Merge pull request #223695 from ddematheu2/patch-43

Create service-principal-cli.md

Author: v-regandowner

articles/communication-services/.openpublishing.redirection.communication-services.json

@@ -133,6 +133,11 @@
         "source_path_from_root": "/articles/communication-services/concepts/voice-video-calling/call-automation.md",
         "redirect_url": "/azure/communication-services/concepts/call-automation/call-automation",
         "redirect_document_id": false
+      },
+      {
+        "source_path_from_root": "/articles/communication-services/quickstarts/identity/service-principal-from-cli.md",
+        "redirect_url": "/azure/communication-services/quickstarts/identity/service-principal",
+        "redirect_document_id": false
       }
     ]
-}
+}

articles/communication-services/concepts/authentication.md

@@ -47,7 +47,7 @@ If you wish to call Azure Communication Services' APIs manually using an access
 
 The Azure platform provides role-based access (Azure RBAC) to control access to the resources. Azure RBAC security principal represents a user, group, service principal, or managed identity that is requesting access to Azure resources. Azure AD authentication provides superior security and ease of use over other authorization options. For example, by using managed identity, you avoid having to store your account access key within your code, as you do with Access Key authorization. While you can continue to use Access Key authorization with communication services applications, Microsoft recommends moving to Azure AD where possible. 
 
-To set up a service principal, [create a registered application from the Azure CLI](../quickstarts/identity/service-principal-from-cli.md). Then, the endpoint and credentials can be used to authenticate the SDKs. See examples of how [service principal](../quickstarts/identity/service-principal.md) is used.
+To set up a service principal, [create a registered application from the Azure CLI](../quickstarts/identity/service-principal.md?pivots=platform-azcli). Then, the endpoint and credentials can be used to authenticate the SDKs. See examples of how [service principal](../quickstarts/identity/service-principal.md) is used.
 
 Communication services support Azure AD authentication but do not support managed identity for Communication services resources. You can find more details, about the managed identity support in the [Azure Active Directory documentation](../../active-directory/managed-identities-azure-resources/services-support-managed-identities.md).
 
@@ -67,7 +67,7 @@ The user identity is intended to act as a primary key for logs and metrics colle
 > [Create and manage Communication Services resources](../quickstarts/create-communication-resource.md)
 
 > [!div class="nextstepaction"]
-> [Create an Azure Active Directory service principal application from the Azure CLI](../quickstarts/identity/service-principal-from-cli.md)
+> [Create an Azure Active Directory service principal application from the Azure CLI](../quickstarts/identity/service-principal.md?pivots=platform-azcli)
 
 > [!div class="nextstepaction"]
 > [Create user access tokens](../quickstarts/access-tokens.md)

articles/communication-services/quickstarts/email/includes/send-email-net.md

@@ -114,7 +114,7 @@ To authenticate using Azure Active Directory, install the Azure.Identity library
 dotnet add package Azure.Identity
 ```
 
- Open **Program.cs** in a text editor and replace the body of the `Main` method with code to initialize an `EmailClient` using `DefaultAzureCredential`. The Azure Identity SDK reads values from three environment variables at runtime to authenticate the application. Learn how to [create an Azure Active Directory Registered Application and set the environment variables](../../identity/service-principal-from-cli.md).
+ Open **Program.cs** in a text editor and replace the body of the `Main` method with code to initialize an `EmailClient` using `DefaultAzureCredential`. The Azure Identity SDK reads values from three environment variables at runtime to authenticate the application. Learn how to [create an Azure Active Directory Registered Application and set the environment variables](../../identity/service-principal.md?pivots=platform-azcli).
 
 ```csharp
 // This code demonstrates how to authenticate to your Communication Service resource using

articles/communication-services/quickstarts/identity/includes/active-directory/service-principal-cli.md

@@ -0,0 +1,57 @@
+## Additional Prerequisites
+
+ - Azure CLI. [Installation guide](/cli/azure/install-azure-cli)
+
+## Setting Up
+
+When using Active Directory for other Azure Resources, you should be using Managed identities. To learn how to enable managed identities for Azure Resources, see one of these articles:
+
+- [Azure portal](../../../../../active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm.md)
+- [Azure PowerShell](../../../../../active-directory/managed-identities-azure-resources/qs-configure-powershell-windows-vm.md)
+- [Azure CLI](../../../../../active-directory/managed-identities-azure-resources/qs-configure-cli-windows-vm.md)
+- [Azure Resource Manager template](../../../../../active-directory/managed-identities-azure-resources/qs-configure-template-windows-vm.md)
+- [Azure Resource Manager SDKs](../../../../../active-directory/managed-identities-azure-resources/qs-configure-sdk-windows-vm.md)
+- [App services](../../../../../app-service/overview-managed-identity.md)
+
+## Authenticate a registered application in the development environment
+
+If your development environment doesn't support single sign-on or login via a web browser, then you can use a registered application to authenticate from the development environment.
+
+### Creating an Azure Active Directory Registered Application
+
+To create a registered application from the Azure CLI, you need to be logged in to the Azure account where you want the operations to take place. To do this, you can use the `az login` command and enter your credentials in the browser. Once you're logged in to your Azure account from the CLI, we can call the `az ad sp create-for-rbac` command to create the registered application and service principal.
+
+The following example uses the Azure CLI to create a new registered application:
+
+```azurecli
+az ad sp create-for-rbac --name <application-name> --role Contributor --scopes /subscriptions/<subscription-id>
+```
+
+The `az ad sp create-for-rbac` command will return a list of service principal properties in JSON format. Copy these values so that you can use them to create the necessary environment variables in the next step.
+
+```json
+{
+    "appId": "generated-app-ID",
+    "displayName": "service-principal-name",
+    "name": "http://service-principal-uri",
+    "password": "generated-password",
+    "tenant": "tenant-ID"
+}
+```
+> [!IMPORTANT]
+> Azure role assignments may take a few minutes to propagate.
+
+#### Set environment variables
+
+The Azure Identity SDK reads values from three environment variables at runtime to authenticate the application. The following table describes the value to set for each environment variable.
+
+| Environment variable  | Value                                    |
+| --------------------- | ---------------------------------------- |
+| `AZURE_CLIENT_ID`     | `appId` value from the generated JSON    |
+| `AZURE_TENANT_ID`     | `tenant` value from the generated JSON   |
+| `AZURE_CLIENT_SECRET` | `password` value from the generated JSON |
+
+> [!IMPORTANT]
+> After you set the environment variables, close and re-open your console window. If you're using Visual Studio or another development environment, you may need to restart it in order for it to register the new environment variables.
+
+Once these variables have been set, you should be able to use the DefaultAzureCredential object in your code to authenticate to the service client of your choice.

articles/communication-services/quickstarts/identity/service-principal-from-cli.md

@@ -10,7 +10,7 @@ ms.topic: quickstart
 ms.date: 06/30/2021
 ms.author: peiliu
 ms.reviewer: mikben
-zone_pivot_groups: acs-js-csharp-java-python
+zone_pivot_groups: acs-azcli-js-csharp-java-python
 ms.custom: mode-other
 ---
 
@@ -25,7 +25,11 @@ This quickstart shows you how to authorize access to the Identity and SMS SDKs f
 - An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free)
 - An active Azure Communication Services resource, see [create a Communication Services resource](../create-communication-resource.md) if you do not have one.
 - To send an SMS you will need a [Phone Number](../telephony/get-phone-number.md).
-- A setup Service Principal for a development environment, see [Authorize access with service principal](./service-principal-from-cli.md)
+- A setup Service Principal for a development environment, see [Authorize access with service principal](./service-principal.md?pivots=platform-azcli)
+
+::: zone pivot="platform-azcli"
+[!INCLUDE [AzCLI](./includes/active-directory/service-principal-cli.md)]
+::: zone-end
 
 ::: zone pivot="programming-language-csharp"
 [!INCLUDE [.NET](./includes/active-directory/service-principal-net.md)]

articles/communication-services/quickstarts/identity/service-principal.md

@@ -19,8 +19,6 @@ items:
         href: quickstarts/access-tokens.md
       - name: Authenticate with Azure AD
         href: quickstarts/identity/service-principal.md
-      - name: Authenticate with Azure AD (Azure CLI)
-        href: quickstarts/identity/service-principal-from-cli.md
       - name: Quick-create identities for testing
         href: quickstarts/identity/quick-create-identity.md
       - name: Create identities and tokens in Azure Logic Apps