Skip to content

Commit 2f53fa9

Browse files
committed
Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)
2 parents d4451cd + 59d8617 commit 2f53fa9

File tree

190 files changed

+2157
-856
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

190 files changed

+2157
-856
lines changed

.openpublishing.redirection.json

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -3997,7 +3997,12 @@
39973997
},
39983998
{
39993999
"source_path": "articles/resource-manager-api-authentication.md",
4000-
"redirect_url": "/azure/azure-resource-manager/resource-manager-api-authentication",
4000+
"redirect_url": "/azure/active-directory/develop/authentication-flows-app-scenarios",
4001+
"redirect_document_id": false
4002+
},
4003+
{
4004+
"source_path": "articles/azure-resource-manager/resource-manager-api-authentication.md",
4005+
"redirect_url": "/azure/active-directory/develop/authentication-flows-app-scenarios",
40014006
"redirect_document_id": false
40024007
},
40034008
{
@@ -33301,11 +33306,6 @@
3330133306
"redirect_url": "/azure/cognitive-services/LUIS/luis-language-support",
3330233307
"redirect_document_id": true
3330333308
},
33304-
{
33305-
"source_path": "articles/virtual-machines/extensions/key-vault-windows.md",
33306-
"redirect_url": "/azure/key-vault/key-vault-overview",
33307-
"redirect_document_id": true
33308-
},
3330933309
{
3331033310
"source_path": "articles/virtual-machines/windows/mount-azure-file-storage.md",
3331133311
"redirect_url": "/azure/storage/files/storage-files-quick-create-use-windows",

articles/active-directory-b2c/active-directory-b2c-reference-manage-sso-and-token-configuration.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -98,5 +98,5 @@ To change your session behavior and SSO configurations, you add a **UserJourneyB
9898
The following values are configured in the previous example:
9999

100100
- **Single sign on (SSO)** - Single sign-on is configured with the **SingleSignOn**. The applicable values are `Tenant`, `Application`, `Policy`, and `Suppressed`.
101-
- **Web app session lifetime (minutes)** - The web app session lifetime is set with the **SessionExpiryInSeconds** element. The default value is 86400 seconds (1440 minutes).
102101
- **Web app session time-out** - The web app session timeout is set with the **SessionExpiryType** element. The applicable values are `Absolute` and `Rolling`.
102+
- **Web app session lifetime** - The web app session lifetime is set with the **SessionExpiryInSeconds** element. The default value is 86400 seconds (1440 minutes).

articles/active-directory/develop/howto-authenticate-service-principal-powershell.md

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ ms.devlang: na
1414
ms.topic: conceptual
1515
ms.tgt_pltfrm: multiple
1616
ms.workload: na
17-
ms.date: 08/19/2019
17+
ms.date: 10/10/2019
1818
ms.author: ryanwi
1919
ms.reviewer: tomfitz
2020
ms.collection: M365-identity-device-management
@@ -42,9 +42,14 @@ To complete this article, you must have sufficient permissions in both your Azur
4242

4343
The easiest way to check whether your account has adequate permissions is through the portal. See [Check required permission](howto-create-service-principal-portal.md#required-permissions).
4444

45+
## Assign the application to a role
46+
To access resources in your subscription, you must assign the application to a role. Decide which role offers the right permissions for the application. To learn about the available roles, see [RBAC: Built in Roles](/azure/role-based-access-control/built-in-roles).
47+
48+
You can set the scope at the level of the subscription, resource group, or resource. Permissions are inherited to lower levels of scope. For example, adding an application to the *Reader* role for a resource group means it can read the resource group and any resources it contains. To allow the application to execute actions like reboot, start and stop instances, select the *Contributor* role.
49+
4550
## Create service principal with self-signed certificate
4651

47-
The following example covers a simple scenario. It uses [New-​AzAD​Service​Principal](/powershell/module/az.resources/new-azadserviceprincipal) to create a service principal with a self-signed certificate, and uses [New-​Azure​Rm​Role​Assignment](/powershell/module/az.resources/new-azroleassignment) to assign the [Contributor](../../role-based-access-control/built-in-roles.md#contributor) role to the service principal. The role assignment is scoped to your currently selected Azure subscription. To select a different subscription, use [Set-AzContext](/powershell/module/Az.Accounts/Set-AzContext).
52+
The following example covers a simple scenario. It uses [New-​AzAD​Service​Principal](/powershell/module/az.resources/new-azadserviceprincipal) to create a service principal with a self-signed certificate, and uses [New-​Azure​Rm​Role​Assignment](/powershell/module/az.resources/new-azroleassignment) to assign the [Reader](/azure/role-based-access-control/built-in-roles#reader) role to the service principal. The role assignment is scoped to your currently selected Azure subscription. To select a different subscription, use [Set-AzContext](/powershell/module/Az.Accounts/Set-AzContext).
4853

4954
> [!NOTE]
5055
> The New-SelfSignedCertificate cmdlet and the PKI module are currently not supported in PowerShell Core.
@@ -60,7 +65,7 @@ $sp = New-AzADServicePrincipal -DisplayName exampleapp `
6065
-EndDate $cert.NotAfter `
6166
-StartDate $cert.NotBefore
6267
Sleep 20
63-
New-AzRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $sp.ApplicationId
68+
New-AzRoleAssignment -RoleDefinitionName Reader -ServicePrincipalName $sp.ApplicationId
6469
```
6570

6671
The example sleeps for 20 seconds to allow some time for the new service principal to propagate throughout Azure AD. If your script doesn't wait long enough, you'll see an error stating: "Principal {ID} does not exist in the directory {DIR-ID}." To resolve this error, wait a moment then run the **New-AzRoleAssignment** command again.
@@ -101,7 +106,7 @@ $ApplicationId = (Get-AzADApplication -DisplayNameStartWith exampleapp).Applicat
101106

102107
## Create service principal with certificate from Certificate Authority
103108

104-
The following example uses a certificate issued from a Certificate Authority to create service principal. The assignment is scoped to the specified Azure subscription. It adds the service principal to the [Contributor](../../role-based-access-control/built-in-roles.md#contributor) role. If an error occurs during the role assignment, it retries the assignment.
109+
The following example uses a certificate issued from a Certificate Authority to create service principal. The assignment is scoped to the specified Azure subscription. It adds the service principal to the [Reader](../../role-based-access-control/built-in-roles.md#reader) role. If an error occurs during the role assignment, it retries the assignment.
105110

106111
```powershell
107112
Param (
@@ -137,7 +142,7 @@ Param (
137142
{
138143
# Sleep here for a few seconds to allow the service principal application to become active (should only take a couple of seconds normally)
139144
Sleep 15
140-
New-AzRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $ServicePrincipal.ApplicationId | Write-Verbose -ErrorAction SilentlyContinue
145+
New-AzRoleAssignment -RoleDefinitionName Reader -ServicePrincipalName $ServicePrincipal.ApplicationId | Write-Verbose -ErrorAction SilentlyContinue
141146
$NewRole = Get-AzRoleAssignment -ObjectId $ServicePrincipal.Id -ErrorAction SilentlyContinue
142147
$Retries++;
143148
}
@@ -218,6 +223,5 @@ You may get the following errors when creating a service principal:
218223
## Next steps
219224

220225
* To set up a service principal with password, see [Create an Azure service principal with Azure PowerShell](/powershell/azure/create-azure-service-principal-azureps).
221-
* For detailed steps on integrating an application into Azure for managing resources, see [Developer's guide to authorization with the Azure Resource Manager API](../../azure-resource-manager/resource-manager-api-authentication.md).
222226
* For a more detailed explanation of applications and service principals, see [Application Objects and Service Principal Objects](app-objects-and-service-principals.md).
223227
* For more information about Azure AD authentication, see [Authentication Scenarios for Azure AD](authentication-scenarios.md).

articles/active-directory/develop/howto-create-service-principal-portal.md

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -146,6 +146,5 @@ To check your subscription permissions:
146146

147147
## Next steps
148148

149-
* To set up a multi-tenant application, see [Developer's guide to authorization with the Azure Resource Manager API](../../azure-resource-manager/resource-manager-api-authentication.md).
150149
* To learn about specifying security policies, see [Azure Role-based Access Control](../../role-based-access-control/role-assignments-portal.md).
151150
* For a list of available actions that can be granted or denied to users, see [Azure Resource Manager Resource Provider operations](../../role-based-access-control/resource-provider-operations.md).

articles/analysis-services/TOC.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -66,6 +66,8 @@
6666
href: analysis-services-addservprinc-admins.md
6767
- name: Model
6868
items:
69+
- name: Tabular modeling
70+
href: https://docs.microsoft.com/analysis-services/tabular-models/tabular-models-ssas
6971
- name: Deploy from Visual Studio (SSDT)
7072
href: analysis-services-deploy.md
7173
- name: Refresh with REST API

articles/analysis-services/analysis-services-addservprinc-admins.md

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,6 @@
22
title: Add a service principal to Azure Analysis Services server admin role | Microsoft Docs
33
description: Learn how to add an automation service principal to the server admin role
44
author: minewiskan
5-
manager: kfile
65
ms.service: azure-analysis-services
76
ms.topic: conceptual
87
ms.date: 07/29/2019

articles/analysis-services/analysis-services-async-refresh.md

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,6 @@
22
title: Asynchronous refresh for Azure Analysis Services models | Microsoft Docs
33
description: Learn how to code asynchronous refresh by using REST API.
44
author: minewiskan
5-
manager: kfile
65
ms.service: azure-analysis-services
76
ms.topic: conceptual
87
ms.date: 05/09/2019

articles/analysis-services/analysis-services-backup.md

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,6 @@
22
title: Azure Analysis Services database backup and restore | Microsoft Docs
33
description: Describes how to backup and restore an Azure Analysis Services database.
44
author: minewiskan
5-
manager: kfile
65
ms.service: azure-analysis-services
76
ms.topic: conceptual
87
ms.date: 07/29/2019

articles/analysis-services/analysis-services-bcdr.md

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,6 @@
22
title: Azure Analysis Services high availability | Microsoft Docs
33
description: Assuring Azure Analysis Services high availability.
44
author: minewiskan
5-
manager: kfile
65
ms.service: azure-analysis-services
76
ms.topic: conceptual
87
ms.date: 07/29/2019

articles/analysis-services/analysis-services-capacity-limits.md

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,6 @@
22
title: Azure Analysis Services resource and object limits | Microsoft Docs
33
description: Describes Azure Analysis Services resource and object limits.
44
author: minewiskan
5-
manager: kfile
65
ms.service: azure-analysis-services
76
ms.topic: conceptual
87
ms.date: 08/23/2019

0 commit comments

Comments
 (0)