Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into waf-metadata

Author: halkazwini

articles/deployment-environments/includes/developer-portal-landing-page.md

@@ -0,0 +1,25 @@
+---
+author: RoseHJM
+ms.author: rosemalcolm
+ms.date: 11/13/2024
+ms.topic: include
+ms.service: dev-box
+---
+
+1. Go to the [developer portal](https://aka.ms/devbox-portal). The landing page contains useful information and links. When you're ready, select **Sign in**. 
+
+   :::image type="content" source="../media/developer-portal-landing-page/developer-portal-landing-page-sign-in.png" alt-text="Screenshot of the developer portal landing page with sign-in highlighted.":::
+
+#### [No existing environments](#tab/no-existing-environments)
+
+2. If you don't have any dev boxes, you see this screen. Select **New environment**.
+
+   :::image type="content" source="../media/developer-portal-landing-page/developer-portal-new-deployment-environment.png" alt-text="Screenshot of the developer portal with new environment highlighted." lightbox="../media/developer-portal-landing-page/developer-portal-new-deployment-environment.png":::
+
+#### [Existing environments](#tab/existing-environments)
+
+2. Select **New** > **New environment**.
+ 
+   :::image type="content" source="../media/developer-portal-landing-page/developer-portal-new-environment-menu.png" alt-text="Screenshot of the developer portal with the New menu and Dev box option highlighted." lightbox="../media/developer-portal-landing-page/developer-portal-new-environment-menu.png":::
+ 
+---

articles/deployment-environments/media/developer-portal-landing-page/developer-portal-landing-page-sign-in.png

@@ -28,13 +28,9 @@ An environment in Azure Deployment Environments is a collection of Azure resourc
 
 [!INCLUDE [note-deployment-environments-user](includes/note-deployment-environments-user.md)]
 
-1. Sign in to the [developer portal](https://devportal.microsoft.com).
-
-1. From the **New** menu at the top left, select **New environment**.
- 
-   :::image type="content" source="media/quickstart-create-access-environments/dev-new-environment.png" alt-text="Screenshot showing the new menu with new environment highlighted." lightbox="media/quickstart-create-access-environments/dev-new-environment-expanded.png":::
+[!INCLUDE [developer-portal-landing-page](includes/developer-portal-landing-page.md)]
 
-1. In the **Add an environment** pane, select the following information:
+3. In the **Add an environment** pane, select the following information:
 
    |Field  |Value  |
    |---------|---------|
@@ -47,7 +43,7 @@ An environment in Azure Deployment Environments is a collection of Azure resourc
 
    If your environment is configured to accept parameters, you can enter them on a separate pane. In this example, you don't need to specify any parameters.
 
-1. Select **Create**. You see your environment in the developer portal immediately, with an indicator that shows creation in progress.
+4. Select **Create**. You see your environment in the developer portal immediately, with an indicator that shows creation in progress.
 
 ## Access an environment
 

articles/deployment-environments/media/developer-portal-landing-page/developer-portal-new-deployment-environment.png

@@ -26,6 +26,10 @@ Added validation to ensure the HTTP method in the Request component of the trans
 
 CMK Error Handling: Improved error handling for operations dependent on customer-managed keys. Users will now see a more specific error message and a link to [Microsoft's troubleshooting guide](fhir/configure-customer-managed-keys.md) if issues occur related to CMK.
 
+#### 100 items limit on include and revinclude searches
+
+The FHIR® server has a limit of 100 items on `include` and `revinclude` searches. A recent update fixed an issue where this limit was not being applied in specific conditions. Customers will receive a warning and truncated results if the limit is exceeded. Details on limits can be found in the [Overview of FHIR search](./fhir/overview-of-search.md#search-result-parameters). To manage this, use the `_count` parameter to reduce the number of returned results. In the short term, we plan to increase the limit to 1000
+
 ## Related content
 
 [Release notes 2021](release-notes-2021.md)
@@ -38,4 +42,4 @@ CMK Error Handling: Improved error handling for operations dependent on customer
 
 [Known issues](known-issues.md)
 
-[!INCLUDE [FHIR and DICOM trademark statement](includes/healthcare-apis-fhir-dicom-trademark.md)]
+[!INCLUDE [FHIR and DICOM trademark statement](includes/healthcare-apis-fhir-dicom-trademark.md)]

articles/deployment-environments/media/developer-portal-landing-page/developer-portal-new-environment-menu.png

@@ -147,6 +147,8 @@
                 href: howto-configure-network-fabric.md
               - name: Cluster
                 href: howto-configure-cluster.md
+              - name: Cluster Creation With Managed Identity
+                href: howto-create-cluster-with-user-assigned-managed-identity.md
               - name: Cluster Template JSON Example
                 href: cluster-jsonc-example.md
               - name: Cluster Parameters JSON Example
@@ -429,4 +431,4 @@
       expanded: false
       items:
         - name: 2404.2
-          href: release-notes-2404.2.md
+          href: release-notes-2404.2.md

articles/deployment-environments/quickstart-create-access-environments.md

@@ -118,6 +118,7 @@ Managed Identity can be assigned to the Cluster during creation or update operat
 - **--mi-system-assigned** - Enable System-assigned managed identity. Once added, the Identity can only be removed via the API call at this time.
 - **--mi-user-assigned** - Space-separated resource IDs of the User-assigned managed identities to be added. Once added, the Identity can only be removed via the API call at this time.
 
+[Create cluster with User assigned Managed Identity](./howto-create-cluster-with-user-assigned-managed-identity.md)
 ### Create the Cluster using Azure Resource Manager template editor
 
 An alternate way to create a Cluster is with the ARM template editor.

articles/healthcare-apis/release-notes-2025.md

@@ -0,0 +1,112 @@
+---
+title: "Azure Operator Nexus: Create Cluster Resource with a Managed Identity"
+description: Create Clusters using the User Assigned Managed Identity to access the Log Analytics Workspace.
+author: troy0820 
+ms.author: troyconnor
+ms.service: azure-operator-nexus
+ms.topic: how-to
+ms.date: 01/08/2025
+ms.custom: template-how-to
+---
+
+
+# Create a Cluster Resource with a Managed Identity
+
+To create a cluster without a service principal user name and password, you can now create a cluster with a user-assigned managed identity or a system-assigned managed identity that has permissions over the Log Analytics Workspace.  This will be used when validating the hardware during hardware validation and when installing the extensions that utilize the Log Analytics Workspace.
+
+## Prerequisites
+
+* Install the latest version of the
+   [appropriate CLI extensions](./howto-install-cli-extensions.md)
+* A Log Analytics Workspace 
+* A user-assigned managed identity resource with permissions over the log analytics workspace of [Log Analytics Contributor](/azure/role-based-access-control/built-in-roles/analytics#log-analytics-contributor).
+
+> [!NOTE]
+> This functionality exists with the 2024-10-01-preview API and will be available with the 2025-02-01 GA API offered by Azure Operator Nexus 
+
+
+### Create and configure Log Analytics Workspace and User Assigned Managed Identity
+
+1. Create a Log Analytics Workspace [Create a Log Analytics Workspace](/azure/azure-monitor/logs/quick-create-workspace).
+1. Assign the "Log Analytics Contributor" role to users and managed identities which need access to the Log Analytics Workspace.
+   1. See [Assign an Azure role for access to the analytics Workspace](/azure/azure-monitor/logs/manage-access?tabs=portal#azure-rbac). The role must also be assigned to either a user-assigned managed identity or the cluster's own system-assigned managed identity.
+   1. For more information on managed identities, see [Managed identities for Azure resources](/entra/identity/managed-identities-azure-resources/overview).
+   1. If using the Cluster's system assigned identity, the system assigned identity needs to be added to the cluster before it can be granted access.
+   1. When assigning a role to the cluster's system-assigned identity, make sure you select the resource with the type "Cluster (Operator Nexus)."
+
+### Configure the cluster to use a user-assigned managed identity for Log Analytics Workspace access
+
+```azurecli-interactive
+az networkcloud cluster create --name "<cluster-name>" \
+  --resource-group "<cluster-resource-group>" \
+  --mi-user-assigned "<user-assigned-identity-resource-id>" \
+  --analytics-output-settings identity-type="UserAssignedIdentity" \
+  identity-resource-id="<user-assigned-identity-resource-id>" \
+  ...
+  --subscription "<subscription>"
+```
+
+### View the principal ID for the user-assigned managed identity
+
+The identity resource ID can be found by selecting "JSON view" on the identity resource; the ID is at the top of the panel that appears. The container URL can be found on the Settings -> Properties tab of the container resource.
+
+The CLI can also be used to view the identity and the associated principal ID data within the cluster.
+
+Example:
+
+```console
+az networkcloud cluster show --ids /subscriptions/<Subscription ID>/resourceGroups/<Cluster Resource Group Name>/providers/Microsoft.NetworkCloud/clusters/<Cluster Name>
+```
+
+User-assigned identity example:
+
+```json
+    "identity": {
+        "type": "UserAssigned",
+        "userAssignedIdentities": {
+            "/subscriptions/<subscriptionID>/resourcegroups/<resourceGroupName>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<userAssignedIdentityName>": {
+                "clientId": "00001111-aaaa-2222-bbbb-3333cccc4444",
+                "principalId": "bbbbbbbb-cccc-dddd-2222-333333333333"
+            }
+        }
+    },
+```
+
+### Create and configure Log Analytics Workspace and System Assigned Managed Identity
+
+> [!NOTE]
+> The system-assigned managed identity that is created during cluster creation does not exist until the cluster is created.  This system-assigned managed identity will need to have permissions over the scope of the Log Analytics Workspace with the role of Log Analytics Contributor before we can update the cluster to utilize this identity. This update must occur before the Cluster can be deployed.
+
+```azurecli-interactive
+az networkcloud cluster update --name "<cluster-name>" \
+  --resource-group "<cluster-resource-group>" \
+  --mi-system-assigned "<system-assigned-identity-resource-id>" \
+  --analytics-output-settings identity-type="SystemAssignedIdentity" \
+  identity-resource-id="<user-assigned-identity-resource-id>" \
+  ...
+  --subscription "<subscription>"
+```
+
+### View the principal ID for the system-assigned managed identity
+
+The identity resource ID can be found by selecting "JSON view" on the identity resource; the ID is at the top of the panel that appears. The container URL can be found on the Settings -> Properties tab of the container resource.
+
+The CLI can also be used to view the identity and the associated principal ID data within the cluster.
+
+Example:
+
+```console
+az networkcloud cluster show --ids /subscriptions/<Subscription ID>/resourceGroups/<Cluster Resource Group Name>/providers/Microsoft.NetworkCloud/clusters/<Cluster Name>
+```
+
+System-assigned identity example:
+
+```json
+    "identity": {
+        "principalId": "aaaaaaaa-bbbb-cccc-1111-222222222222",
+        "tenantId": "aaaabbbb-0000-cccc-1111-dddd2222eeee",
+        "type": "SystemAssigned"
+    },
+```
+
+

articles/operator-nexus/TOC.yml

@@ -25,12 +25,8 @@ items:
       href: oracle-db/onboard-oracle-database.md
   - name: Design considerations 
     items:
-    - name: Groups and roles
-      href: oracle-db/oracle-database-groups-roles.md
-    - name: Plan IP address space
-      href: oracle-db/oracle-database-plan-ip.md
-    - name: Delegated subnet limits
-      href: oracle-db/oracle-database-delegated-subnet-limits.md      
+    - name: Design considerations for Oracle Database@Azure
+      href: https://docs.oracle.com/en-us/iaas/Content/database-at-azure/odbaa-design.htm      
   - name: FAQs
     href: oracle-db/faq-oracle-database-azure.md
   - name: References