Skip to content

Commit 2e1775a

Browse files
authored
Merge pull request #96341 from MicrosoftDocs/repo_sync_working_branch
Confirm merge from repo_sync_working_branch to master to sync with https://github.com/Microsoft/azure-docs (branch master)
2 parents 62025f7 + 009ab07 commit 2e1775a

File tree

7 files changed

+31
-12
lines changed

7 files changed

+31
-12
lines changed

articles/active-directory/manage-apps/use-scim-to-provision-users-and-groups.md

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1308,6 +1308,24 @@ Once the initial cycle has started, you can select **Provisioning logs** in the
13081308

13091309
If you're building an application that will be used by more than one tenant, you can make it available in the Azure AD application gallery. This will make it easy for organizations to discover the application and configure provisioning. Publishing your app in the Azure AD gallery and making provisioning available to others is easy. Check out the steps [here](https://docs.microsoft.com/azure/active-directory/develop/howto-app-gallery-listing). Microsoft will work with you to integrate your application into our gallery, test your endpoint, and release onboarding [documentation](https://docs.microsoft.com/azure/active-directory/saas-apps/tutorial-list) for customers to use.
13101310

1311+
1312+
### Authorization for provisioning connectors in the application gallery
1313+
The SCIM spec does not define a SCIM-specific scheme for authentication and authorization. It relies on the use of existing industry standards. The Azure AD provisioning client supports two authorization methods for applications in the gallery.
1314+
1315+
**OAuth authorization code grant flow:** The provisioning service supports the [authorization code grant](https://tools.ietf.org/html/rfc6749#page-24). After submitting your request for publishing your app in the gallery, our team will work with you to collect the following information:
1316+
* Authorization URL: A URL by the client to obtain authorization from the resource owner via user-agent redirection. The user is redirected to this URL to authorize access.
1317+
* Token exchange URL: A URL by the client to exchange an authorization grant for an access token, typically with client authentication.
1318+
* Client ID: The authorization server issues the registered client a client identifier, which is a unique string representing the registration information provided by the client. The client identifier is not a secret; it is exposed to the resource owner and **must not** be used alone for client authentication.
1319+
* Client secret: The client secret is a secret generated by the authorization server. It should be a unique value known only to the authorization server.
1320+
1321+
Best practices (recommended but not required):
1322+
* Support multiple redirect URLs. Administrators can configure provisioning from both "portal.azure.com" and "aad.portal.azure.com". Supporting multiple redirect URLs will ensure that users can authorize access from either portal.
1323+
* Support multiple secrets to ensure smooth secret renewal, without downtime.
1324+
1325+
**Long lived OAuth bearer tokens:** If your application does not support the OAuth authorization code grant flow, you can also generate a long lived OAuth bearer token than that an administrator can use to setup the provisioning integration. The token should be perpetual, or else the provisioning job will be [quarantined](https://docs.microsoft.com/azure/active-directory/manage-apps/application-provisioning-quarantine-status) when the token expires. This token must be below 1KB in size.
1326+
1327+
For additional authentication and authorization methods, let us know on [UserVoice](https://aka.ms/appprovisioningfeaturerequest).
1328+
13111329
### Allow IP addresses used by the Azure AD provisioning service to make SCIM requests
13121330

13131331
Certain apps allow inbound traffic to their app. In order for the Azure AD provisioning service to function as expected, the IP addresses used must be allowed. For a list of IP addresses for each service tag/region, see the JSON file - [Azure IP Ranges and Service Tags – Public Cloud](https://www.microsoft.com/download/details.aspx?id=56519). You can download and program these IPs into your firewall as needed. The reserved IP ranges for Azure AD provisioning can be found under "AzureActiveDirectoryDomainServices."

articles/aks/includes/servicemesh/linkerd/install-client-binary-macos.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ curl -sLO "https://github.com/linkerd/linkerd2/releases/download/$LINKERD_VERSIO
2020
The `linkerd` client binary runs on your client machine and allows you to interact with the Linkerd service mesh. Use the following commands to install the Linkerd `linkerd` client binary in a bash-based shell on MacOS. These commands copy the `linkerd` client binary to the standard user program location in your `PATH`.
2121

2222
```bash
23-
sudo cp ./linkerd2-cli-$LINKERD_VERSION-linux /usr/local/bin/linkerd
23+
sudo cp ./linkerd2-cli-$LINKERD_VERSION-darwin /usr/local/bin/linkerd
2424
sudo chmod +x /usr/local/bin/linkerd
2525
```
2626

@@ -34,4 +34,4 @@ source ~/completions/linkerd.bash
3434
# Source the bash completion file in your .bashrc so that the command-line completions
3535
# are permanently available in your shell
3636
echo "source ~/completions/linkerd.bash" >> ~/.bashrc
37-
```
37+
```

articles/backup/backup-support-matrix-mars-agent.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -60,6 +60,8 @@ And to these IP addresses:
6060
- 20.190.128.0/18
6161
- 40.126.0.0/18
6262

63+
Access to all of the URLs and IP addresses listed above uses the HTTPS protocol on port 443.
64+
6365
### Throttling support
6466

6567
**Feature** | **Details**

articles/cognitive-services/LUIS/luis-container-howto.md

Lines changed: 6 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -67,8 +67,6 @@ Use the [`docker pull`](https://docs.docker.com/engine/reference/commandline/pul
6767
docker pull mcr.microsoft.com/azure-cognitive-services/luis:latest
6868
```
6969

70-
Use the [`docker pull`](https://docs.docker.com/engine/reference/commandline/pull/) command to download a container image.
71-
7270
For a full description of available tags, such as `latest` used in the preceding command, see [LUIS](https://go.microsoft.com/fwlink/?linkid=2043204) on Docker Hub.
7371

7472
[!INCLUDE [Tip for using docker list](../../../includes/cognitive-services-containers-docker-list-tip.md)]
@@ -244,8 +242,8 @@ Use the host, `http://localhost:5000`, for container APIs.
244242

245243
|Package type|HTTP verb|Route|Query parameters|
246244
|--|--|--|--|
247-
|Published|GET, POST|`/luis/prediction/v3.0/apps/{appId}/slots/{slotName}/predict?`|`query={query}`<br>[`&verbose`]<br>[`&log`]<br>[`&show-all-intents`]|
248-
|Versioned|GET, POST|`/luis/prediction/v3.0/apps/{appId}/versions/{versionId}/predict?`|`query={query}`<br>[`&verbose`]<br>[`&log`]<br>[`&show-all-intents`]|
245+
|Published|GET, POST|`/luis/v3.0/apps/{appId}/slots/{slotName}/predict?`|`query={query}`<br>[`&verbose`]<br>[`&log`]<br>[`&show-all-intents`]|
246+
|Versioned|GET, POST|`/luis/v3.0/apps/{appId}/versions/{versionId}/predict?`|`query={query}`<br>[`&verbose`]<br>[`&log`]<br>[`&show-all-intents`]|
249247

250248
The query parameters configure how and what is returned in the query response:
251249

@@ -288,12 +286,12 @@ curl -G \
288286
-d verbose=false \
289287
-d log=true \
290288
--data-urlencode "query=turn the lights on" \
291-
"http://localhost:5000/luis/prediction/v3.0/apps/{APP_ID}/slots/production/predict"
289+
"http://localhost:5000/luis/v3.0/apps/{APP_ID}/slots/production/predict"
292290
```
293291

294292
To make queries to the **Staging** environment, replace `production` in the route with `staging`:
295293

296-
`http://localhost:5000/luis/prediction/v3.0/apps/{APP_ID}/slots/staging/predict`
294+
`http://localhost:5000/luis/v3.0/apps/{APP_ID}/slots/staging/predict`
297295

298296
To query a versioned model, use the following API:
299297

@@ -302,7 +300,7 @@ curl -G \
302300
-d verbose=false \
303301
-d log=false \
304302
--data-urlencode "query=turn the lights on" \
305-
"http://localhost:5000/luis/prediction/v3.0/apps/{APP_ID}/versions/{APP_VERSION}/predict"
303+
"http://localhost:5000/luis/v3.0/apps/{APP_ID}/versions/{APP_VERSION}/predict"
306304
```
307305

308306
# [V2 prediction endpoint](#tab/v2)
@@ -393,4 +391,4 @@ In this article, you learned concepts and workflow for downloading, installing,
393391
[download-published-package]: https://westus.dev.cognitive.microsoft.com/docs/services/5890b47c39e2bb17b84a55ff/operations/apps-packagepublishedapplicationasgzip
394392
[download-versioned-package]: https://westus.dev.cognitive.microsoft.com/docs/services/5890b47c39e2bb17b84a55ff/operations/apps-packagetrainedapplicationasgzip
395393

396-
[unsupported-dependencies]: luis-container-limitations.md#unsupported-dependencies-for-latest-container
394+
[unsupported-dependencies]: luis-container-limitations.md#unsupported-dependencies-for-latest-container

articles/media-services/previous/migrate-azure-media-encoder.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ IMediaProcessor processor = GetLatestMediaProcessorByName("Media Encoder Standar
5454
// In this case " H264 Multiple Bitrate 1080p" preset is used.
5555
ITask task = job.Tasks.AddNew("My encoding task",
5656
processor,
57-
" H264 Multiple Bitrate 1080p",
57+
"H264 Multiple Bitrate 1080p",
5858
TaskOptions.None);
5959
```
6060

articles/service-fabric/service-fabric-cluster-resource-manager-management-integration.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -98,7 +98,7 @@ Let’s talk about each of the different constraints in these health reports. Yo
9898
## Blocklisting Nodes
9999
Another health message the Cluster Resource Manager reports is when nodes are blocklisted. You can think of blocklisting as a temporary constraint that is automatically applied for you. Nodes get blocklisted when they experience repeated failures when launching instances of that service type. Nodes are blocklisted on a per-service-type basis. A node may be blocklisted for one service type but not another.
100100

101-
You'll see blocklisting kick in often during development: some bug causes your service host to crash on startup. Service Fabric tries to create the service host a few times, and the failure keeps occurring. After a few attempts, the node gets blocklisted, and the Cluster Resource Manager will try to create the service elsewhere. If that failure keeps happening on multiple nodes, it's possible that all of the valid nodes in the cluster end up blocked. Blocklisting cna also remove so many nodes that not enough can successfully launch the service to meet the desired scale. You'll typically see additional errors or warnings from the Cluster Resource Manager indicating that the service is below the desired replica or instance count, as well as health messages indicating what the failure is that's leading to the blocklisting in the first place.
101+
You'll see blocklisting kick in often during development: some bug causes your service host to crash on startup. Service Fabric tries to create the service host a few times, and the failure keeps occurring. After a few attempts, the node gets blocklisted, and the Cluster Resource Manager will try to create the service elsewhere. If that failure keeps happening on multiple nodes, it's possible that all of the valid nodes in the cluster end up blocked. Blocklisting can also remove so many nodes that not enough can successfully launch the service to meet the desired scale. You'll typically see additional errors or warnings from the Cluster Resource Manager indicating that the service is below the desired replica or instance count, as well as health messages indicating what the failure is that's leading to the blocklisting in the first place.
102102

103103
Blocklisting is not a permanent condition. After a few minutes, the node is removed from the blocklist and Service Fabric may activate the services on that node again. If services continue to fail, the node is blocklisted for that service type again.
104104

articles/virtual-network/what-is-ip-address-168-63-129-16.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@ IP address 168.63.129.16 is a virtual public IP address that is used to facilita
3232
## Scope of IP address 168.63.129.16
3333

3434
The public IP address 168.63.129.16 is used in all regions and all national clouds. This special public IP address is owned by Microsoft and will not change. It is allowed by the default network security group rule. We recommend that you allow this IP address in any local firewall policies in both inbound and outbound directions. The communication between this special IP address and the resources is safe because only the internal Azure platform can source a message from this IP address. If this address is blocked, unexpected behavior can occur in a variety of scenarios.
35+
The following ports at least must be opened to allow communication with WireServer: 80, 443 and 32526.
3536

3637
[Azure Load Balancer health probes](../load-balancer/load-balancer-custom-probe-overview.md) originates from this IP address. If you block this IP address, your probes will fail.
3738

0 commit comments

Comments
 (0)