You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/confidential-computing/skr-flow-confidential-containers-azure-container-instance.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,7 +18,7 @@ Secure Key Release (SKR) flow with Azure Key Vault (AKV) with confidential conta
18
18
19
19
## Side-Car helper container provided by Azure
20
20
21
-
An [open sourced GitHub project "confidential side-cars"](https://github.com/microsoft/confidential-sidecar-containers) details how to build this container and what parameters/environment variables are required for you to prepare and run this side-car container. The current side car implementation provides various HTTP REST APIs that your primary application container can use to fetch the key from AKV. The integration through Microsoft Azure Attestation(MAA) is already built in. The preparation steps to run the side-car SKR container can be found in details [here](https://github.com/microsoft/confidential-sidecar-containers/tree/main/examples/skr).
21
+
An [open sourced GitHub project "confidential side-cars"](https://github.com/microsoft/confidential-sidecar-containers) details how to build this container and what parameters/environment variables are required for you to prepare and run this side-car container. The current side car implementation provides various HTTP REST APIs that your primary application container can use to fetch the key from AKV. The integration through Microsoft Azure Attestation(MAA) is already built in. The preparation steps to run the side-car SKR container can be found in details [here](https://github.com/microsoft/confidential-sidecar-containers/tree/main/examples/skr).
22
22
23
23
Your main application container application can call the side-car WEB API end points as defined in the example below. Side-cars runs within the same container group and is a local endpoint to your application container. Full details of the API can be found [here](https://github.com/microsoft/confidential-sidecar-containers/blob/main/cmd/skr/README.md)
Copy file name to clipboardExpand all lines: articles/data-factory/connector-sharepoint-online-list.md
+10-6Lines changed: 10 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ author: jianleishen
6
6
ms.subservice: data-movement
7
7
ms.custom: synapse
8
8
ms.topic: conceptual
9
-
ms.date: 08/29/2024
9
+
ms.date: 09/14/2024
10
10
ms.author: jianleishen
11
11
---
12
12
# Copy data from SharePoint Online List by using Azure Data Factory or Azure Synapse Analytics
@@ -72,16 +72,19 @@ The following properties are supported for a SharePoint Online List linked servi
72
72
| type | The type property must be set to: **SharePointOnlineList**. | Yes |
73
73
| siteUrl | The SharePoint Online site url, e.g. `https://contoso.sharepoint.com/sites/siteName`. | Yes |
74
74
| servicePrincipalId | The Application (client) ID of the application registered in Microsoft Entra ID. | Yes |
75
-
| servicePrincipalCredentialType | Specify the credential type to use for service principal authentication. Allowed values are `ServicePrincipalKey` and `ServicePrincipalCert`. | No |
76
-
|***For ServicePrincipalKey***|||
77
-
| servicePrincipalKey | The application's key. Mark this field as a **SecureString** to store it securely, or [reference a secret stored in Azure Key Vault](store-credentials-in-key-vault.md). Refer to this [section](#grant-permission-for-using-service-principal-key) for more details including the permission settings. | No |
75
+
| servicePrincipalCredentialType | Specify the credential type to use for service principal authentication. Allowed values are `ServicePrincipalCert` and `ServicePrincipalKey`. | No |
78
76
|***For ServicePrincipalCert***|||
79
-
| servicePrincipalEmbeddedCert | Specify the base64 encoded certificate of your application registered in Microsoft Entra ID, and ensure the certificate content type is **PKCS #12**. Mark this field as a **SecureString** to store it securely, or [reference a secret stored in Azure Key Vault](store-credentials-in-key-vault.md). Refer to this [article](/sharepoint/dev/solution-guidance/security-apponly-azuread) for permission settings.| No |
77
+
| servicePrincipalEmbeddedCert | Specify the base64 encoded certificate of your application registered in Microsoft Entra ID, and ensure the certificate content type is **PKCS #12**. Mark this field as a **SecureString** to store it securely, or [reference a secret stored in Azure Key Vault](store-credentials-in-key-vault.md). You need to configure the permission settings referring this [article](/sharepoint/dev/solution-guidance/security-apponly-azuread).| No |
80
78
| servicePrincipalEmbeddedCertPassword | Specify the password of your certificate if your certificate is secured with a password. Mark this field as a **SecureString** to store it securely, or [reference a secret stored in Azure Key Vault](store-credentials-in-key-vault.md). | No |
79
+
|***For ServicePrincipalKey***|||
80
+
| servicePrincipalKey | The application's key. Mark this field as a **SecureString** to store it securely, or [reference a secret stored in Azure Key Vault](store-credentials-in-key-vault.md). Refer to this [section](#grant-permission-for-using-service-principal-key) for more details including the permission settings.| No |
81
81
||||
82
82
| tenantId | The tenant ID under which your application resides. | Yes |
83
83
| connectVia | The [Integration Runtime](concepts-integration-runtime.md) to use to connect to the data store. If not specified, the default Azure Integration Runtime is used. | No |
84
84
85
+
>[!Note]
86
+
>If you are using service principal key authentication, which is based on Azure ACS (Access Control Services), we recommend switching to the **service principal certificate authentication** due to the [ACS retirement plan](/sharepoint/dev/sp-add-ins/retirement-announcement-for-azure-acs).
87
+
85
88
**Example 1: Using service principal key authentication**
86
89
87
90
```json
@@ -135,6 +138,7 @@ The following properties are supported for a SharePoint Online List linked servi
135
138
}
136
139
}
137
140
```
141
+
138
142
### Grant permission for using service principal key
139
143
140
144
The SharePoint List Online connector uses service principal authentication to connect to SharePoint. Follow these steps to set it up:
@@ -161,7 +165,7 @@ The SharePoint List Online connector uses service principal authentication to co
161
165
```
162
166
163
167
:::image type="content" source="media/connector-sharepoint-online-list/sharepoint-online-grant-permission-admin.png" alt-text="Grant SharePoint Online site permission to your registered application when you have site admin role.":::
164
-
168
+
165
169
> [!NOTE]
166
170
> In the context of configuring the SharePoint connector, the "App Domain" and "Redirect URL" refer to the SharePoint app that you have registered in Microsoft Entra ID to allow access to your SharePoint data. The "App Domain" is the domain where your SharePoint site is hosted. For example, if your SharePoint site is located at "https://contoso.sharepoint.com", then the "App Domain" would be "contoso.sharepoint.com". The "Redirect URL" is the URL that the SharePoint app will redirect to after the user has authenticated and granted permissions to the app. This URL should be a page on your SharePoint site that the app has permission to access. For example, you could use the URL of a page that displays a list of files in a library, or a page that displays the contents of a document.
0 commit comments