Added Entra articles

gsteve88 · gsteve88 · commit 0b6985f73326 · 2024-11-08T14:11:06.000-08:00
diff --git a/includes/iot-hub-howto-connect-service-iothub-entra-dotnet.md b/includes/iot-hub-howto-connect-service-iothub-entra-dotnet.md
@@ -12,15 +12,31 @@ ms.date: 11/06/2024
 ms.custom: mqtt, devx-track-csharp, devx-track-dotnet
 ---
 
-Use [DefaultAzureCredential](/dotnet/api/azure.identity.defaultazurecredential) to use Microsoft Entra to authenticate a connection to IoT Hub. `DefaultAzureCredential` supports different authentication mechanisms and determines the appropriate credential type based of the environment it is executing in. It attempts to use multiple credential types in an order until it finds a working credential. For more information on setting up Entra for IoT Hub, see [Control access to IoT Hub by using Microsoft Entra ID](/azure/iot-hub/authenticate-authorize-azure-ad).
+Use [DefaultAzureCredential](/dotnet/api/azure.identity.defaultazurecredential) to use Microsoft Entra to authenticate a connection to IoT Hub. `DefaultAzureCredential` supports different authentication mechanisms and determines the appropriate credential type based of the environment it's executing in. It attempts to use multiple credential types in an order until it finds a working credential. For more information on setting up Entra for IoT Hub, see [Control access to IoT Hub by using Microsoft Entra ID](/azure/iot-hub/authenticate-authorize-azure-ad).
 
-To create required Entra app parameters to `DefaultAzureCredential`, create an Entra app registration that contains the Azure client secret, client ID, and tenant ID. For more information, see [Quickstart: Register an application with the Microsoft identity platform](/entra/identity-platform/quickstart-register-app).
+To create required Microsoft Entra app parameters for `DefaultAzureCredential`, create a Microsoft Entra app registration that contains your preferred authentication mechanism such as:
 
-Entra apps require permissions depending on operations performed:
+* Client secret, client ID, and tenant ID
+* Certificate
 
-* Add [IoT Hub Twin Contributor](/azure/role-based-access-control/built-in-roles/internet-of-things#iot-hub-twin-contributor) to enable read and write access to all IoT Hub device and module twins.
+For more information, see [Quickstart: Register an application with the Microsoft identity platform](/entra/identity-platform/quickstart-register-app).
 
-In this example, the Entra app registration client secret, client ID, and tenant ID are added to environment variables. These environment variables are used by `DefaultAzureCredential` to authenticate the application.
+Microsoft Entra apps may require permissions depending on operations performed. For example, [IoT Hub Twin Contributor](/azure/role-based-access-control/built-in-roles/internet-of-things#iot-hub-twin-contributor) is required to enable read and write access to a IoT Hub device and module twins. For more information, see [Azure built-in roles](https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#internet-of-things).
+
+Add these packages and statements to your code to use the Microsoft Entra library.
+
+Packages:
+ * Azure.Core
+ * Azure.Identity
+
+ Statements:
+
+```csharp
+using Azure.Core;
+using Azure.Identity;
+```
+
+In this example, Microsoft Entra app registration client secret, client ID, and tenant ID are added to environment variables. These environment variables are used by `DefaultAzureCredential` to authenticate the application.
 
 ```csharp
 string clientSecretValue = "xxxxxxxxxxxxxxx";
@@ -34,12 +50,12 @@ Environment.SetEnvironmentVariable("AZURE_TENANT_ID", tenantID);
 TokenCredential tokenCredential = new DefaultAzureCredential();
 ```
 
-The resulting [TokenCredential](/dotnet/api/azure.core.tokencredential) can then be passed to an authentication method for any SDK client that accepts Microsft Entra/AAD credentials:
+The resulting [TokenCredential](/dotnet/api/azure.core.tokencredential) can then be passed to an authentication method for any SDK client that accepts Microsoft Entra/AAD credentials:
 
 * [JobClient](/dotnet/api/microsoft.azure.devices.jobclient.create?#microsoft-azure-devices-jobclient-create(system-string-azure-core-tokencredential-microsoft-azure-devices-httptransportsettings))
 * [RegistryManager](/dotnet/api/microsoft.azure.devices.registrymanager.create?#microsoft-azure-devices-registrymanager-create(system-string-azure-core-tokencredential-microsoft-azure-devices-httptransportsettings))
 * [DigitalTwinClient](/dotnet/api/microsoft.azure.devices.digitaltwinclient)
-* [ServiceClient](https://learn.microsoft.com/en-us/dotnet/api/microsoft.azure.devices.serviceclient.create?view=azure-dotnet#microsoft-azure-devices-serviceclient-create(system-string-azure-core-tokencredential-microsoft-azure-devices-transporttype-microsoft-azure-devices-serviceclienttransportsettings-microsoft-azure-devices-serviceclientoptions))
+* [ServiceClient](/dotnet/api/microsoft.azure.devices.serviceclient.create?#microsoft-azure-devices-serviceclient-create(system-string-azure-core-tokencredential-microsoft-azure-devices-transporttype-microsoft-azure-devices-serviceclienttransportsettings-microsoft-azure-devices-serviceclientoptions))
 
 In this example, the `TokenCredential` is passed to `ServiceClient.Create` to create a [ServiceClient](/dotnet/api/microsoft.azure.devices.serviceclient) connection object.
 
diff --git a/includes/iot-hub-howto-connect-service-iothub-entra-java..md b/includes/iot-hub-howto-connect-service-iothub-entra-java..md
@@ -0,0 +1,36 @@
+---
+title: How to connect a service to IoT Hub using Microsoft Entra (Java)
+titleSuffix: Azure IoT Hub
+description: Learn how to connect a service to IoT Hub using Microsoft Entra and the Azure IoT Hub SDK for Java.
+author: kgremban
+ms.author: kgremban
+ms.service: iot-hub
+ms.devlang: java
+ms.topic: include
+ms.manager: lizross
+ms.date: 11/06/2024
+---
+
+### Entra client secret credential
+
+Use [ClientSecretCredential](https://learn.microsoft.com/en-us/java/api/com.azure.identity.clientsecretcredential) to authenticate an application with Microsoft Entra.
+
+`ClientSecretCredential` is configured using [ClientSecretCredentialBuilder](/java/api/com.azure.identity.clientsecretcredentialbuilder).
+
+```java
+TokenCredential clientSecretCredential = new ClientSecretCredentialBuilder().tenantId(tenantId)
+     .clientId(clientId)
+     .clientSecret(clientSecret)
+     .build();
+```
+
+### Entra client certificate credential
+
+You can use [ClientCertificateCredential](/java/api/com.azure.identity.clientcertificatecredential) to create a `TokenCredential` using a certicate.
+
+The `TokenCredential` can then be passed to service constructors such as:
+
+* [DeviceTwin](https://learn.microsoft.com/en-us/java/api/com.microsoft.azure.sdk.iot.service.devicetwin.devicetwin?view=azure-java-stable#com-microsoft-azure-sdk-iot-service-devicetwin-devicetwin-devicetwin(java-lang-string-com-azure-core-credential-tokencredential))
+
+For more information about Entra app registration, see [Quickstart: Register an application with the Microsoft identity platform](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app).
+
diff --git a/includes/iot-hub-howto-connect-service-iothub-entra-node.md b/includes/iot-hub-howto-connect-service-iothub-entra-node.md
@@ -0,0 +1,44 @@
+---
+title: How to connect a service to IoT Hub using Microsoft Entra (Node.js)
+titleSuffix: Azure IoT Hub
+description: Learn how to connect a service to IoT Hub using Microsoft Entra and the Azure IoT Hub SDK for Node.js.
+author: kgremban
+ms.author: kgremban
+ms.service: iot-hub
+ms.devlang: javascript
+ms.topic: include
+ms.manager: lizross
+ms.date: 11/06/2024
+---
+
+For an overview of Node.js SDK authentication, see:
+
+* [Getting started with user authentication on Azure](/azure/developer/javascript/how-to/with-authentication/getting-started)
+* [Azure Identity client library for JavaScript](/javascript/api/overview/azure/identity-readme)
+
+### Entra token credential
+
+Use [DefaultAzureCredential](/javascript/api/@azure/identity/defaultazurecredential) to generate a token. The token will be supplied to `fromTokenCredential`.
+
+### Connect to IoT Hub
+
+Use [fromTokenCredential](/javascript/api/azure-iothub/registry?#azure-iothub-registry-fromtokencredential) to create a service connection to IoT Hub using an Entra token credential.
+
+`fromTokenCredential` requires two parameters:
+
+* hostname - The Azure service URL
+* tokenCredential - The Azure credential token
+
+In this example, the Azure credential is obtained using `DefaultAzureCredential`. THe Azure domain URL and credential are then supplied to `KeyClient`.
+
+```javascript
+import { DefaultAzureCredential } from "@azure/identity";
+import { KeyClient } from "@azure/keyvault-keys";
+
+// Configure vault URL
+const vaultUrl = "https://<your-unique-keyvault-name>.vault.azure.net";
+// Azure SDK clients accept the credential as a parameter
+const credential = new DefaultAzureCredential();
+// Create authenticated client
+const client = new KeyClient(vaultUrl, credential);
+```
diff --git a/includes/iot-hub-howto-connect-service-iothub-entra-python.md b/includes/iot-hub-howto-connect-service-iothub-entra-python.md
@@ -0,0 +1,43 @@
+---
+title: How to connect a service to IoT Hub using Microsoft Entra (Python)
+titleSuffix: Azure IoT Hub
+description: Learn how to connect a service to IoT Hub using Microsoft Entra and the Azure IoT Hub SDK for Python.
+author: kgremban
+ms.author: kgremban
+ms.service: iot-hub
+ms.devlang: python
+ms.topic: include
+ms.manager: lizross
+ms.date: 11/06/2024
+---
+
+For an overview of Python SDK authentication, see [Authenticate Python apps to Azure services by using the Azure SDK for Python](https://learn.microsoft.com/en-us/azure/developer/python/sdk/authentication/overview)
+
+### Entra token credential
+
+You must generate and supply a token credential to `from_token_credential`.
+
+[DefaultAzureCredential](/azure/developer/python/sdk/authentication/overview#use-defaultazurecredential-in-an-application) is the easiest way to generate a token. You can also use credential chains to generate a token. For more information, see [Credential chains in the Azure Identity client library for Python](/azure/developer/python/sdk/authentication/credential-chains).
+
+### Connect to IoT Hub
+
+Use [from_token_credential](/python/api/azure-iot-hub/azure.iot.hub.iothubregistrymanager?#azure-iot-hub-iothubregistrymanager-from-token-credential) to create a service connection to IoT Hub using an Entra token credential.
+
+`from_token_credential` requires two parameters:
+
+* The Azure service URL
+* The Azure credential token
+
+In this example, the Azure credential is obtained using `DefaultAzureCredential`. THe Azure domain URL and credential are then supplied to `BlobServiceClient`.
+
+```python
+from azure.identity import DefaultAzureCredential
+from azure.storage.blob import BlobServiceClient
+
+# Acquire a credential object
+credential = DefaultAzureCredential()
+
+blob_service_client = BlobServiceClient(
+        account_url="https://<my_account_name>.blob.core.windows.net",
+        credential=credential)
+```
diff --git a/includes/iot-hub-howto-module-twins-dotnet.md b/includes/iot-hub-howto-module-twins-dotnet.md
@@ -157,7 +157,6 @@ You can connect a backend service to IoT Hub using the following methods:
 
 * Shared access policy
 * Microsoft Entra
-* X.509 certificate
 
 #### Connect using a shared access policy
 
