Merge pull request #274485 from MicrosoftDocs/main

5/7 11:00 AM IST Publish

Author: Saisang

articles/api-management/configure-graphql-resolver.md

@@ -6,7 +6,7 @@ author: dlepow
 
 ms.service: api-management
 ms.topic: article
-ms.date: 06/08/2023
+ms.date: 05/02/2024
 ms.author: danlep
 ---
 
@@ -29,6 +29,7 @@ Currently, API Management supports resolvers that can access the following data
 * Each resolver resolves data for a single field. To resolve data for multiple fields, configure a separate resolver for each.
 * Resolver-scoped policies are evaluated *after* any `inbound` and `backend` policies in the policy execution pipeline. They don't inherit policies from other scopes. For more information, see [Policies in API Management](api-management-howto-policies.md).
 * You can configure API-scoped policies for a GraphQL API, independent of the resolver-scoped policies. For example, add a [validate-graphql-request](validate-graphql-request-policy.md) policy to the `inbound` scope to validate the request before the resolver is invoked. Configure API-scoped policies on the **API policies** tab for the API.
+* To support interface and union types in GraphQL resolvers, the backend response must either already contain the `__typename` field, or be altered using the [set-body](set-body-policy.md) policy to include `__typename`.
 
 ## Prerequisites
 

articles/api-management/graphql-apis-overview.md

@@ -6,7 +6,7 @@ author: dlepow
 
 ms.service: api-management
 ms.topic: conceptual
-ms.date: 09/18/2023
+ms.date: 05/05/2024
 ms.author: danlep
 ---
 
@@ -41,12 +41,13 @@ The GraphQL specification explicitly solves common issues experienced by client
 
 Using a GraphQL API, the client app can specify the data they need to render a page in a query document that is sent as a single request to a GraphQL service. A client app can also subscribe to data updates pushed from the GraphQL service in real time.
 
-## Schema and operation types
+## Schema and types
 
 In API Management, add a GraphQL API from a GraphQL schema, either retrieved from a backend GraphQL API endpoint or uploaded by you. A GraphQL schema describes:
 
 * Data object types and fields that clients can request from a GraphQL API
 * Operation types allowed on the data, such as queries 
+* Other types, such as unions and interfaces, that provide additional flexibility and control over the data
 
 For example, a basic GraphQL schema for user data and a query for all users might look like:
 
@@ -61,17 +62,23 @@ type User {
 }
 ```
 
-API Management supports the following operation types in GraphQL schemas. For more information about these operation types, see the [GraphQL specification](https://spec.graphql.org/October2021/#sec-Subscription-Operation-Definitions).
+### Operation types
+
+API Management supports the following operation types in GraphQL schemas. For more information about these operation types, see the [GraphQL specification](https://spec.graphql.org/October2021/#sec-Root-Operation-Types).
 
 * **Query** - Fetches data, similar to a `GET` operation in REST
 *  **Mutation** - Modifies server-side data, similar to a `PUT` or `PATCH` operation in REST
 * **Subscription** - Enables notifying subscribed clients in real time about changes to data on the GraphQL service
 
     For example, when data is modified via a GraphQL mutation, subscribed clients could be automatically notified about the change. 
 
-> [!IMPORTANT]
-> API Management supports subscriptions implemented using  the [graphql-ws](https://github.com/enisdenjo/graphql-ws) WebSocket protocol. Queries and mutations aren't supported over WebSocket.
-> 
+    > [!IMPORTANT]
+    > API Management supports subscriptions implemented using  the [graphql-ws](https://github.com/enisdenjo/graphql-ws) WebSocket protocol. Queries and mutations aren't supported over WebSocket.
+    > 
+
+### Other types
+
+API Management supports the [union](https://spec.graphql.org/October2021/#sec-Unions) and [interface](https://spec.graphql.org/October2021/#sec-Interfaces) types in GraphQL schemas.
 
 ## Resolvers
 

articles/api-management/http-data-source-policy.md

@@ -6,7 +6,7 @@ author: dlepow
 
 ms.service: api-management
 ms.topic: article
-ms.date: 03/19/2024
+ms.date: 05/02/2024
 ms.author: danlep
 ---
 
@@ -97,7 +97,6 @@ The `http-data-source` resolver policy configures the HTTP request and optionall
 
 * To configure and manage a resolver with this policy, see [Configure a GraphQL resolver](configure-graphql-resolver.md).
 * This policy is invoked only when resolving a single field in a matching GraphQL operation type in the schema. 
-* This policy supports GraphQL [union types](https://spec.graphql.org/October2021/#sec-Unions).
 
 ## Examples
 

articles/azure-monitor/agents/azure-monitor-agent-migration.md

@@ -118,8 +118,8 @@ When you migrate the following services, which currently use Log Analytics agent
 |	 [Automation Hybrid Runbook Worker overview](../../automation/automation-hybrid-runbook-worker.md)	|	 Automation Hybrid Worker Extension (no dependency on Log Analytics agents or Azure Monitor Agent)	|	GA	|	[Migrate to Extension based Hybrid Workers](../../automation/extension-based-hybrid-runbook-worker-install.md#migrate-an-existing-agent-based-to-extension-based-hybrid-workers)	|
 
 ## Known parity gaps for solutions that may impact your migration
+- ***IIS Logs***: When IIS log collection is enabled, AMA might not populate the `sSiteName` column of the `W3CIISLog` table. This field gets collected by default when IIS log collection is enabled for the legacy agent. If you need to collect the `sSiteName` field using AMA, enable the `Service Name (s-sitename)` field in W3C logging of IIS. For steps to enable this field, see [Select W3C Fields to Log](/iis/manage/provisioning-and-managing-iis/configure-logging-in-iis#select-w3c-fields-to-log).
 - ***Sentinel***: Windows firewall logs are not yet GA
-
 - ***SQL Assessment Solution***: This is now part of SQL best practice assessment. The deployment policies require one Log Analytics Workspace per subscription, which is not the best practice recommended by the AMA team. 
 - ***Microsoft Defender for cloud***: Some features for the new agentless solution are in development. Your migration maybe impacted if you use File Integraty Monitoring (FIM), Endpoint protection discovery recommendations, OS Misconfigurations (Azure Security Benchmark (ASB) recommendations) and Adaptive Application controls.
 - ***Container Insights***: The Windows version is in public preview.

articles/azure-resource-manager/management/service-tags.md

@@ -0,0 +1,40 @@
+---
+title: Use service tag for Azure Resource Manager
+description: Learn how to use the service tag for Azure Resource Manager to create security rules that allow or deny traffic.
+ms.topic: conceptual
+ms.date: 05/07/2024
+---
+
+# Understand how to use Azure Resource Manager service tag
+
+By using the `AzureResourceManager` service tag, you can define network access for the Azure Resource Manager service without specifying individual IP addresses. The service tag is a group of IP address prefixes that you use to minimize the complexity of creating security rules. When you use service tags, Azure automatically updates the IP addresses as they change for the service. However, the service tag isn't a security control mechanism. The service tag is merely a list of IP addresses.
+
+## When to use
+
+You use service tags to define network access controls for:
+
+* Network security groups (NSGs)
+* Azure Firewall rules
+* User-defined routing (UDR)
+
+In addition to these scenarios, use the `AzureResourceManager` service tag to:
+
+* Restrict access to linked templates referenced within an ARM template deployment.
+* Restrict access to a Kubernetes control plane accessed via Bicep extensibility.
+
+## Security considerations
+
+The Azure Resource Manager service tag helps you define network access, but it shouldn't be considered as a replacement for proper network security measures. In particular, the Azure Resource Manager service tag:
+
+* Doesn't provide granular control over individual IP addresses.
+* Shouldn't be relied upon as the sole method for securing a network.
+
+## Monitoring and automation
+
+When monitoring your infrastructure, use the specific IP address prefixes that are associated with a service tag in the Azure networking stack.
+
+For deployment automation and monitoring, make sure that only public IPs from the service's tagged ranges are used on customer-facing portions of the service.
+
+## Next steps
+
+For more information about service tags, see [Virtual network service tags](../../virtual-network/service-tags-overview.md).

articles/azure-resource-manager/management/toc.yml

@@ -26,6 +26,8 @@
       href: tls-support.md
     - name: Security baseline
       href: /security/benchmark/azure/baselines/azure-resource-manager-security-baseline?toc=/azure/azure-resource-manager/management/toc.json
+    - name: Service tag
+      href: service-tags.md
     - name: Security controls by Azure Policy
       displayName: regulatory, compliance, standards, domains
       href: ./security-controls-policy.md

articles/azure-web-pubsub/toc.yml

@@ -31,6 +31,8 @@
       href: tutorial-pub-sub-messages.md
     - name: Build a chat app
       href: tutorial-build-chat.md
+    - name: Develop with Visual Studio Code
+      href: tutorial-develop-with-visual-studio-code.md
     - name: Client streaming with a service-supported subprotocol
       href: tutorial-subprotocol.md
     - name: Authentication and permissions

articles/azure-web-pubsub/tutorial-develop-with-visual-studio-code.md

@@ -0,0 +1,119 @@
+---
+title: 'Visual Studio Code Extension for Azure Web PubSub'
+description: Develop with Visual Studio Code extension
+author: xingsy97
+ms.author: siyuanxing
+ms.service: azure-web-pubsub
+ms.topic: reference
+ms.date: 04/28/2024
+---
+
+# Quickstart: Develop with Visual Studio Code Extension
+Azure Web PubSub helps developer build real-time messaging web applications using WebSockets and the publish-subscribe pattern easily.
+
+In this tutorial, you create a chat application using Azure Web PubSub with the help of Visual Studio Code.
+
+## Prerequisites
+
+- An Azure account with an active subscription is required. If you don't already have one, you can [create an account for free](https://azure.microsoft.com/free).
+- Visual Studio Code, available as a [free download](https://code.visualstudio.com/).
+- The following Visual Studio Code extensions installed:
+    - The [Azure Account extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.azure-account)
+    - The [Azure Web PubSub extension](https://marketplace.visualstudio.com/items?itemName=ms-azuretools.vscode-azurewebpubsub)
+
+## Clone the project
+
+1. Open a new Visual Studio Code window.
+
+1. Press <kbd>F1</kbd> to open the command palette.
+
+1. Enter **Git: Clone** and press enter.
+
+1. Enter the following URL to clone the sample project:
+
+    ```git
+    https://github.com/Azure/azure-webpubsub.git
+    ```
+
+    > [!NOTE]
+    > This tutorial uses a JavaScript project, but the steps are language agnostic.
+
+1. Select a folder to clone the project into.
+
+1. Select **Open -> Open Folder** to `azure-webpubsub/samples/javascript/chatapp/nativeapi` in Visual Studio Code.
+
+## Sign in to Azure
+
+1. Press <kbd>F1</kbd> to open the command palette.
+
+1. Select **Azure: Sign In** and follow the prompts to authenticate.
+
+1. Once signed in, return to Visual Studio Code.
+
+## Create an Azure Web PubSub Service
+
+The Azure Web PubSub extension for Visual Studio Code enables users to quickly create, manage, and utilize Azure Web PubSub Service and its developer tools such as [Azure Web PubSub Local Tunnel Tool](https://www.npmjs.com/package/@azure/web-pubsub-tunnel-tool).
+In this scenario, you create a new Azure Web PubSub Service resource and configure it to host your application. After installing the Web PubSub extension, you can access its features under the Azure control panel in Visual Studio Code.
+
+1. Press <kbd>F1</kbd> to open the command palette and run the **Azure Web PubSub: Create Web PubSub Service** command.
+
+1. Enter the following values as prompted by the extension.
+
+    | Prompt | Value |
+    |--|--|
+    | Select subscription | Select the Azure subscription you want to use. |
+    | Select resource group | Select the Azure resource group you want to use. |
+    | Enter a name for the service | Enter `my-wps`. |
+    | Select a location | Select an Azure region close to you. |
+    | Select a pricing tier | Select a pricing tier you want to use. |
+    | Select a unit count | Select a unit count you want to use.|
+
+    The Azure activity log panel opens and displays the deployment progress. This process might take a few minutes to complete.
+
+1. Once this process finishes, Visual Studio Code displays a notification. 
+
+## Create a hub setting
+1. Open **Azure** icon in the Activity Bar in the left side of Visual Studio Code. 
+
+    > [!NOTE]
+    > If your activity bar is hidden, you won't be able to access the extension. Show the Activity Bar by clicking **View > Appearance > Show Activity Bar**
+
+1. In the resource tree, find the Azure Web PubSub resource `my-wps` you created and click it to expand
+
+1. Right click the item **Hub Settings** and then select **Create Hub Setting**
+
+1. Input `sample_chat` as the hub name and create the hub setting. It doesn't matter whether to create extra event handlers or not. Wait for the progress notification shown as finished
+
+1. Below the item **Hub Settings**, a new subitem *Hub sample_chat* shall appear. Right click on the new item and then choose "Attach Local Tunnel"
+
+1. A notification reminds you to create a tunnel-enabled event handler pops up. Click **Yes** button. Then enter the following values as prompted by the extension
+
+    | Prompt | Value |
+    |--|--|
+    | Select User Events | Select **All** |
+    | Select System Events | Select **connected** |
+    | Input Server Port | Enter **8080** |
+
+1. The extension creates a new terminal to run the Local Tunnel Tool and a notification reminds you to open Local Tunnel Portal shows up. Click the button "Yes" or open "http://localhost:4000" in web browser manually to view the portal.
+
+## Run the server application
+1. Ensure working directory is `azure-webpubsub/samples/javascript/chatapp/nativeapi`
+
+1. Install Node.js dependencies
+
+    ```bash
+    npm install
+    ```
+
+1. Open **Azure** icon in the Activity Bar and find the Azure Web PubSub resource `my-wps`. Then right click on the resource item and select **Copy Connection String**. The connection string is copied to your clipboard
+
+1. Run the server application with copied connection string
+
+    ```bash
+    node server.js "<connection-string>"
+    ```
+
+1. Open `http://localhost:8080/index.html` in browser to try your chat application. 
+
+> [!TIP]
+> Having issues? Let us know on GitHub by opening an issue in the [Azure Web PubSub repo](https://github.com/azure/azure-webpubsub/).

articles/communication-services/concepts/call-automation/call-recording/bring-your-own-storage.md

@@ -13,9 +13,6 @@ ms.service: azure-communication-services
 
 # Bring your own Azure storage overview
 
-[!INCLUDE [Private Preview Disclaimer](../../../../communication-services/includes/private-preview-include-section.md)]
-
-
 Bring Your Own Azure Storage for Call Recording allows you to specify an Azure blob storage account for storing call recording files. Bring your own Azure storage enables businesses to store their data in a way that meets their compliance requirements and business needs. For example, end-users could customize their own rules and access to the data, enabling them to store or delete content whenever they need it. Bring your own Azure Storage provides a simple and straightforward solution that eliminates the need for developers to invest time and resources in downloading and exporting files.
 
 The same Azure Communication Services Call Recording APIs are used to export recordings to your Azure Blob Storage Container. While starting recording for a call, specify the container path where the recording needs to be exported. Upon recording completion, Azure Communication Services automatically fetches and uploads your recording to your storage.
@@ -29,8 +26,8 @@ Bring your own Azure storage uses [Azure Managed Identities](/entra/identity/man
 
 ## Known issues
 
-- Azure Communication Services will also store your files in a built-in storage for 48 hours even if the exporting is successful.
-- Randomly, recording files are duplicated during the exporting process. Make sure you delete the duplicated file to avoid extra storage costs in your storage account.
+- Azure Communication Services will also store your files in a built-in storage for 24 hours even if the exporting is successful.
+- For Pause on Start Recording the meta data file would have an incorrect pause duration in relation to the recording file.
 
 
 ## Next steps

articles/communication-services/concepts/voice-video-calling/call-recording.md

@@ -25,7 +25,7 @@ For example, you can record 1:1 or 1:N audio and video calls:
 ![Diagram showing a call that it's being recorded.](../media/call-recording-client.png)
 
 But also, you can use Call Recording to record complex PSTN or VoIP inbound and outbound calling workflows managed by [Call Automation](../call-automation/call-automation.md).
-Regardless of how you established the call, Call Recording allows you to produce mixed or unmixed media files that are stored for 48 hours on a built-in temporary storage. You can retrieve the files and take them to the long-term storage solution of your choice. Call Recording supports all Azure Communication Services data regions.
+Regardless of how you established the call, Call Recording allows you to produce mixed or unmixed media files that are stored for 24 hours on a built-in temporary storage. You can retrieve the files , move it your own Azure Blob Store [Bring Your Own Storage](../../quickstarts\call-automation\call-recording\bring-your-own-storage.md) or a storage solution of your choice. Call Recording supports all Azure Communication Services data regions.
 
 
 ![Diagram showing call recording architecture.](../media/call-recording-with-call-automation.png)
@@ -70,7 +70,7 @@ A `recordingId` is returned when recording is started, which is then used for fo
 Call Recording use [Azure Event Grid](../../../event-grid/event-schema-communication-services.md) to provide you with notifications related to media and metadata.
 
 > [!NOTE]
-> Azure Communication Services provides short term media storage for recordings. **Recordings will be available to download for 48 hours.** After 48 hours, recordings will no longer be available.
+> Azure Communication Services provides short term media storage for recordings. **Recordings will be available to download for 24 hours.** After 24 hours, recordings will no longer be available.
 
 
 An Event Grid notification `Microsoft.Communication.RecordingFileStatusUpdated` is published when a recording is ready for retrieval, typically a few minutes after the recording process has completed (for example, meeting ended, recording stopped). Recording event notifications include `contentLocation` and `metadataLocation`, which are used to retrieve both recorded media and a recording metadata file.