describes
the support for different TokenCredential types and how to configure the required key-
value pairs for each type.

Support for Azure credentials through

configuration
Microsoft.Extensions.Azure can automatically provide Azure service clients with a

TokenCredential class by searching appsettings.json or other configuration files for

credential values using the IConfiguration abstraction for .NET. This approach allows
developers to explicitly set credential values across different environments through
configuration rather than through app code directly.

The following credentials can be created via configuration:

AzurePipelinesCredential
ClientCertificateCredential
ClientSecretCredential
DefaultAzureCredential
ManagedIdentityCredential
WorkloadIdentityCredential

Configure Azure credentials

Azure service clients registered with the AddAzureClients method are automatically
configured with an instance of DefaultAzureCredential if no explicit credential is
supplied via the WithCredential extension method. You can also override the global
DefaultAzureCredential using credential values from configuration files when
registering a client to create a specific credential:

C#
 builder.Services.AddAzureClients(clientBuilder =>
{
// Register BlobServiceClient using credential from appsettings.json

clientBuilder.AddBlobServiceClient(builder.Configuration.GetSection("Storage
"));

// Register ServiceBusClient using the fallback DefaultAzureCredential

clientBuilder.AddServiceBusClientWithNamespace(
"<your_namespace>.servicebus.windows.net");
});

The associated appsettings.json file:

JSON

"Storage": {
"serviceUri": "<service_uri>",
"credential": "managedidentity",
"clientId": "<client_id>"
}

The following credentials also support the AdditionallyAllowedTenants property, which

specifies Microsoft Entra tenants beyond the default tenant for which the credential can
acquire tokens:

AzurePipelinesCredential
ClientCertificateCredential
ClientSecretCredential
DefaultAzureCredential
WorkloadIdentityCredential

Add the wildcard value * to allow the credential to acquire tokens for any Microsoft
Entra tenant the logged in account can access. If no tenant IDs are specified, this option
has no effect on that authentication method, and the credential will acquire tokens for
any requested tenant when using that method.

JSON

{
"additionallyAllowedTenants": "<tenant_ids_separated_by_semicolon>"
}

Create an instance of ManagedIdentityCredential

You can create both user-assigned and system-assigned managed identities using
configuration values. To create an instance of Azure.Identity.ManagedIdentityCredential,
add the following key-value pairs to your appsettings.json file.

User-assigned managed identities

A user-assigned managed identity can be used by providing a client ID, resource ID, or
object ID.

Client ID

JSON

{
"credential": "managedidentity",
"clientId": "<client_id>"
}

System-assigned managed identities

JSON

{
"credential": "managedidentity"
}

Create an instance of AzurePipelinesCredential

To create an instance of Azure.Identity.AzurePipelinesCredential, add the following key-
value pairs to your appsettings.json file:

JSON

{
"credential": "azurepipelines",
"clientId": "<client_id>",
"tenantId": "<tenant_id>",
"serviceConnectionId": "<service_connection_id>",
"systemAccessToken": "<system_access_token>"
}

） Important
 AzurePipelinesCredential is supported in Microsoft.Extensions.Azure versions

1.11.0 and later.

Create an instance of WorkloadIdentityCredential

To create an instance of Azure.Identity.WorkloadIdentityCredential, add the following
key-value pairs to your appsettings.json file:

JSON

{
"credential": "workloadidentity",
"tenantId": "<tenant_id>",
"clientId": "<client_id>",
"tokenFilePath": "<token_file_path>"
}

Create an instance of ClientSecretCredential

To create an instance of Azure.Identity.ClientSecretCredential, add the following key-
value pairs to your appsettings.json file:

JSON

{
"tenantId": "<tenant_id>",
"clientId": "<client_id>",
"clientSecret": "<client_secret>"
}

Create an instance of ClientCertificateCredential

To create an instance of Azure.Identity.ClientCertificateCredential, add the following key-
value pairs to your appsettings.json file:

JSON

{
"tenantId": "<tenant_id>",
"clientId": "<client_id>",
"clientCertificate": "<client_certificate>",
"clientCertificateStoreLocation": "<client_certificate_store_location>"
}
 ７ Note

The clientCertificateStoreLocation key is optional. If the key:

Is present and has an empty value, it's ignored.

Isn't present, the default CurrentUser is used from the
X509Credentials.StoreLocation enum.

Create an instance of DefaultAzureCredential

To create an instance of Azure.Identity.DefaultAzureCredential, add the following key-
value pairs to your appsettings.json file:

JSON

{
"tenantId": "<tenant_id>",
"clientId": "<client_id>",
"managedIdentityResourceId": "<managed_identity_resource_id>"
}
Additional methods to authenticate to
Azure resources from .NET apps
Article • 03/15/2025

This article lists additional methods apps may use to authenticate to Azure resources.
The methods on this page are less commonly used; when possible, use one of the
methods outlined in authenticating .NET apps to Azure using the Azure SDK overview.

Interactive browser authentication

This method interactively authenticates an application through
InteractiveBrowserCredential by collecting user credentials in the default system.

Interactive browser authentication enables the application for all operations allowed by
the interactive login credentials. As a result, if you're the owner or administrator of your
subscription, your code has inherent access to most resources in that subscription
without having to assign any specific permissions. For this reason, the use of interactive
browser authentication is discouraged for anything but experimentation.

Enable applications for interactive browser authentication

Perform the following steps to enable the application to authenticate through the
interactive browser flow. These steps also work for the device code authentication flow
described later. This process is only necessary if you are using
InteractiveBrowserCredential in your code.

1. In the Azure portal , navigate to Microsoft Entra ID and select App registrations
on the left navigation.

2. Select the registration for your app, then select Authentication.

3. Under Advanced settings, select Yes for Allow public client flows.

4. Select Save to apply the changes.

5. To authorize the application for specific resources, navigate to the resource in

question, select API Permissions, and enable Microsoft Graph and other resources
you want to access. Microsoft Graph is usually enabled by default.

） Important
 You must also be the admin of your tenant to grant consent to your
application when you sign in for the first time.

Example using InteractiveBrowserCredential

The following example demonstrates using an InteractiveBrowserCredential to
authenticate with the BlobServiceClient:

C#

using Azure.Identity;
using Azure.Storage.Blobs;

namespace InteractiveBrokeredAuthSample
{
public partial class InteractiveBrowserAuth : Form
{
public InteractiveBrowserAuth()
{
InitializeComponent();
}

private void testInteractiveBrowserAuth_Click(object sender,

EventArgs e)
{
var client = new BlobServiceClient(
new Uri("https://<storage-account-
name>.blob.core.windows.net"),
new InteractiveBrowserCredential());

foreach (var blobItem in client.GetBlobContainers())

{
Console.WriteLine(blobItem.Name);
}
}
}
}

For more exact control, such as setting redirect URIs, you can supply specific arguments
to InteractiveBrowserCredential such as redirect_uri .

Interactive brokered authentication

This method interactively authenticates an application through
InteractiveBrowserCredential by collecting user credentials using the system
authentication broker. A system authentication broker is an app running on a user's
machine that manages the authentication handshakes and token maintenance for all
connected accounts. Currently, only the Windows authentication broker, Web Account
Manager (WAM), is supported. Users on macOS and Linux will be authenticated through
the non-brokered interactive browser flow.

WAM enables identity providers such as Microsoft Entra ID to natively plug into the OS
and provide the service to other apps to provide a more secure login process. WAM
offers the following benefits:

Feature support: Apps can access OS-level and service-level capabilities, including
Windows Hello, conditional access policies, and FIDO keys.
Streamlined single sign-on: Apps can use the built-in account picker, allowing the
user to select an existing account instead of repeatedly entering the same
credentials.
Enhanced security: Bug fixes and enhancements ship with Windows.
Token protection: Refresh tokens are device-bound, and apps can acquire device-
bound access tokens.

Interactive brokered authentication enables the application for all operations allowed by
the interactive login credentials. Personal Microsoft accounts and work or school
accounts are supported. If a supported version of Windows is used, the default browser-
based UI is replaced with a smoother authentication experience, similar to Windows
built-in apps.

Enable applications for interactive brokered

authentication
Perform the following steps to enable the application to authenticate through the
interactive broker flow.

1. On the Azure portal , navigate to Microsoft Entra ID and select App registrations
on the left-hand menu.

2. Select the registration for your app, then select Authentication.

3. Add the WAM redirect URI to your app registration via a platform configuration:

a. Under Platform configurations, select + Add a platform.

b. Under Configure platforms, select the tile for your application type (platform)
to configure its settings, such as mobile and desktop applications.

c. In Custom redirect URIs, enter the following WAM redirect URI:

 text

ms-appx-web://microsoft.aad.brokerplugin/{client_id}

The {client_id} placeholder must be replaced with the Application (client) ID

listed on the Overview pane of the app registration.

d. Select Configure.

To learn more, see Add a redirect URI to an app registration.

4. Back on the Authentication pane, under Advanced settings, select Yes for Allow
public client flows.

5. Select Save to apply the changes.

6. To authorize the application for specific resources, navigate to the resource in

question, select API Permissions, and enable Microsoft Graph and other resources
you want to access. Microsoft Graph is usually enabled by default.

） Important

You must also be the admin of your tenant to grant consent to your
application when you sign in for the first time.

Example using InteractiveBrowserCredential

The following example demonstrates using an InteractiveBrowserCredential in a
Windows Forms app to authenticate with the BlobServiceClient:

C#

using Azure.Identity;
using Azure.Identity.Broker;
using Azure.Storage.Blobs;

namespace InteractiveBrokeredAuthSample
{
public partial class InteractiveBrokeredAuth : Form
{
public InteractiveBrokeredAuth()
{
InitializeComponent();
}

private void testInteractiveBrokeredAuth_Click(object sender,

 EventArgs e)
{
// Get the handle of the current window
IntPtr windowHandle = this.Handle;

var credential = new InteractiveBrowserCredential(

new
InteractiveBrowserCredentialBrokerOptions(windowHandle));

// To authenticate and authorize with an Entra ID app

registration, substitute the
// <app_id> and <tenant_id> placeholders with the values for
your app and tenant.
// var credential = new InteractiveBrowserCredential(
// new
InteractiveBrowserCredentialBrokerOptions(windowHandle)
// {
// TenantId = "your-tenant-id",
// ClientId = "your-client-id"
// }
// );

var client = new BlobServiceClient(

new Uri("https://<storage-account-
name>.blob.core.windows.net/"),
credential
);

// Prompt for credentials appears on first use of the client

foreach (var container in client.GetBlobContainers())
{
Console.WriteLine(container.Name);
}
}
}
}

７ Note

Visit the Parent window handles and Retrieve a window handle articles for more
information about retrieving window handles.

For the code to run successfully, your user account must be assigned an Azure role on
the storage account that allows access to blob containers such as Storage Account Data
Contributor. If an app is specified, it must have API permissions set for
user_impersonation Access Azure Storage (step 6 in the previous section). This API
permission allows the app to access Azure storage on behalf of the signed-in user after
consent is granted during sign-in.
The following screenshot shows the user sign-in experience:

Authenticate the default system account via WAM

Many people always sign in to Windows with the same user account and, therefore, only
ever want to authenticate using that account. WAM and InteractiveBrowserCredential
also support a silent login process that automatically uses a default account so the user
doesn't have to repeatedly select it.

The following example shows how to enable sign-in with the default system account:

C#

using Azure.Identity;
using Azure.Identity.Broker;
using Azure.Storage.Blobs;

namespace InteractiveBrokeredAuthSample
 {
public partial class SilentBrokeredAuth : Form
{
public SilentBrokeredAuth()
{
InitializeComponent();
}

private void testSilentBrokeredAuth_Click(object sender, EventArgs

e)
{
// Get the handle of the current window
IntPtr windowHandle = this.Handle;

var credential = new InteractiveBrowserCredential(

new InteractiveBrowserCredentialBrokerOptions(windowHandle)
{
// Enable silent brokered authentication using the
default account
UseDefaultBrokerAccount = true,
});

// To authenticate and authorize with an app, substitute the

// <app_id> and <tenant_id> placeholders with the values for
your app and tenant.
// var credential = new InteractiveBrowserCredential(
// new
InteractiveBrowserCredentialBrokerOptions(windowHandle)
// {
// TenantId = "your-tenant-id",
// ClientId = "your-client-id"
// }
// );

var client = new BlobServiceClient(

new Uri("https://<storage-account-
name>.blob.core.windows.net/"),
credential
);

// Prompt for credentials appears on first use of the client

foreach (var container in client.GetBlobContainers())
{
Console.WriteLine(container.Name);
}
}
}
}

Once you opt in to this behavior, the credential attempts to sign in by asking the
underlying Microsoft Authentication Library (MSAL) to perform the sign-in for the
default system account. If the sign-in fails, the credential falls back to displaying the
account picker dialog, from which the user can select the appropriate account.
Device code authentication
This method interactively authenticates a user on devices with limited UI (typically
devices without a keyboard):

1. When the application attempts to authenticate, the credential prompts the user
with a URL and an authentication code.
2. The user visits the URL on a separate browser-enabled device (a computer,
smartphone, etc.) and enters the code.
3. The user follows a normal authentication process in the browser.
4. Upon successful authentication, the application is authenticated on the device.

For more information, see Microsoft identity platform and the OAuth 2.0 device
authorization grant flow.

Device code authentication in a development environment enables the application for

all operations allowed by the interactive login credentials. As a result, if you're the owner
or administrator of your subscription, your code has inherent access to most resources
in that subscription without having to assign any specific permissions. However, you can
use this method with a specific client ID, rather than the default, for which you can
assign specific permissions.
Credential chains in the Azure Identity
library for .NET
Article • 02/13/2025

The Azure Identity library provides credentials—public classes derived from the Azure
Core library's TokenCredential class. A credential represents a distinct authentication
flow for acquiring an access token from Microsoft Entra ID. These credentials can be
chained together to form an ordered sequence of authentication mechanisms to be
attempted.

How a chained credential works

At runtime, a credential chain attempts to authenticate using the sequence's first
credential. If that credential fails to acquire an access token, the next credential in the
sequence is attempted, and so on, until an access token is successfully obtained. The
following sequence diagram illustrates this behavior:

.NET app Credential chain TokenCredential instance

Authenticate to Microsoft Entra ID

1

GetToken
2

loop [Traverse
TokenCredential
collection until
AccessToken received]

Fetch token
3

GetToken
4

break [when Result is

AccessToken]

Result
5

AccessToken
6

.NET app Credential chain TokenCredential instance

Why use credential chains
A chained credential can offer the following benefits:

Environment awareness: Automatically selects the most appropriate credential

based on the environment in which the app is running. Without it, you'd have to
write code like this:

C#

TokenCredential credential;

if (app.Environment.IsProduction() || app.Environment.IsStaging())
{
credential = new ManagedIdentityCredential(

ManagedIdentityId.FromUserAssignedClientId(userAssignedClientId));
}
else
{
// local development environment
credential = new VisualStudioCredential();
}

Seamless transitions: Your app can move from local development to your staging
or production environment without changing authentication code.

Improved resiliency: Includes a fallback mechanism that moves to the next

credential when the prior fails to acquire an access token.

How to choose a chained credential

There are two disparate philosophies to credential chaining:

"Tear down" a chain: Start with a preconfigured chain and exclude what you don't
need. For this approach, see the DefaultAzureCredential overview section.
"Build up" a chain: Start with an empty chain and include only what you need. For
this approach, see the ChainedTokenCredential overview section.

DefaultAzureCredential overview
DefaultAzureCredential is an opinionated, preconfigured chain of credentials. It's
designed to support many environments, along with the most common authentication
flows and developer tools. In graphical form, the underlying chain looks like this:
 CREDENTIALS

Environment Workload Identity Managed Identity Visual Studio Azure CLI Azure PowerShell Azure Developer CLI Interactive browser

CREDENTIAL TYPES

Deployed service Developer tool Interactive

The order in which DefaultAzureCredential attempts credentials follows.

ﾉ Expand table

Order Credential Description Enabled

by
default?

1 Environment Reads a collection of environment variables to determine Yes

if an application service principal (application user) is
configured for the app. If so, DefaultAzureCredential uses
these values to authenticate the app to Azure. This method
is most often used in server environments but can also be
used when developing locally.

2 Workload If the app is deployed to an Azure host with Workload Yes

Identity Identity enabled, authenticate that account.

3 Managed If the app is deployed to an Azure host with Managed Yes

Identity Identity enabled, authenticate the app to Azure using that
Managed Identity.

4 Visual Studio If the developer authenticated to Azure by logging into Yes

Visual Studio, authenticate the app to Azure using that same
account.

5 Azure CLI If the developer authenticated to Azure using Azure CLI's az Yes
login command, authenticate the app to Azure using that
same account.

6 Azure If the developer authenticated to Azure using Azure Yes

PowerShell PowerShell's Connect-AzAccount cmdlet, authenticate the
app to Azure using that same account.

7 Azure If the developer authenticated to Azure using Azure Yes

Developer Developer CLI's azd auth login command, authenticate
CLI with that account.

8 Interactive If enabled, interactively authenticate the developer via the No

browser current system's default browser.

In its simplest form, you can use the parameterless version of DefaultAzureCredential as
follows:
 C#

builder.Services.AddAzureClients(clientBuilder =>
{
clientBuilder.AddSecretClient(
new Uri($"https://{keyVaultName}.vault.azure.net"));
clientBuilder.AddBlobServiceClient(
new Uri($"https://{storageAccountName}.blob.core.windows.net"));

DefaultAzureCredential credential = new();

clientBuilder.UseCredential(credential);
});

 Tip

The UseCredential method in the preceding code snippet is recommended for use
in ASP.NET Core apps. For more information, see Use the Azure SDK for .NET in
ASP.NET Core apps.

How to customize DefaultAzureCredential

To remove a credential from DefaultAzureCredential , use the corresponding Exclude -
prefixed property in DefaultAzureCredentialOptions. For example:

C#

builder.Services.AddAzureClients(clientBuilder =>
{
clientBuilder.AddSecretClient(
new Uri($"https://{keyVaultName}.vault.azure.net"));
clientBuilder.AddBlobServiceClient(
new Uri($"https://{storageAccountName}.blob.core.windows.net"));

clientBuilder.UseCredential(new DefaultAzureCredential(
new DefaultAzureCredentialOptions
{
ExcludeEnvironmentCredential = true,
ExcludeManagedIdentityCredential = true,
ExcludeWorkloadIdentityCredential = true,
}));
});

In the preceding code sample, EnvironmentCredential , ManagedIdentityCredential , and

WorkloadIdentityCredential are removed from the credential chain. As a result, the first
credential to be attempted is VisualStudioCredential . The modified chain contains only
development-time credentials and looks like this:

Visual Studio Azure CLI Azure PowerShell Azure Developer CLI

７ Note

InteractiveBrowserCredential is excluded by default and therefore isn't shown in

the preceding diagram. To include InteractiveBrowserCredential , either pass true

to constructor DefaultAzureCredential(Boolean) or set property
DefaultAzureCredentialOptions.ExcludeInteractiveBrowserCredential to false .

As more Exclude -prefixed properties are set to true (credential exclusions are
configured), the advantages of using DefaultAzureCredential diminish. In such cases,
ChainedTokenCredential is a better choice and requires less code. To illustrate, these two

code samples behave the same way:

DefaultAzureCredential

C#

credential = new DefaultAzureCredential(

new DefaultAzureCredentialOptions
{
ExcludeEnvironmentCredential = true,
ExcludeWorkloadIdentityCredential = true,
ExcludeManagedIdentityCredential = true,
ExcludeAzurePowerShellCredential = true,
ExcludeAzureDeveloperCliCredential = true,
});

ChainedTokenCredential overview
ChainedTokenCredential is an empty chain to which you add credentials to suit your
app's needs. For example:

C#

builder.Services.AddAzureClients(clientBuilder =>
{
clientBuilder.AddSecretClient(
 new Uri($"https://{keyVaultName}.vault.azure.net"));
clientBuilder.AddBlobServiceClient(
new Uri($"https://{storageAccountName}.blob.core.windows.net"));

clientBuilder.UseCredential(new ChainedTokenCredential(
new AzurePowerShellCredential(),
new VisualStudioCredential()));
});

The preceding code sample creates a tailored credential chain comprised of two
development-time credentials. AzurePowerShellCredential is attempted first, followed
by VisualStudioCredential , if necessary. In graphical form, the chain looks like this:

Azure PowerShell Visual Studio

 Tip

For improved performance, optimize credential ordering in ChainedTokenCredential

from most to least used credential.

Usage guidance for DefaultAzureCredential

DefaultAzureCredential is undoubtedly the easiest way to get started with the Azure

Identity library, but with that convenience comes tradeoffs. Once you deploy your app
to Azure, you should understand the app's authentication requirements. For that reason,
replace DefaultAzureCredential with a specific TokenCredential implementation, such
as ManagedIdentityCredential . See the Derived list for options.

Here's why:

Debugging challenges: When authentication fails, it can be challenging to debug

and identify the offending credential. You must enable logging to see the
progression from one credential to the next and the success/failure status of each.
For more information, see Debug a chained credential.
Performance overhead: The process of sequentially trying multiple credentials can
introduce performance overhead. For example, when running on a local
development machine, managed identity is unavailable. Consequently,
ManagedIdentityCredential always fails in the local development environment,

unless explicitly disabled via its corresponding Exclude -prefixed property.

 Unpredictable behavior: DefaultAzureCredential checks for the presence of
certain environment variables . It's possible that someone could add or modify
these environment variables at the system level on the host machine. Those
changes apply globally and therefore alter the behavior of DefaultAzureCredential
at runtime in any app running on that machine. For more information on
unpredictability, see Use deterministic credentials in production environments.

Debug a chained credential

To diagnose an unexpected issue or to understand what a chained credential is doing,
enable logging in your app. Optionally, filter the logs to only those events emitted from
the Azure Identity library. For example:

C#

using AzureEventSourceListener listener = new((args, message) =>

{
if (args is { EventSource.Name: "Azure-Identity" })
{
Console.WriteLine(message);
}
}, EventLevel.LogAlways);

For illustration purposes, assume the parameterless form of DefaultAzureCredential was

used to authenticate a request to a Log Analytics workspace. The app ran in the local
development environment, and Visual Studio was authenticated to an Azure account.
The next time the app ran, the following pertinent entries appeared in the output:

Output

DefaultAzureCredential.GetToken invoked. Scopes: [

https://api.loganalytics.io//.default ] ParentRequestId: d7ef15d1-50f8-451d-
afeb-6b06297a3342
EnvironmentCredential.GetToken invoked. Scopes: [
https://api.loganalytics.io//.default ] ParentRequestId: d7ef15d1-50f8-451d-
afeb-6b06297a3342
EnvironmentCredential.GetToken was unable to retrieve an access token.
Scopes: [ https://api.loganalytics.io//.default ] ParentRequestId: d7ef15d1-
50f8-451d-afeb-6b06297a3342 Exception:
Azure.Identity.CredentialUnavailableException (0x80131500):
EnvironmentCredential authentication unavailable. Environment variables are
not fully configured. See the troubleshooting guide for more information.
https://aka.ms/azsdk/net/identity/environmentcredential/troubleshoot
WorkloadIdentityCredential.GetToken invoked. Scopes: [
https://api.loganalytics.io//.default ] ParentRequestId: d7ef15d1-50f8-451d-
afeb-6b06297a3342
WorkloadIdentityCredential.GetToken was unable to retrieve an access token.
 Scopes: [ https://api.loganalytics.io//.default ] ParentRequestId: d7ef15d1-
50f8-451d-afeb-6b06297a3342 Exception:
Azure.Identity.CredentialUnavailableException (0x80131500):
WorkloadIdentityCredential authentication unavailable. The workload options
are not fully configured. See the troubleshooting guide for more
information.
https://aka.ms/azsdk/net/identity/workloadidentitycredential/troubleshoot
ManagedIdentityCredential.GetToken invoked. Scopes: [
https://api.loganalytics.io//.default ] ParentRequestId: d7ef15d1-50f8-451d-
afeb-6b06297a3342
ManagedIdentityCredential.GetToken was unable to retrieve an access token.
Scopes: [ https://api.loganalytics.io//.default ] ParentRequestId: d7ef15d1-
50f8-451d-afeb-6b06297a3342 Exception:
Azure.Identity.CredentialUnavailableException (0x80131500):
ManagedIdentityCredential authentication unavailable. No response received
from the managed identity endpoint.
VisualStudioCredential.GetToken invoked. Scopes: [
https://api.loganalytics.io//.default ] ParentRequestId: d7ef15d1-50f8-451d-
afeb-6b06297a3342
VisualStudioCredential.GetToken succeeded. Scopes: [
https://api.loganalytics.io//.default ] ParentRequestId: d7ef15d1-50f8-451d-
afeb-6b06297a3342 ExpiresOn: 2024-08-13T17:16:50.8023621+00:00
DefaultAzureCredential credential selected:
Azure.Identity.VisualStudioCredential
DefaultAzureCredential.GetToken succeeded. Scopes: [
https://api.loganalytics.io//.default ] ParentRequestId: d7ef15d1-50f8-451d-
afeb-6b06297a3342 ExpiresOn: 2024-08-13T17:16:50.8023621+00:00

In the preceding output, notice that:

EnvironmentCredential , WorkloadIdentityCredential , and

ManagedIdentityCredential each failed to acquire a Microsoft Entra access token,

in that order.
The DefaultAzureCredential credential selected: -prefixed entry indicates the
credential that was selected— VisualStudioCredential in this case. Since
VisualStudioCredential succeeded, no credentials beyond it were used.
Authentication best practices with the
Azure Identity library for .NET
Article • 02/15/2025

This article offers guidelines to help you maximize the performance and reliability of
your .NET apps when authenticating to Azure services. To make the most of the Azure
Identity library for .NET, it's important to understand potential issues and mitigation
techniques.

Use deterministic credentials in production

environments
DefaultAzureCredential is the most approachable way to get started with the Azure
Identity library, but that convenience also introduces certain tradeoffs. Most notably, the
specific credential in the chain that will succeed and be used for request authentication
can't be guaranteed ahead of time. In a production environment, this unpredictability
can introduce significant and sometimes subtle problems.

For example, consider the following hypothetical sequence of events:

1. An organization's security team mandates all apps use managed identity to

authenticate to Azure resources.
2. For months, a .NET app hosted on an Azure Virtual Machine (VM) successfully uses
DefaultAzureCredential to authenticate via managed identity.

3. Without telling the support team, a developer installs the Azure CLI on that VM
and runs the az login command to authenticate to Azure.
4. Due to a separate configuration change in the Azure environment, authentication
via the original managed identity unexpectedly begins to fail silently.
5. DefaultAzureCredential skips the failed ManagedIdentityCredential and searches
for the next available credential, which is AzureCliCredential .
6. The application starts utilizing the Azure CLI credentials rather than the managed
identity, which may fail or result in unexpected elevation or reduction of privileges.

To prevent these types of subtle issues or silent failures in production apps, replace
DefaultAzureCredential with a specific TokenCredential implementation, such as

ManagedIdentityCredential . See the Derived list for options.

For example, consider the following DefaultAzureCredential configuration in an

ASP.NET Core project:
 C#

builder.Services.AddAzureClients(clientBuilder =>
{
clientBuilder.AddSecretClient(
new Uri($"https://{keyVaultName}.vault.azure.net"));
clientBuilder.AddBlobServiceClient(
new Uri($"https://{storageAccountName}.blob.core.windows.net"));

DefaultAzureCredential credential = new();

clientBuilder.UseCredential(credential);
});

Modify the preceding code to select a credential based on the environment in which the
app is running:

C#

builder.Services.AddAzureClients(clientBuilder =>
{
clientBuilder.AddSecretClient(
new Uri($"https://{keyVaultName}.vault.azure.net"));
clientBuilder.AddBlobServiceClient(
new Uri($"https://{storageAccountName}.blob.core.windows.net"));

TokenCredential credential;

if (builder.Environment.IsProduction() ||
builder.Environment.IsStaging())
{
string? clientId = builder.Configuration["UserAssignedClientId"];
credential = new ManagedIdentityCredential(
ManagedIdentityId.FromUserAssignedClientId(clientId));
}
else
{
// local development environment
credential = new ChainedTokenCredential(
new VisualStudioCredential(),
new AzureCliCredential(),
new AzurePowerShellCredential());
}

clientBuilder.UseCredential(credential);
});

In this example, only ManagedIdentityCredential is used in production. The local

development environment's authentication needs are then serviced by the sequence of
credentials defined in the else clause.
Reuse credential instances
Reuse credential instances when possible to improve app resilience and reduce the
number of access token requests issued to Microsoft Entra ID. When a credential is
reused, an attempt is made to fetch a token from the app token cache managed by the
underlying MSAL dependency. For more information, see Token caching in the Azure
Identity client library .

） Important

A high-volume app that doesn't reuse credentials may encounter HTTP 429
throttling responses from Microsoft Entra ID, which can lead to app outages.

The recommended credential reuse strategy differs by .NET application type.

ASP.NET Core

To implement credential reuse, use the UseCredential method from

Microsoft.Extensions.Azure . Consider an ASP.NET Core app hosted on Azure App

Service in both production and staging environments. Environment variable

ASPNETCORE_ENVIRONMENT is set to either Production or Staging to differentiate

between these two non-development environments. In both production and

staging, the user-assigned variant of ManagedIdentityCredential is used to
authenticate the Key Vault Secrets and Blob Storage clients.

When the app runs on a local development machine, where

ASPNETCORE_ENVIRONMENT is set to Development , a chained sequence of developer

tool credentials is used instead. This approach ensures environment-appropriate

credentials are used, enhancing security and simplifying credential management.

C#

builder.Services.AddAzureClients(clientBuilder =>
{
clientBuilder.AddSecretClient(
new Uri($"https://{keyVaultName}.vault.azure.net"));
clientBuilder.AddBlobServiceClient(
new Uri($"https://{storageAccountName}.blob.core.windows.net"));

TokenCredential credential;

if (builder.Environment.IsProduction() ||
builder.Environment.IsStaging())
{
 string? clientId =
builder.Configuration["UserAssignedClientId"];
credential = new ManagedIdentityCredential(
ManagedIdentityId.FromUserAssignedClientId(clientId));
}
else
{
// local development environment
credential = new ChainedTokenCredential(
new VisualStudioCredential(),
new AzureCliCredential(),
new AzurePowerShellCredential());
}

clientBuilder.UseCredential(credential);
});

For information on this approach in an ASP.NET Core app, see Authenticate using
Microsoft Entra ID.

Understand when token lifetime and caching

logic is needed
If you use an Azure Identity library credential outside the context of an Azure SDK client
library that depends on Azure Core, it becomes your responsibility to manage token
lifetime and caching behavior in your app.

The RefreshOn property on AccessToken , which provides a hint to consumers as to when

token refresh can be attempted, will be automatically used by Azure SDK client libraries
that depend on the Azure Core library to refresh the token. For direct usage of Azure
Identity library credentials that support token caching , the underlying MSAL cache
automatically refreshes proactively when the RefreshOn time occurs. This design allows
the client code to call GetToken each time a token is needed and delegate the refresh to
the library.

To only call GetToken when necessary, observe the RefreshOn date and proactively
attempt to refresh the token after that time. The specific implementation is up to the
customer.

Understand the managed identity retry

strategy
The Azure Identity library for .NET allows you to authenticate via managed identity with
ManagedIdentityCredential . The way in which you use ManagedIdentityCredential

impacts the applied retry strategy. When used via:

DefaultAzureCredential , no retries are attempted when the initial token

acquisition attempt fails or times out after a short duration. This is the least
resilient option because it's optimized to "fail fast" for an efficient development
inner loop.
Any other approach, such as ChainedTokenCredential or
ManagedIdentityCredential directly:

The time interval between retries starts at 0.8 seconds, and a maximum of five
retries are attempted, by default. This option is optimized for resilience but
introduces potentially unwanted delays in the development inner loop.

To change any of the default retry settings, use the Retry property on
ManagedIdentityCredentialOptions . For example, retry a maximum of three

times, with a starting interval of 0.5 seconds:

C#

ManagedIdentityCredentialOptions miCredentialOptions = new(

ManagedIdentityId.FromUserAssignedClientId(clientId)
)
{
Retry =
{
MaxRetries = 3,
Delay = TimeSpan.FromSeconds(0.5),
}
};

ManagedIdentityCredential miCredential = new(miCredentialOptions);

For more information on customizing retry policies, see Setting a custom retry policy .
Use the Azure SDK for .NET in ASP.NET
Core apps
Article • 11/16/2024

The Azure SDK for .NET enables ASP.NET Core apps to integrate with many different
Azure services. In this article, you'll learn best practices and the steps to adopt the Azure
SDK for .NET in your ASP.NET Core apps. You'll learn how to:

Register services for dependency injection.

Authenticate to Azure without using passwords or secrets.
Implement centralized, standardized configuration.
Configure common web app concerns such as logging and retries.

Explore common Azure SDK client libraries

ASP.NET Core apps that connect to Azure services generally depend on the following
Azure SDK client libraries:

Microsoft.Extensions.Azure provides helper methods to register clients with the

dependency injection service collection and handles various concerns for you, such
as setting up logging, handling DI service lifetimes, and authentication credential
management.
Azure.Identity enables Microsoft Entra ID authentication support across the
Azure SDK. It provides a set of TokenCredential implementations to construct
Azure SDK clients that support Microsoft Entra authentication.
Azure.<service-namespace> libraries, such as Azure.Storage.Blobs and
Azure.Messaging.ServiceBus , provide service clients and other types to help you
connect to and consume specific Azure services. For a complete inventory of these
libraries, see Libraries using Azure.Core.

In the sections ahead, you'll explore how to implement an ASP.NET Core application that
uses these libraries.

Register Azure SDK clients with the DI service

collection
The Azure SDK for .NET client libraries provide service clients to connect your app to
Azure services such as Azure Blob Storage and Azure Key Vault. Register these services
with the dependency container in the Program.cs file of your app to make them
available via dependency injection.

Complete the following steps to register the services you need:

1. Add the Microsoft.Extensions.Azure package:

.NET CLI

dotnet add package Microsoft.Extensions.Azure

2. Add the relevant Azure.* service client packages:

.NET CLI

dotnet add package Azure.Security.KeyVault.Secrets

dotnet add package Azure.Storage.Blobs
dotnet add package Azure.Messaging.ServiceBus

3. In the Program.cs file of your app, invoke the AddAzureClients extension method
from the Microsoft.Extensions.Azure library to register a client to communicate
with each Azure service. Some client libraries provide additional subclients for
specific subgroups of Azure service functionality. You can register such subclients
for dependency injection via the AddClient extension method.

C#

builder.Services.AddAzureClients(clientBuilder =>
{
// Register a client for each Azure service using inline
configuration
clientBuilder.AddSecretClient(new Uri("<key_vault_url>"));
clientBuilder.AddBlobServiceClient(new Uri("<storage_url>"));
clientBuilder.AddServiceBusClientWithNamespace(
"<your_namespace>.servicebus.windows.net");

// Register a subclient for each Azure Service Bus Queue

var queueNames = new string[] { "queue1", "queue2" };
foreach (string queue in queueNames)
{
clientBuilder.AddClient<ServiceBusSender,
ServiceBusClientOptions>(
(_, _, provider) => provider.GetService<ServiceBusClient>()
.CreateSender(queue)).WithName(queue);
}

// Register a shared credential for Microsoft Entra ID

authentication
 clientBuilder.UseCredential(new DefaultAzureCredential());
});

4. Inject the registered clients into your ASP.NET Core app components, services, or
API endpoint:

Minimal API

C#

app.MapGet("/reports", async (
BlobServiceClient blobServiceClient,
IAzureClientFactory<ServiceBusSender> senderFactory) =>
{
// Create the named client
ServiceBusSender serviceBusSender =
senderFactory.CreateClient("queue1");

await serviceBusSender.SendMessageAsync(new
ServiceBusMessage("Hello world"));

// Use the blob client

BlobContainerClient containerClient
= blobServiceClient.GetBlobContainerClient("reports");

List<BlobItem> reports = new();

await foreach (BlobItem blobItem in
containerClient.GetBlobsAsync())
{
reports.Add(blobItem);
}

return reports;
})
.WithName("GetReports");

For more information, see Dependency injection with the Azure SDK for .NET.

Authenticate using Microsoft Entra ID

Token-based authentication with Microsoft Entra ID is the recommended approach to
authenticate requests to Azure services. To authorize those requests, Azure role-based
access control (RBAC) manages access to Azure resources based on a user's Microsoft
Entra identity and assigned roles.
Use the Azure Identity library for the aforementioned token-based authentication
support. The library provides classes such as DefaultAzureCredential to simplify
configuring secure connections. DefaultAzureCredential supports multiple
authentication methods and determines which method should be used at runtime. This
approach enables your app to use different authentication methods in different
environments (local vs. production) without implementing environment-specific code.
Visit the Authentication section of the Azure SDK for .NET docs for more details on these
topics.

７ Note

Many Azure services also allow you to authorize requests using keys. However, this
approach should be used with caution. Developers must be diligent to never
expose the access key in an unsecure location. Anyone who has the access key can
authorize requests against the associated Azure resource.

1. Add the Azure.Identity package:

.NET CLI

dotnet add package Azure.Identity

2. In the Program.cs file of your app, invoke the UseCredential extension method
from the Microsoft.Extensions.Azure library to set a shared
DefaultAzureCredential instance for all registered Azure service clients:

C#

builder.Services.AddAzureClients(clientBuilder =>
{
// Register a client for each Azure service using inline
configuration
clientBuilder.AddSecretClient(new Uri("<key_vault_url>"));
clientBuilder.AddBlobServiceClient(new Uri("<storage_url>"));
clientBuilder.AddServiceBusClientWithNamespace(
"<your_namespace>.servicebus.windows.net");

// Register a subclient for each Azure Service Bus Queue

var queueNames = new string[] { "queue1", "queue2" };
foreach (string queue in queueNames)
{
clientBuilder.AddClient<ServiceBusSender,
ServiceBusClientOptions>(
(_, _, provider) => provider.GetService<ServiceBusClient>()
.CreateSender(queue)).WithName(queue);
}
 // Register a shared credential for Microsoft Entra ID
authentication
clientBuilder.UseCredential(new DefaultAzureCredential());
});

DefaultAzureCredential discovers available credentials in the current environment

and uses them to authenticate to Azure services. For the order and locations in
which DefaultAzureCredential scans for credentials, see DefaultAzureCredential
overview. Using a shared DefaultAzureCredential instance ensures the underlying
token cache is used, which improves application resilience and performance due to
fewer requests for a new token.

Apply configurations
Azure SDK service clients support configurations to change their default behaviors.
There are two ways to configure service clients:

JSON configuration files are generally the recommended approach because they
simplify managing differences in app deployments between environments.
Inline code configurations can be applied when you register the service client. For
example, in the Register clients and subclients section, you explicitly passed the
URI variables to the client constructors.

IConfiguration precedence rules are respected by the Microsoft.Extensions.Azure

extension methods, which are detailed in the Configuration Providers documentation.

Complete the steps in the following sections to update your app to use JSON file
configuration for the appropriate environments. Use the appsettings.Development.json
file for development settings and the appsettings.Production.json file for production
environment settings. You can add configuration settings whose names are public
properties on the ClientOptions class to the JSON file.

Configure registered services

1. Update the appsettings.<environment>.json file in your app with the highlighted
service configurations:

JSON

{
"Logging": {
"LogLevel": {
 "Default": "Information",
"Microsoft.AspNetCore": "Warning",
"Azure.Messaging.ServiceBus": "Debug"
}
},
"AzureDefaults": {
"Diagnostics": {
"IsTelemetryDisabled": false,
"IsLoggingContentEnabled": true
},
"Retry": {
"MaxRetries": 3,
"Mode": "Exponential"
}
},
"KeyVault": {
"VaultUri": "https://<your-key-vault-name>.vault.azure.net"
},
"ServiceBus": {
"Namespace": "<your_service-bus_namespace>.servicebus.windows.net"
},
"Storage": {
"ServiceUri": "https://<your-storage-account-
name>.storage.windows.net"
}
}

In the preceding JSON sample:

The top-level key names, KeyVault , ServiceBus , and Storage , are arbitrary
names used to reference the config sections from your code. You will pass
these names to AddClient extension methods to configure a given client. All
other key names map to specific client options, and JSON serialization is
performed in a case-insensitive manner.
The KeyVault:VaultUri , ServiceBus:Namespace , and Storage:ServiceUri key
values map to the arguments of the SecretClient(Uri, TokenCredential,
SecretClientOptions), ServiceBusClient(String), and BlobServiceClient(Uri,
TokenCredential, BlobClientOptions) constructor overloads, respectively. The
TokenCredential variants of the constructors are used because a default

TokenCredential is set via the UseCredential(TokenCredential) method call.

2. Update the the Program.cs file to retrieve the JSON file configurations using
IConfiguration and pass them into your service registrations:

C#

builder.Services.AddAzureClients(clientBuilder =>
{
 // Register clients using a config file section
clientBuilder.AddSecretClient(
builder.Configuration.GetSection("KeyVault"));

clientBuilder.AddBlobServiceClient(
builder.Configuration.GetSection("Storage"));

// Register clients using a specific config key-value pair

clientBuilder.AddServiceBusClientWithNamespace(
builder.Configuration["ServiceBus:Namespace"]);

Configure Azure defaults and retries

You may want to change default Azure client configurations globally or for a specific
service client. For example, you may want different retry settings or to use a different
service API version. You can set the retry settings globally or on a per-service basis.

1. Update your configuration file to set default Azure settings, such as a new default
retry policy that all registered Azure clients will use:

JSON

{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning",
"Azure.Messaging.ServiceBus": "Debug"
}
},
"AzureDefaults": {
"Diagnostics": {
"IsTelemetryDisabled": false,
"IsLoggingContentEnabled": true
},
"Retry": {
"MaxRetries": 3,
"Mode": "Exponential"
}
},
"KeyVault": {
"VaultUri": "https://<your-key-vault-name>.vault.azure.net"
},
"ServiceBus": {
"Namespace": "<your_service-bus_namespace>.servicebus.windows.net"
},
"Storage": {
"ServiceUri": "https://<your-storage-account-
name>.storage.windows.net"
 }
}

2. In the Program.cs file, call the ConfigureDefaults extension method to retrieve the
default settings and apply them to your service clients:

C#

builder.Services.AddAzureClients(clientBuilder =>
{
// Register clients using a config file section
clientBuilder.AddSecretClient(
builder.Configuration.GetSection("KeyVault"));

clientBuilder.AddBlobServiceClient(
builder.Configuration.GetSection("Storage"));

// Register clients using a specific config key-value pair

clientBuilder.AddServiceBusClientWithNamespace(
builder.Configuration["ServiceBus:Namespace"]);

// Register a subclient for each Azure Service Bus Queue

string[] queueNames = [ "queue1", "queue2" ];
foreach (string queue in queueNames)
{
clientBuilder.AddClient<ServiceBusSender,
ServiceBusClientOptions>(
(_, _, provider) => provider.GetService<ServiceBusClient>()
.CreateSender(queue)).WithName(queue);
}

clientBuilder.UseCredential(new DefaultAzureCredential());

// Set up any default settings

clientBuilder.ConfigureDefaults(
builder.Configuration.GetSection("AzureDefaults"));
});

Configure logging
The Azure SDK for .NET client libraries can log client library operations to monitor
requests and responses to Azure services. Client libraries can also log a variety of other
events, including retries, token retrieval, and service-specific events from various clients.
When you register an Azure SDK client using the AddAzureClients extension method,
the AzureEventSourceLogForwarder is registered with the dependency injection
container. The AzureEventSourceLogForwarder forwards log messages from Azure SDK
event sources to ILoggerFactory to enables you to use the standard ASP.NET Core
logging configuration for logging.

The following table depicts how the Azure SDK for .NET EventLevel maps to the
ASP.NET Core LogLevel . For more information on these topics and other scenarios, see
Logging with the Azure SDK for .NET and Dependency injection with the Azure SDK for
.NET.

ﾉ Expand table

Azure SDK EventLevel ASP.NET Core LogLevel

Critical Critical

Error Error

Informational Information

Warning Warning

Verbose Debug

LogAlways Information

You can change default log levels and other settings using the same JSON
configurations outlined in the configure authentication section. For example, toggle the
ServiceBusClient log level to Debug by setting the

Logging:LogLevel:Azure.Messaging.ServiceBus key as follows:

JSON

{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning",
"Azure.Messaging.ServiceBus": "Debug"
}
},
"AzureDefaults": {
"Diagnostics": {
"IsTelemetryDisabled": false,
"IsLoggingContentEnabled": true
},
"Retry": {
"MaxRetries": 3,
"Mode": "Exponential"
}
},
 "KeyVault": {
"VaultUri": "https://<your-key-vault-name>.vault.azure.net"
},
"ServiceBus": {
"Namespace": "<your_service-bus_namespace>.servicebus.windows.net"
},
"Storage": {
"ServiceUri": "https://<your-storage-account-name>.storage.windows.net"
}
}
Resource management using the Azure
SDK for .NET
Article • 04/25/2025

The Azure SDK for .NET management plane libraries will help you create, provision, and
manage Azure resources from within .NET applications. All Azure services have corresponding
management libraries.

With the management libraries (namespaces beginning with Azure.ResourceManager , for

example, Azure.ResourceManager.Compute ), you can write configuration and deployment
programs to perform the same tasks that you can through the Azure portal, Azure CLI, or other
resource management tools.

Those packages follow the new Azure SDK guidelines , which provide core capabilities that
are shared amongst all Azure SDKs, including:

The intuitive Azure Identity library.

An HTTP pipeline with custom policies.
Error handling.
Distributed tracing.

７ Note

You might notice that some packages are still prerelease version. Phased releases of
additional Azure services' management plane libraries are in process. If you're looking for
a stable version package for a particular Azure resource and currently only a prerelease
version is available, please raise an issue in Azure SDK for .NET GitHub repo .

Get started

Prerequisites
An Azure subscription .
A TokenCredential implementation, such as an Azure Identity library credential type.

Install the package

Install the Azure Identity and Azure resource management NuGet packages for .NET. For
example:
 PowerShell

PowerShell

Install-Package Azure.Identity
Install-Package Azure.ResourceManager
Install-Package Azure.ResourceManager.Resources
Install-Package Azure.ResourceManager.Compute
Install-Package Azure.ResourceManager.Network

Authenticate the client

The default option to create an authenticated client is to use DefaultAzureCredential . Since all
management APIs go through the same endpoint, in order to interact with resources, only one
top-level ArmClient has to be created.

To authenticate with Azure and create an ArmClient , instantiate an ArmClient given credentials:

C#

using Azure.Identity;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;

// Code omitted for brevity

ArmClient client = new ArmClient(new DefaultAzureCredential());

For more information about the Azure.Identity.DefaultAzureCredential class, see

DefaultAzureCredential Class.

Management SDK Cheat Sheet

To get started with the Azure management SDK for .NET, imagine you have a task to
create/list/update/delete a typical Azure service bus namespace, follow these steps:

1. Authenticate to the subscription and resource group that you want to work on.

C#

using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.ServiceBus;
 ArmClient client = new ArmClient(new DefaultAzureCredential());
SubscriptionResource subscription = client.GetDefaultSubscription();
ResourceGroupResource resourceGroup =
client.GetDefaultSubscription().GetResourceGroup(resourceGroupName);

1. Find the corresponding method to manage your Azure resource.

ﾉ Expand table

Operation Method

Get a resource client.GetServiceBusQueueResource(ResourceIdentifier resourceIdentifier)

with resource
identifier

List resourceGroup.GetServiceBusNamespaces()

Index resourceGroup.GetServiceBusNamespace(string servicebusNamespaceName)

Add/Update resourceGroup.GetServiceBusNamespaces().CreateOrUpdate(Azure.WaitUntil waitUntil,

string name, ServiceBusNamespaceData data)

Contains resourceGroup.GetServiceBusNamespaces().Exists(string servicebusNamespaceName)

Delete client.GetServiceBusQueueResource(ResourceIdentifior resourceIdentifior).Delete()

or resourceGroup.GetServiceBusNamespace(string servicebusNamespaceName).Delete()

Remember, all the Azure resources, including the resource group itself, can be managed by
their corresponding management SDK using code similar to the above example. To find the
correct Azure management SDK package, look for packages named with the following pattern
Azure.ResourceManager.{ResourceProviderName} .

To learn more about the ResourceIdentifier, please refer to Structured Resource Identifier.

Key concepts

Understanding Azure Resource Hierarchy

To reduce the number of clients needed to perform common tasks and the number of
redundant parameters that each of those clients take, we've introduced an object hierarchy in
the SDK that mimics the object hierarchy in Azure. Each resource client in the SDK has methods
to access the resource clients of its children that are already scoped to the proper subscription
and resource group.
To accomplish this, we're introducing three standard types for all resources in Azure:

{ResourceName}Resource class
This type represents a full resource client object that contains a Data property exposing the
details as a {ResourceName}Data type. It also has access to all of the operations on that
resource without needing to pass in scope parameters such as subscription ID or resource
name. This makes it convenient to directly execute operations on the result of list calls, since
everything is returned as a full resource client now.

C#

ArmClient client = new ArmClient(new DefaultAzureCredential());

string resourceGroupName = "myResourceGroup";
SubscriptionResource subscription = await client.GetDefaultSubscriptionAsync();
ResourceGroupResource resourceGroup = await
subscription.GetResourceGroupAsync(resourceGroupName);
await foreach (VirtualMachineResource virtualMachine in
resourceGroup.GetVirtualMachinesAsync())
{
//previously we would have to take the resourceGroupName and the vmName from
the vm object
//and pass those into the powerOff method as well as we would need to execute
that on a separate compute client
await virtualMachine.PowerOffAsync(WaitUntil.Completed);
}

{ResourceName}Data class
This type represents the model that makes up a given resource. Typically, this is the response
data from a service call such as HTTP GET and provides details about the underlying resource.
Previously, this was represented by a Model class.

{ResourceName}Collection class

This type represents the operations you can perform on a collection of resources belonging to
a specific parent resource. This object provides most of the logical collection operations.

ﾉ Expand table

Collection Collection Method

Behavior

Iterate/List GetAll()
 Collection Collection Method
Behavior

Index Get(string name)

Add CreateOrUpdate(Azure.WaitUntil waitUntil, string name, {ResourceName}Data

data)

Contains Exists(string name)

In most cases, parent of a resource is ResourceGroup, but in some cases, a resource itself has
sub resource, for example a Subnet is a child of a VirtualNetwork. ResourceGroup itself is a
child of a Subscription

Putting it all together

Imagine that our company requires all virtual machines to be tagged with the owner. We're
tasked with writing a program to add the tag to any missing virtual machines in a given
resource group.

C#

// First we construct our armClient

ArmClient client = new ArmClient(new DefaultAzureCredential());

// Next we get a resource group object

// ResourceGroup is a {ResourceName}Resource object from above
SubscriptionResource subscription = await client.GetDefaultSubscriptionAsync();
ResourceGroupResource resourceGroup =
await subscription.GetResourceGroupAsync("myRgName");

// Next we get the collection for the virtual machines

// vmCollection is a {ResourceName}Collection object from above
VirtualMachineCollection virtualMachineCollection = await
resourceGroup.GetVirtualMachines();

// Next we loop over all vms in the collection

// Each vm is a {ResourceName}Resource object from above
await foreach(VirtualMachineResource virtualMachine in virtualMachineCollection)
{
// We access the {ResourceName}Data properties from vm.Data
if(!virtualMachine.Data.Tags.ContainsKey("owner"))
{
// We can also access all operations from vm since it is already scoped for
us
await virtualMachine.AddTagAsync("owner", GetOwner());
}
}
Structured Resource Identifier
Resource IDs contain useful information about the resource itself, but they're plain strings that
have to be parsed. Instead of implementing your own parsing logic, you can use a
ResourceIdentifier object that will do the parsing for you.

Example: Parsing an ID using a ResourceIdentifier object

C#

string resourceId = "/subscriptions/aaaaaaaa-bbbb-cccc-dddd-

eeeeeeeeeeee/resourceGroups/workshop2021-
rg/providers/Microsoft.Network/virtualNetworks/myVnet/subnets/mySubnet";
ResourceIdentifier id = new ResourceIdentifier(resourceId);
Console.WriteLine($"Subscription: {id.SubscriptionId}");
Console.WriteLine($"ResourceGroup: {id.ResourceGroupName}");
Console.WriteLine($"Vnet: {id.Parent.Name}");
Console.WriteLine($"Subnet: {id.Name}");

However, keep in mind that some of those properties could be null. You can usually tell by the
ID string itself which type a resource ID is. But if you're unsure, check if the properties are null.

Example: Resource Identifier Generator

You may not want to manually create the resourceId from a pure string . Each
{ResourceName}Resource class has a static method that can help you create the resource

identifier string.

C#

ResourceIdentifier resourceId =
AvailabilitySetResource.CreateResourceIdentifier(
"aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"resourceGroupName",
"resourceName");

Manage existing resources

Performing operations on resources that already exist is a common use case when using the
management client libraries. In this scenario, you usually have the identifier of the resource you
want to work on as a string. Although the new object hierarchy is great for provisioning and
working within the scope of a given parent, it is not the most efficient when it comes to this
specific scenario.
Here's an example how you can access an AvailabilitySetResource object and manage it
directly with its resource identifier:

C#

using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Compute;
using System;
using System.Threading.Tasks;

// Code omitted for brevity

ResourceIdentifier subscriptionId =
SubscriptionResource.CreateResourceIdentifier("aaaaaaaa-bbbb-cccc-dddd-
eeeeeeeeeeee");

ResourceIdentifier resourceId =
AvailabilitySetResource.CreateResourceIdentifier(
subscriptionId.SubscriptionId,
"resourceGroupName",
"resourceName");

// We construct a new armClient to work with

ArmClient client = new ArmClient(new DefaultAzureCredential());
// Next we get the specific subscription this resource belongs to
SubscriptionResource subscription =
client.GetSubscriptionResource(subscriptionId);
// Next we get the specific resource group this resource belongs to
ResourceGroupResource resourceGroup = await
subscription.GetResourceGroupAsync(resourceId.ResourceGroupName);
// Finally we get the resource itself
// Note: for this last step in this example, Azure.ResourceManager.Compute is
needed
AvailabilitySetResource availabilitySet = await
resourceGroup.GetAvailabilitySetAsync(resourceId.Name);

This approach required a lot of code and three API calls are made to Azure. The same can be
done with less code and without any API calls by using extension methods that we've provided
on the client itself. These extension methods allow you to pass in a resource identifier and
retrieve a scoped resource client. The object returned is a {ResourceName}Resource. Since it
hasn't reached out to Azure to retrieve the data yet, calling the Data property will throw
exception, you can either use HasData property to tell if the resource instance contains a data
or call the Get or GetAsync method on the resource to retrieve the resource data.

So, the previous example would end up looking like this:

C#
 ResourceIdentifier resourceId =
AvailabilitySetResource.CreateResourceIdentifier(
"aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"resourceGroupName",
"resourceName");
// We construct a new armClient to work with
ArmClient client = new ArmClient(new DefaultAzureCredential());
// Next we get the AvailabilitySet resource client from the armClient
// The method takes in a ResourceIdentifier but we can use the implicit cast from
string
AvailabilitySetResource availabilitySet =
client.GetAvailabilitySetResource(resourceId);
// At this point availabilitySet.Data will be null and trying to access it will
throw exception
// If we want to retrieve the objects data we can simply call get
availabilitySet = await availabilitySet.GetAsync();
// we now have the data representing the availabilitySet
Console.WriteLine(availabilitySet.Data.Name);

Check if a Resource exists

If you aren't sure if a resource you want to get exists, or you just want to check if it exists, you
can use Exists() or ExistsAsync() methods, which can be invoked from any
{ResourceName}Collection class.

Exists() returns a Response<bool> while ExistsAsync() as its async version returns a

Task<Response<bool>> . In the Response<bool> object, you can visit its Value property to check if

a resource exists. The Value is false if the resource does not exist and vice versa.

In previous versions of packages, you would have to catch the RequestFailedException and
inspect the status code for 404. With this new API, we hope that this can boost the developer
productivity and optimize resource access.

C#

ArmClient client = new ArmClient(new DefaultAzureCredential());

SubscriptionResource subscription = await client.GetDefaultSubscriptionAsync();
string resourceGroupName = "myRgName";

try
{
ResourceGroupResource resourceGroup = await
subscription.GetResourceGroupAsync(resourceGroupName);
// At this point, we are sure that myRG is a not null Resource Group, so we
can use this object to perform any operations we want.
}
catch (RequestFailedException ex) when (ex.Status == 404)
{
 Console.WriteLine($"Resource Group {resourceGroupName} does not exist.");
}

Now with these convenience methods, we can simply do the following.

C#

ArmClient client = new ArmClient(new DefaultAzureCredential());

SubscriptionResource subscription = await client.GetDefaultSubscriptionAsync();
string resourceGroupName = "myRgName";

bool exists = await

subscription.GetResourceGroups().ExistsAsync(resourceGroupName).Value;

if (exists)
{
Console.WriteLine($"Resource Group {resourceGroupName} exists.");

// We can get the resource group now that we know it exists.

// This does introduce a small race condition where resource group could have
been deleted between the check and the get.
ResourceGroupResource resourceGroup = await
subscription.GetResourceGroupAsync(resourceGroupName);
}
else
{
Console.WriteLine($"Resource Group {rgName} does not exist.");
}

Examples

Create a resource group

C#

// First, initialize the ArmClient and get the default subscription

ArmClient client = new ArmClient(new DefaultAzureCredential());
// Now we get a ResourceGroup collection for that subscription
SubscriptionResource subscription = await client.GetDefaultSubscriptionAsync();
ResourceGroupCollection resourceGroupCollection =
subscription.GetResourceGroups();

// With the collection, we can create a new resource group with an specific name
string resourceGroupName = "myRgName";
AzureLocation location = AzureLocation.WestUS2;
ResourceGroupData resourceGroupData = new ResourceGroupData(location);
ResourceGroupResource resourceGroup = (await
 resourceGroupCollection.CreateOrUpdateAsync(resourceGroupName,
resourceGroupData)).Value;

List all resource groups

C#

// First, initialize the ArmClient and get the default subscription

ArmClient client = new ArmClient(new DefaultAzureCredential());
SubscriptionResource subscription = await client.GetDefaultSubscriptionAsync();
// Now we get a ResourceGroup collection for that subscription
ResourceGroupCollection resourceGroupCollection =
subscription.GetResourceGroups();
// With GetAllAsync(), we can get a list of the resources in the collection
await foreach (ResourceGroupResource resourceGroup in resourceGroupCollection)
{
Console.WriteLine(resourceGroup.Data.Name);
}

Update a resource group

C#

// Note: Resource group named 'myRgName' should exist for this example to work.
ArmClient client = new ArmClient(new DefaultAzureCredential());
SubscriptionResource subscription = await client.GetDefaultSubscriptionAsync();
string resourceGroupName = "myRgName";
ResourceGroupResource resourceGroup = await
subscription.GetResourceGroupAsync(resourceGroupName);
resourceGroup = await resourceGroup.AddTagAsync("key", "value");

Delete a resource group

C#

ArmClient client = new ArmClient(new DefaultAzureCredential());

SubscriptionResource subscription = await client.GetDefaultSubscriptionAsync();
string resourceGroupName = "myRgName";
ResourceGroupResource resourceGroup = await
subscription.GetResourceGroupAsync(resourceGroupName);
await resourceGroup.DeleteAsync();

For more detailed examples, take a look at samples we have available.

Troubleshooting
If you have a bug to report or have a suggestion, file an issue via GitHub issues and
make sure you add the "Preview" label to the issue.
If you need help, check previous questions , or ask new ones on StackOverflow using
Azure and .NET tags.
If having trouble with authentication, see the DefaultAzureCredential documentation.

Next steps

More sample code

Managing Resource Groups
Creating a Virtual Network
.NET Management Library Code Samples

Additional Documentation
If you're migrating from the old SDK to this preview, check out this Migration guide .

For more information on Azure SDK, see Azure SDK Releases .

Dependency injection with the Azure SDK
for .NET
Article • 04/25/2025

This article demonstrates how to register Azure service clients from the latest Azure client
libraries for .NET for dependency injection in a .NET app. Every modern .NET app starts up by
using the instructions provided in a Program.cs file.

Install packages
To register and configure service clients from an Azure.-prefixed package:

1. Install the Microsoft.Extensions.Azure package in your project:

.NET CLI

dotnet add package Microsoft.Extensions.Azure

2. Install the Azure.Identity package to configure a TokenCredential type to use for

authenticating all registered clients that accept such a type:

.NET CLI

dotnet add package Azure.Identity

For demonstration purposes, the sample code in this article uses the Key Vault Secrets, Blob
Storage, Service Bus, and Azure OpenAI libraries. Install the following packages to follow along:

.NET CLI

dotnet add package Azure.Security.KeyVault.Secrets

dotnet add package Azure.Storage.Blobs
dotnet add package Azure.Messaging.ServiceBus
dotnet add package Azure.AI.OpenAI

Register clients and subclients

A service client is the entry point to the API for an Azure service – from it, library users can
invoke all operations the service provides and can easily implement the most common
scenarios. Where it will simplify an API's design, groups of service calls can be organized
around smaller subclient types. For example, ServiceBusClient can register additional
ServiceBusSender subclients for publishing messages or ServiceBusReceiver subclients for

consuming messages.

In the Program.cs file, invoke the AddAzureClients extension method to register a client for
each service. The following code samples provide guidance on application builders from the
Microsoft.AspNetCore.Builder and Microsoft.Extensions.Hosting namespaces.

WebApplicationBuilder

C#

using Azure.Identity;
using Azure.Messaging.ServiceBus;
using Azure.Messaging.ServiceBus.Administration;
using Microsoft.Extensions.Azure;
using Azure.AI.OpenAI;

WebApplicationBuilder builder = WebApplication.CreateBuilder(args);

builder.Services.AddAzureClients(async clientBuilder =>

{
// Register clients for each service
clientBuilder.AddSecretClient(new Uri("<key_vault_url>"));
clientBuilder.AddBlobServiceClient(new Uri("<storage_url>"));
clientBuilder.AddServiceBusClientWithNamespace(
"<your_namespace>.servicebus.windows.net");

// Set a credential for all clients to use by default

DefaultAzureCredential credential = new();
clientBuilder.UseCredential(credential);

// Register a subclient for each Service Bus Queue

List<string> queueNames = await GetQueueNames(credential);
foreach (string queue in queueNames)
{
clientBuilder.AddClient<ServiceBusSender, ServiceBusClientOptions>(
(_, _, provider) => provider.GetService<ServiceBusClient>()
.CreateSender(queue)).WithName(queue);
}

// Register a custom client factory

clientBuilder.AddClient<AzureOpenAIClient, AzureOpenAIClientOptions>(
(options, _, _) => new AzureOpenAIClient(
new Uri("<url_here>"), credential, options));
});

WebApplication app = builder.Build();

async Task<List<string>> GetQueueNames(DefaultAzureCredential credential)

{
// Query the available queues for the Service Bus namespace.
var adminClient = new ServiceBusAdministrationClient
 ("<your_namespace>.servicebus.windows.net", credential);
var queueNames = new List<string>();

// Because the result is async, the queue names need to be captured

// to a standard list to avoid async calls when registering. Failure to
// do so results in an error with the services collection.
await foreach (QueueProperties queue in adminClient.GetQueuesAsync())
{
queueNames.Add(queue.Name);
}

return queueNames;
}

In the preceding code:

Key Vault Secrets, Blob Storage, and Service Bus clients are registered using the
AddSecretClient, AddBlobServiceClient and AddServiceBusClientWithNamespace,
respectively. The Uri - and string -typed arguments are passed. To avoid specifying these
URLs explicitly, see the Store configuration separately from code section.
DefaultAzureCredential is used to satisfy the TokenCredential argument requirement for
each registered client. When one of the clients is created, DefaultAzureCredential is used
to authenticate.
Service Bus subclients are registered for each queue on the service using the subclient
and corresponding options types. The queue names for the subclients are retrieved using
a separate method outside of the service registration because the GetQueuesAsync
method must be run asynchronously.
An Azure OpenAI client is registered using a custom client factory via the AddClient
method, which provides control over how a client instance is created. Custom client
factories are useful in the following cases:
You need to use other dependencies during the client construction.
A registration extension method doesn't exist for the service client you want to
register.

Use the registered clients

With the clients registered, as described in the Register clients and subclients section, you can
now use them. In the following example, constructor injection is used to obtain the Blob
Storage client and a factory for Service Bus sender subclients in an ASP.NET Core API controller:

C#

[ApiController]
[Route("[controller]")]
 public class MyApiController : ControllerBase
{
private readonly BlobServiceClient _blobServiceClient;
private readonly ServiceBusSender _serviceBusSender;

public MyApiController(
BlobServiceClient blobServiceClient,
IAzureClientFactory<ServiceBusSender> senderFactory)
{
_blobServiceClient = blobServiceClient;
_serviceBusSender = senderFactory.CreateClient("myQueueName");
}

[HttpGet]
public async Task<IEnumerable<string>> Get()
{
BlobContainerClient containerClient =
_blobServiceClient.GetBlobContainerClient("demo");
var results = new List<string>();

await foreach (BlobItem blob in containerClient.GetBlobsAsync())

{
results.Add(blob.Name);
}

return results.ToArray();
}
}

Store configuration separately from code

In the Register clients and subclients section, you explicitly passed the Uri -typed variables to
the client constructors. This approach could cause problems when you run code against
different environments during development and production. The .NET team suggests storing
such configurations in environment-dependent JSON files. For example, you can have an
appsettings.Development.json file containing development environment settings. Another
appsettings.Production.json file would contain production environment settings, and so on. The
file format is:

JSON

{
"AzureDefaults": {
"Diagnostics": {
"IsTelemetryDisabled": false,
"IsLoggingContentEnabled": true
},
"Retry": {
"MaxRetries": 3,
 "Mode": "Exponential"
}
},
"KeyVault": {
"VaultUri": "https://mykeyvault.vault.azure.net"
},
"ServiceBus": {
"Namespace": "<your_namespace>.servicebus.windows.net"
},
"Storage": {
"ServiceUri": "https://mydemoaccount.storage.windows.net"
}
}

You can add any properties from the ClientOptions class into the JSON file. The settings in the
JSON configuration file can be retrieved using IConfiguration.

WebApplicationBuilder

C#

builder.Services.AddAzureClients(clientBuilder =>
{
clientBuilder.AddSecretClient(
builder.Configuration.GetSection("KeyVault"));

clientBuilder.AddBlobServiceClient(
builder.Configuration.GetSection("Storage"));

clientBuilder.AddServiceBusClientWithNamespace(
builder.Configuration["ServiceBus:Namespace"]);

clientBuilder.UseCredential(new DefaultAzureCredential());

// Set up any default settings

clientBuilder.ConfigureDefaults(
builder.Configuration.GetSection("AzureDefaults"));
});

In the preceding JSON sample:

The top-level key names, AzureDefaults , KeyVault , ServiceBus , and Storage , are
arbitrary. All other key names hold significance, and JSON serialization is performed in a
case-insensitive manner.
The AzureDefaults.Retry object literal:
Represents the retry policy configuration settings.
 Corresponds to the Retry property. Within that object literal, you find the MaxRetries
key, which corresponds to the MaxRetries property.
The KeyVault:VaultUri , ServiceBus:Namespace , and Storage:ServiceUri key values map
to the Uri - and string -typed arguments of the
Azure.Security.KeyVault.Secrets.SecretClient.SecretClient(Uri, TokenCredential,
SecretClientOptions),
Azure.Messaging.ServiceBus.ServiceBusClient.ServiceBusClient(String), and
Azure.Storage.Blobs.BlobServiceClient.BlobServiceClient(Uri, TokenCredential,
BlobClientOptions) constructor overloads, respectively. The TokenCredential variants of
the constructors are used because a default TokenCredential is set via the
Microsoft.Extensions.Azure.AzureClientFactoryBuilder.UseCredential(TokenCredential)
method call.

Configure multiple service clients with different

names
Imagine you have two storage accounts: one for private information and another for public
information. Your app transfers data from the public to the private storage account after some
operation. You need to have two storage service clients. To differentiate those two clients, use
the WithName extension method:

C#

builder.Services.AddAzureClients(clientBuilder =>
{
clientBuilder.AddBlobServiceClient(
builder.Configuration.GetSection("PublicStorage"));

clientBuilder.AddBlobServiceClient(
builder.Configuration.GetSection("PrivateStorage"))
.WithName("PrivateStorage");
});

Using an ASP.NET Core controller as an example, access the named service client using the
IAzureClientFactory<TClient> interface:

C#

public class HomeController : Controller

{
private readonly BlobServiceClient _publicStorage;
private readonly BlobServiceClient _privateStorage;

public HomeController(
 BlobServiceClient defaultClient,
IAzureClientFactory<BlobServiceClient> clientFactory)
{
_publicStorage = defaultClient;
_privateStorage = clientFactory.CreateClient("PrivateStorage");
}
}

The unnamed service client is still available in the same way as before. Named clients are
additive.

Configure a new retry policy

At some point, you may want to change the default settings for a service client. For example,
you may want different retry settings or to use a different service API version. You can set the
retry settings globally or on a per-service basis. Assume you have the following appsettings.json
file in your ASP.NET Core project:

JSON

{
"AzureDefaults": {
"Retry": {
"maxRetries": 3
}
},
"KeyVault": {
"VaultUri": "https://mykeyvault.vault.azure.net"
},
"ServiceBus": {
"Namespace": "<your_namespace>.servicebus.windows.net"
},
"Storage": {
"ServiceUri": "https://store1.storage.windows.net"
},
"CustomStorage": {
"ServiceUri": "https://store2.storage.windows.net"
}
}

You can change the retry policy to suit your needs like so:

C#

builder.Services.AddAzureClients(clientBuilder =>
{
// Establish the global defaults
clientBuilder.ConfigureDefaults(
 builder.Configuration.GetSection("AzureDefaults"));
clientBuilder.UseCredential(new DefaultAzureCredential());

// A Key Vault Secrets client using the global defaults

clientBuilder.AddSecretClient(
builder.Configuration.GetSection("KeyVault"));

// A Blob Storage client with a custom retry policy

clientBuilder.AddBlobServiceClient(
builder.Configuration.GetSection("Storage"))
.ConfigureOptions(options => options.Retry.MaxRetries = 10);

clientBuilder.AddServiceBusClientWithNamespace(
builder.Configuration["ServiceBus:Namespace"])
.ConfigureOptions(options => options.RetryOptions.MaxRetries = 10);

// A named storage client with a different custom retry policy

clientBuilder.AddBlobServiceClient(
builder.Configuration.GetSection("CustomStorage"))
.WithName("CustomStorage")
.ConfigureOptions(options =>
{
options.Retry.Mode = Azure.Core.RetryMode.Exponential;
options.Retry.MaxRetries = 5;
options.Retry.MaxDelay = TimeSpan.FromSeconds(120);
});
});

You can also place retry policy overrides in the appsettings.json file:

JSON

{
"KeyVault": {
"VaultUri": "https://mykeyvault.vault.azure.net",
"Retry": {
"maxRetries": 10
}
}
}

See also
Dependency injection in ASP.NET Core
Configuration in .NET
Configuration in ASP.NET Core
Thread safety and client lifetime
management for Azure SDK objects
Article • 04/25/2025

This article helps you understand thread safety issues when using the Azure SDK. It also
discusses how the design of the SDK impacts client lifetime management. You'll learn why it's
unnecessary to dispose of Azure SDK client objects.

Thread safety
All Azure SDK client objects are thread-safe and independent of each other. This design
ensures that reusing client instances is always safe, even across threads. For example, the
following code launches multiple tasks but is thread safe:

C#

var client = new SecretClient(

new Uri("<secrets_endpoint>"), new DefaultAzureCredential());

foreach (var secretName in secretNames)

{
// Using clients from parallel threads
Task.Run(() => Console.WriteLine(client.GetSecret(secretName).Value));
}

Model objects used by SDK clients, whether input or output models, aren't thread-safe by
default. Most use cases involving model objects only use a single thread. Therefore, the cost of
implementing synchronization as a default behavior is too high for these objects. The following
code illustrates a bug in which accessing a model from multiple threads could cause an
undefined behavior:

C#

KeyVaultSecret newSecret = client.SetSecret("secret", "value");

foreach (var tag in tags)

{
// Don't use model type from parallel threads
Task.Run(() => newSecret.Properties.Tags[tag] = CalculateTagValue(tag));
}

client.UpdateSecretProperties(newSecret.Properties);
To access the model from different threads, you must implement your own synchronization
code. For example:

C#

KeyVaultSecret newSecret = client.SetSecret("secret", "value");

// Code omitted for brevity

foreach (var tag in tags)

{
Task.Run(() =>
{
lock (newSecret)
{
newSecret.Properties.Tags[tag] = CalculateTagValue(tag);
}
);
}

client.UpdateSecretProperties(newSecret.Properties);

Client lifetime
Because Azure SDK clients are thread-safe, there's no reason to construct multiple SDK client
objects for a given set of constructor parameters. Treat Azure SDK client objects as singletons
once constructed. This recommendation is commonly implemented by registering Azure SDK
client objects as singletons in the app's Inversion of Control (IoC) container. Dependency
injection (DI) is used to obtain references to the SDK client object. The following example
shows a singleton client object registration:

C#

var builder = Host.CreateApplicationBuilder(args);

var endpoint = builder.Configuration["SecretsEndpoint"];

var blobServiceClient = new BlobServiceClient(
new Uri(endpoint), new DefaultAzureCredential());

builder.Services.AddSingleton(blobServiceClient);

For more information about implementing DI with the Azure SDK, see Dependency injection
with the Azure SDK for .NET.

Alternatively, you may create an SDK client instance and provide it to methods that require a
client. The point is to avoid unnecessary instantiations of the same SDK client object with the
same parameters. It's both unnecessary and wasteful.

Clients aren't disposable

Two final questions that often come up are:

Do I need to dispose of Azure SDK client objects when I'm finished using them?
Why aren't HTTP-based Azure SDK client objects disposable?

Internally, all Azure SDK clients use a single shared HttpClient instance. The clients don't
create any other resources that need to be actively freed. The shared HttpClient instance
persists throughout the entire application lifetime.

C#

// Both clients reuse the shared HttpClient and don't need to be disposed
var blobClient = new BlobClient(new Uri(sasUri));
var blobClient2 = new BlobClient(new Uri(sasUri2));

It's possible to provide a custom instance of HttpClient to an Azure SDK client object. In this
case, you become responsible for managing the HttpClient lifetime and properly disposing of
it at the right time.

C#

var httpClient = new HttpClient();

var clientOptions = new BlobClientOptions()

{
Transport = new HttpClientTransport(httpClient)
};

// Both clients would use the HttpClient instance provided in clientOptions

var blobClient = new BlobClient(new Uri(sasUri), clientOptions);
var blobClient2 = new BlobClient(new Uri(sasUri2), clientOptions);

// Code omitted for brevity

// You're responsible for properly disposing httpClient some time later

httpClient.Dispose();

Further guidance for properly managing and disposing of HttpClient instances can be found
in the HttpClient documentation.

See also
Dependency injection with the Azure SDK for .NET
Dependency injection in .NET
Logging with the Azure SDK for .NET
Article • 04/05/2025

The Azure SDK for .NET's client libraries include the ability to log client library operations. This
logging allows you to monitor I/O requests and responses that client libraries are making to
Azure services. Typically, the logs are used to debug or diagnose communication issues. This
article describes the following approaches to enable logging with the Azure SDK for .NET:

Enable logging with built-in methods

Configure custom logging
Map to ASP.NET Core logging

） Important

This article applies to client libraries that use the most recent versions of the Azure SDK for
.NET. To see if a library is supported, see the list of Azure SDK latest releases . If your
app is using an older version of an Azure SDK client library, refer to specific instructions in
the applicable service documentation.

Log information
The SDK logs each HTTP request and response, sanitizing parameter query and header values
to remove personal data.

HTTP request log entry:

Unique ID
HTTP method
URI
Outgoing request headers

HTTP response log entry:

Duration of I/O operation (time elapsed)

Request ID
HTTP status code
HTTP reason phrase
Response headers
Error information, when applicable

HTTP request and response content:

 Content stream as text or bytes depending on the Content-Type header.

７ Note

Content logging is disabled by default. To enable it, see Log HTTP request and
response bodies. This capability applies only to libraries using HTTP to communicate
with an Azure service. Libraries based on alternative protocols, such as AMQP, don't
support content logging. Unsupported examples include libraries for Azure services
such as Event Hubs, Service Bus, and Web PubSub.

Event logs are output usually at one of these three levels:

Informational for request and response events

Warning for errors
Verbose for detailed messages and content logging

Enable logging with built-in methods

The Azure SDK for .NET's client libraries log events to Event Tracing for Windows (ETW) via the
System.Diagnostics.Tracing.EventSource class, which is typical for .NET. Event sources allow you
to use structured logging in your app with minimal performance overhead. To gain access to
the event logs, you need to register event listeners.

The SDK includes the Azure.Core.Diagnostics.AzureEventSourceListener class, which contains

two static methods that simplify comprehensive logging for your .NET app:
CreateConsoleLogger and CreateTraceLogger . Each of these methods accepts an optional

parameter that specifies a log level. If the parameter isn't provided, the default log level of
Informational is used.

Log to the console window

A core tenet of the Azure SDK for .NET client libraries is to simplify the ability to view
comprehensive logs in real time. The CreateConsoleLogger method allows you to send logs to
the console window with a single line of code:

C#

using AzureEventSourceListener listener =

AzureEventSourceListener.CreateConsoleLogger();
Log to diagnostic traces
If you implement trace listeners, you can use the CreateTraceLogger method to log to the
standard .NET event tracing mechanism (System.Diagnostics.Tracing). For more information on
event tracing in .NET, see Trace Listeners.

This example specifies a log level of verbose:

C#

using AzureEventSourceListener listener =

AzureEventSourceListener.CreateTraceLogger(EventLevel.Verbose);

Configure custom logging

As mentioned above, you need to register event listeners to receive log messages from the
Azure SDK for .NET. If you don't want to implement comprehensive logging using one of the
simplified methods above, you can construct an instance of the AzureEventSourceListener
class. Pass that instance a callback method that you write. This method will receive log
messages that you can process however you need to. In addition, when you construct the
instance, you can specify the log levels to include.

The following example creates an event listener that logs to the console with a custom
message. The logs are filtered to those events emitted from the Azure Core client library with a
level of verbose. The Azure Core library uses an event source name of Azure-Core .

C#

using Azure.Core.Diagnostics;
using System.Diagnostics.Tracing;

// code omitted for brevity

using var listener = new AzureEventSourceListener((e, message) =>

{
// Only log messages from "Azure-Core" event source
if (string.Equals(e.EventSource.Name, "Azure-Core",
StringComparison.Ordinal))
{
Console.WriteLine($"{DateTime.Now} {message}");
}
},
level: EventLevel.Verbose);
Map to ASP.NET Core logging
The AzureEventSourceLogForwarder service enables you to use the standard ASP.NET Core
logging configuration for logging. The service forwards log messages from Azure SDK event
sources to ILoggerFactory.

The following table depicts how the Azure SDK for .NET EventLevel maps to the ASP.NET Core
LogLevel .

ﾉ Expand table

Azure SDK EventLevel ASP.NET Core LogLevel

Critical Critical

Error Error

Informational Information

Warning Warning

Verbose Debug

LogAlways Information

Logging with client registration

Using the Azure Service Bus library as an example, complete the following steps:

1. Install the Microsoft.Extensions.Azure NuGet package:

.NET CLI

dotnet add package Microsoft.Extensions.Azure

2. In Program.cs, register the Azure SDK library's client via a call to the AddAzureClients
extension method:

C#

using Azure.Identity;
using Microsoft.Extensions.Azure;

// code omitted for brevity

builder.Services.AddAzureClients(azureBuilder =>
 {
azureBuilder.AddServiceBusClient(
builder.Configuration.GetConnectionString("ServiceBus"));
azureBuilder.UseCredential(new DefaultAzureCredential());
});

In the preceding sample, the AddAzureClients method:

Registers the following objects with the dependency injection (DI) container:
Log forwarder service
Azure Service Bus client
Sets the default token credential to be used for all registered clients.

3. In appsettings.json, change the Service Bus library's default log level. For example, toggle
it to Debug by setting the Logging:LogLevel:Azure.Messaging.ServiceBus key as follows:

JSON

{
"ConnectionStrings": {
"ServiceBus": "<connection_string>"
},
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning",
"Azure.Messaging.ServiceBus": "Debug"
}
},
"AllowedHosts": "*"
}

Since the Logging:LogLevel:Azure.Messaging.ServiceBus key is set to Debug , Service Bus

client events up to EventLevel.Verbose will be logged.

Logging without client registration

There are scenarios in which registering an Azure SDK library's client with the DI container is
either impossible or unnecessary:

The Azure SDK library doesn't include an IServiceCollection extension method to

register a client in the DI container.
Your app uses Azure extension libraries that depend on other Azure SDK libraries.
Examples of such Azure extension libraries include:
Azure Key Vault key encryptor for DataProtection
Azure Key Vault secrets configuration provider
 Azure Blob Storage key store for DataProtection

In these scenarios, complete the following steps:

1. Install the Microsoft.Extensions.Azure NuGet package:

.NET CLI

dotnet add package Microsoft.Extensions.Azure

2. In Program.cs, register the log forwarder service as a singleton in the DI container:

C#

using Azure.Identity;
using Microsoft.AspNetCore.DataProtection;
using Microsoft.Extensions.Azure;
using Microsoft.Extensions.DependencyInjection.Extensions;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddRazorPages();
builder.Services.TryAddSingleton<AzureEventSourceLogForwarder>();

builder.Services.AddDataProtection()
.PersistKeysToAzureBlobStorage("<connection_string>", "<container_name>",
"keys.xml")
.ProtectKeysWithAzureKeyVault(new Uri("<uri>"), new
DefaultAzureCredential());

3. Fetch the log forwarder service from the DI container and invoke its Start method. For
example, using constructor injection in an ASP.NET Core Razor Pages page model class:

C#

using Microsoft.AspNetCore.Mvc.RazorPages;
using Microsoft.Extensions.Azure;

public class IndexModel : PageModel

{
public IndexModel(AzureEventSourceLogForwarder logForwarder) =>
logForwarder.Start();

4. In appsettings.json, change the Azure Core library's default log level. For example, toggle it
to Debug by setting the Logging:LogLevel:Azure.Core key as follows:

JSON
 {
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning",
"Azure.Core": "Debug"
}
},
"AllowedHosts": "*"
}

Since the Logging:LogLevel:Azure.Core key is set to Debug , Azure Core library events up
to EventLevel.Verbose will be logged.

For more information, see Logging in .NET Core and ASP.NET Core.

Logging using
Azure.Monitor.OpenTelemetry.AspNetCore
The Azure Monitor OpenTelemetry distro , starting with version 1.2.0 , supports capturing
logs coming from Azure client libraries. You can control logging using any of the configuration
options discussed in Logging in .NET Core and ASP.NET Core.

Using the Azure Service Bus library as an example, complete the following steps:

1. Install the Azure.Monitor.OpenTelemetry.AspNetCore NuGet package:

.NET CLI

dotnet add package Azure.Monitor.OpenTelemetry.AspNetCore

2. Create or register the library's client. The distro supports both cases.

C#

await using var client = new ServiceBusClient("<connection_string>");

3. In appsettings.json, change the Service Bus library's default log level. For example, toggle
it to Debug by setting the Logging:LogLevel:Azure.Messaging.ServiceBus key as follows:

JSON

{
"ConnectionStrings": {
 "ServiceBus": "<connection_string>"
},
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning",
"Azure.Messaging.ServiceBus": "Debug"
}
},
"AllowedHosts": "*"
}

Since the Logging:LogLevel:Azure.Messaging.ServiceBus key is set to Debug , Service Bus

client events up to EventLevel.Verbose will be logged.

Log HTTP request and response bodies

７ Note

This capability applies only to libraries using HTTP to communicate with an Azure service.
Libraries based on alternative protocols, such as AMQP, don't support content logging.
Unsupported examples include libraries for Azure services such as Event Hubs, Service Bus,
and Web PubSub.

When troubleshooting unexpected behavior with a client library, it's helpful to inspect the
following items:

The HTTP request body sent to the underlying Azure service's REST API.
The HTTP response body received from the Azure service's REST API.

By default, logging of the aforementioned content is disabled. To enable logging of the HTTP
request and response bodies, complete the following steps:

1. Set the client options object's IsLoggingContentEnabled property to true , and pass the
options object to the client's constructor. For example, to log HTTP requests and
responses for the Azure Key Vault Secrets library:

C#

var clientOptions = new SecretClientOptions

{
Diagnostics =
{
IsLoggingContentEnabled = true
}
 };
var client = new SecretClient(
new Uri("https://<keyvaultname>.vault.azure.net/"),
new DefaultAzureCredential(),
clientOptions);

2. Use your preferred logging approach with an event/log level of verbose/debug or higher.
Find your approach in the following table for specific instructions.

ﾉ Expand table

Approach Instructions

Enable logging Pass EventLevel.Verbose or EventLevel.LogAlways to

with built-in AzureEventSourceListener.CreateConsoleLogger or
methods AzureEventSourceListener.CreateTraceLogger

Configure custom Set the AzureEventSourceListener class' level constructor parameter to

logging EventLevel.Verbose or EventLevel.LogAlways

Map to ASP.NET Add "Azure.Core": "Debug" to appsettings.json

Core logging

Next steps
Enable diagnostics logging for apps in Azure App Service
Review Azure security logging and auditing options
Learn how to work with Azure platform logs
Read more about .NET logging and tracing
Pagination with the Azure SDK for .NET
Article • 04/25/2025

In this article, you'll learn how to use the Azure SDK for .NET pagination functionality to work
efficiently and productively with large data sets. Pagination is the act of dividing large data sets
into pages, making it easier for the consumer to iterate through smaller amounts of data.
Starting with C# 8, you can create and consume streams asynchronously using Asynchronous
(async) streams. Async streams are based on the IAsyncEnumerable<T> interface. The Azure
SDK for .NET exposes an implementation of IAsyncEnumerable<T> with its AsyncPageable<T>
class.

All of the samples in this article rely on the following NuGet packages:

Azure.Security.KeyVault.Secrets
Microsoft.Extensions.Azure
Microsoft.Extensions.Hosting
System.Linq.Async

For the latest directory of Azure SDK for .NET packages, see Azure SDK latest releases.

Pageable return types

Clients instantiated from the Azure SDK for .NET can return the following pageable types.

ﾉ Expand table

Type Description

Pageable<T> A collection of values retrieved in pages

AsyncPageable<T> A collection of values asynchronously retrieved in pages

Most of the samples in this article are asynchronous, using variations of the AsyncPageable<T>
type. Using asynchronous programming for I/O-bound operations is ideal. A perfect use case is
using the async APIs from the Azure SDK for .NET as these operations represent HTTP/S
network calls.

Iterate over AsyncPageable with await foreach

To iterate over an AsyncPageable<T> using the await foreach syntax, consider the following
example:
 C#

async Task IterateSecretsWithAwaitForeachAsync()

{
AsyncPageable<SecretProperties> allSecrets =
client.GetPropertiesOfSecretsAsync();

await foreach (SecretProperties secret in allSecrets)

{
Console.WriteLine($"IterateSecretsWithAwaitForeachAsync: {secret.Name}");
}
}

In the preceding C# code:

The SecretClient.GetPropertiesOfSecretsAsync method is invoked and returns an

AsyncPageable<SecretProperties> object.

In an await foreach loop, each SecretProperties is asynchronously yielded.

As each secret is materialized, its Name is written to the console.

Iterate over AsyncPageable with while

To iterate over an AsyncPageable<T> when the await foreach syntax isn't available, use a while
loop.

C#

async Task IterateSecretsWithWhileLoopAsync()

{
AsyncPageable<SecretProperties> allSecrets =
client.GetPropertiesOfSecretsAsync();

IAsyncEnumerator<SecretProperties> enumerator =
allSecrets.GetAsyncEnumerator();
try
{
while (await enumerator.MoveNextAsync())
{
SecretProperties secret = enumerator.Current;
Console.WriteLine($"IterateSecretsWithWhileLoopAsync: {secret.Name}");
}
}
finally
{
await enumerator.DisposeAsync();
}
}
In the preceding C# code:

The SecretClient.GetPropertiesOfSecretsAsync method is invoked, and returns an

AsyncPageable<SecretProperties> object.

The AsyncPageable<T>.GetAsyncEnumerator method is invoked, returning an

IAsyncEnumerator<SecretProperties> .

The MoveNextAsync() method is invoked repeatedly until there are no items to return.

Iterate over AsyncPageable pages

If you want control over receiving pages of values from the service, use the
AsyncPageable<T>.AsPages method:

C#

async Task IterateSecretsAsPagesAsync()

{
AsyncPageable<SecretProperties> allSecrets =
client.GetPropertiesOfSecretsAsync();

await foreach (Page<SecretProperties> page in allSecrets.AsPages())

{
foreach (SecretProperties secret in page.Values)
{
Console.WriteLine($"IterateSecretsAsPagesAsync: {secret.Name}");
}

// The continuation token that can be used in AsPages call to resume

enumeration
Console.WriteLine(page.ContinuationToken);
}
}

In the preceding C# code:

The SecretClient.GetPropertiesOfSecretsAsync method is invoked and returns an

AsyncPageable<SecretProperties> object.

The AsyncPageable<T>.AsPages method is invoked and returns an

IAsyncEnumerable<Page<SecretProperties>> .

Each page is iterated over asynchronously, using await foreach .

Each page has a set of Page<T>.Values, which represents an IReadOnlyList<T> that's
iterated over with a synchronous foreach .
Each page also contains a Page<T>.ContinuationToken, which can be used to request the
next page.
Use System.Linq.Async with AsyncPageable
The System.Linq.Async package provides a set of LINQ methods that operate on
IAsyncEnumerable<T> type. Because AsyncPageable<T> implements IAsyncEnumerable<T>,
you can use System.Linq.Async to query and transform the data.

Convert to a List<T>
Use ToListAsync to convert an AsyncPageable<T> to a List<T> . This method might make
several service calls if the data isn't returned in a single page.

C#

async Task ToListAsync()

{
AsyncPageable<SecretProperties> allSecrets =
client.GetPropertiesOfSecretsAsync();

List<SecretProperties> secretList = await allSecrets.ToListAsync();

secretList.ForEach(secret =>
Console.WriteLine($"ToListAsync: {secret.Name}"));
}

In the preceding C# code:

The SecretClient.GetPropertiesOfSecretsAsync method is invoked and returns an

AsyncPageable<SecretProperties> object.

The ToListAsync method is awaited, which materializes a new List<SecretProperties>

instance.

Take the first N elements

Take can be used to get only the first N elements of the AsyncPageable . Using Take will make

the fewest service calls required to get N items.

C#

async Task TakeAsync(int count = 30)

{
AsyncPageable<SecretProperties> allSecrets =
client.GetPropertiesOfSecretsAsync();

await foreach (SecretProperties secret in allSecrets.Take(count))

{
 Console.WriteLine($"TakeAsync: {secret.Name}");
}
}

More methods
System.Linq.Async provides other methods that provide functionality equivalent to their

synchronous Enumerable counterparts. Examples of such methods include Select , Where ,

OrderBy , and GroupBy .

Beware client-side evaluation

When using the System.Linq.Async package, beware that LINQ operations are executed on the
client. The following query would fetch all the items just to count them:

C#

// ⚠️ DON'T DO THIS! 😲
int expensiveSecretCount =
await client.GetPropertiesOfSecretsAsync()
.CountAsync();

２ Warning

The same warning applies to operators like Where . Always prefer server-side filtering,
aggregation, or projections of data if available.

As an observable sequence
The System.Linq.Async package is primarily used to provide observer pattern capabilities
over IAsyncEnumerable<T> sequences. Asynchronous streams are pull-based. As their items are
iterated over, the next available item is pulled. This approach is in juxtaposition with the
observer pattern, which is push-based. As items become available, they're pushed to
subscribers who act as observers. The System.Linq.Async package provides the ToObservable
extension method that lets you convert an IAsyncEnumerable<T> to an IObservable<T>.

Imagine an IObserver<SecretProperties> implementation:

C#
 sealed file class SecretPropertyObserver : IObserver<SecretProperties>
{
public void OnCompleted() =>
Console.WriteLine("Done observing secrets");

public void OnError(Exception error) =>

Console.WriteLine($"Error observing secrets: {error}");

public void OnNext(SecretProperties secret) =>

Console.WriteLine($"Observable: {secret.Name}");
}

You could consume the ToObservable extension method as follows:

C#

IDisposable UseTheToObservableMethod()
{
AsyncPageable<SecretProperties> allSecrets =
client.GetPropertiesOfSecretsAsync();

IObservable<SecretProperties> observable = allSecrets.ToObservable();

return observable.Subscribe(
new SecretPropertyObserver());
}

In the preceding C# code:

The SecretClient.GetPropertiesOfSecretsAsync method is invoked and returns an

AsyncPageable<SecretProperties> object.

The ToObservable() method is called on the AsyncPageable<SecretProperties> instance,

returning an IObservable<SecretProperties> .
The observable is subscribed to, passing in the observer implementation, returning the
subscription to the caller.
The subscription is an IDisposable . When it's disposed, the subscription ends.

Iterate over pageable

Pageable<T> is a synchronous version of AsyncPageable<T> that can be used with a normal

foreach loop.

C#
 void IterateWithPageable()
{
Pageable<SecretProperties> allSecrets = client.GetPropertiesOfSecrets();

foreach (SecretProperties secret in allSecrets)

{
Console.WriteLine($"IterateWithPageable: {secret.Name}");
}
}

） Important

While this synchronous API is available, use the asynchronous API alternatives for a better
experience.

See also
Dependency injection with the Azure SDK for .NET
Thread safety and client lifetime management for Azure SDK objects
System.Linq.Async
Task-based asynchronous pattern
Unit testing and mocking with the Azure
SDK for .NET
Article • 04/25/2025

Unit testing is an important part of a sustainable development process that can improve code
quality and prevent regressions or bugs in your apps. However, unit testing presents challenges
when the code you're testing performs network calls, such as those made to Azure resources.
Tests that run against live services can experience issues, such as latency that slows down test
execution, dependencies on code outside of the isolated test, and issues with managing service
state and costs every time the test is run. Instead of testing against live Azure services, replace
the service clients with mocked or in-memory implementations. This avoids the above issues
and lets developers focus on testing their application logic, independent from the network and
service.

In this article, you learn how to write unit tests for the Azure SDK for .NET that isolate your
dependencies to make your tests more reliable. You also learn how to replace key components
with in-memory test implementations to create fast and reliable unit tests, and see how to
design your own classes to better support unit testing. This article includes examples that use
Moq and NSubstitute , which are popular mocking libraries for .NET.

Understand service clients

A service client class is the main entry point for developers in an Azure SDK library and
implements most of the logic to communicate with the Azure service. When unit testing service
client classes, it's important to be able to create an instance of the client that behaves as
expected without making any network calls.

Each of the Azure SDK clients follows mocking guidelines that allow their behavior to be
overridden:

Each client offers at least one protected constructor to allow inheritance for testing.
All public client members are virtual to allow overriding.

７ Note

The code examples in this article use types from the Azure.Security.KeyVault.Secrets
library for the Azure Key Vault service. The concepts demonstrated in this article also apply
to service clients from many other Azure services, such as Azure Storage or Azure Service
Bus.
To create a test service client, you can either use a mocking library or standard C# features such
as inheritance. Mocking frameworks allow you to simplify the code that you must write to
override member behavior. (These frameworks also have other useful features that are beyond
the scope of this article.)

Non-library

To create a test client instance using C# without a mocking library, inherit from the client
type and override methods you're calling in your code with an implementation that
returns a set of test objects. Most clients contain both synchronous and asynchronous
methods for operations; override only the one your application code is calling.

７ Note

It can be cumbersome to manually define test classes, especially if you need to

customize behavior differently for each test. Consider using a library like Moq or
NSubstitute to streamline your testing.

C#

using Azure.Security.KeyVault.Secrets;
using Azure;
using NSubstitute.Routing.Handlers;

namespace UnitTestingSampleApp.NonLibrary;

public sealed class MockSecretClient : SecretClient

{
AsyncPageable<SecretProperties> _pageable;

// Allow a pageable to be passed in for mocking different responses

public MockSecretClient(AsyncPageable<SecretProperties> pageable)
{
_pageable = pageable;
}

public override Response<KeyVaultSecret> GetSecret(

string name,
string version = null,
CancellationToken cancellationToken = default)
=> throw new NotImplementedException();

public override Task<Response<KeyVaultSecret>> GetSecretAsync(

string name,
string version = null,
CancellationToken cancellationToken = default)
=> throw new NotImplementedException();
 // Return the pageable that was passed in
public override AsyncPageable<SecretProperties>
GetPropertiesOfSecretsAsync
(CancellationToken cancellationToken = default)
=> _pageable;
}

Service client input and output models

Model types hold the data being sent and received from Azure services. There are three types
of models:

Input models are intended to be created and passed as parameters to service methods
by developers. They have one or more public constructors and writeable properties.
Output models are only returned by the service and have no public constructors or
writeable properties.
Round-trip models are less common, but are returned by the service, modified, and used
as an input.

To create a test instance of an input model, use one of the available public constructors and set
the additional properties you need.

C#

var secretProperties = new SecretProperties("secret")

{
NotBefore = DateTimeOffset.Now
};

To create instances of output models, a model factory is used. Azure SDK client libraries
provide a static model factory class with a ModelFactory suffix in its name. The class contains a
set of static methods to initialize the library's output model types. For example, the model
factory for SecretClient is SecretModelFactory :

C#

KeyVaultSecret keyVaultSecret = SecretModelFactory.KeyVaultSecret(

new SecretProperties("secret"), "secretValue");

７ Note

Some input models have read-only properties that are only populated when the model is
returned by the service. In this case, a model factory method will be available that allows
 setting these properties. For example, SecretProperties.

C#

// CreatedOn is a read-only property and can only be

// set via the model factory's SecretProperties method.
secretPropertiesWithCreatedOn = SecretModelFactory.SecretProperties(
name: "secret", createdOn: DateTimeOffset.Now);

Explore response types

The Response class is an abstract class that represents an HTTP response and is returned by
most service client methods. You can create test Response instances using either a mocking
library or standard C# inheritance.

Non-library

The Response class is abstract, which means there are many members to override.
Consider using a library to streamline your approach.

C#

using Azure.Core;
using Azure;
using System.Diagnostics.CodeAnalysis;

namespace UnitTestingSampleApp.NonLibrary;

public sealed class MockResponse : Response

{
public override int Status => throw new NotImplementedException();

public override string ReasonPhrase => throw new

NotImplementedException();

public override Stream? ContentStream

{
get => throw new NotImplementedException();
set => throw new NotImplementedException();
}
public override string ClientRequestId
{
get => throw new NotImplementedException();
set => throw new NotImplementedException();
}

public override void Dispose() =>

 throw new NotImplementedException();
protected override bool ContainsHeader(string name) =>
throw new NotImplementedException();
protected override IEnumerable<HttpHeader> EnumerateHeaders() =>
throw new NotImplementedException();
protected override bool TryGetHeader(
string name,
[NotNullWhen(true)] out string? value) =>
throw new NotImplementedException();
protected override bool TryGetHeaderValues(
string name,
[NotNullWhen(true)] out IEnumerable<string>? values) =>
throw new NotImplementedException();
}

Some services also support using the Response<T> type, which is a class that contains a model
and the HTTP response that returned it. To create a test instance of Response<T> , use the static
Response.FromValue method:

Non-library

C#

KeyVaultSecret keyVaultSecret = SecretModelFactory.KeyVaultSecret(

new SecretProperties("secret"), "secretValue");

Response<KeyVaultSecret> response = Response.FromValue(keyVaultSecret, new

MockResponse());

Explore paging
The Page<T> class is used as a building block in service methods that invoke operations
returning results in multiple pages. The Page<T> is rarely returned from APIs directly but is
useful to create the AsyncPageable<T> and Pageable<T> instances in the next section. To create
a Page<T> instance, use the Page<T>.FromValues method, passing a list of items, a
continuation token, and the Response .

The continuationToken parameter is used to retrieve the next page from the service. For unit
testing purposes, it should be set to null for the last page and should be nonempty for other
pages.

Non-library
 C#

Page<SecretProperties> responsePage = Page<SecretProperties>.FromValues(

new[] {
new SecretProperties("secret1"),
new SecretProperties("secret2")
},
continuationToken: null,
new MockResponse());

AsyncPageable<T> and Pageable<T> are classes that represent collections of models returned
by the service in pages. The only difference between them is that one is used with synchronous
methods while the other is used with asynchronous methods.

To create a test instance of Pageable or AsyncPageable , use the FromPages static method:

Non-library

C#

Page<SecretProperties> page1 = Page<SecretProperties>.FromValues(

new[]
{
new SecretProperties("secret1"),
new SecretProperties("secret2")
},
"continuationToken",
new MockResponse());

Page<SecretProperties> page2 = Page<SecretProperties>.FromValues(

new[]
{
new SecretProperties("secret3"),
new SecretProperties("secret4")
},
"continuationToken2",
new MockResponse());

Page<SecretProperties> lastPage = Page<SecretProperties>.FromValues(

new[]
{
new SecretProperties("secret5"),
new SecretProperties("secret6")
},
continuationToken: null,
new MockResponse());

Pageable<SecretProperties> pageable = Pageable<SecretProperties>

.FromPages(new[] { page1, page2, lastPage });
 AsyncPageable<SecretProperties> asyncPageable =
AsyncPageable<SecretProperties>
.FromPages(new[] { page1, page2, lastPage });

Write a mocked unit test

Suppose your app contains a class that finds the names of keys that will expire within a given
amount of time.

C#

using Azure.Security.KeyVault.Secrets;

public class AboutToExpireSecretFinder

{
private readonly TimeSpan _threshold;
private readonly SecretClient _client;

public AboutToExpireSecretFinder(TimeSpan threshold, SecretClient client)

{
_threshold = threshold;
_client = client;
}

public async Task<string[]> GetAboutToExpireSecretsAsync()

{
List<string> secretsAboutToExpire = new();

await foreach (var secret in _client.GetPropertiesOfSecretsAsync())

{
if (secret.ExpiresOn.HasValue &&
secret.ExpiresOn.Value - DateTimeOffset.Now <= _threshold)
{
secretsAboutToExpire.Add(secret.Name);
}
}

return secretsAboutToExpire.ToArray();
}
}

You want to test the following behaviors of the AboutToExpireSecretFinder to ensure they
continue working as expected:

Secrets without an expiry date set aren't returned.

Secrets with an expiry date closer to the current date than the threshold are returned.
When unit testing you only want the unit tests to verify the application logic and not whether
the Azure service or library works correctly. The following example tests the key behaviors
using the popular xUnit library:

Non-library

C#

using Azure;
using Azure.Security.KeyVault.Secrets;

namespace UnitTestingSampleApp.NonLibrary;

public class AboutToExpireSecretFinderTests

{
[Fact]
public async Task DoesNotReturnNonExpiringSecrets()
{
// Arrange
// Create a page of enumeration results
Page<SecretProperties> page = Page<SecretProperties>.FromValues(new[]
{
new SecretProperties("secret1") { ExpiresOn = null },
new SecretProperties("secret2") { ExpiresOn = null }
}, null, new MockResponse());

// Create a pageable that consists of a single page

AsyncPageable<SecretProperties> pageable =
AsyncPageable<SecretProperties>.FromPages(new[] { page });

var clientMock = new MockSecretClient(pageable);

// Create an instance of a class to test passing in the mock client

var finder = new AboutToExpireSecretFinder(TimeSpan.FromDays(2),
clientMock);

// Act
string[] soonToExpire = await finder.GetAboutToExpireSecretsAsync();

// Assert
Assert.Empty(soonToExpire);
}

[Fact]
public async Task ReturnsSecretsThatExpireSoon()
{
// Arrange

// Create a page of enumeration results

DateTimeOffset now = DateTimeOffset.Now;
Page<SecretProperties> page = Page<SecretProperties>.FromValues(new[]
{
 new SecretProperties("secret1") { ExpiresOn = now.AddDays(1) },
new SecretProperties("secret2") { ExpiresOn = now.AddDays(2) },
new SecretProperties("secret3") { ExpiresOn = now.AddDays(3) }
},
null, new MockResponse());

// Create a pageable that consists of a single page

AsyncPageable<SecretProperties> pageable =
AsyncPageable<SecretProperties>.FromPages(new[] { page });

// Create a client mock object

var clientMock = new MockSecretClient(pageable);

// Create an instance of a class to test passing in the mock client

var finder = new AboutToExpireSecretFinder(TimeSpan.FromDays(2),
clientMock);

// Act
string[] soonToExpire = await finder.GetAboutToExpireSecretsAsync();

// Assert
Assert.Equal(new[] { "secret1", "secret2" }, soonToExpire);
}
}

Refactor your types for testability

Classes that need to be tested should be designed for dependency injection, which allows the
class to receive its dependencies instead of creating them internally. It was a seamless process
to replace the SecretClient implementation in the example from the previous section because
it was one of the constructor parameters. However, there might be classes in your code that
create their own dependencies and aren't easily testable, such as the following class:

C#

public class AboutToExpireSecretFinder

{
public AboutToExpireSecretFinder(TimeSpan threshold)
{
_threshold = threshold;
_client = new SecretClient(
new Uri(Environment.GetEnvironmentVariable("KeyVaultUri")),
new DefaultAzureCredential());
}
}

The simplest refactoring you can do to enable testing with dependency injection would be to
expose the client as a parameter and run default creation code when no value is provided. This
approach allows you to make the class testable while still retaining the flexibility of using the
type without much ceremony.

C#

public class AboutToExpireSecretFinder

{
public AboutToExpireSecretFinder(TimeSpan threshold, SecretClient client =
null)
{
_threshold = threshold;
_client = client ?? new SecretClient(
new Uri(Environment.GetEnvironmentVariable("KeyVaultUri")),
new DefaultAzureCredential());
}
}

Another option is to move the dependency creation entirely into the calling code:

C#

public class AboutToExpireSecretFinder

{
public AboutToExpireSecretFinder(TimeSpan threshold, SecretClient client)
{
_threshold = threshold;
_client = client;
}
}

var secretClient = new SecretClient(

new Uri(Environment.GetEnvironmentVariable("KeyVaultUri")),
new DefaultAzureCredential());
var finder = new AboutToExpireSecretFinder(TimeSpan.FromDays(2), secretClient);

This approach is useful when you would like to consolidate the dependency creation and share
the client between multiple consuming classes.

Understand Azure Resource Manager (ARM) clients

In ARM libraries, the clients were designed to emphasize their relationship to one another,
mirroring the service hierarchy. To achieve that goal, extension methods are widely used to add
additional features to clients.

For example, an Azure virtual machine exists in an Azure resource group. The
Azure.ResourceManager.Compute namespace models the Azure virtual machine as

VirtualMachineResource . The Azure.ResourceManager namespace models the Azure resource

group as ResourceGroupResource . To query the virtual machines for a resource group, you
would write:

C#

VirtualMachineCollection virtualMachineCollection =
resourceGroup.GetVirtualMachines();

Because the virtual machine-related functionality such as GetVirtualMachines on

ResourceGroupResource , is implemented as extension methods, it's impossible to just create a

mock of the type and override the method. Instead, you'll also have to create a mock class for
the "mockable resource" and wire them together.

The mockable resource type is always in the Mocking sub-namespace of the extension method.
In the preceding example, the mockable resource type is in the
Azure.ResourceManager.Compute.Mocking namespace. The mockable resource type is always

named after the resource type with "Mockable" and the library name as prefixes. In the
preceding example, the mockable resource type is named
MockableComputeResourceGroupResource , where ResourceGroupResource is the resource type of

the extension method, and Compute is the library name.

One more requirement before you get the unit test running is to mock the GetCachedClient
method on the resource type of the extension method. Completing this step hooks up the
extension method and the method on the mockable resource type.

Here's how it works:

Non-library

C#

using Azure.Core;

namespace UnitTestingSampleApp.ResourceManager.NonLibrary;

public sealed class MockMockableComputeResourceGroupResource :

MockableComputeResourceGroupResource
{
private VirtualMachineCollection _virtualMachineCollection;
public MockMockableComputeResourceGroupResource(VirtualMachineCollection
virtualMachineCollection)
{
_virtualMachineCollection = virtualMachineCollection;
}

public override VirtualMachineCollection GetVirtualMachines()

 {
return _virtualMachineCollection;
}
}

public sealed class MockResourceGroupResource : ResourceGroupResource

{
private readonly MockableComputeResourceGroupResource
_mockableComputeResourceGroupResource;
public MockResourceGroupResource(VirtualMachineCollection
virtualMachineCollection)
{
_mockableComputeResourceGroupResource =
new
MockMockableComputeResourceGroupResource(virtualMachineCollection);
}

internal MockResourceGroupResource(ArmClient client, ResourceIdentifier

id) : base(client, id)
{}

public override T GetCachedClient<T>(Func<ArmClient, T> factory) where T :

class
{
if (typeof(T) == typeof(MockableComputeResourceGroupResource))
return _mockableComputeResourceGroupResource as T;
return base.GetCachedClient(factory);
}
}

public sealed class MockVirtualMachineCollection : VirtualMachineCollection

{
public MockVirtualMachineCollection()
{}

internal MockVirtualMachineCollection(ArmClient client, ResourceIdentifier

id) : base(client, id)
{}
}

See also
Dependency injection in .NET
Unit testing best practices
Unit testing C# in .NET using dotnet test and xUnit
Configure a proxy when using the Azure
SDK for .NET
Article • 04/25/2025

If your organization requires the use of a proxy server to access Internet resources, some
configuration is required to use the Azure SDK for .NET client libraries. Once configured, the
proxy is applied to the underlying HttpClient instance used for HTTP operations.

The proxy can be configured via code or via an environment variable. The approach you
choose depends on the desired behavior. Set the appropriate environment variable if you want
the proxy to apply globally to all service clients created within the current process.
Alternatively, configure the proxy via code to selectively apply the settings to service clients.

） Important

The following instructions apply only to libraries with a dependency on Azure.Core.

Configure using code

To programmatically configure a proxy, complete the following steps:

1. Create an HttpClientHandler object whose Proxy property is set.

2. Create a service client options object whose Transport property is set to an
HttpClientTransport object accepting the HttpClientHandler instance.

3. Pass the service client options object to the service client constructor.

Using the Azure Key Vault Secrets library as an example, you'd have the following code:

C#

using System.Net;
using Azure.Core.Pipeline;
using Azure.Identity;
using Azure.Security.KeyVault.Secrets;

using HttpClientHandler handler = new()

{
Proxy = new WebProxy(new Uri("<proxy-url>")),
};

SecretClientOptions options = new()

{
Transport = new HttpClientTransport(handler),
};
 SecretClient client = new(
new Uri("https://<key-vault-name>.vault.azure.net/"),
new DefaultAzureCredential(),
options);

Configure using environment variables

The following table provides an inventory of environment variables that can be set to configure
a proxy for use.

ﾉ Expand table

Environment variable Purpose

HTTP_PROXY or The proxy server used on HTTP requests.

http_proxy

HTTPS_PROXY or The proxy server used on HTTPS requests.

https_proxy

ALL_PROXY or all_proxy The proxy server used for both HTTP and HTTPS requests.

NO_PROXY or no_proxy A comma-delimited list of hostnames to exclude from proxying.

GATEWAY_INTERFACE Indicator that the app is running in a Common Gateway Interface (CGI)
environment. Example value: CGI/1.1

For a deep understanding of how these environment variables are processed, see the code .
Be aware of the following behaviors:

Each environment variable in the preceding table, except GATEWAY_INTERFACE , can

alternatively be defined as lowercase. The lowercase form takes precedence over the
uppercase form.
If both http_proxy and GATEWAY_INTERFACE are undefined, HTTP_PROXY is used.
ALL_PROXY is considered only when either an HTTP or an HTTPS proxy is undefined.

Protocol-specific environment variables take precedence over ALL_PROXY .

The proxy server URL takes the form http[s]://[username:password@]

<ip_address_or_hostname>:<port>/ , where the username:password combination is optional. To

get the IP address or hostname, port, and credentials for your proxy server, consult your
network administrator.

The following examples show how to set the appropriate environment variables in command
shell (Windows) and bash (Linux/macOS) environments. Setting the appropriate environment
variable causes the Azure SDK for .NET libraries to use the proxy server at runtime.

cmd

Windows Command Prompt

rem Non-authenticated HTTP server:

set HTTP_PROXY=http://10.10.1.10:1180

rem Authenticated HTTP server:

set HTTP_PROXY=http://username:[email protected]:1180

rem Non-authenticated HTTPS server:

set HTTPS_PROXY=https://10.10.1.10:1180

rem Authenticated HTTPS server:

set HTTPS_PROXY=https://username:[email protected]:1180
Azure SDK for .NET protocol and
convenience methods overview
Article • 04/25/2025

The Azure SDK client libraries provide an interface to Azure services by translating method calls
into messages sent via the respective service protocol. For REST API services, this means
sending HTTP requests and converting the responses into runtime types. In this article, you'll
learn about the different types of methods exposed by the client libraries and explore their
implementation patterns.

Understand protocol and convenience methods

An Azure SDK for .NET client library can expose two different categories of methods to make
requests to an Azure service:

Protocol methods provide a thin wrapper around the underlying REST API for a
corresponding Azure service. These methods map primitive input parameters to HTTP
request values and return a raw HTTP response object.
Convenience methods provide a convenience layer over the lower-level protocol layer to
add support for the .NET type system and other benefits. Convenience methods accept
primitives or .NET model types as parameters and map them to the body of an underlying
REST API request. These methods also handle various details of request and response
management to allow developers to focus on sending and receiving data objects, instead
of lower-level concerns.

Azure SDK client library dependency patterns

Protocol and convenience methods implement slightly different patterns based on the
underlying package dependency chain of the respective library. An Azure SDK for .NET client
library depends on one of two different foundational libraries:

Azure.Core provides shared primitives, abstractions, and helpers for building modern
Azure SDK client libraries. These libraries follow the Azure SDK Design Guidelines for
.NET and use package names and namespaces prefixed with Azure, such as
Azure.Storage.Blobs.
System.ClientModel is a core library that provides shared primitives, abstractions, and
helpers for .NET service client libraries. The System.ClientModel library is a general
purpose toolset designed to help build libraries for various platforms and services,
whereas the Azure.Core library is specifically designed for building Azure client libraries.
 ７ Note

The Azure.Core library itself also depends on System.ClientModel for various client
building blocks. In the context of this article, the key differentiator for method patterns is
whether a client library depends on Azure.Core or System.ClientModel directly, rather
than through a transitive dependency.

The following table compares some of the request and response types used by protocol and
convenience methods, based on whether the library depends on Azure.Core or
System.ClientModel .

ﾉ Expand table

Request or response concern Azure.Core System.ClientModel

Request body RequestContent BinaryContent

Advanced request options RequestContext RequestOptions

Raw HTTP response Response PipelineResponse

Return type with output model Response<T> ClientResult<T>

The sections ahead provide implementation examples of these concepts.

Protocol and convenience method examples

The coding patterns and types used by client library protocol and convenience methods vary
slightly based on whether the library depends on Azure.Core or System.ClientModel . The
differences primarily influence the .NET types used for handling request and response data.

Libraries that depend on Azure.Core

Azure SDK client libraries adhering to the latest design guidelines depend on the Azure.Core
library. For example, the Azure.AI.ContentSafety library depends on the Azure.Core library and
provides a ContentSafetyClient class that exposes both protocol and convenience methods.

Convenience method

The following code uses a ContentSafetyClient to call the AnalyzeText convenience

method:
 C#

using Azure.AI.ContentSafety;
using Azure.Identity;

// Create the client

ContentSafetyClient client = new(
new Uri("https://contentsafetyai.cognitiveservices.azure.com/"),
new DefaultAzureCredential());

// Call the convenience method

AnalyzeTextResult result = client.AnalyzeText("What is Microsoft Azure?");

// Display the results

foreach (TextCategoriesAnalysis item in result.CategoriesAnalysis)
{
Console.WriteLine($"{item.Category}: {item.Severity}");
}

The preceding code demonstrates the following Azure.Core convenience method

patterns:

Uses a standard C# primitive or model type as a parameter.

Returns a friendly C# type that represents the result of the operation.

Libraries that depend on System.ClientModel

Some client libraries that connect to non-Azure services use patterns similar to the libraries
that depend on Azure.Core . For example, the OpenAI library provides a client that connects
to the OpenAI services. These libraries are based on a library called System.ClientModel that
has patterns similar to Azure.Core .

Convenience method

Consider the following code that uses a ChatClient to call the CompleteChat convenience
method:

C#

using OpenAI.Chat;

// Create the client

ChatClient client = new(
model: "gpt-4o-mini",
credential: Environment.GetEnvironmentVariable("OPENAI_API_KEY")!);
 // Call the convenience method
ChatCompletion completion = client.CompleteChat("What is Microsoft Azure?");

// Display the results

Console.WriteLine($"[{completion.Role}]: {completion}");

The preceding code demonstrates the following System.ClientModel convenience method

patterns:

Uses a standard C# primitive or model type as a parameter.

Returns a ClientResult type that represents the result of the operation.

Handle exceptions
When a service call fails, the service client throws an exception that exposes the HTTP status
code and the details of the service response, if available. A System.ClientModel -dependent
library throws a ClientResultException, while an Azure.Core -dependent library throws a
RequestFailedException.

System.ClientModel exceptions

C#

using Azure.AI.ContentSafety;
using Azure.Identity;
using Azure;

// Create the client

ContentSafetyClient client = new(
new Uri("https://contentsafetyai.cognitiveservices.azure.com/"),
new DefaultAzureCredential());

try
{
// Call the convenience method
AnalyzeTextResult result = client.AnalyzeText("What is Microsoft Azure?");

// Display the results

foreach (TextCategoriesAnalysis item in result.CategoriesAnalysis)
{
Console.WriteLine($"{item.Category}: {item.Severity}");
}
}
 catch (RequestFailedException ex)
{
Console.WriteLine($"Error: {ex.Message}");
}

Protocol and convenience method usage guidance

Although the Azure SDK for .NET client libraries provide the option to use either protocol or
convenience methods, prioritize using convenience methods in most scenarios. Convenience
methods are designed to improve the development experience and provide flexibility for
authoring requests and handling responses. However, both method types can be used in your
app as needed. Consider the following criteria when deciding which type of method to use.

Convenience methods:

Enable you to work with more friendly method parameter and response types.
Handle various low-level concerns and optimizations for you.

Protocol methods:

Provide access to lower-level types, such as RequestContext and RequestOptions , which

aren't available through convenience methods.
Enable access to features of the underlying REST APIs that convenience methods don't
expose.
Enable you to create your own convenience methods around service endpoints that don't
already have convenience methods. This approach requires understanding the service's
REST API documentation to handle requests and responses correctly.

See also
Understanding the Azure Core library for .NET
Azure SDK for .NET package index
Article • 04/25/2025

Libraries using Azure.Core

All libraries

Libraries using Azure.Core

ﾉ Expand table

Name Package Docs Source

AI Foundry NuGet 1.0.0- docs GitHub 1.0.0-

beta.8 beta.8

AI Model Inference NuGet 1.0.0- docs GitHub 1.0.0-

beta.4 beta.4

Anomaly Detector NuGet 3.0.0- docs GitHub 3.0.0-

preview.7 preview.7

App Configuration NuGet 1.6.0 docs GitHub 1.6.0

App Configuration Provider NuGet 8.1.2 docs GitHub 8.1.2

NuGet 8.2.0-
preview

Attestation NuGet 1.0.0 docs GitHub 1.0.0

Azure AI Search NuGet 11.6.0 docs GitHub 11.6.0

NuGet 11.7.0- GitHub 11.7.0-
beta.3 beta.3

Azure Object Anchors Conversion NuGet 0.3.0- docs GitHub 0.3.0-

beta.6 beta.6

Azure Remote Rendering NuGet 1.1.0 docs GitHub 1.1.0

Azure.Core.Expressions.DataFactory NuGet 1.0.0 docs GitHub 1.0.0

Calling Server NuGet 1.0.0- docs GitHub 1.0.0-

beta.3 beta.3

Code Transparency NuGet 1.0.0- docs GitHub 1.0.0-

beta.3 beta.3

Communication Call Automation NuGet 1.3.0 docs GitHub 1.3.0

NuGet 1.4.0- GitHub 1.4.0-
Name Package Docs Source

beta.2 beta.2

Communication Chat NuGet 1.3.1 docs GitHub 1.3.1

Communication Common NuGet 1.3.0 docs GitHub 1.3.0

NuGet 2.0.0- GitHub 2.0.0-
beta.1 beta.1

Communication Email NuGet 1.0.1 docs GitHub 1.0.1

NuGet 1.1.0- GitHub 1.1.0-
beta.2 beta.2

Communication Identity NuGet 1.3.1 docs GitHub 1.3.1

Communication JobRouter NuGet 1.0.0 docs GitHub 1.0.0

NuGet 1.1.0- GitHub 1.1.0-
beta.1 beta.1

Communication Messages NuGet 1.1.0 docs GitHub 1.1.0

NuGet 1.3.0- GitHub 1.3.0-
beta.1 beta.1

Communication Network Traversal NuGet 1.0.0 docs GitHub 1.0.0

NuGet 1.1.0- GitHub 1.1.0-
beta.1 beta.1

Communication Phone Numbers NuGet 1.3.0 docs GitHub 1.3.0

Communication Rooms NuGet 1.2.0 docs GitHub 1.2.0

Communication SMS NuGet 1.0.1 docs GitHub 1.0.1

NuGet 1.1.0- GitHub 1.1.0-
beta.2 beta.2

Compute Batch NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

Confidential Ledger NuGet 1.3.0 docs GitHub 1.3.0

NuGet 1.4.1- GitHub 1.4.1-
beta.2 beta.2

Container Registry NuGet 1.2.0 docs GitHub 1.2.0

Content Safety NuGet 1.0.0 docs GitHub 1.0.0

Conversational Language Understanding NuGet 1.1.0 docs GitHub 1.1.0

NuGet 2.0.0- GitHub 2.0.0-
beta.2 beta.2

Conversations Authoring NuGet 1.0.0- docs GitHub 1.0.0-

Name Package Docs Source

beta.1 beta.1

Core - Client - AMQP NuGet 1.3.1 docs GitHub 1.3.1

Core - Client - Core NuGet 1.45.0 docs GitHub 1.45.0

Core Newtonsoft Json NuGet 2.0.0 docs GitHub 2.0.0

Core WCF Storage Queues NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Data Movement NuGet 12.1.0 docs GitHub 12.1.0

Data Movement - Blobs NuGet 12.1.0 docs GitHub 12.1.0

Data Movement - Files Shares NuGet 12.1.0 docs GitHub 12.1.0

Defender EASM NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Dev Center NuGet 1.0.0 docs GitHub 1.0.0

Device Update NuGet 1.0.0 docs GitHub 1.0.0

Digital Twins NuGet 1.4.0 docs GitHub 1.4.0

Document Intelligence NuGet 1.0.0 docs GitHub 1.0.0

Document Translation NuGet 2.0.0 docs GitHub 2.0.0

Event Grid NuGet 4.30.0 docs GitHub 4.30.0

Event Grid Namespaces NuGet 1.0.0 docs GitHub 1.0.0

Event Hubs NuGet 5.12.1 docs GitHub 5.12.1

Event Hubs - Event Processor NuGet 5.12.1 docs GitHub 5.12.1

Face NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

FarmBeats NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

Form Recognizer NuGet 4.1.0 docs GitHub 4.1.0

Functions Extensions - WebPubSub NuGet 1.7.0 docs GitHub 1.7.0

Health Deidentification NuGet 1.0.0 docs GitHub 1.0.0

Health Insights Cancer Profiling NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1
Name Package Docs Source

Health Insights Clinical Matching NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Health Insights Radiology Insights NuGet 1.0.0 docs GitHub 1.0.0

Identity NuGet 1.13.2 docs GitHub 1.13.2

NuGet 1.14.0- GitHub 1.14.0-
beta.4 beta.4

Identity Broker NuGet 1.2.0 docs GitHub 1.2.0

NuGet 1.3.0- GitHub 1.3.0-
beta.2 beta.2

Image Analysis NuGet 1.0.0 docs GitHub 1.0.0

Key Vault - Administration NuGet 4.5.0 docs GitHub 4.5.0

NuGet 4.6.0- GitHub 4.6.0-
beta.1 beta.1

Key Vault - Certificates NuGet 4.7.0 docs GitHub 4.7.0

NuGet 4.8.0- GitHub 4.8.0-
beta.1 beta.1

Key Vault - Keys NuGet 4.7.0 docs GitHub 4.7.0

NuGet 4.8.0- GitHub 4.8.0-
beta.1 beta.1

Key Vault - Secrets NuGet 4.7.0 docs GitHub 4.7.0

NuGet 4.8.0- GitHub 4.8.0-
beta.1 beta.1

Language Text NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

Load Testing NuGet 1.0.2 docs GitHub 1.0.2

Maps Common NuGet 1.0.0- docs GitHub 1.0.0-

beta.4 beta.4

Maps Geolocation NuGet 1.0.0- docs GitHub 1.0.0-

beta.3 beta.3

Maps Render NuGet 2.0.0- docs GitHub 2.0.0-

beta.1 beta.1

Maps Route NuGet 1.0.0- docs GitHub 1.0.0-

beta.4 beta.4

Maps Search NuGet 2.0.0- docs GitHub 2.0.0-

beta.5 beta.5
Name Package Docs Source

Media Analytics Edge NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Metrics Advisor NuGet 1.1.0 docs GitHub 1.1.0

Microsoft Playwright Testing NuGet 1.0.0- docs GitHub 1.0.0-

beta.4 beta.4

Microsoft.Azure.WebJobs.Extensions.AuthenticationEvents NuGet 1.0.1 docs GitHub 1.0.1

Microsoft.Azure.WebPubSub.AspNetCore NuGet 1.4.0 docs GitHub 1.4.0

Microsoft.Azure.WebPubSub.Common NuGet 1.4.0 docs GitHub 1.4.0

Mixed Reality Authentication NuGet 1.2.0 docs GitHub 1.2.0

Models Repository NuGet 1.0.0- docs GitHub 1.0.0-

preview.6 preview.6

Monitor Ingestion NuGet 1.1.2 docs GitHub 1.1.2

Monitor Query NuGet 1.6.0 docs GitHub 1.6.0

NUnit ? Microsoft Playwright Testing NuGet 1.0.0- docs GitHub 1.0.0-

beta.4 beta.4

OpenAI Assistants NuGet 1.0.0- docs GitHub 1.0.0-

beta.4 beta.4

OpenAI Inference NuGet 2.1.0 docs GitHub 2.1.0

NuGet 2.2.0- GitHub 2.2.0-
beta.4 beta.4

OpenTelemetry AspNetCore NuGet 1.2.0 docs GitHub 1.2.0

NuGet 1.3.0- GitHub 1.3.0-
beta.3 beta.3

OpenTelemetry Exporter NuGet 1.3.0 docs GitHub 1.3.0

NuGet 1.4.0- GitHub 1.4.0-
beta.3 beta.3

OpenTelemetry LiveMetrics NuGet 1.0.0- docs GitHub 1.0.0-

beta.3 beta.3

Personalizer NuGet 2.0.0- docs GitHub 2.0.0-

beta.2 beta.2

Programmable Connectivity NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1
Name Package Docs Source

Provisioning NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - Resources NuGet 0.2.0 docs GitHub 0.2.0

Purview Account NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Purview Administration NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Purview Catalog NuGet 1.0.0- docs GitHub 1.0.0-

beta.4 beta.4

Purview Data Map NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

Purview Scanning NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

Purview Share NuGet 1.0.3- docs GitHub 1.0.3-

beta.20 beta.20

Purview Sharing NuGet 1.0.0- docs GitHub 1.0.0-

beta.3 beta.3

Purview Workflow NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

Quantum Jobs NuGet 1.0.0- docs GitHub 1.0.0-

beta.3 beta.3

Question Answering NuGet 1.1.0 docs GitHub 1.1.0

Schema Registry NuGet 1.4.0 docs GitHub 1.4.0

Schema Registry - Avro NuGet 1.0.1 docs GitHub 1.0.1

Service Bus NuGet 7.19.0 docs GitHub 7.19.0

Storage - Blobs NuGet 12.24.0 docs GitHub 12.24.0

Storage - Blobs Batch NuGet 12.21.0 docs GitHub 12.21.0

Storage - Blobs ChangeFeed NuGet 12.0.0- docs GitHub 12.0.0-

preview.54 preview.54

Storage - Files Data Lake NuGet 12.22.0 docs GitHub 12.22.0

Storage - Files Share NuGet 12.22.0 docs GitHub 12.22.0

Storage - Queues NuGet 12.22.0 docs GitHub 12.22.0

Name Package Docs Source

Synapse - AccessControl NuGet 1.0.0- docs GitHub 1.0.0-

preview.5 preview.5

Synapse - Artifacts NuGet 1.0.0- docs GitHub 1.0.0-

preview.21 preview.21

Synapse - Managed Private Endpoints NuGet 1.0.0- docs GitHub 1.0.0-

beta.5 beta.5

Synapse - Monitoring NuGet 1.0.0- docs GitHub 1.0.0-

beta.3 beta.3

Synapse - Spark NuGet 1.0.0- docs GitHub 1.0.0-

preview.8 preview.8

System Events NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

System.ClientModel NuGet 1.4.0 docs GitHub 1.4.0

Tables NuGet 12.10.0 docs GitHub 12.10.0

Text Analytics NuGet 5.3.0 docs GitHub 5.3.0

Text Authoring NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Text Translation NuGet 1.0.0 docs GitHub 1.0.0

Time Series Insights NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

TimeZone NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

unknown NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

unknown NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

unknown NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

unknown NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Video Analyzer Edge NuGet 1.0.0- docs GitHub 1.0.0-

beta.6 beta.6
Name Package Docs Source

Vision Common NuGet 0.15.1- GitHub 0.15.1-

beta.1 beta.1

WCF Storage Queues NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Web PubSub NuGet 1.5.0 docs GitHub 1.5.0

Web PubSub Client NuGet 1.0.0 docs GitHub 1.0.0

Azure client library integration for ASP.NET Core NuGet 1.11.0 docs GitHub 1.11.0

Blob Storage Key Store for .NET Data Protection NuGet 1.5.0 docs GitHub 1.5.0

CloudNative CloudEvents with Event Grid NuGet 1.0.0 docs GitHub 1.0.0

Core - Client - Spatial NuGet 1.1.0 docs GitHub 1.1.0

NuGet 1.2.0- GitHub 1.2.0-
beta.1 beta.1

Core - Client - Spatial Newtonsoft Json NuGet 1.0.0 docs GitHub 1.0.0
NuGet 1.1.0- GitHub 1.1.0-
beta.1 beta.1

Functions extension for Azure Tables NuGet 1.3.3 docs GitHub 1.3.3

Key Encryptor for .NET Data Protection NuGet 1.4.0 docs GitHub 1.4.0

Secrets Configuration Provider for .NET NuGet 1.4.0 docs GitHub 1.4.0

Storage - Common NuGet 12.23.0 docs GitHub 12.23.0

WebJobs Extensions - Event Grid NuGet 3.4.4 docs GitHub 3.4.4

WebJobs Extensions - Event Hubs NuGet 6.5.1 docs GitHub 6.5.1

WebJobs Extensions - Service Bus NuGet 5.16.6 docs GitHub 5.16.6

WebJobs Extensions - SignalR Service NuGet 2.0.1 docs GitHub 2.0.1

WebJobs Extensions - Storage NuGet 5.3.4 docs GitHub 5.3.4

WebJobs Extensions - Web PubSub NuGet 1.8.0 docs GitHub 1.8.0

Functions extension for Blob Storage NuGet 5.3.4 docs GitHub 5.3.4

Functions extension for Storage Queues NuGet 5.3.4 docs GitHub 5.3.4

Functions extension for WebPubSub for SocketIO NuGet 1.0.0- docs GitHub 1.0.0-
beta.4 beta.4
Name Package Docs Source

Provisioning - App Configuration NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - App Containers NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - App Service NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - Application Insights NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - Cognitive Services NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - Communication NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

Provisioning - Container Registry NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - Container Service NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

Provisioning - CosmosDB NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - Deployment NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

Provisioning - Event Grid NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - Event Hubs NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - Key Vault NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - Kubernetes NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

Provisioning - Kubernetes Configuration NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

Provisioning - Operational Insights NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - PostgreSQL NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - Redis NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - Search NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - Service Bus NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - SignalR NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - SQL NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - Storage NuGet 1.0.0 docs GitHub 1.0.0

Name Package Docs Source

Provisioning - WebPubSub NuGet 1.0.0 docs GitHub 1.0.0

Resource Management - Advisor NuGet 1.0.0- docs GitHub 1.0.0-

beta.5 beta.5

Resource Management - Agricultureplatform NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Resource Management - Agrifood NuGet 1.0.0- docs GitHub 1.0.0-

beta.5 beta.5

Resource Management - Alerts Management NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Analysis NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - API Center NuGet 1.0.0- docs GitHub 1.0.0-

beta.3 beta.3

Resource Management - API Management NuGet 1.2.0 docs GitHub 1.2.0

NuGet 1.3.0- GitHub 1.3.0-
beta.2 beta.2

Resource Management - App Compliance Automation NuGet 1.0.1 docs GitHub 1.0.1

Resource Management - App Configuration NuGet 1.4.0 docs GitHub 1.4.0

Resource Management - App Platform NuGet 1.1.2 docs GitHub 1.1.2

Resource Management - App Service NuGet 1.3.0 docs GitHub 1.3.0

Resource Management - Application Insights NuGet 1.0.1 docs GitHub 1.0.1

Resource Management - Arc ScVmm NuGet 1.0.0- docs GitHub 1.0.0-

beta.4 beta.4

Resource Management - Arizeaiobservabilityeval NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Resource Management - Astro NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

Resource Management - Attestation NuGet 1.0.0- docs GitHub 1.0.0-

beta.5 beta.5

Resource Management - Authorization NuGet 1.1.4 docs GitHub 1.1.4

Resource Management - Automanage NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Automation NuGet 1.1.1 docs GitHub 1.1.1

Name Package Docs Source

Resource Management - Azure AI Search NuGet 1.2.3 docs GitHub 1.2.3

NuGet 1.3.0- GitHub 1.3.0-
beta.5 beta.5

Resource Management - Azure Stack HCI NuGet 1.2.1 docs GitHub 1.2.1

Resource Management - Azure VMware Solution NuGet 1.4.0 docs GitHub 1.4.0

Resource Management - Batch NuGet 1.5.0 docs GitHub 1.5.0

Resource Management - Billing NuGet 1.2.1 docs GitHub 1.2.1

Resource Management - Billing Benefits NuGet 1.0.0- docs GitHub 1.0.0-

beta.4 beta.4

Resource Management - Blueprint NuGet 1.0.0- docs GitHub 1.0.0-

beta.5 beta.5

Resource Management - Bot Service NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Change Analysis NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Chaos NuGet 1.0.0 docs GitHub 1.0.0

NuGet 1.1.0- GitHub 1.1.0-
beta.3 beta.3

Resource Management - Cognitive Services NuGet 1.4.0 docs GitHub 1.4.0

Resource Management - Communication NuGet 1.2.1 docs GitHub 1.2.1

Resource Management - Compute NuGet 1.9.0 docs GitHub 1.9.0

Resource Management - Compute Fleet NuGet 1.0.0 docs GitHub 1.0.0

Resource Management - Compute Schedule NuGet 1.0.0 docs GitHub 1.0.0

Resource Management - Confidential Ledger NuGet 1.0.1 docs GitHub 1.0.1

NuGet 1.1.0- GitHub 1.1.0-
beta.5 beta.5

Resource Management - Confluent NuGet 1.2.1 docs GitHub 1.2.1

Resource Management - Connected VMware vSphere NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Consumption NuGet 1.0.1 docs GitHub 1.0.1

NuGet 1.1.0- GitHub 1.1.0-
beta.3 beta.3

Resource Management - Container Apps NuGet 1.3.0 docs GitHub 1.3.0

NuGet 1.4.0- GitHub 1.4.0-
Name Package Docs Source

beta.1 beta.1

Resource Management - Container Instances NuGet 1.2.1 docs GitHub 1.2.1

NuGet 1.3.0- GitHub 1.3.0-
beta.1 beta.1

Resource Management - Container Orchestrator Runtime NuGet 1.0.0- docs GitHub 1.0.0-
beta.1 beta.1

Resource Management - Container Registry NuGet 1.3.0 docs GitHub 1.3.0

Resource Management - Container Service NuGet 1.2.3 docs GitHub 1.2.3

Resource Management - Container Service Fleet NuGet 1.1.0 docs GitHub 1.1.0

Resource Management - Content Delivery Network NuGet 1.3.1 docs GitHub 1.3.1

Resource Management - Cosmos DB NuGet 1.3.2 docs GitHub 1.3.2

NuGet 1.4.0- GitHub 1.4.0-
beta.12 beta.12

Resource Management - Cosmos DB for PostgreSQL NuGet 1.0.0 docs GitHub 1.0.0
NuGet 1.1.0- GitHub 1.1.0-
beta.2 beta.2

Resource Management - Costmanagement NuGet 1.0.2 docs GitHub 1.0.2

Resource Management - Customer Insights NuGet 1.0.0- docs GitHub 1.0.0-

beta.5 beta.5

Resource Management - Data Box NuGet 1.1.0 docs GitHub 1.1.0

Resource Management - Data Box Edge NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Data Factory NuGet 1.7.0 docs GitHub 1.7.0

Resource Management - Data Lake Analytics NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Data Lake Store NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Data Migration NuGet 1.0.0- docs GitHub 1.0.0-

beta.5 beta.5

Resource Management - Data Protection NuGet 1.6.0 docs GitHub 1.6.0

Resource Management - Data Share NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Database Fleet Manager NuGet 1.0.0- docs GitHub 1.0.0-
beta.1 beta.1
Name Package Docs Source

Resource Management - Database Watcher NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Resource Management - Datadog NuGet 1.0.0- docs GitHub 1.0.0-

beta.5 beta.5

Resource Management - Defender EASM NuGet 1.0.0- docs GitHub 1.0.0-

beta.3 beta.3

Resource Management - Deployment Manager NuGet 1.0.0- docs GitHub 1.0.0-

beta.3 beta.3

Resource Management - Desktop Virtualization NuGet 1.3.1 docs GitHub 1.3.1

Resource Management - Dev Center NuGet 1.0.2 docs GitHub 1.0.2

Resource Management - Dev Spaces NuGet 1.0.0- docs GitHub 1.0.0-

beta.5 beta.5

Resource Management - Device Provisioning Services NuGet 1.2.1 docs GitHub 1.2.1

Resource Management - Device Registry NuGet 1.0.0 docs GitHub 1.0.0

Resource Management - Device Update NuGet 1.0.1 docs GitHub 1.0.1

Resource Management - DevOps Infrastructure NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Resource Management - DevTest Labs NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Digital Twins NuGet 1.3.1 docs GitHub 1.3.1

Resource Management - DNS NuGet 1.1.1 docs GitHub 1.1.1

NuGet 1.2.0- GitHub 1.2.0-
beta.2 beta.2

Resource Management - DNS Resolver NuGet 1.1.0 docs GitHub 1.1.0

NuGet 1.2.0- GitHub 1.2.0-
beta.1 beta.1

Resource Management - Durabletask NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Resource Management - Dynatrace NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Edge Order NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Edge Zones NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2
Name Package Docs Source

Resource Management - Elastic NuGet 1.0.0 docs GitHub 1.0.0

Resource Management - ElasticSan NuGet 1.1.0 docs GitHub 1.1.0

NuGet 1.2.0- GitHub 1.2.0-
beta.2 beta.2

Resource Management - Energy Services NuGet 1.0.0- docs GitHub 1.0.0-

beta.3 beta.3

Resource Management - Event Grid NuGet 1.1.0 docs GitHub 1.1.0

Resource Management - Event Hubs NuGet 1.1.0 docs GitHub 1.1.0

NuGet 1.2.0- GitHub 1.2.0-
beta.1 beta.1

Resource Management - Extended Location NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Fabric NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

Resource Management - Fluid Relay NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Front Door NuGet 1.3.1 docs GitHub 1.3.1

Resource Management - Graph Services NuGet 1.1.2 docs GitHub 1.1.2

Resource Management - Guest Configuration NuGet 1.2.1 docs GitHub 1.2.1

Resource Management - Hardware Security Modules NuGet 1.0.0- docs GitHub 1.0.0-
beta.4 beta.4

Resource Management - HDInsight NuGet 1.1.0 docs GitHub 1.1.0

NuGet 1.2.0- GitHub 1.2.0-
beta.4 beta.4

Resource Management - HDInsight Containers NuGet 1.0.0- docs GitHub 1.0.0-

beta.5 beta.5

Resource Management - Health Bot NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Health Data AI Services NuGet 1.0.0 docs GitHub 1.0.0

Resource Management - Healthcare APIs NuGet 1.3.1 docs GitHub 1.3.1

Resource Management - Hybrid Compute NuGet 1.0.0 docs GitHub 1.0.0

NuGet 1.1.0- GitHub 1.1.0-
beta.1 beta.1

Resource Management - Hybrid Connectivity NuGet 1.1.0 docs GitHub 1.1.0

Name Package Docs Source

Resource Management - Hybrid Container Service NuGet 1.0.1 docs GitHub 1.0.1

Resource Management - Hybrid Data NuGet 1.0.1 docs GitHub 1.0.1

NuGet 1.1.0-
beta.1

Resource Management - Hybrid Kubernetes NuGet 1.0.0- docs GitHub 1.0.0-

beta.5 beta.5

Resource Management - Hybrid Network NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

Resource Management - Informatica Data Management NuGet 1.0.0- docs GitHub 1.0.0-
beta.1 beta.1

Resource Management - IoT Central NuGet 1.0.1 docs GitHub 1.0.1

NuGet 1.1.0- GitHub 1.1.0-
beta.3 beta.3

Resource Management - IoT Firmware Defense NuGet 1.0.1 docs GitHub 1.0.1

Resource Management - IoT Hub NuGet 1.1.1 docs GitHub 1.1.1

NuGet 1.2.0- GitHub 1.2.0-
beta.1 beta.1

Resource Management - IoT Operations NuGet 1.0.0 docs GitHub 1.0.0

Resource Management - Key Vault NuGet 1.3.2 docs GitHub 1.3.2

Resource Management - Kubernetes Configuration NuGet 1.2.0 docs GitHub 1.2.0

Resource Management - Kusto NuGet 1.6.0 docs GitHub 1.6.0

Resource Management - Lab Services NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Lambdatesthyperexecute NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Resource Management - Large Instance NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

Resource Management - Load Testing NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Log Analytics NuGet 1.3.0 docs GitHub 1.3.0

Resource Management - Logic Apps NuGet 1.1.0 docs GitHub 1.1.0

NuGet 1.2.0- GitHub 1.2.0-
beta.1 beta.1

Resource Management - Machine Learning NuGet 1.2.2 docs GitHub 1.2.2

Name Package Docs Source

Resource Management - Machine Learning Compute NuGet 1.0.0- docs GitHub 1.0.0-
beta.5 beta.5

Resource Management - Maintenance NuGet 1.1.2 docs GitHub 1.1.2

NuGet 1.2.0- GitHub 1.2.0-
beta.9 beta.9

Resource Management - Managed Grafana NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Managed Network NuGet 1.0.0- docs GitHub 1.0.0-

beta.5 beta.5

Resource Management - Managed Network Fabric NuGet 1.1.2 docs GitHub 1.1.2

Resource Management - Managed Service Identity NuGet 1.2.3 docs GitHub 1.2.3
NuGet 1.3.0- GitHub 1.3.0-
beta.1 beta.1

Resource Management - Managed Services NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Management Partner NuGet 1.0.0- docs GitHub 1.0.0-

beta.5 beta.5

Resource Management - Maps NuGet 1.1.0 docs GitHub 1.1.0

Resource Management - Marketplace NuGet 1.1.2 docs GitHub 1.1.2

Resource Management - Marketplace Ordering NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Media NuGet 1.3.1 docs GitHub 1.3.1

Resource Management - Migration Assessment NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Resource Management - Migration Discovery SAP NuGet 1.0.0- docs GitHub 1.0.0-
beta.2 beta.2

Resource Management - Mixed Reality NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Mobile Network NuGet 1.2.0 docs GitHub 1.2.0

Resource Management - Mongo Cluster NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Resource Management - Monitor NuGet 1.3.1 docs GitHub 1.3.1

NuGet 1.4.0- GitHub 1.4.0-
beta.3 beta.3

Resource Management - MySQL NuGet 1.1.1 docs GitHub 1.1.1

Name Package Docs Source

Resource Management - Neon Postgres NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Resource Management - NetApp Files NuGet 1.9.0 docs GitHub 1.9.0

Resource Management - Network NuGet 1.10.0 docs GitHub 1.10.0

NuGet 1.11.0- GitHub 1.11.0-
beta.1 beta.1

Resource Management - Network Analytics NuGet 1.0.1 docs GitHub 1.0.1

Resource Management - Network Cloud NuGet 1.1.0 docs GitHub 1.1.0

NuGet 1.2.0- GitHub 1.2.0-
beta.1 beta.1

Resource Management - Network Function NuGet 1.0.0- docs GitHub 1.0.0-

beta.5 beta.5

Resource Management - New Relic Observability NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Nginx NuGet 1.0.0 docs GitHub 1.0.0

NuGet 1.1.0- GitHub 1.1.0-
beta.3 beta.3

Resource Management - Notification Hubs NuGet 1.1.1 docs GitHub 1.1.1

NuGet 1.2.0- GitHub 1.2.0-
beta.2 beta.2

Resource Management - Oracle Database NuGet 1.0.1 docs GitHub 1.0.1

Resource Management - Orbital NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Palo Alto Networks - Next NuGet 1.1.1 docs GitHub 1.1.1
Generation Firewall

Resource Management - Peering NuGet 1.2.2 docs GitHub 1.2.2

Resource Management - Pineconevectordb NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Resource Management - Playwright Testing NuGet 1.0.0 docs GitHub 1.0.0

Resource Management - Policy Insights NuGet 1.2.1 docs GitHub 1.2.1

Resource Management - Portalservicescopilot NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Resource Management - PostgreSQL NuGet 1.2.0 docs GitHub 1.2.0

Resource Management - Power BI Dedicated NuGet 1.0.0- docs GitHub 1.0.0-

Name Package Docs Source

beta.5 beta.5

Resource Management - Private DNS NuGet 1.2.1 docs GitHub 1.2.1

Resource Management - Provider Hub NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Purview NuGet 1.1.0 docs GitHub 1.1.0

NuGet 1.2.0- GitHub 1.2.0-
beta.2 beta.2

Resource Management - Quantum NuGet 1.0.0- docs GitHub 1.0.0-

beta.6 beta.6

Resource Management - Qumulo NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Quota NuGet 1.1.0 docs GitHub 1.1.0

Resource Management - Recovery Services NuGet 1.1.1 docs GitHub 1.1.1

NuGet 1.2.0- GitHub 1.2.0-
beta.1 beta.1

Resource Management - Recovery Services Backup NuGet 1.3.0 docs GitHub 1.3.0

Resource Management - Recovery Services Data Replication NuGet 1.0.0 docs GitHub 1.0.0

Resource Management - Recovery Services Site Recovery NuGet 1.2.1 docs GitHub 1.2.1

Resource Management - Redis NuGet 1.5.0 docs GitHub 1.5.0

Resource Management - Redis Enterprise NuGet 1.1.0 docs GitHub 1.1.0

NuGet 1.2.0- GitHub 1.2.0-
beta.3 beta.3

Resource Management - Redis Enterprise Cache NuGet 1.0.0- docs GitHub 1.0.0-
beta.1 beta.1

Resource Management - Relay NuGet 1.2.1 docs GitHub 1.2.1

Resource Management - Reservations NuGet 1.4.1 docs GitHub 1.4.1

Resource Management - Resource Connector NuGet 1.0.0- docs GitHub 1.0.0-

beta.3 beta.3

Resource Management - Resource Graph NuGet 1.0.1 docs GitHub 1.0.1

NuGet 1.1.0- GitHub 1.1.0-
beta.3 beta.3

Resource Management - Resource Health NuGet 1.0.0 docs GitHub 1.0.0

NuGet 1.1.0- GitHub 1.1.0-
beta.4 beta.4
Name Package Docs Source

Resource Management - Resource Manager NuGet 1.13.1 docs GitHub 1.13.1

Resource Management - Resource Mover NuGet 1.1.1 docs GitHub 1.1.1

NuGet 1.1.2- GitHub 1.1.2-
beta.2 beta.2

Resource Management - Resources NuGet 1.9.1 docs GitHub 1.9.1

Resource Management - ScVmm NuGet 1.0.0- docs GitHub 1.0.0-

beta.6 beta.6

Resource Management - Security NuGet 1.1.0 docs GitHub 1.1.0

NuGet 1.2.0- GitHub 1.2.0-
beta.6 beta.6

Resource Management - Security DevOps NuGet 1.0.0- docs GitHub 1.0.0-

beta.5 beta.5

Resource Management - Security Insights NuGet 1.1.0 docs GitHub 1.1.0

NuGet 1.2.0- GitHub 1.2.0-
beta.2 beta.2

Resource Management - Self Help NuGet 1.0.0 docs GitHub 1.0.0

NuGet 1.1.0- GitHub 1.1.0-
beta.5 beta.5

Resource Management - Service Bus NuGet 1.1.0 docs GitHub 1.1.0

Resource Management - Service Fabric NuGet 1.1.0 docs GitHub 1.1.0

NuGet 1.2.0- GitHub 1.2.0-
beta.2 beta.2

Resource Management - Service Fabric Managed Clusters NuGet 1.2.0 docs GitHub 1.2.0
NuGet 1.3.0- GitHub 1.3.0-
beta.2 beta.2

Resource Management - Service Linker NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Service Networking NuGet 1.1.0 docs GitHub 1.1.0

Resource Management - SignalR NuGet 1.1.3 docs GitHub 1.1.3

Resource Management - Sphere NuGet 1.0.1 docs GitHub 1.0.1

Resource Management - Spring App Discovery NuGet 1.0.0- docs GitHub 1.0.0-
beta.2 beta.2

Resource Management - SQL NuGet 1.2.1 docs GitHub 1.2.1

NuGet 1.3.0- GitHub 1.3.0-
beta.10 beta.10
Name Package Docs Source

Resource Management - SQL Virtual Machine NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Standby Pool NuGet 1.0.0 docs GitHub 1.0.0

Resource Management - Storage NuGet 1.4.2 docs GitHub 1.4.2

Resource Management - Storage Actions NuGet 1.0.0- docs GitHub 1.0.0-

beta.3 beta.3

Resource Management - Storage Cache NuGet 1.3.1 docs GitHub 1.3.1

Resource Management - Storage Mover NuGet 1.2.1 docs GitHub 1.2.1

Resource Management - Storage Pool NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Storage Sync NuGet 1.3.0 docs GitHub 1.3.0

Resource Management - Stream Analytics NuGet 1.2.1 docs GitHub 1.2.1

Resource Management - Subscriptions NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Support NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Synapse NuGet 1.2.1 docs GitHub 1.2.1

Resource Management - Terraform NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Resource Management - Traffic Manager NuGet 1.1.3 docs GitHub 1.1.3

Resource Management - Trusted Signing NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

Resource Management - Voice Services NuGet 1.0.2 docs GitHub 1.0.2

Resource Management - Web PubSub NuGet 1.1.0 docs GitHub 1.1.0

NuGet 1.2.0- GitHub 1.2.0-
beta.2 beta.2

Resource Management - Weightsandbiases NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Resource Management - Workload Monitor NuGet 1.0.0- docs GitHub 1.0.0-

beta.5 beta.5

Resource Management - Workloads NuGet 1.1.1 docs GitHub 1.1.1

NuGet 1.2.0- GitHub 1.2.0-
beta.1 beta.1
All libraries
ﾉ Expand table

Name Package Docs Source

AI Foundry NuGet 1.0.0- docs GitHub 1.0.0-

beta.8 beta.8

AI Model Inference NuGet 1.0.0- docs GitHub 1.0.0-

beta.4 beta.4

Anomaly Detector NuGet 3.0.0- docs GitHub 3.0.0-

preview.7 preview.7

App Configuration NuGet 1.6.0 docs GitHub 1.6.0

App Configuration Provider NuGet 8.1.2 docs GitHub 8.1.2

NuGet 8.2.0-
preview

Attestation NuGet 1.0.0 docs GitHub 1.0.0

Azure AI Search NuGet docs GitHub

11.6.0 11.6.0
NuGet 11.7.0- GitHub
beta.3 11.7.0-beta.3

Azure Object Anchors Conversion NuGet 0.3.0- docs GitHub 0.3.0-

beta.6 beta.6

Azure Remote Rendering NuGet 1.1.0 docs GitHub 1.1.0

Azure.Core.Expressions.DataFactory NuGet 1.0.0 docs GitHub 1.0.0

Calling Server NuGet 1.0.0- docs GitHub 1.0.0-

beta.3 beta.3

Code Transparency NuGet 1.0.0- docs GitHub 1.0.0-

beta.3 beta.3

Communication Call Automation NuGet 1.3.0 docs GitHub

NuGet 1.4.0- 1.3.0
beta.2 GitHub 1.4.0-
beta.2

Communication Chat NuGet 1.3.1 docs GitHub 1.3.1

Communication Common NuGet 1.3.0 docs GitHub

NuGet 2.0.0- 1.3.0
beta.1
Name Package Docs Source

GitHub 2.0.0-
beta.1

Communication Email NuGet 1.0.1 docs GitHub

NuGet 1.1.0- 1.0.1
beta.2 GitHub 1.1.0-
beta.2

Communication Identity NuGet 1.3.1 docs GitHub 1.3.1

Communication JobRouter NuGet 1.0.0 docs GitHub

NuGet 1.1.0- 1.0.0
beta.1 GitHub 1.1.0-
beta.1

Communication Messages NuGet 1.1.0 docs GitHub

NuGet 1.3.0- 1.1.0
beta.1 GitHub 1.3.0-
beta.1

Communication Phone Numbers NuGet 1.3.0 docs GitHub 1.3.0

Communication Rooms NuGet 1.2.0 docs GitHub 1.2.0

Communication SMS NuGet 1.0.1 docs GitHub

NuGet 1.1.0- 1.0.1
beta.2 GitHub 1.1.0-
beta.2

Compute Batch NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

Confidential Ledger NuGet 1.3.0 docs GitHub

NuGet 1.4.1- 1.3.0
beta.2 GitHub 1.4.1-
beta.2

Container Registry NuGet 1.2.0 docs GitHub 1.2.0

Content Safety NuGet 1.0.0 docs GitHub 1.0.0

Conversational Language Understanding NuGet 1.1.0 docs GitHub

NuGet 2.0.0- 1.1.0
beta.2 GitHub 2.0.0-
beta.2

Conversations Authoring NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Core - Client - AMQP NuGet 1.3.1 docs GitHub 1.3.1

Name Package Docs Source

Core - Client - Core NuGet 1.45.0 docs GitHub

1.45.0

Core Newtonsoft Json NuGet 2.0.0 docs GitHub 2.0.0

Core WCF Storage Queues NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Data Movement NuGet 12.1.0 docs GitHub

12.1.0

Data Movement - Blobs NuGet 12.1.0 docs GitHub

12.1.0

Data Movement - Files Shares NuGet 12.1.0 docs GitHub

12.1.0

Defender EASM NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Dev Center NuGet 1.0.0 docs GitHub 1.0.0

Device Update NuGet 1.0.0 docs GitHub 1.0.0

Digital Twins NuGet 1.4.0 docs GitHub 1.4.0

Document Intelligence NuGet 1.0.0 docs GitHub 1.0.0

Document Translation NuGet 2.0.0 docs GitHub 2.0.0

Event Grid NuGet 4.30.0 docs GitHub

4.30.0

Event Grid Namespaces NuGet 1.0.0 docs GitHub 1.0.0

Event Hubs NuGet 5.12.1 docs GitHub

5.12.1

Event Hubs - Event Processor NuGet 5.12.1 docs GitHub

5.12.1

Face NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

FarmBeats NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

Form Recognizer NuGet 4.1.0 docs GitHub 4.1.0

Functions Extensions - WebPubSub NuGet 1.7.0 docs GitHub 1.7.0

Name Package Docs Source

Health Deidentification NuGet 1.0.0 docs GitHub 1.0.0

Health Insights Cancer Profiling NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Health Insights Clinical Matching NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Health Insights Radiology Insights NuGet 1.0.0 docs GitHub 1.0.0

Identity NuGet docs GitHub

1.13.2 1.13.2
NuGet 1.14.0- GitHub
beta.4 1.14.0-beta.4

Identity Broker NuGet 1.2.0 docs GitHub

NuGet 1.3.0- 1.2.0
beta.2 GitHub 1.3.0-
beta.2

Image Analysis NuGet 1.0.0 docs GitHub 1.0.0

Key Vault - Administration NuGet 4.5.0 docs GitHub

NuGet 4.6.0- 4.5.0
beta.1 GitHub 4.6.0-
beta.1

Key Vault - Certificates NuGet 4.7.0 docs GitHub

NuGet 4.8.0- 4.7.0
beta.1 GitHub 4.8.0-
beta.1

Key Vault - Keys NuGet 4.7.0 docs GitHub

NuGet 4.8.0- 4.7.0
beta.1 GitHub 4.8.0-
beta.1

Key Vault - Secrets NuGet 4.7.0 docs GitHub

NuGet 4.8.0- 4.7.0
beta.1 GitHub 4.8.0-
beta.1

Language Text NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

Load Testing NuGet 1.0.2 docs GitHub 1.0.2

Maps Common NuGet 1.0.0- docs GitHub 1.0.0-

beta.4 beta.4
Name Package Docs Source

Maps Geolocation NuGet 1.0.0- docs GitHub 1.0.0-

beta.3 beta.3

Maps Render NuGet 2.0.0- docs GitHub 2.0.0-

beta.1 beta.1

Maps Route NuGet 1.0.0- docs GitHub 1.0.0-

beta.4 beta.4

Maps Search NuGet 2.0.0- docs GitHub 2.0.0-

beta.5 beta.5

Media Analytics Edge NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Metrics Advisor NuGet 1.1.0 docs GitHub 1.1.0

Microsoft Playwright Testing NuGet 1.0.0- docs GitHub 1.0.0-

beta.4 beta.4

Microsoft.Azure.WebJobs.Extensions.AuthenticationEvents NuGet 1.0.1 docs GitHub 1.0.1

Microsoft.Azure.WebPubSub.AspNetCore NuGet 1.4.0 docs GitHub 1.4.0

Microsoft.Azure.WebPubSub.Common NuGet 1.4.0 docs GitHub 1.4.0

Mixed Reality Authentication NuGet 1.2.0 docs GitHub 1.2.0

Models Repository NuGet 1.0.0- docs GitHub 1.0.0-

preview.6 preview.6

Monitor Ingestion NuGet 1.1.2 docs GitHub 1.1.2

Monitor Query NuGet 1.6.0 docs GitHub 1.6.0

NUnit ? Microsoft Playwright Testing NuGet 1.0.0- docs GitHub 1.0.0-

beta.4 beta.4

OpenAI Assistants NuGet 1.0.0- docs GitHub 1.0.0-

beta.4 beta.4

OpenAI Inference NuGet 2.1.0 docs GitHub

NuGet 2.2.0- 2.1.0
beta.4 GitHub 2.2.0-
beta.4

OpenTelemetry AspNetCore NuGet 1.2.0 docs GitHub

NuGet 1.3.0- 1.2.0
beta.3 GitHub 1.3.0-
beta.3
Name Package Docs Source

OpenTelemetry Exporter NuGet 1.3.0 docs GitHub

NuGet 1.4.0- 1.3.0
beta.3 GitHub 1.4.0-
beta.3

Personalizer NuGet 2.0.0- docs GitHub 2.0.0-

beta.2 beta.2

Programmable Connectivity NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Provisioning NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - Resources NuGet 0.2.0 docs GitHub 0.2.0

Purview Account NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Purview Administration NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Purview Data Map NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

Purview Scanning NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

Purview Sharing NuGet 1.0.0- docs GitHub 1.0.0-

beta.3 beta.3

Purview Workflow NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

Quantum Jobs NuGet 1.0.0- docs GitHub 1.0.0-

beta.3 beta.3

Question Answering NuGet 1.1.0 docs GitHub 1.1.0

Schema Registry NuGet 1.4.0 docs GitHub 1.4.0

Schema Registry - Avro NuGet 1.0.1 docs GitHub 1.0.1

Service Bus NuGet 7.19.0 docs GitHub

7.19.0

Storage - Blobs NuGet 12.24.0 docs GitHub

12.24.0

Storage - Blobs Batch NuGet 12.21.0 docs GitHub

12.21.0
Name Package Docs Source

Storage - Blobs ChangeFeed NuGet 12.0.0- docs GitHub

preview.54 12.0.0-
preview.54

Storage - Files Data Lake NuGet 12.22.0 docs GitHub

12.22.0

Storage - Files Share NuGet 12.22.0 docs GitHub

12.22.0

Storage - Queues NuGet 12.22.0 docs GitHub

12.22.0

Synapse - AccessControl NuGet 1.0.0- docs GitHub 1.0.0-

preview.5 preview.5

Synapse - Artifacts NuGet 1.0.0- docs GitHub 1.0.0-

preview.21 preview.21

Synapse - Managed Private Endpoints NuGet 1.0.0- docs GitHub 1.0.0-

beta.5 beta.5

Synapse - Monitoring NuGet 1.0.0- docs GitHub 1.0.0-

beta.3 beta.3

Synapse - Spark NuGet 1.0.0- docs GitHub 1.0.0-

preview.8 preview.8

System Events NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

System.ClientModel NuGet 1.4.0 docs GitHub 1.4.0

Tables NuGet 12.10.0 docs GitHub

12.10.0

Text Analytics NuGet 5.3.0 docs GitHub 5.3.0

Text Authoring NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Text Translation NuGet 1.0.0 docs GitHub 1.0.0

Time Series Insights NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

TimeZone NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

unknown NuGet 1.0.0- docs GitHub 1.0.0-

Name Package Docs Source

beta.1 beta.1

unknown NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

unknown NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

unknown NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Vision Common NuGet 0.15.1- GitHub

beta.1 0.15.1-beta.1

WCF Storage Queues NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Web PubSub NuGet 1.5.0 docs GitHub 1.5.0

Web PubSub Client NuGet 1.0.0 docs GitHub 1.0.0

Azure client library integration for ASP.NET Core NuGet 1.11.0 docs GitHub
1.11.0

Blob Storage Key Store for .NET Data Protection NuGet 1.5.0 docs GitHub 1.5.0

CloudNative CloudEvents with Event Grid NuGet 1.0.0 docs GitHub 1.0.0

Core - Client - Spatial NuGet 1.1.0 docs GitHub

NuGet 1.2.0- 1.1.0
beta.1 GitHub 1.2.0-
beta.1

Core - Client - Spatial Newtonsoft Json NuGet 1.0.0 docs GitHub

NuGet 1.1.0- 1.0.0
beta.1 GitHub 1.1.0-
beta.1

Functions extension for Azure Tables NuGet 1.3.3 docs GitHub 1.3.3

Key Encryptor for .NET Data Protection NuGet 1.4.0 docs GitHub 1.4.0

Secrets Configuration Provider for .NET NuGet 1.4.0 docs GitHub 1.4.0

Storage - Common NuGet 12.23.0 docs GitHub

12.23.0

WebJobs Extensions - Event Grid NuGet 3.4.4 docs GitHub 3.4.4

WebJobs Extensions - Event Hubs NuGet 6.5.1 docs GitHub 6.5.1

Name Package Docs Source

WebJobs Extensions - Service Bus NuGet 5.16.6 docs GitHub

5.16.6

WebJobs Extensions - SignalR Service NuGet 2.0.1 docs GitHub 2.0.1

WebJobs Extensions - Storage NuGet 5.3.4 docs GitHub 5.3.4

WebJobs Extensions - Web PubSub NuGet 1.8.0 docs GitHub 1.8.0

Functions extension for Blob Storage NuGet 5.3.4 docs GitHub 5.3.4

Functions extension for Storage Queues NuGet 5.3.4 docs GitHub 5.3.4

Functions extension for WebPubSub for SocketIO NuGet 1.0.0- docs GitHub 1.0.0-
beta.4 beta.4

Provisioning - App Configuration NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - App Containers NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - App Service NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - Application Insights NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - Cognitive Services NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - Communication NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

Provisioning - Container Registry NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - Container Service NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

Provisioning - CosmosDB NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - Deployment NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

Provisioning - Event Grid NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - Event Hubs NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - Key Vault NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - Kubernetes NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

Provisioning - Kubernetes Configuration NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2
Name Package Docs Source

Provisioning - Operational Insights NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - PostgreSQL NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - Redis NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - Search NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - Service Bus NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - SignalR NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - SQL NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - Storage NuGet 1.0.0 docs GitHub 1.0.0

Provisioning - WebPubSub NuGet 1.0.0 docs GitHub 1.0.0

Resource Management - Advisor NuGet 1.0.0- docs GitHub 1.0.0-

beta.5 beta.5

Resource Management - Agricultureplatform NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Resource Management - Agrifood NuGet 1.0.0- docs GitHub 1.0.0-

beta.5 beta.5

Resource Management - Alerts Management NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Analysis NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - API Center NuGet 1.0.0- docs GitHub 1.0.0-

beta.3 beta.3

Resource Management - API Management NuGet 1.2.0 docs GitHub

NuGet 1.3.0- 1.2.0
beta.2 GitHub 1.3.0-
beta.2

Resource Management - App Compliance Automation NuGet 1.0.1 docs GitHub 1.0.1

Resource Management - App Configuration NuGet 1.4.0 docs GitHub 1.4.0

Resource Management - App Platform NuGet 1.1.2 docs GitHub 1.1.2

Resource Management - App Service NuGet 1.3.0 docs GitHub 1.3.0

Resource Management - Application Insights NuGet 1.0.1 docs GitHub 1.0.1

Resource Management - Arizeaiobservabilityeval NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1
Name Package Docs Source

Resource Management - Astro NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

Resource Management - Attestation NuGet 1.0.0- docs GitHub 1.0.0-

beta.5 beta.5

Resource Management - Authorization NuGet 1.1.4 docs GitHub 1.1.4

Resource Management - Automanage NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Automation NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Azure AI Search NuGet 1.2.3 docs GitHub

NuGet 1.3.0- 1.2.3
beta.5 GitHub 1.3.0-
beta.5

Resource Management - Azure Stack HCI NuGet 1.2.1 docs GitHub 1.2.1

Resource Management - Azure VMware Solution NuGet 1.4.0 docs GitHub 1.4.0

Resource Management - Batch NuGet 1.5.0 docs GitHub 1.5.0

Resource Management - Billing NuGet 1.2.1 docs GitHub 1.2.1

Resource Management - Billing Benefits NuGet 1.0.0- docs GitHub 1.0.0-

beta.4 beta.4

Resource Management - Blueprint NuGet 1.0.0- docs GitHub 1.0.0-

beta.5 beta.5

Resource Management - Bot Service NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Change Analysis NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Chaos NuGet 1.0.0 docs GitHub

NuGet 1.1.0- 1.0.0
beta.3 GitHub 1.1.0-
beta.3

Resource Management - Cognitive Services NuGet 1.4.0 docs GitHub 1.4.0

Resource Management - Communication NuGet 1.2.1 docs GitHub 1.2.1

Resource Management - Compute NuGet 1.9.0 docs GitHub 1.9.0

Resource Management - Compute Fleet NuGet 1.0.0 docs GitHub 1.0.0

Resource Management - Compute Schedule NuGet 1.0.0 docs GitHub 1.0.0

Name Package Docs Source

Resource Management - Confidential Ledger NuGet 1.0.1 docs GitHub

NuGet 1.1.0- 1.0.1
beta.5 GitHub 1.1.0-
beta.5

Resource Management - Confluent NuGet 1.2.1 docs GitHub 1.2.1

Resource Management - Connected VMware vSphere NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Consumption NuGet 1.0.1 docs GitHub

NuGet 1.1.0- 1.0.1
beta.3 GitHub 1.1.0-
beta.3

Resource Management - Container Apps NuGet 1.3.0 docs GitHub

NuGet 1.4.0- 1.3.0
beta.1 GitHub 1.4.0-
beta.1

Resource Management - Container Instances NuGet 1.2.1 docs GitHub

NuGet 1.3.0- 1.2.1
beta.1 GitHub 1.3.0-
beta.1

Resource Management - Container Orchestrator Runtime NuGet 1.0.0- docs GitHub 1.0.0-
beta.1 beta.1

Resource Management - Container Registry NuGet 1.3.0 docs GitHub 1.3.0

Resource Management - Container Service NuGet 1.2.3 docs GitHub 1.2.3

Resource Management - Container Service Fleet NuGet 1.1.0 docs GitHub 1.1.0

Resource Management - Content Delivery Network NuGet 1.3.1 docs GitHub 1.3.1

Resource Management - Cosmos DB NuGet 1.3.2 docs GitHub

NuGet 1.4.0- 1.3.2
beta.12 GitHub 1.4.0-
beta.12

Resource Management - Cosmos DB for PostgreSQL NuGet 1.0.0 docs GitHub

NuGet 1.1.0- 1.0.0
beta.2 GitHub 1.1.0-
beta.2

Resource Management - Costmanagement NuGet 1.0.2 docs GitHub 1.0.2

Resource Management - Customer Insights NuGet 1.0.0- docs GitHub 1.0.0-

beta.5 beta.5
Name Package Docs Source

Resource Management - Data Box NuGet 1.1.0 docs GitHub 1.1.0

Resource Management - Data Box Edge NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Data Factory NuGet 1.7.0 docs GitHub 1.7.0

Resource Management - Data Lake Analytics NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Data Lake Store NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Data Migration NuGet 1.0.0- docs GitHub 1.0.0-

beta.5 beta.5

Resource Management - Data Protection NuGet 1.6.0 docs GitHub 1.6.0

Resource Management - Data Share NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Database Fleet Manager NuGet 1.0.0- docs GitHub 1.0.0-
beta.1 beta.1

Resource Management - Database Watcher NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Resource Management - Datadog NuGet 1.0.0- docs GitHub 1.0.0-

beta.5 beta.5

Resource Management - Defender EASM NuGet 1.0.0- docs GitHub 1.0.0-

beta.3 beta.3

Resource Management - Deployment Manager NuGet 1.0.0- docs GitHub 1.0.0-

beta.3 beta.3

Resource Management - Desktop Virtualization NuGet 1.3.1 docs GitHub 1.3.1

Resource Management - Dev Center NuGet 1.0.2 docs GitHub 1.0.2

Resource Management - Dev Spaces NuGet 1.0.0- docs GitHub 1.0.0-

beta.5 beta.5

Resource Management - Device Provisioning Services NuGet 1.2.1 docs GitHub 1.2.1

Resource Management - Device Registry NuGet 1.0.0 docs GitHub 1.0.0

Resource Management - Device Update NuGet 1.0.1 docs GitHub 1.0.1

Resource Management - DevOps Infrastructure NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Resource Management - DevTest Labs NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Digital Twins NuGet 1.3.1 docs GitHub 1.3.1

Name Package Docs Source

Resource Management - DNS NuGet 1.1.1 docs GitHub

NuGet 1.2.0- 1.1.1
beta.2 GitHub 1.2.0-
beta.2

Resource Management - DNS Resolver NuGet 1.1.0 docs GitHub

NuGet 1.2.0- 1.1.0
beta.1 GitHub 1.2.0-
beta.1

Resource Management - Durabletask NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Resource Management - Dynatrace NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Edge Order NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Edge Zones NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

Resource Management - Elastic NuGet 1.0.0 docs GitHub 1.0.0

Resource Management - ElasticSan NuGet 1.1.0 docs GitHub

NuGet 1.2.0- 1.1.0
beta.2 GitHub 1.2.0-
beta.2

Resource Management - Energy Services NuGet 1.0.0- docs GitHub 1.0.0-

beta.3 beta.3

Resource Management - Event Grid NuGet 1.1.0 docs GitHub 1.1.0

Resource Management - Event Hubs NuGet 1.1.0 docs GitHub

NuGet 1.2.0- 1.1.0
beta.1 GitHub 1.2.0-
beta.1

Resource Management - Extended Location NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Fabric NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

Resource Management - Fluid Relay NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Front Door NuGet 1.3.1 docs GitHub 1.3.1

Resource Management - Graph Services NuGet 1.1.2 docs GitHub 1.1.2

Resource Management - Guest Configuration NuGet 1.2.1 docs GitHub 1.2.1

Name Package Docs Source

Resource Management - Hardware Security Modules NuGet 1.0.0- docs GitHub 1.0.0-
beta.4 beta.4

Resource Management - HDInsight NuGet 1.1.0 docs GitHub

NuGet 1.2.0- 1.1.0
beta.4 GitHub 1.2.0-
beta.4

Resource Management - HDInsight Containers NuGet 1.0.0- docs GitHub 1.0.0-

beta.5 beta.5

Resource Management - Health Bot NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Health Data AI Services NuGet 1.0.0 docs GitHub 1.0.0

Resource Management - Healthcare APIs NuGet 1.3.1 docs GitHub 1.3.1

Resource Management - Hybrid Compute NuGet 1.0.0 docs GitHub

NuGet 1.1.0- 1.0.0
beta.1 GitHub 1.1.0-
beta.1

Resource Management - Hybrid Connectivity NuGet 1.1.0 docs GitHub 1.1.0

Resource Management - Hybrid Container Service NuGet 1.0.1 docs GitHub 1.0.1

Resource Management - Hybrid Kubernetes NuGet 1.0.0- docs GitHub 1.0.0-

beta.5 beta.5

Resource Management - Hybrid Network NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

Resource Management - Informatica Data Management NuGet 1.0.0- docs GitHub 1.0.0-
beta.1 beta.1

Resource Management - IoT Central NuGet 1.0.1 docs GitHub

NuGet 1.1.0- 1.0.1
beta.3 GitHub 1.1.0-
beta.3

Resource Management - IoT Firmware Defense NuGet 1.0.1 docs GitHub 1.0.1

Resource Management - IoT Hub NuGet 1.1.1 docs GitHub

NuGet 1.2.0- 1.1.1
beta.1 GitHub 1.2.0-
beta.1

Resource Management - IoT Operations NuGet 1.0.0 docs GitHub 1.0.0

Resource Management - Key Vault NuGet 1.3.2 docs GitHub 1.3.2

Name Package Docs Source

Resource Management - Kubernetes Configuration NuGet 1.2.0 docs GitHub 1.2.0

Resource Management - Kusto NuGet 1.6.0 docs GitHub 1.6.0

Resource Management - Lab Services NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Lambdatesthyperexecute NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Resource Management - Large Instance NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

Resource Management - Load Testing NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Log Analytics NuGet 1.3.0 docs GitHub 1.3.0

Resource Management - Logic Apps NuGet 1.1.0 docs GitHub

NuGet 1.2.0- 1.1.0
beta.1 GitHub 1.2.0-
beta.1

Resource Management - Machine Learning NuGet 1.2.2 docs GitHub 1.2.2

Resource Management - Machine Learning Compute NuGet 1.0.0- docs GitHub 1.0.0-
beta.5 beta.5

Resource Management - Maintenance NuGet 1.1.2 docs GitHub

NuGet 1.2.0- 1.1.2
beta.9 GitHub 1.2.0-
beta.9

Resource Management - Managed Grafana NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Managed Network NuGet 1.0.0- docs GitHub 1.0.0-

beta.5 beta.5

Resource Management - Managed Network Fabric NuGet 1.1.2 docs GitHub 1.1.2

Resource Management - Managed Service Identity NuGet 1.2.3 docs GitHub

NuGet 1.3.0- 1.2.3
beta.1 GitHub 1.3.0-
beta.1

Resource Management - Managed Services NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Management Partner NuGet 1.0.0- docs GitHub 1.0.0-

beta.5 beta.5

Resource Management - Maps NuGet 1.1.0 docs GitHub 1.1.0

Name Package Docs Source

Resource Management - Marketplace NuGet 1.1.2 docs GitHub 1.1.2

Resource Management - Marketplace Ordering NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Media NuGet 1.3.1 docs GitHub 1.3.1

Resource Management - Migration Assessment NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Resource Management - Migration Discovery SAP NuGet 1.0.0- docs GitHub 1.0.0-
beta.2 beta.2

Resource Management - Mixed Reality NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Mobile Network NuGet 1.2.0 docs GitHub 1.2.0

Resource Management - Mongo Cluster NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Resource Management - Monitor NuGet 1.3.1 docs GitHub

NuGet 1.4.0- 1.3.1
beta.3 GitHub 1.4.0-
beta.3

Resource Management - MySQL NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Neon Postgres NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Resource Management - NetApp Files NuGet 1.9.0 docs GitHub 1.9.0

Resource Management - Network NuGet docs GitHub

1.10.0 1.10.0
NuGet 1.11.0- GitHub
beta.1 1.11.0-beta.1

Resource Management - Network Cloud NuGet 1.1.0 docs GitHub

NuGet 1.2.0- 1.1.0
beta.1 GitHub 1.2.0-
beta.1

Resource Management - Network Function NuGet 1.0.0- docs GitHub 1.0.0-

beta.5 beta.5

Resource Management - New Relic Observability NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Nginx NuGet 1.0.0 docs GitHub

NuGet 1.1.0- 1.0.0
beta.3 GitHub 1.1.0-
beta.3
Name Package Docs Source

Resource Management - Notification Hubs NuGet 1.1.1 docs GitHub

NuGet 1.2.0- 1.1.1
beta.2 GitHub 1.2.0-
beta.2

Resource Management - Oracle Database NuGet 1.0.1 docs GitHub 1.0.1

Resource Management - Orbital NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Palo Alto Networks - Next Generation NuGet 1.1.1 docs GitHub 1.1.1
Firewall

Resource Management - Peering NuGet 1.2.2 docs GitHub 1.2.2

Resource Management - Pineconevectordb NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Resource Management - Playwright Testing NuGet 1.0.0 docs GitHub 1.0.0

Resource Management - Policy Insights NuGet 1.2.1 docs GitHub 1.2.1

Resource Management - Portalservicescopilot NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Resource Management - PostgreSQL NuGet 1.2.0 docs GitHub 1.2.0

Resource Management - Power BI Dedicated NuGet 1.0.0- docs GitHub 1.0.0-

beta.5 beta.5

Resource Management - Private DNS NuGet 1.2.1 docs GitHub 1.2.1

Resource Management - Provider Hub NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Purview NuGet 1.1.0 docs GitHub

NuGet 1.2.0- 1.1.0
beta.2 GitHub 1.2.0-
beta.2

Resource Management - Quantum NuGet 1.0.0- docs GitHub 1.0.0-

beta.6 beta.6

Resource Management - Qumulo NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Quota NuGet 1.1.0 docs GitHub 1.1.0

Resource Management - Recovery Services NuGet 1.1.1 docs GitHub

NuGet 1.2.0- 1.1.1
beta.1 GitHub 1.2.0-
beta.1
Name Package Docs Source

Resource Management - Recovery Services Backup NuGet 1.3.0 docs GitHub 1.3.0

Resource Management - Recovery Services Data Replication NuGet 1.0.0 docs GitHub 1.0.0

Resource Management - Recovery Services Site Recovery NuGet 1.2.1 docs GitHub 1.2.1

Resource Management - Redis NuGet 1.5.0 docs GitHub 1.5.0

Resource Management - Redis Enterprise NuGet 1.1.0 docs GitHub

NuGet 1.2.0- 1.1.0
beta.3 GitHub 1.2.0-
beta.3

Resource Management - Redis Enterprise Cache NuGet 1.0.0- docs GitHub 1.0.0-
beta.1 beta.1

Resource Management - Relay NuGet 1.2.1 docs GitHub 1.2.1

Resource Management - Reservations NuGet 1.4.1 docs GitHub 1.4.1

Resource Management - Resource Connector NuGet 1.0.0- docs GitHub 1.0.0-

beta.3 beta.3

Resource Management - Resource Graph NuGet 1.0.1 docs GitHub

NuGet 1.1.0- 1.0.1
beta.3 GitHub 1.1.0-
beta.3

Resource Management - Resource Health NuGet 1.0.0 docs GitHub

NuGet 1.1.0- 1.0.0
beta.4 GitHub 1.1.0-
beta.4

Resource Management - Resource Manager NuGet 1.13.1 docs GitHub

1.13.1

Resource Management - Resource Mover NuGet 1.1.1 docs GitHub

NuGet 1.1.2- 1.1.1
beta.2 GitHub 1.1.2-
beta.2

Resource Management - Resources NuGet 1.9.1 docs GitHub 1.9.1

Resource Management - ScVmm NuGet 1.0.0- docs GitHub 1.0.0-

beta.6 beta.6

Resource Management - Security NuGet 1.1.0 docs GitHub

NuGet 1.2.0- 1.1.0
beta.6 GitHub 1.2.0-
beta.6
Name Package Docs Source

Resource Management - Security DevOps NuGet 1.0.0- docs GitHub 1.0.0-

beta.5 beta.5

Resource Management - Security Insights NuGet 1.1.0 docs GitHub

NuGet 1.2.0- 1.1.0
beta.2 GitHub 1.2.0-
beta.2

Resource Management - Self Help NuGet 1.0.0 docs GitHub

NuGet 1.1.0- 1.0.0
beta.5 GitHub 1.1.0-
beta.5

Resource Management - Service Bus NuGet 1.1.0 docs GitHub 1.1.0

Resource Management - Service Fabric NuGet 1.1.0 docs GitHub

NuGet 1.2.0- 1.1.0
beta.2 GitHub 1.2.0-
beta.2

Resource Management - Service Fabric Managed Clusters NuGet 1.2.0 docs GitHub
NuGet 1.3.0- 1.2.0
beta.2 GitHub 1.3.0-
beta.2

Resource Management - Service Linker NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Service Networking NuGet 1.1.0 docs GitHub 1.1.0

Resource Management - SignalR NuGet 1.1.3 docs GitHub 1.1.3

Resource Management - Sphere NuGet 1.0.1 docs GitHub 1.0.1

Resource Management - Spring App Discovery NuGet 1.0.0- docs GitHub 1.0.0-
beta.2 beta.2

Resource Management - SQL NuGet 1.2.1 docs GitHub

NuGet 1.3.0- 1.2.1
beta.10 GitHub 1.3.0-
beta.10

Resource Management - SQL Virtual Machine NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Standby Pool NuGet 1.0.0 docs GitHub 1.0.0

Resource Management - Storage NuGet 1.4.2 docs GitHub 1.4.2

Resource Management - Storage Actions NuGet 1.0.0- docs GitHub 1.0.0-

beta.3 beta.3
Name Package Docs Source

Resource Management - Storage Cache NuGet 1.3.1 docs GitHub 1.3.1

Resource Management - Storage Mover NuGet 1.2.1 docs GitHub 1.2.1

Resource Management - Storage Pool NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Storage Sync NuGet 1.3.0 docs GitHub 1.3.0

Resource Management - Stream Analytics NuGet 1.2.1 docs GitHub 1.2.1

Resource Management - Subscriptions NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Support NuGet 1.1.1 docs GitHub 1.1.1

Resource Management - Synapse NuGet 1.2.1 docs GitHub 1.2.1

Resource Management - Terraform NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Resource Management - Traffic Manager NuGet 1.1.3 docs GitHub 1.1.3

Resource Management - Trusted Signing NuGet 1.0.0- docs GitHub 1.0.0-

beta.2 beta.2

Resource Management - Voice Services NuGet 1.0.2 docs GitHub 1.0.2

Resource Management - Web PubSub NuGet 1.1.0 docs GitHub

NuGet 1.2.0- 1.1.0
beta.2 GitHub 1.2.0-
beta.2

Resource Management - Weightsandbiases NuGet 1.0.0- docs GitHub 1.0.0-

beta.1 beta.1

Resource Management - Workload Monitor NuGet 1.0.0- docs GitHub 1.0.0-

beta.5 beta.5

Resource Management - Workloads NuGet 1.1.1 docs GitHub

NuGet 1.2.0- 1.1.1
beta.1 GitHub 1.2.0-
beta.1

App Configuration Extension NuGet 8.1.1

NuGet 8.2.0-
preview

App Configuration Provider NuGet 8.1.1

NuGet 8.2.0-
preview
Name Package Docs Source

Azure.Communication.Administration NuGet 1.0.0-

beta.3

Communication Calling Windows Client NuGet

1.11.1
NuGet 1.12.0-
beta.1

Content Safety Extension Embedded Image NuGet 1.0.1-

beta.4

Content Safety Extension Embedded Text NuGet 1.0.0

NuGet 1.0.1-
beta.4

Cosmos DB Fault Injection NuGet 1.0.0-

beta.0

DotNetty NuGet 0.7.6

Functions Extension MCP NuGet 1.0.0-

preview.2

Functions Worker Extension MCP NuGet 1.0.0-

preview.2

Functions Worker Extension MySQL NuGet 1.0.129

HTTP ASPNETCore Analyzers NuGet 1.0.3

IoT Operations MQTT NuGet 0.10.1

IoT Operations Protocol NuGet 0.11.0

IoT Operations Services NuGet 0.11.0

Item Templates NetCore NuGet

4.0.5086

Item Templates NetFx NuGet

4.0.5086

Microsoft.Azure.DataFactoryTestingFramework.Expressions NuGet 0.2.7

Microsoft.Azure.Functions.Worker.OpenTelemetry NuGet 1.1.0-

preview6

OpenTelemetry Profiler NuGet 1.0.0-

beta4
Name Package Docs Source

Speech CLI NuGet 1.43.0

Speech Extension Embedded SR NuGet 1.43.0

Speech Extension Embedded TTS NuGet 1.43.0

Speech Extension ONNX Runtime NuGet 1.43.0

Speech Extension Telemetry NuGet 1.43.0

System Net Client Model NuGet 1.0.0-

beta.1

Unknown Display Name NuGet 1.1.0-

preview

WebJobs Extension MySQL NuGet 1.0.129

Anomaly Detector NuGet 1.0.0 GitHub 1.0.0

App Service NuGet 0.2.2-

alpha

Application Insights NuGet 0.9.0-

preview

Auto Suggest NuGet 2.0.0

Auto Suggest NuGet 2.1.0- GitHub 2.1.0-

preview.1 preview.1

Autorest Client Runtime - Azure NuGet 3.3.19 GitHub

3.3.19

Autorest Client Runtime - Azure Authentication NuGet 2.4.1 GitHub 2.4.1

Autorest Client Runtime - Client NuGet 2.3.24 GitHub

2.3.24

Autorest Client Runtime - ETW NuGet 2.1.3 GitHub 2.1.3

Autorest Client Runtime - Log4Net NuGet 2.1.4 GitHub 2.1.4

AutoRest Common NuGet 2.4.48 GitHub

2.4.48

Azure Stack - Azure Consistent Storage NuGet 0.10.8-

preview

Azure.FX NuGet 0.0.24-

alpha
Name Package Docs Source

Azure.FX.Templates NuGet 1.2.0

Batch NuGet 16.3.1 GitHub

16.3.1

Batch - Apps Cryptography NuGet 1.1.1.4

Batch - Conventions Files NuGet 4.0.0 GitHub 4.0.0

Batch - File Staging NuGet 9.0.0 GitHub 9.0.0

Commerce Usage Aggregates NuGet 1.5.3

Common NuGet 2.2.1

Common - Dependencies NuGet 1.0.0

Computer Vision NuGet 7.0.1 GitHub 7.0.1

Cosmos DB NuGet docs GitHub

3.47.0 3.47.0
NuGet 3.50.0-
preview.0

Custom Image Search NuGet 2.1.0- GitHub 2.1.0-

preview.1 preview.1

Custom Image Search NuGet 2.0.0

Custom Search NuGet 2.1.0- GitHub 2.1.0-

preview.1 preview.1

Custom Search NuGet 2.0.0

Custom Vision Prediction NuGet 2.0.0 GitHub 2.0.0

Custom Vision Training NuGet 2.0.0 GitHub 2.0.0

NuGet 2.1.0-
preview

Data Lake Analytics NuGet

1.4.211011

Data Movement NuGet 2.0.5 GitHub 2.0.5

DCAP NuGet 1.12.3 GitHub

1.12.3

Devices Provisioning Service NuGet

1.18.1
Name Package Docs Source

NuGet 1.19.1-
preview-001

Digital Twins Service NuGet 1.0.0-

preview-001

Entity Search NuGet 2.1.0- GitHub 2.1.0-

preview.1 preview.1

Entity Search NuGet 2.0.0

Event Hubs - Service Fabric Processor NuGet 0.5.4 GitHub 0.5.4

Face NuGet 2.8.0- GitHub 2.8.0-

preview.3 preview.3

Feature Management NuGet 3.0.0 docs

Gallery NuGet 2.6.2-

preview

HDInsight - Job NuGet 3.0.0- GitHub 3.0.0-

preview.3 preview.3

Image Search NuGet 2.1.0- GitHub 2.1.0-

preview.1 preview.1

Image Search NuGet 2.0.0

IoT Edge Function NuGet 3.5.3

IoT Plug and Play - Devices Client NuGet

1.42.3
NuGet 2.0.0-
preview007

Kusto Data NuGet 9.3.1 docs GitHub 9.3.1

Kusto Ingest NuGet 9.3.1 docs GitHub 9.3.1

Local Search NuGet 1.0.0- GitHub 1.0.0-

preview.1 preview.1

Local Search NuGet 0.9.0-

preview

LUIS Authoring NuGet 3.1.0 GitHub 3.1.0

NuGet 3.2.0-
preview.5
Name Package Docs Source

LUIS Runtime NuGet 3.1.0- GitHub 3.1.0-

preview.1 preview.1

Media Live Video Analytics Edge NuGet 1.0.4- GitHub 1.0.4-

preview.1 preview.1

Microsoft.Azure.Amqp NuGet 2.6.11

Microsoft.Azure.Devices NuGet
1.40.0
NuGet 2.0.0-
preview007

Microsoft.Azure.Devices.Authentication NuGet 2.0.0-

preview001

Microsoft.Azure.Devices.Client.PCL NuGet 1.0.16

Microsoft.Azure.Devices.ProtocolGateway.Core NuGet 2.0.1

Microsoft.Azure.Devices.ProtocolGateway.IotHubClient NuGet 2.0.1

Microsoft.Azure.Devices.ProtocolGateway.Providers.CloudStorage NuGet 2.0.1

Microsoft.Azure.Devices.Provisioning.Client NuGet
1.19.1
NuGet 1.20.0-
preview-001

Microsoft.Azure.Devices.Provisioning.Security.Tpm NuGet
1.14.1
NuGet 1.15.0-
preview-001

Microsoft.Azure.Devices.Provisioning.Transport.Amqp NuGet
1.16.1
NuGet 1.17.0-
preview-001

Microsoft.Azure.Devices.Provisioning.Transport.Http NuGet
1.15.1
NuGet 1.16.0-
preview-001

Microsoft.Azure.Devices.Provisioning.Transport.Mqtt NuGet
1.17.1
NuGet 1.18.0-
preview-001
Name Package Docs Source

Microsoft.Azure.Devices.Shared NuGet
1.30.1
NuGet 1.31.0-
preview-001

Microsoft.Azure.IoT.Edge.Module NuGet 8.0.0

Microsoft.Azure.uamqp NuGet 1.2.11

Microsoft.Azure.umqtt NuGet 1.1.11

Mobile Apps NuGet 2.0.3

Mobile Server - Cross Domain NuGet 2.0.3

News Search NuGet 2.1.0- GitHub 2.1.0-

preview.1 preview.1

News Search NuGet 2.0.0

Notification Hubs NuGet 4.2.0 GitHub 4.2.0

Personalizer NuGet 1.0.0 GitHub 1.0.0

Relay NuGet 3.0.1 docs GitHub 3.0.1

Schema Registry - Avro NuGet 1.0.0-

beta.1

Schema Registry - JSON NuGet 1.0.0-

beta.1

Search - Common NuGet 10.1.0 GitHub

10.1.0

Search - Data NuGet 10.1.0 GitHub

10.1.0

Search - Service NuGet 10.1.0 GitHub

10.1.0

Speech NuGet 1.43.0

Speech Remote Conversation NuGet 1.43.0

Speech Xamarin iOS NuGet 1.25.0

Spell Check NuGet 4.1.0- GitHub 4.1.0-

preview.1 preview.1
Name Package Docs Source

Spring Cloud Client NuGet 2.0.0-

preview.3

Storage - Files Data Lake NuGet 2.0.2 docs GitHub 2.0.2

Synapse Analytics NuGet 0.1.0- GitHub 0.1.0-

preview preview

Tables NuGet 2.1.2

Video Search NuGet 2.1.0- GitHub 2.1.0-

preview.1 preview.1

Video Search NuGet 2.0.0

Vision Content Moderator NuGet 2.1.0- GitHub 2.1.0-

preview.1 preview.1

Visual Search NuGet 2.1.0- GitHub 2.1.0-

preview.1 preview.1

Visual Search NuGet 2.0.0

Web Search NuGet 2.1.0- GitHub 2.1.0-

preview.1 preview.1

Web Search NuGet 2.0.0

WebSites - DataProtection NuGet 0.1.78-

alpha

App Service - API Apps Common NuGet 0.9.36

App Service - API Apps Service NuGet 0.9.64

Code Analyzers for Durable Functions NuGet 0.5.0 GitHub 0.5.0

Cosmos DB - BulkExecutor NuGet 2.5.1- GitHub 2.5.1-

preview preview

Cosmos DB - Direct NuGet 3.38.0 GitHub

3.38.0

Cosmos DB - Encryption NuGet 2.0.3 GitHub 2.0.3

NuGet 2.1.0-
preview4

Cosmos DB - Encryption NuGet 1.0.0-

preview07
Name Package Docs Source

Extensions - Caching Cosmos NuGet 1.7.0 GitHub 1.7.0

Functions - Extensions NuGet 1.1.0 GitHub 1.1.0

Functions extension for Application Insights NuGet 1.0.0-

preview4

Functions extension for Azure Mobile Apps NuGet 3.0.0- GitHub 3.0.0-
beta8 beta8

Functions extension for Azure SQL and SQL Server NuGet 3.1.376

Functions extension for Cosmos DB NuGet 4.9.0 GitHub 4.9.0

Functions extension for DocumentDB NuGet 1.3.0 GitHub 1.3.0

Functions extension for Durable Task Framework NuGet 3.1.0 docs GitHub 3.1.0

Functions extension for Durable Task Framework - isolated NuGet 1.3.0

worker

Functions extension for HTTP NuGet 3.2.0 GitHub 3.2.0

Functions extension for IoT Edge NuGet 1.0.7 GitHub 1.0.7

Functions extension for Kafka NuGet 4.1.0 GitHub 4.1.0

Functions extension for Notification Hubs NuGet 1.3.0 GitHub 1.3.0

Functions extension for RabbitMQ NuGet 2.0.4 GitHub 2.0.4

Functions extension for script abstractions NuGet 1.0.4-

preview

Functions extension for SendGrid NuGet 3.1.0 GitHub 3.1.0

Functions extension for Sources NuGet 3.0.41 GitHub

3.0.41

Functions extension for Storage Timers NuGet 1.0.0

Functions extension for Twilio NuGet 3.0.2 GitHub 3.0.2

Functions extension metadata generator NuGet 4.0.1 GitHub 4.0.1

Functions Extensions - Cosmos DB ChangeProcessor NuGet 1.0.2

Functions Extensions - Cosmos DB Mongo NuGet 1.0.2

Functions Extensions - Dapr NuGet 1.0.1

Name Package Docs Source

Functions Extensions - Dapr Core NuGet 1.0.1

Functions Extensions - HTTP AspNet Core NuGet 2.0.1

Functions Extensions - Redis NuGet 1.0.0

Functions Extensions - Redis NuGet 1.0.0

Functions Extensions - Worker Extentions NuGet 1.0.1

Functions item template pack for Microsoft Template Engine NuGet GitHub
4.0.5086 4.0.5086

Functions OpenAPI app settings deserialization library NuGet 1.4.0

NuGet 2.0.0-
preview2

Functions OpenAPI document and Swagger UI renderer library NuGet 1.4.0

NuGet 2.0.0-
preview2

Functions project template pack for Microsoft Template Engine NuGet GitHub
4.0.5086 4.0.5086

Functions runtime assemblies for App Insights logging NuGet 3.0.41 GitHub
3.0.41

Functions runtime assemblies for logging NuGet 4.0.3 GitHub 4.0.3

Functions runtime assemblies for Microsoft.Azure.WebJobs.Host NuGet 3.0.41 GitHub

3.0.41

Functions timers and file triggers NuGet 5.0.0 GitHub 5.0.0

Microsoft.Azure.Cosmos.Templates NuGet 1.0.0

Microsoft.Azure.Functions.Analyzers NuGet 1.0.0

Microsoft.Azure.Functions.Authentication.WebAssembly NuGet 1.0.0

NuGet 1.0.1-
preview

Microsoft.Azure.Functions.Worker NuGet 2.0.0

Microsoft.Azure.Functions.Worker.ApplicationInsights NuGet 2.0.0

Microsoft.Azure.Functions.Worker.Core NuGet 2.0.0

Microsoft.Azure.Functions.Worker.Extensions.Abstractions NuGet 1.3.0

Name Package Docs Source

Microsoft.Azure.Functions.Worker.Extensions.ApplicationInsights NuGet 1.0.0-

preview4

Microsoft.Azure.Functions.Worker.Extensions.CosmosDB NuGet 4.12.0

Microsoft.Azure.Functions.Worker.Extensions.EventGrid NuGet 3.5.0

Microsoft.Azure.Functions.Worker.Extensions.EventHubs NuGet 6.3.6

Microsoft.Azure.Functions.Worker.Extensions.Http NuGet 3.3.0

Microsoft.Azure.Functions.Worker.Extensions.Kafka NuGet 4.1.0

Microsoft.Azure.Functions.Worker.Extensions.Kusto NuGet 1.0.11-

Preview

Microsoft.Azure.Functions.Worker.Extensions.OpenApi NuGet 1.4.0

NuGet 2.0.0-
preview2

Microsoft.Azure.Functions.Worker.Extensions.RabbitMQ NuGet 2.0.4

Microsoft.Azure.Functions.Worker.Extensions.Rpc NuGet 1.0.1

Microsoft.Azure.Functions.Worker.Extensions.SendGrid NuGet 3.1.0

Microsoft.Azure.Functions.Worker.Extensions.ServiceBus NuGet 5.22.2

Microsoft.Azure.Functions.Worker.Extensions.SignalRService NuGet 2.0.1

Microsoft.Azure.Functions.Worker.Extensions.Sql NuGet 3.1.376

Microsoft.Azure.Functions.Worker.Extensions.Storage NuGet 6.7.0

Microsoft.Azure.Functions.Worker.Extensions.Storage.Blobs NuGet 6.7.0

Microsoft.Azure.Functions.Worker.Extensions.Storage.Queues NuGet 5.5.2

Microsoft.Azure.Functions.Worker.Extensions.Storage.Tables NuGet 1.0.0-

preview1

Microsoft.Azure.Functions.Worker.Extensions.Tables NuGet 1.4.3

Microsoft.Azure.Functions.Worker.Extensions.Timer NuGet 4.3.1

Microsoft.Azure.Functions.Worker.Extensions.Warmup NuGet 4.0.2

Microsoft.Azure.Functions.Worker.Grpc NuGet 2.0.0

Microsoft.Azure.Functions.Worker.ItemTemplates NuGet
4.0.5086
Name Package Docs Source

Microsoft.Azure.Functions.Worker.ProjectTemplates NuGet
4.0.5086

Microsoft.Azure.Functions.Worker.Sdk NuGet 2.0.2

Microsoft.Azure.Functions.Worker.Sdk.Analyzers NuGet 1.2.2

Microsoft.Azure.Functions.Worker.Sdk.Generators NuGet 1.3.4

Microsoft.Azure.WebJobs.CosmosDb.ChangeProcessor NuGet 1.0.4

Microsoft.Azure.WebJobs.CosmosDb.Mongo NuGet 1.0.4

Microsoft.Azure.WebJobs.Extensions.Kusto NuGet 1.0.11-

Preview

Microsoft.Azure.WebJobs.Extensions.Rpc NuGet 3.0.41

Microsoft.Azure.WebJobs.Rpc.Core NuGet 3.0.41

Service Bus - Message ID plugin NuGet 2.0.0

SignalR NuGet GitHub

1.30.3 1.30.3
NuGet 1.25.0-
preview1-
11147

SignalR - ASP.NET NuGet 1.30.3 GitHub

1.30.3

SignalR - Benchmark NuGet 1.0.0- GitHub 1.0.0-

preview1- preview1-
10415 10415

SignalR - Protocols NuGet 1.30.3 GitHub

1.30.3

SignalR - Serverless Protocols NuGet 1.11.0 GitHub

1.11.0

SignalR Management NuGet 1.30.3 GitHub

1.30.3

SQL Database Elastic Scale Client NuGet 2.4.2 GitHub 2.4.2

SQL Database Elastic Scale Service SplitMerge NuGet 1.2.0

SQL Database Jobs NuGet

0.8.3362.1
Name Package Docs Source

Storage APIs for Microsoft.Azure.WebJobs.Host NuGet 5.0.1 GitHub 5.0.1

Supporting library for Microsoft.Azure.WebJobs NuGet 3.0.41 GitHub

3.0.41

Supporting library for NuGet 1.4.0

Microsoft.Azure.WebJobs.Extensions.OpenApi NuGet 2.0.0-
preview2

Supporting library for testing Microsoft.Azure.WebJobs.Host NuGet 3.0.41 GitHub

3.0.41

Web - Redis Output Cache Provider NuGet 4.0.1 GitHub 4.0.1

Web - Redis Session State Provider NuGet 5.0.4 GitHub 5.0.4

Hyak Common NuGet 1.2.2

Hyak Common - Tracing Etw NuGet 1.0.2

Hyak Common - Tracing Log4Net NuGet 1.0.2

Microsoft.Azure.SignalR.Emulator NuGet 1.6.1

NuGet 1.0.0-
preview1-
10809

MSBuild NuGet 0.33.0

ProviderHub Controller NuGet 0.19.0

ProviderHub Templates NuGet 1.12.0

Template NuGet 1.0.2-

preview1

Test HttpRecorder NuGet 1.13.3 GitHub

1.13.3
Reference
Reference

Services

Alerts Management Container Service Fleet HDInsight

Analysis Content Delivery Network Health Bot
API Management Core Health Data AI Services
App Compliance Automation Cosmos DB Health Deidentification
App Configuration Cosmos DB for PostgreSQL Healthcare APIs
App Containers Cost Management Hybrid Compute
App Platform Data Box Hybrid Connectivity
App Service Data Box Edge Hybrid Container Service
Application Insights Data Factory IoT
Attestation Data Lake Analytics Key Vault
AuthenticationEvents Data Lake Store Kubernetes Configuration
Authorization Data Protection Kusto
Auto Suggest Data Share Lab Services
Automanage Defender EASM Load Testing
Automation Deployment Logic Apps
Azure VMware Solution Desktop Virtualization Machine Learning
Batch Dev Center Maintenance
Billing DevTest Labs Managed Network Fabric
Bot Service DNS Managed Service Identity
Change Analysis DNS Resolver Managed Services
Chaos Dynatrace Maps
Cognitive Services Edge Order Marketplace
Communication Elastic Marketplace Ordering
Compute Elasticsan Media
Compute Fleet Event Grid Metrics Advisor
Compute Schedule Event Hubs Mixed Reality
Confidential Ledger Extended Location Mobile Network
Confluent Extensions Mobile Services
Connected VMware vSphere FarmBeats Monitor
Consumption Fluid Relay MySQL
Container Apps Front Door NetApp Files
Container Instances Grafana Network
Container Registry Graph Services New Relic Observability
Container Service Guest Configuration Nginx
Notification Hubs Recovery Services Sphere
Operator Nexus - Network Redis SQL
Cloud Relay SQL Virtual Machine
Oracle Database Reservations Stack HCI
Orbital Resource Graph Storage
Palo Alto Networks Resource Health Stream Analytics
Peering Resource Manager Subscriptions
Playwright Testing Resource Mover Support
Policy Insights Schema Registry Synapse
Pool Management Service Search Tables
(PMaaS) Security Traffic Manager
PostgreSQL Security Insights unknown
Private DNS Self Help Voice Services
Provider Hub Service Bus Web PubSub
Provisioning Service Fabric Workloads
Purview Service Linker Other
Qumulo Service Networking
Quota SignalR