Merge pull request #303486 from MicrosoftDocs/main

Auto Publish – main to live - 2025-07-29 05:00 UTC

Author: learn-build-service-prod[bot]

articles/azure-functions/functions-bindings-mcp-trigger.md

@@ -421,6 +421,8 @@ In both cases, you must include a call to `builder.EnableMcpToolMetadata()` in y
 ```csharp
 var builder = FunctionsApplication.CreateBuilder(args);
 
+builder.ConfigureFunctionsWebApplication();
+
 builder.EnableMcpToolMetadata();
 
 // other configuration
@@ -449,6 +451,8 @@ You can define one or more tool properties in your entry point (`Program.cs`) fi
 ```csharp
 var builder = FunctionsApplication.CreateBuilder(args);
 
+builder.ConfigureFunctionsWebApplication();
+
 builder.EnableMcpToolMetadata();
 
 builder

articles/azure-functions/functions-bindings-mcp.md

@@ -64,6 +64,9 @@ To use this preview bundle in your app, replace the existing `extensionBundle` o
 
 [!INCLUDE [functions-host-json-section-intro](../../includes/functions-host-json-section-intro.md)]
 
+> [!NOTE]
+> Until the extension is no longer in preview, the JSON schema for `host.json` isn't updated, and specific properties and behaviors might change. During the preview period, you might see warnings in your editor that say the `mcp` section isn't recognized. You can safely ignore these warnings.
+
 You can use `host.json` to define MCP server information.
 
 ```json

articles/backup/toc.yml

@@ -744,7 +744,7 @@
       items:
       - name: Back up Hyper-V virtual machines
         href: back-up-hyper-v-virtual-machines-mabs.md
-      - name: Back up Azure Stack HCI virtual machines
+      - name: Back up Azure Local virtual machines
         href: back-up-azure-stack-hyperconverged-infrastructure-virtual-machines.md
       - name: VMware server
         href: backup-azure-backup-server-vmware.md

articles/communication-services/concepts/analytics/logs/voice-and-video-logs.md

@@ -39,7 +39,7 @@ Azure Communication Services calling generates **eight distinct log types**, eac
 
 ### **Call summary updates logs**: 
 Fast-arriving logs with basic call metadata (IDs, timestamps, endpoints, SDK info). These log data arrive in Azure Monitor faster than the call summary logs. This log contains basic information about the call, including all the relevant IDs, time stamps, endpoints, and SDK information.
-- Data available within 60 minutes of the call ending.
+- Data generally available within 60 minutes after the call ending.
 - May contain multiple rows per call participant.
 - Contains the most recent updates for each participant.
 - Useful for near-real-time monitoring and analysis of call activities.
@@ -48,7 +48,7 @@ To learn more, see: [Call summary updates log schema](call-summary-updates-log-s
 
 ### **Call summary logs**:
 This log is a subset of the Call summary updates log schema. It contains basic information about the call, including all the relevant IDs, time stamps, endpoints, and SDK information. For faster log latency, use the call summary updates logs instead. 
-- Data available within 3-5 hours of the call ending.
+- Data generally available within 3 to 5 hours after the call ending.
 - Contains a single row per call participant.
 - Represents a snapshot of the call state at the time of finalization.
 - Useful for post-call analysis and reporting.

articles/governance/service-groups/overview.md

@@ -89,126 +89,16 @@ Access to the root has to be given from a user with "microsoft.authorization/rol
 There are three built-in roles definitions to support Service Groups in the preview.  
 
 > [!NOTE]
-> Custom Role Based Access Controls aren't supported within the Preview. 
-
-#### Service Group Administrator 
-This role manages all aspects of Service Groups and Relationships and is the default role given to users when they create a Service Group. The role restricts the role assignment capabilities to "Service Group Administrator', "Service Group Contributor", and "Service Group Reader" to other users.  
-
-**ID**: '/providers/Microsoft.Authorization/roleDefinitions/4e50c84c-c78e-4e37-b47e-e60ffea0a775"  
-
-```json
-{
-  "assignableScopes": [
-    "/providers/Microsoft.Management/serviceGroups"
-  ],
-  "createdBy": null,
-  "createdOn": "2024-10-15T18:15:20.488676+00:00",
-  "description": "Role Definition for administrator of a Service Group",
-  "id": "/providers/Microsoft.Authorization/roleDefinitions/4e50c84c-c78e-4e37-b47e-e60ffea0a775",
-  "name": "4e50c84c-c78e-4e37-b47e-e60ffea0a775",
-  "permissions": [
-    {
-      "actions": [
-        "*"
-      ],
-      "condition": null,
-      "conditionVersion": null,
-      "dataActions": [],
-      "notActions": [
-        "Microsoft.Authorization/roleAssignments/write",
-        "Microsoft.Authorization/roleAssignments/delete"
-      ],
-      "notDataActions": []
-    },
-    {
-      "actions": [
-        "Microsoft.Authorization/roleAssignments/write",
-        "Microsoft.Authorization/roleAssignments/delete"
-      ],
-      "condition": "((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{4e50c84cc78e4e37b47ee60ffea0a775,32e6a4ec60954e37b54b12aa350ba81f,de754d53652d4c75a67f1e48d8b49c97})) AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{4e50c84cc78e4e37b47ee60ffea0a775,32e6a4ec60954e37b54b12aa350ba81f,de754d53652d4c75a67f1e48d8b49c97}))",
-      "conditionVersion": "2.0",
-      "dataActions": [],
-      "notActions": [],
-      "notDataActions": []
-    }
-  ],
-  "roleName": "Service Group Administrator",
-  "roleType": "BuiltInRole",
-  "type": "Microsoft.Authorization/roleDefinitions",
-  "updatedBy": null,
-  "updatedOn": "2025-03-25T18:40:31.229386+00:00"
-}
-```
-#### Service Group Contributor 
-The Service Group Contributor role given to users when they need to create or manage the lifecycle of a Service Group. This role allows for all actions except for Role Assignment capabilities.  
-```json
-{
-  "assignableScopes": [
-    "/providers/Microsoft.Management/serviceGroups"
-  ],
-  "createdBy": null,
-  "createdOn": "2024-10-15T18:15:20.488676+00:00",
-  "description": "Role Definition for contributor of a Service Group",
-  "id": "/providers/Microsoft.Authorization/roleDefinitions/32e6a4ec-6095-4e37-b54b-12aa350ba81f",
-  "name": "32e6a4ec-6095-4e37-b54b-12aa350ba81f",
-  "permissions": [
-    {
-      "actions": [
-        "*"
-      ],
-      "condition": null,
-      "conditionVersion": null,
-      "dataActions": [],
-      "notActions": [
-        "Microsoft.Authorization/roleAssignments/write",
-        "Microsoft.Authorization/roleAssignments/delete"
-      ],
-      "notDataActions": []
-    }
-  ],
-  "roleName": "Service Group Contributor",
-  "roleType": "BuiltInRole",
-  "type": "Microsoft.Authorization/roleDefinitions",
-  "updatedBy": null,
-  "updatedOn": "2024-10-15T18:15:20.488676+00:00"
-}
-```
-
-
-#### Service Group Reader 
-This built-in role is to be used to read service groups and can also be assigned to other resources to view the connected relationships.  
-
-```json
-{
-  "assignableScopes": [
-    "/"
-  ],
-  "createdBy": null,
-  "createdOn": "2024-10-15T18:15:20.487675+00:00",
-  "description": "Role Definition for reader of a Service Group",
-  "id": "/providers/Microsoft.Authorization/roleDefinitions/de754d53-652d-4c75-a67f-1e48d8b49c97",
-  "name": "de754d53-652d-4c75-a67f-1e48d8b49c97",
-  "permissions": [
-    {
-      "actions": [
-        "Microsoft.Management/serviceGroups/read",
-        "Microsoft.Authorization/*/read"
-      ],
-      "condition": null,
-      "conditionVersion": null,
-      "dataActions": [],
-      "notActions": [],
-      "notDataActions": []
-    }
-  ],
-  "roleName": "Service Group Reader",
-  "roleType": "BuiltInRole",
-  "type": "Microsoft.Authorization/roleDefinitions",
-  "updatedBy": null,
-  "updatedOn": "2024-10-15T18:15:20.487675+00:00"
-}
-```
- 
+> Custom Role Based Access Controls aren't supported during the Preview. 
+
+- [Service Group Administrator](../../role-based-access-control/built-in-roles/management-and-governance.md#service-group-administrator): This built-in role manages all aspects of Service Groups and Relationships and is the *default role* given to users when they create a Service Group.
+
+
+- [Service Group Contributor](../../role-based-access-control/built-in-roles/management-and-governance.md#service-group-contributor): This built-in role should be given to users when they need to create or manage the lifecycle of a Service Group. This role allows for all actions except for Role Assignment capabilities.  
+
+
+- [Service Group Reader](../../role-based-access-control/built-in-roles/management-and-governance.md#service-group-reader): This built-in role provides read-only access to service group information and can be assigned to other resources in order to view the connected relationships.  
+
 
 
 ## Related content

articles/lab-services/connect-virtual-machine-mac-remote-desktop.md

@@ -7,7 +7,7 @@ ms.service: azure-lab-services
 author: RoseHJM
 ms.author: rosemalcolm
 ms.topic: how-to
-ms.date: 03/04/2024
+ms.date: 07/08/2025
 #customer intent: As a student or trainee, I want to connect to an Azure Lab Services VM from my Mac over RDP in order to use the lab resources.
 ---
 
@@ -17,17 +17,15 @@ ms.date: 03/04/2024
 
 In this article, you learn how to connect to a lab virtual machine (VM) in Azure Lab Services from a Mac by using Remote Desktop Protocol (RDP).
 
-## Install Microsoft Remote Desktop on a Mac
+## Install Windows App on a Mac
 
-To connect to the lab VM by using RDP, use the Microsoft Remote Desktop app.
+To connect to the lab VM by using RDP, use the Windows App app.
 
-To install the Microsoft Remote Desktop app:
+To install the Windows App app:
 
-1. Open the App Store on your Mac, and search for **Microsoft Remote Desktop**.
+1. Open the App Store on your Mac, and search for **Windows App**.
 
-    :::image type="content" source="./media/connect-virtual-machine-mac-remote-desktop\install-remote-desktop.png" alt-text="Screenshot of Microsoft Remote Desktop app in the App Store." lightbox="./media/connect-virtual-machine-mac-remote-desktop\install-remote-desktop.png" :::
-
-1. Select **Install** to install the latest version of Microsoft Remote Desktop.
+1. Select **Install** to install the latest version of Windows App.
 
 ## Access the VM from your Mac using RDP
 
@@ -43,18 +41,14 @@ Connect to the lab VM by using the remote desktop application. You can retrieve
 
     :::image type="content" source="./media/connect-virtual-machine-mac-remote-desktop/student-vm-connect-options.png" alt-text="Screenshot that shows VM tile for student with the RDP and SSH connection options highlighted." lightbox="./media/connect-virtual-machine-mac-remote-desktop/student-vm-connect-options.png":::
 
-1. Open the *RDP* file on your computer with **Microsoft Remote Desktop** installed. Your computer should start to connect to the VM.
-
-    :::image type="content" source="./media/how-to-use-classroom-lab/connect-linux-vm.png" alt-text="Screenshot of Microsoft Remote Desktop app connecting to a remote VM." lightbox="./media/how-to-use-classroom-lab/connect-linux-vm.png":::
-
-1. When prompted, enter your user name and password.
+1. Open the *RDP* file on your computer with **Windows App** installed. Your computer should start to connect to the VM.
 
-1. If you receive a certificate warning, you can select **Continue**.
-
-    :::image type="content" source="./media/how-to-use-classroom-lab/certificate-error.png" alt-text="Screenshot of certificate error for Microsoft Remote Desktop app." lightbox="./media/how-to-use-classroom-lab/certificate-error.png":::
+1. When prompted, log in.
 
 1. After the connection is established, you see the desktop of your lab VM.
 
+For more information about using Windows App, see [Get started with Windows App to connect to devices and apps](/windows-app/get-started-connect-devices-desktops-apps?tabs=macos-avd%2Cwindows-w365%2Cwindows-devbox%2Cmacos-rds%2Cmacos-pc&pivots=azure-virtual-desktop).
+
 ## Related content
 
 - As a student, learn to [connect to a VM using X2Go](connect-virtual-machine-linux-x2go.md).

articles/lab-services/media/connect-virtual-machine-mac-remote-desktop/install-remote-desktop.png

@@ -100,7 +100,7 @@ Alternatively, you might want to assign the ability to read tables from within a
 
 |Tasks   |Permissions |
 |---------|---------|
-|**Read permissions on the default workspace**     | Use a [custom Microsoft Defender XDR unified RBAC role with *data (read)*](/defender-xdr/custom-permissions-details) permissions over the Microsoft Sentinel data collection.     |
+|**Read permissions on the default workspace**     | Use a [custom Microsoft Defender XDR unified RBAC role with ](/defender-xdr/custom-permissions-details)*[data (read)](/defender-xdr/custom-permissions-details)* permissions over the Microsoft Sentinel data collection.     |
 |**Read permissions on any other workspace enabled for Microsoft Sentinel in the data lake**     | Use one of the following built-in roles in Azure RBAC for permissions on that workspace: <br>- [Log Analytics Reader](/azure/role-based-access-control/built-in-roles/monitor#log-analytics-reader) <br>- [Log Analytics Contributor](/azure/role-based-access-control/built-in-roles/monitor#log-analytics-contributor) <br>- [Microsoft Sentinel Contributor](/azure/role-based-access-control/built-in-roles/security#microsoft-sentinel-contributor) <br>- [Microsoft Sentinel Reader](/azure/role-based-access-control/built-in-roles/security#microsoft-sentinel-reader) <br>- [Reader](/azure/role-based-access-control/built-in-roles/general#reader)<br>- [Contributor](/azure/role-based-access-control/built-in-roles/privileged#contributor)<br>- [Owner](/azure/role-based-access-control/built-in-roles/privileged#owner)|
 
 
@@ -113,7 +113,7 @@ Microsoft Entra ID roles provides broad access across all workspaces in the data
 |**Write to tables in the analytics tier using KQL jobs or notebooks**     |  Use one of the following Microsoft Entra ID roles: <br><br> - [Security operator](/entra/identity/role-based-access-control/permissions-reference#security-operator)<br>- [Security administrator](/entra/identity/role-based-access-control/permissions-reference#security-administrator) <br>- [Global administrator](/entra/identity/role-based-access-control/permissions-reference#global-administrator)      |
 |**Write to tables in the Microsoft Sentinel data lake**     |  Use one of the following Microsoft Entra ID roles: <br>- [Security operator](/entra/identity/role-based-access-control/permissions-reference#security-operator) <br>- [Security administrator](/entra/identity/role-based-access-control/permissions-reference#security-administrator) <br>- [Global administrator](/entra/identity/role-based-access-control/permissions-reference#global-administrator)        |
 
-Alternatively, you might want to assign the ability to write output to a specific workspace, including creating, updating, and deleted tables in that workspace. In such cases, use one of the following:
+Alternatively, you might want to assign the ability to write output to a specific workspace. This can include the ability to configure connectors to that workspace, modifying retention settings for tables in the workspace, or creating, updating, and deleting custom tables in that workspace. In such cases, use one of the following:
 
 |Tasks  |Permissions |
 |---------|---------|