Merging changes synced from https://github.com/MicrosoftDocs/SupportArticles-docs-pr (branch live)

Author: Learn Build Service GitHub App

support/azure/azure-kubernetes/extensions/troubleshoot-dapr-extension-installation-errors.md

@@ -4,14 +4,16 @@ description: Troubleshoot errors that occur while installing the Distributed App
 editor: v-jsitser
 ms.reviewer: nigreenf, v-leedennis
 ms.service: azure-kubernetes-service
-ms.date: 06/16/2023
+ms.date: 03/05/2025
 ms.custom: sap:Extensions, Policies and Add-Ons
 ---
 
 # Troubleshoot Dapr extension installation errors
 
 This article discusses some common error messages that you may receive when you install or update the [Distributed Application Runtime (Dapr)](https://dapr.io/) extension for Microsoft Azure Kubernetes Service (AKS) or Arc for Kubernetes.
 
+[Learn more about the level of support provided for the Dapr extension.](#next-steps)
+
 ## Scenario 1: Installation fails but doesn't show an error message
 
 If the extension generates an error message when you create or update it, you can inspect where the creation failed by running the [az k8s-extension list](/cli/azure/k8s-extension#az-k8s-extension-list) command:
@@ -147,8 +149,15 @@ To resolve this issue, use one of the following methods:
    
 ## Next steps
 
-If you're still experiencing installation issues, explore the [AKS troubleshooting guide](/azure/aks/troubleshooting) and the [Dapr OSS troubleshooting guide](https://docs.dapr.io/operations/troubleshooting/common_issues/).
+If you're still experiencing installation issues, [create a support request](https://ms.portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/overview?DMC=troubleshoot) for Microsoft to investigate and resolve. 
+
+If you're experiencing Dapr runtime security risks and regressions while using the extension, open an issue with the [Dapr open source project](https://github.com/dapr/dapr/issues/new/choose).
+
+> [!NOTE]
+> Learn more about [how Microsoft handles issues raised for the Dapr extension](/azure/aks/dapr-overview#issue-handling).
 
-[!INCLUDE [Third-party disclaimer](../../../includes/third-party-disclaimer.md)]
+You could also start a discussion in the Dapr project Discord:
+- [Dapr runtime](https://discord.com/channels/778680217417809931/778684372475707416)
+- [Dapr components](https://discord.com/channels/778680217417809931/781589820128493598)
 
-[!INCLUDE [Azure Help Support](../../../includes/azure-help-support.md)]
+[!INCLUDE [Third-party disclaimer](../../../includes/third-party-disclaimer.md)]

support/azure/virtual-machines/linux/upgrade-canonical-ubuntu-18dot04-lts.md

@@ -11,18 +11,24 @@ ms.reviewer: patcatun, clausw, divargas, rondom, azurevmlnxcic, v-weizhu
 
 **Applies to:** :heavy_check_mark: Linux VMs
 
-Even though Canonical Ubuntu 18.04 LTS is out of standard support on May 31, 2023, you can continue to use existing Azure Linux virtual machines (VMs) running it. However, Canonical no longer provides security, feature, and maintenance updates, which may leave your systems vulnerable. We recommend that you either migrate to the next Ubuntu LTS release or upgrade to Ubuntu Pro to gain access to extended security and maintenance from Canonical.
+Canonical Ubuntu 18.04 LTS reached the end of standard support on May 31, 2023. Although you can continue to use existing Azure Linux virtual machines (VMs) that are running Ubuntu 18.04 LTS, these VMs could become vulnerable because Canonical no longer provides security, feature, and maintenance updates for the OS. Therefore, we recommend that you either migrate to the next Ubuntu LTS release or upgrade to Ubuntu Pro.
 
 ## Upgrade to Ubuntu 20.04 LTS or Ubuntu 22.04
 
-Transitioning to the latest operating system, such as [Ubuntu 20.04 LTS](https://azuremarketplace.microsoft.com/marketplace/apps/canonical.0001-com-ubuntu-server-focal?tab=Overview) or [Ubuntu Pro 22.04 LTS](https://azuremarketplace.microsoft.com/marketplace/apps/canonical.0001-com-ubuntu-pro-jammy?tab=Overview), is important for performance, hardware enablement, and new technology benefits, and we recommend doing so for new instances. The transition might be a complex process for existing deployments. Therefore, it should be properly scoped and tested with your workload. Although there's no direct upgrade path from Ubuntu 18.04 LTS to Ubuntu 22.04 LTS, you can directly upgrade to Ubuntu 20.04 LTS and then to Ubuntu 22.04 LTS, or directly install Ubuntu 22.04 LTS. For more information, see the [Ubuntu Server upgrade guide](https://ubuntu.com/server/docs/upgrade-introduction).
+To take advantage of improved performance, hardware enablement, and new technology, you should transition to the latest operating system, such as [Ubuntu 20.04 LTS](https://azuremarketplace.microsoft.com/marketplace/apps/canonical.0001-com-ubuntu-server-focal?tab=Overview) or [Ubuntu Pro 22.04 LTS](https://azuremarketplace.microsoft.com/marketplace/apps/canonical.0001-com-ubuntu-pro-jammy?tab=Overview). The transition might be complex for existing deployments. Therefore, it should be properly scoped and tested with your workload. 
+
+There's no direct upgrade path from Ubuntu 18.04 LTS to Ubuntu 22.04 LTS. However, you can directly upgrade to Ubuntu 20.04 LTS and then to Ubuntu 22.04 LTS, or you can directly install Ubuntu 22.04 LTS. For more information, see the [Ubuntu Server upgrade guide](https://ubuntu.com/server/docs/upgrade-introduction).
 
 > [!NOTE]
-> An in-place upgrade to a new major version (for example, upgrading from Ubuntu 18.04 to 20.04) will cause a disconnection between the data plane and the [control plane](/azure/architecture/guide/multitenant/considerations/control-planes) of the VM. Azure capabilities such as [Auto guest patching](/azure/virtual-machines/automatic-vm-guest-patching), [Auto OS image upgrades](/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-upgrade), [Hotpatching](/windows-server/get-started/hotpatch?toc=%2Fazure%2Fvirtual-machines%2Ftoc.json), and [Azure Update Manager](/azure/update-manager/overview) won't be available. To use these features, we recommend that you create a new VM by using your preferred operating system instead of performing an in-place upgrade.
+> An in-place upgrade to a new major version (for example, upgrading from Ubuntu 18.04 to 20.04) breaks the connection between the data plane and the [control plane](/azure/architecture/guide/multitenant/considerations/control-planes) of the VMs. Consequently, Azure capabilities such as [Auto guest patching](/azure/virtual-machines/automatic-vm-guest-patching), [Auto OS image upgrades](/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-upgrade), [Hotpatching](/windows-server/get-started/hotpatch?toc=%2Fazure%2Fvirtual-machines%2Ftoc.json), and [Azure Update Manager](/azure/update-manager/overview) won't be available. To access these features, we recommend that you create a VM (by using your preferred OS) instead of performing an in-place upgrade.
+
+## Upgrade to Ubuntu Pro - Extended Security Maintenance until 2028
+
+Ubuntu Pro is an enhanced offering that includes security updates for all Ubuntu packages. It provides Extended Security Maintenance (ESM) for infrastructure and applications and optional full-time (24 hours a day, seven days a week) telephone and ticket support. Ubuntu Pro 18.04 LTS remains fully supported until April 2028. 
 
-## Upgrade to Ubuntu Pro – Extended Security Maintenance until 2028
+You can deploy new VMs that run Ubuntu Pro from the [Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/canonical.0001-com-ubuntu-pro-bionic?tab=Overview). You can upgrade your Ubuntu Server (version 16.04 or higher) VM to Ubuntu Pro through an [in-place upgrade](/azure/virtual-machines/workloads/canonical/ubuntu-pro-in-place-upgrade). Alternatively, you can directly purchase the system from [Canonical](https://ubuntu.com/pro). 
 
-Ubuntu Pro includes security patching for all Ubuntu packages because of Extended Security Maintenance (ESM) for infrastructure and applications and optional full-time (24 hours a day, seven days a week) telephone and ticket support. Ubuntu Pro 18.04 LTS will remain fully supported until April 2028. Ubuntu Pro is free for personal and small-scale commercial users on up to five VMs and has transparent, per-machine pricing for enterprises. New VMs that run Ubuntu Pro can be deployed from the [Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/canonical.0001-com-ubuntu-pro-bionic?tab=Overview). You can also upgrade existing VMs to [Ubuntu Pro](https://ubuntu.com/pro) by purchasing from Canonical. For more information about the end of standard support for Ubuntu 18.04 LTS, see [Ubuntu 18.04 LTS (Bionic Beaver) on Azure](https://ubuntu.com/18-04/azure). 
+For more information about the end of standard support for Ubuntu 18.04 LTS, see [Ubuntu 18.04 LTS (Bionic Beaver) on Azure](https://ubuntu.com/18-04/azure). 
 
 [!INCLUDE [Third-party disclaimer](../../../includes/third-party-disclaimer.md)]
 

support/entra/entra-id/app-integration/enable-msal4j-logging-spring-boot-webapp.md

@@ -87,3 +87,9 @@ Example configuration:
 If the app is configured correctly, the logging output should resemble the following output.
 
  :::image type="content" source="media/enable-msal4j-logging-spring-boot-webapp/log-sample.png" alt-text="Diagram that shows logging output." border="true" lightbox="media/enable-msal4j-logging-spring-boot-webapp/log-sample.png":::
+
+[!INCLUDE [third-party-disclaimer](../../../includes/third-party-disclaimer.md)]
+
+[!INCLUDE [Azure Help Support](../../../includes/azure-help-support.md)]
+
+

support/entra/entra-id/app-integration/error-code-aadsts50173-grant-expired-revoked.md

@@ -52,3 +52,5 @@ If the application isn't using MSAL, follow this guidance to [handle errors and
 For a full list of authentication and authorization error codes, see [Microsoft Entra authentication and authorization error codes](/entra/identity-platform/reference-error-codes). 
 
 To investigate individual errors, go to [https://login.microsoftonline.com/error](https://login.microsoftonline.com/error).
+
+[!INCLUDE [Azure Help Support](../../../includes/azure-help-support.md)]

support/entra/entra-id/app-integration/troubleshoot-authorization-requestdenied-graph-api.md

@@ -22,10 +22,8 @@ This error typically occurs because the user or app doesn't have sufficient perm
 - The appropriate Microsoft Entra RBAC role for the required access level. For more information, see [Microsoft Entra built-in roles](/entra/identity/role-based-access-control/permissions-reference).
 - The necessary API permissions to access Microsoft Graph.
 
-
 ## Troubleshooting Microsoft Graph API by using Postman
 
-
 ### Step 1: Assign Microsoft Entra RBAC role to the app registration (Service Principal)
 
 1. Log in to the [Azure portal](https://portal.azure.com), and go to **Microsoft Entra ID**.
@@ -109,4 +107,6 @@ This error typically occurs because the user or app doesn't have sufficient perm
 1. You must also select **Grant admin consent for default directory** for the permissions. Select **Yes** to confirm that you want to grant admin consent.
 1. Send the PATCH request to disable a user. If the request is successful, you should receive a `204 No Content` response.
 
-[!INCLUDE [third-party-disclaimer](../../../includes/third-party-disclaimer.md)]
+[!INCLUDE [third-party-disclaimer](../../../includes/third-party-disclaimer.md)]
+
+[!INCLUDE [Azure Help Support](../../../includes/azure-help-support.md)]

support/entra/entra-id/app-integration/troubleshoot-wif10201-no-validkey-securitytoken-mvc.md

@@ -54,3 +54,6 @@ The Entra ID uses a [signing key rollover mechanism](/entra/identity-platform/si
 ## Solution
 
 You can either manually update the certificate thumbprints that are in the **Web.config** file or automate the process through code. For more information, see [Best practices for keys metadata caching and validation](/entra/identity-platform/signing-key-rollover#best-practices-for-keys-metadata-caching-and-validation).
+
+[!INCLUDE [Azure Help Support](../../../includes/azure-help-support.md)] 
+

support/power-platform/dataverse/auditing/media/auditlog-troubleshoot-1.png renamed to support/power-platform/dataverse/auditing/media/api-permissions-type-status.png

@@ -1,35 +1,41 @@
 ---
-title: Troubleshooting sync problems in audit logs
-description: Provides common causes for sync issues to help troubleshooting.
+title: Troubleshoot synchronization issues in audit logs
+description: Provides solutions for resolving synchronization issues in audit logs by validating API permissions and secret environment variables.
 author: pete-msft
 ms.component: pa-admin
-ms.date: 02/20/2025
+ms.date: 03/17/2025
 ms.author: petrip
-ms.reviewer: paulliew, sericks
+ms.reviewer: paulliew, sericks, v-christread
 ms.custom: sap:Microsoft Dataverse\Auditing
 search.audienceType: 
   - admin
 contributors:
 - Grant-Archibald-MS
 ---
-# Troubleshooting sync problems in audit logs
+# Troubleshoot synchronization issues in audit logs
+
+This article provides guidance for resolving synchronization issues in audit logs. It focuses on validating API permissions and secret environment variables to ensure proper configuration for your app registration.
 
 ## API permissions
 
-Go to your app registration and validate that you have the correct API permissions. Your app registration requires application permissions not delegated. Validate that the status is _Granted_.
+To ensure that you have the correct API permissions, follow these steps:
+
+1. Go to your [app registration](/entra/identity-platform/quickstart-configure-app-access-web-apis#application-permission-to-microsoft-graph).
+1. Ensure that the API permissions are set to the **Application** type instead of the **Delegated** type.
+1. Verify that the permission status is **Granted**.
 
-:::image type="content" source="media/auditlog-troubleshoot-1.png" alt-text="Screenshot that highlights the Application type and Granted for status of a configured permission." lightbox="media/auditlog-troubleshoot-1.png":::
+:::image type="content" source="media/api-permissions-type-status.png" alt-text="Screenshot that highlights the Application type and Granted status of a configured permission." lightbox="media/api-permissions-type-status.png":::
 
 ## Secret environment variable - Azure secret
 
-If you're using Azure Key value to store the app registration secret, validate that the Azure Key Vault permissions are correct.
+If you're using [Azure Key Vault](/azure/key-vault/general/basic-concepts) to store the app registration secret, validate that the Azure Key Vault permissions are correct.
 
-A user needs to be in the _Key Vault Secret User_ role to read and in the _Key Vault Contributor_ role to update.
+A user must have the _Key Vault Secrets User_ role to read and the _Key Vault Contributor_ role to update. You can find detailed role definitions in [Azure built-in roles for Key Vault data plane operations](/azure/key-vault/general/rbac-guide?tabs=azure-cli#azure-built-in-roles-for-key-vault-data-plane-operations).
 
-:::image type="content" source="media/auditlog-troubleshoot-2.png" alt-text="Screenshot that shows the Key Vault Contributor and Key Vault Secrets User roles." lightbox="media/auditlog-troubleshoot-2.png":::
+:::image type="content" source="media/azure-key-vault-roles.png" alt-text="Screenshot that shows the Key Vault Contributor and Key Vault Secrets User roles." lightbox="media/azure-key-vault-roles.png":::
 
-If you have other issues with Azure Key Vault regarding a firewall, static IPs for the Dataverse environment, or other such feature issues, contact product support to resolve them.
+If you have other issues with Azure Key Vault related to a firewall, static IP addresses for the Dataverse environment, or other feature issues, contact Microsoft Support through the **Help + Support** experience in the [Power Platform admin center](https://admin.powerplatform.microsoft.com/support).
 
 ## Secret environment variable - plain text
 
-If you're using plain text to store the app registration secret, validate that you entered the secret value itself, and not the secret ID. The secret value is a longer string with a larger character set than a GUID. For example, the string might have tilde characters.
+If you're using plain text to store the app registration secret, validate that you entered the secret value itself, not the secret ID. The secret value is a longer string that has a larger character set compared to a globally unique identifier (GUID). For example, the string for the secret value might include tilde (~) characters.

support/power-platform/dataverse/auditing/media/auditlog-troubleshoot-2.png renamed to support/power-platform/dataverse/auditing/media/azure-key-vault-roles.png

@@ -2,7 +2,7 @@
   href: welcome-dataverse.yml
 - name: Auditing
   items:
-    - name: Troubleshooting sync problems in audit logs
+    - name: Troubleshoot synchronization issues in audit logs
       href: auditing/setup-auditlog-troubleshooting.md  
 - name: Bulk deleting data
   items: