Merge pull request #249728 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: Taojunshen

articles/active-directory/develop/v2-oauth2-on-behalf-of-flow.md

@@ -164,6 +164,8 @@ This access token is a v1.0-formatted token for Microsoft Graph. This is because
 
 An error response is returned by the token endpoint when trying to acquire an access token for the downstream API, if the downstream API has a Conditional Access policy (such as [multifactor authentication](../authentication/concept-mfa-howitworks.md)) set on it. The middle-tier service should surface this error to the client application so that the client application can provide the user interaction to satisfy the Conditional Access policy.
 
+To [surface this error back](https://datatracker.ietf.org/doc/html/rfc6750#section-3.1) to the client, the middle-tier service will reply with HTTP 401 Unauthorized and with a WWW-Authenticate HTTP header containing the error and the claim challenge. The client must parse this header and acquire a new token from the token issuer, by presenting the claims challenge if one exists. Clients should not retry to access the middle-tier service using a cached access token.
+
 ```json
 {
     "error":"interaction_required",

articles/api-management/trace-policy.md

@@ -14,8 +14,8 @@ ms.author: danlep
 The `trace` policy adds a custom trace into the request tracing output in the test console, Application Insights telemetries, and/or resource logs.
 
 -   The policy adds a custom trace to the [request tracing](./api-management-howto-api-inspector.md) output in the test console when tracing is triggered, that is, `Ocp-Apim-Trace` request header is present and set to `true` and `Ocp-Apim-Subscription-Key` request header is present and holds a valid key that allows tracing.
--   The policy creates a [Trace](../azure-monitor/app/data-model-complete.md#trace) telemetry in Application Insights, when [Application Insights integration](./api-management-howto-app-insights.md) is enabled and the `severity` specified in the policy is equal to or greater than the `verbosity` specified in the diagnostic setting.
--   The policy adds a property in the log entry when [resource logs](./api-management-howto-use-azure-monitor.md#resource-logs) are enabled and the severity level specified in the policy is at or higher than the verbosity level specified in the diagnostic setting.
+-   The policy creates a [Trace](../azure-monitor/app/data-model-complete.md#trace) telemetry in Application Insights, when [Application Insights integration](./api-management-howto-app-insights.md) is enabled and the `severity` specified in the policy is equal to or greater than the `verbosity` specified in the [diagnostic setting](./diagnostic-logs-reference.md).
+-   The policy adds a property in the log entry when [resource logs](./api-management-howto-use-azure-monitor.md#resource-logs) are enabled and the severity level specified in the policy is at or higher than the verbosity level specified in the [diagnostic setting](./diagnostic-logs-reference.md).
 -   The policy is not affected by Application Insights sampling. All invocations of the policy will be logged.
 
 [!INCLUDE [api-management-tracing-alert](../../includes/api-management-tracing-alert.md)]
@@ -71,4 +71,4 @@ The `trace` policy adds a custom trace into the request tracing output in the te
 
 * [API Management advanced policies](api-management-advanced-policies.md)
 
-[!INCLUDE [api-management-policy-ref-next-steps](../../includes/api-management-policy-ref-next-steps.md)]
+[!INCLUDE [api-management-policy-ref-next-steps](../../includes/api-management-policy-ref-next-steps.md)]

articles/azure-app-configuration/concept-geo-replication.md

@@ -44,6 +44,12 @@ To add once these links become available:
 
 Each replica created will add extra charges. Reference the [App Configuration pricing page](https://azure.microsoft.com/pricing/details/app-configuration/) for details. As an example, if your origin is a standard tier configuration store and you have five replicas, you would be charged the rate of six standard tier configuration stores for your system, but each of your replica's isolated quota and requests are included in this charge.
 
+## Monitoring
+
+To offer insights into the characteristics of the geo-replication feature, App Configuration provides a metric named **Replication Latency**. The replication latency metric describes how long it takes for data to replicate from one region to another.
+
+For more information on the replication latency metric and other App Configuration metrics see [Monitoring App Configuration data reference](./monitor-app-configuration-reference.md).
+
 ## Next steps
 
 > [!div class="nextstepaction"]

articles/azure-app-configuration/monitor-app-configuration-reference.md

@@ -24,6 +24,7 @@ Resource Provider and Type: [App Configuration Platform Metrics](../azure-monito
 | Http Incoming Request Duration | Milliseconds | Server side duration of an Http Request |
 | Throttled Http Request Count | Count |	Throttled requests are Http requests that receive a response with a status code of 429 |
 | Daily Storage Usage | Percent |	Represents the amount of storage in use as a percentage of the maximum allowance. This metric is updated at least once daily. |
+| Replication Latency | Milliseconds |	Represents the average time it takes for a replica to be consistent with current state. |
 
 For more information, see a list of [all platform metrics supported in Azure Monitor](../azure-monitor/essentials/metrics-supported.md).
 
@@ -37,6 +38,7 @@ App Configuration has the following dimensions associated with its metr
 | Http Incoming Request Duration | The supported dimensions are the **HttpStatusCode**, **AuthenticationScheme**, and **Endpoint** of each request. **AuthenticationScheme** can be filtered by AAD or HMAC authentication. |
 | Throttled Http Request Count | The **Endpoint** of each request is included as a dimension.  |
 | Daily Storage Usage | This metric does not have any dimensions.  |
+| Replication Latency | The **Endpoint** of the replica that data was replicated to is included as a dimension.  |
 
  For more information on what metric dimensions are, see [Multi-dimensional metrics](../azure-monitor/essentials/data-platform-metrics.md#multi-dimensional-metrics).
 

articles/azure-app-configuration/monitor-app-configuration.md

@@ -101,6 +101,7 @@ You can analyze metrics for App Configuration with metrics from other Azure serv
 * Http Incoming Request Duration 
 * Throttled Http Request Count (Http status code 429 Responses)
 * Daily Storage Usage
+* Replication Latency
 
 In the portal, navigate to the **Metrics** section and select the **Metric Namespaces** and **Metrics** you want to analyze. This screenshot shows you the metrics view when selecting **Http Incoming Request Count** for your configuration store.
 

articles/azure-monitor/agents/azure-monitor-agent-manage.md

@@ -73,7 +73,7 @@ For information on how to install Azure Monitor Agent from the Azure portal, see
 
 #### [PowerShell](#tab/azure-powershell)
 
-You can install Azure Monitor Agent on Azure virtual machines and on Azure Arc-enabled servers by using the PowerShell command for adding a virtual machine extension.
+You can install Azure Monitor Agent on Azure virtual machines and on Azure Arc-enabled servers by using the PowerShell command for adding a virtual machine extension. 
 
 ### Install on Azure virtual machines
 
@@ -103,6 +103,10 @@ Use the following PowerShell commands to install Azure Monitor Agent on Azure vi
   Set-AzVMExtension -Name AzureMonitorLinuxAgent -ExtensionType AzureMonitorLinuxAgent -Publisher Microsoft.Azure.Monitor -ResourceGroupName <resource-group-name> -VMName <virtual-machine-name> -Location <location> -TypeHandlerVersion <version-number> -EnableAutomaticUpgrade $true
   ```
 
+### Install on Azure virtual machines scale set 
+
+Use the [Add-AzVmssExtension](/powershell/module/az.compute/add-azvmssextension) PowerShell cmdlet to install Azure Monitor Agent on Azure virtual machines scale sets.
+
 ### Install on Azure Arc-enabled servers
 
 Use the following PowerShell commands to install Azure Monitor Agent on Azure Arc-enabled servers.
@@ -148,6 +152,9 @@ Use the following CLI commands to install Azure Monitor Agent on Azure virtual m
   ```azurecli
   az vm extension set --name AzureMonitorLinuxAgent --publisher Microsoft.Azure.Monitor --ids <vm-resource-id> --enable-auto-upgrade true
   ```
+### Install on Azure virtual machines scale set 
+
+Use the [az vmss extension set](/cli/azure/vmss/extension) CLI cmdlet to install Azure Monitor Agent on Azure virtual machines scale sets.
 
 ### Install on Azure Arc-enabled servers
 
@@ -207,6 +214,9 @@ Use the following PowerShell commands to uninstall Azure Monitor Agent on Azure
   ```powershell
   Remove-AzVMExtension -Name AzureMonitorLinuxAgent -ResourceGroupName <resource-group-name> -VMName <virtual-machine-name> 
   ```
+### Uninstall on Azure virtual machines scale set 
+
+Use the [Remove-AzVmssExtension](/powershell/module/az.compute/remove-azvmssextension) PowerShell cmdlet to uninstall Azure Monitor Agent on Azure virtual machines scale sets.
 
 ### Uninstall on Azure Arc-enabled servers
 
@@ -237,6 +247,9 @@ Use the following CLI commands to uninstall Azure Monitor Agent on Azure virtual
   ```azurecli
   az vm extension delete --resource-group <resource-group-name> --vm-name <virtual-machine-name> --name AzureMonitorLinuxAgent
   ```
+### Uninstall on Azure virtual machines scale set 
+
+Use the [az vmss extension delete](/cli/azure/vmss/extension) CLI cmdlet to uninstall Azure Monitor Agent on Azure virtual machines scale sets.
 
 ### Uninstall on Azure Arc-enabled servers
 

articles/azure-monitor/app/java-standalone-profiler.md

@@ -22,7 +22,7 @@ The Application Insights Java Profiler provides a system for:
 
 The Application Insights Java profiler uses the JFR profiler provided by the JVM to record profiling data, allowing users to download the JFR recordings at a later time and analyze them to identify the cause of performance issues.
 
-This data is gathered on demand when trigger conditions are met. The available triggers are thresholds over CPU usage and Memory consumption.
+This data is gathered on demand when trigger conditions are met. The available triggers are thresholds over CPU usage, Memory consumption, and Request (SLA triggers). Request triggers monitor Spans generated by Open Telemetry and allow the user to configure SLA requirements over the duration of those Spans.
 
 When a threshold is reached, a profile of the configured type and duration is gathered and uploaded. This profile is then visible within the performance pane of the associated Application Insights Portal UI.
 
@@ -56,7 +56,7 @@ See [Configuring Profile Contents](#configuring-profile-contents) on setting a c
 
 For more detailed description of the various triggers available, see [profiler overview](../profiler/profiler-overview.md).
 
-The ApplicationInsights Java Agent monitors CPU and memory consumption and if it breaches a configured threshold a profile is triggered. Both thresholds are a percentage.
+The ApplicationInsights Java Agent monitors CPU, memory, and request duration such as a business transaction. If it breaches a configured threshold, a profile is triggered. 
 
 #### Profile now
 
@@ -89,6 +89,24 @@ In this scenario, a profile will occur in the following circumstances:
 - Full garbage collection is executed
 - The Tenured regions occupancy is above 691 mb after collection
 
+### Request
+
+SLA triggers are based on OpenTelemetry (otel) and they will initiate a profile if certain criteria is fulfilled.
+
+Each individual trigger configuration is formed as follows:
+
+- `Name` - A unique identifier for the trigger.
+- `Filter` - Filters the requests of interest for the trigger.
+- `Aggregation` - This calculates the ratio of requests that breached a given threshold.
+  - `Threshold` - A value (in milliseconds) above which a request breach is determined.
+  - `Minimum samples` - The minimum number of samples that must be collected for the aggregation to produce data, this is to prevent triggering off of small sample sizes.
+  - `Window` - Rolling time window (in milliseconds).
+- `Threshold` - The threshold value (percentage) applied to the aggregation output. If this value is exceeded, a profile is initiated.
+
+For instance, the following scenario would trigger a profile if: more than 75% of requests to a specific endpoint (/users/.*) take longer than 30 ms within a 60 seconds window, when at least 100 samples were gathered.
+
+:::image type="content" source="./media/java-standalone-profiler/request-trigger-sample.png" alt-text="Screenshot of request trigger sample":::
+
 ### Installation
 
 The following steps will guide you through enabling the profiling component on the agent and configuring resource limits that will trigger a profile if breached.
@@ -101,8 +119,8 @@ The following steps will guide you through enabling the profiling component on t
 
     2. Select "Triggers"
 
-    3. Configure the required CPU and Memory thresholds and select Apply.
-       :::image type="content" source="./media/java-standalone-profiler/cpu-memory-trigger-settings.png" alt-text="Screenshot of trigger settings pane for CPU and Memory triggers.":::
+    3. Configure the required CPU, Memory or Request triggers (if enabled) and select Apply.
+       :::image type="content" source="./media/java-standalone-profiler/trigger-settings.png" alt-text="Screenshot of trigger settings":::
 
 > [!WARNING]
 > The Java profiler does not support the "Sampling" trigger. Configuring this will have no effect.
@@ -140,7 +158,8 @@ Example configuration:
       "enabled": true,
       "cpuTriggeredSettings": "profile-without-env-data",
       "memoryTriggeredSettings": "profile-without-env-data",
-      "manualTriggeredSettings": "profile-without-env-data"
+      "manualTriggeredSettings": "profile-without-env-data",
+      "enableRequestTriggering": true
     }
   }
 }
@@ -168,6 +187,12 @@ This value can be one of:
 - `profile`. Uses the `profile.jfc` jfc configuration that ships with JFR.
 - A path to a custom jfc configuration file on the file system, i.e `/tmp/myconfig.jfc`.
 
+`enableRequestTriggering` Whether JFR profiling should be triggered based on request configuration.
+This value can be one of:
+
+- `true` Profiling will be triggered if a request trigger threshold is breached.
+- `false` (default value). Profiling will not be triggered by request configuration.
+
 ## Frequently asked questions
 
 ### What is Azure Monitor Application Insights Java Profiling?

articles/azure-monitor/app/media/java-standalone-profiler/request-trigger-sample.png

@@ -64,7 +64,7 @@ To enable backup for an AKS cluster, see the following prerequisites: .
 
 - Before installing Backup Extension in the AKS cluster, ensure that the CSI drivers and snapshots are enabled for your cluster. If disabled, see [these steps to enable them](../aks/csi-storage-drivers.md#enable-csi-storage-drivers-on-an-existing-cluster).
 
-- Backup Extension uses the AKS cluster’s Managed System Identity to perform backup operations. So, ASK backup doesn't support AKS clusters using Service Principal. You can [update your AKS cluster to use Managed System Identity](../aks/use-managed-identity.md#enable-managed-identities-on-an-existing-aks-cluster).
+- Backup Extension uses the AKS cluster’s Managed System Identity to perform backup operations. So, AKS backup doesn't support AKS clusters using Service Principal. You can [update your AKS cluster to use Managed System Identity](../aks/use-managed-identity.md#enable-managed-identities-on-an-existing-aks-cluster).
 
   >[!Note]
   >Only Managed System Identity based AKS clusters are supported by AKS backup. The support for User Identity based AKS clusters is currently not available.