Merge pull request #272448 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: Taojunshen

articles/ai-studio/tutorials/deploy-copilot-sdk.md

@@ -548,7 +548,7 @@ You can see that the `chat_completion` function does the following:
 
 Now, you improve the prompt used in the chat function and later evaluate how well the quality of the copilot responses improved.
 
-You use the following evaluation dataset, which contains a bunch of example questions and answers. The evaluation dataset is located at `src/copilot_aisdk/system-message.jinja2` in the copilot sample repository.
+You use the following evaluation dataset, which contains a bunch of example questions and answers. The evaluation dataset is located at `src/tests/evaluation_dataset.jsonl` in the copilot sample repository.
 
 ```jsonl
 {"question": "Which tent is the most waterproof?", "truth": "The Alpine Explorer Tent has the highest rainfly waterproof rating at 3000m"}

articles/app-service/overview-managed-identity.md

@@ -437,9 +437,9 @@ The **IDENTITY_ENDPOINT** is a local URL from which your app can request tokens.
 > | resource          | Query  | The Microsoft Entra resource URI of the resource for which a token should be obtained. This could be one of the [Azure services that support Microsoft Entra authentication](../active-directory/managed-identities-azure-resources/services-support-managed-identities.md#azure-services-that-support-azure-ad-authentication) or any other resource URI.    |
 > | api-version       | Query  | The version of the token API to be used. Use `2019-08-01`.                                                                                                                                                                                                                                                                 |
 > | X-IDENTITY-HEADER | Header | The value of the IDENTITY_HEADER environment variable. This header is used to help mitigate server-side request forgery (SSRF) attacks.                                                                                                                                                                                                    |
-> | client_id         | Query  | (Optional) The client ID of the user-assigned identity to be used. Cannot be used on a request that includes `principal_id`, `msi_res_id`, or `object_id`. If all ID parameters  (`client_id`, `principal_id`, `object_id`, and `msi_res_id`) are omitted, the system-assigned identity is used.                                             |
-> | principal_id      | Query  | (Optional) The principal ID of the user-assigned identity to be used. `object_id` is an alias that may be used instead. Cannot be used on a request that includes client_id, msi_res_id, or object_id. If all ID parameters (`client_id`, `principal_id`, `object_id`, and `msi_res_id`)  are omitted, the system-assigned identity is used. |
-> | msi_res_id         | Query  | (Optional) The Azure resource ID of the user-assigned identity to be used. Cannot be used on a request that includes `principal_id`, `client_id`, or `object_id`. If all ID parameters (`client_id`, `principal_id`, `object_id`, and `msi_res_id`) are omitted, the system-assigned identity is used.                                      |
+> | client_id         | Query  | (Optional) The client ID of the user-assigned identity to be used. Cannot be used on a request that includes `principal_id`, `mi_res_id`, or `object_id`. If all ID parameters  (`client_id`, `principal_id`, `object_id`, and `mi_res_id`) are omitted, the system-assigned identity is used.                                             |
+> | principal_id      | Query  | (Optional) The principal ID of the user-assigned identity to be used. `object_id` is an alias that may be used instead. Cannot be used on a request that includes client_id, mi_res_id, or object_id. If all ID parameters (`client_id`, `principal_id`, `object_id`, and `mi_res_id`)  are omitted, the system-assigned identity is used. |
+> | mi_res_id         | Query  | (Optional) The Azure resource ID of the user-assigned identity to be used. Cannot be used on a request that includes `principal_id`, `client_id`, or `object_id`. If all ID parameters (`client_id`, `principal_id`, `object_id`, and `mi_res_id`) are omitted, the system-assigned identity is used.                                      |
 
 > [!IMPORTANT]
 > If you are attempting to obtain tokens for user-assigned identities, you must include one of the optional properties. Otherwise the token service will attempt to obtain a token for a system-assigned identity, which may or may not exist.

articles/app-service/tutorial-auth-aad.md

@@ -249,7 +249,27 @@ Your apps are now configured. The frontend is now ready to access the backend wi
 
 For information on how to configure the access token for other providers, see [Refresh identity provider tokens](configure-authentication-oauth-tokens.md#refresh-auth-tokens).
 
-## 6. Frontend calls the authenticated backend
+## 6. Configure backend App Service to accept a token only from the frontend App Service
+
+You should also configure the backend App Service to only accept a token from the frontend App Service. Not doing this may result in a "403: Forbidden error" when you pass the token from the frontend to the backend.
+
+You can set this via the same Azure CLI process you used in the previous step.
+
+1. Get the `appId` of the frontend App Service (you can get this on the "Authentication" blade of the frontend App Service).
+
+1. Run the following Azure CLI, substituting the `<back-end-app-name>` and `<front-end-app-id>`.
+
+```azurecli-interactive
+authSettings=$(az webapp auth show -g myAuthResourceGroup -n <back-end-app-name>)
+authSettings=$(echo "$authSettings" | jq '.properties' | jq '.identityProviders.azureActiveDirectory.validation.defaultAuthorizationPolicy.allowedApplications += ["<front-end-app-id>"]')
+az webapp auth set --resource-group myAuthResourceGroup --name <back-end-app-name> --body "$authSettings"
+
+authSettings=$(az webapp auth show -g myAuthResourceGroup  -n <back-end-app-name>)
+authSettings=$(echo "$authSettings" | jq '.properties' | jq '.identityProviders.azureActiveDirectory.validation.jwtClaimChecks += { "allowedClientApplications": ["<front-end-app-id>"]}')
+az webapp auth set --resource-group myAuthResourceGroup --name <back-end-app-name> --body "$authSettings"
+```
+
+## 7. Frontend calls the authenticated backend
 
 The frontend app needs to pass the user's authentication with the correct `user_impersonation` scope to the backend. The following steps review the code provided in the sample for this functionality. 
 

articles/azure-vmware/tutorial-network-checklist.md

@@ -95,7 +95,7 @@ The subnets:
 | Interconnect (HCX-IX)| L2C | TCP (HTTPS) | 443 | Send management instructions from Interconnect to L2C when L2C uses the same path as the Interconnect. |
 | HCX Manager, Interconnect (HCX-IX) | ESXi Hosts | TCP | 80,443,902 | Management and OVF deployment. |
 | Interconnect (HCX-IX), Network Extension (HCX-NE) at Source| Interconnect (HCX-IX), Network Extension (HCX-NE) at Destination| UDP | 4500 | Required for IPSEC<br>   Internet key exchange (IKEv2) to encapsulate workloads for the bidirectional tunnel. Supports Network Address Translation-Traversal (NAT-T). |
-| On-premises Interconnect (HCX-IX) | Cloud Interconnect (HCX-IX) | UDP | 500 | Required for IPSEC<br> Internet Key Exchange (ISAKMP) for the bidirectional tunnel. |
+| On-premises Interconnect (HCX-IX) | Cloud Interconnect (HCX-IX) | UDP | 4500 | Required for IPSEC<br> Internet Key Exchange (ISAKMP) for the bidirectional tunnel. |
 | On-premises vCenter Server network | Private Cloud management network | TCP | 8000 |  vMotion of VMs from on-premises vCenter Server to Private Cloud vCenter Server   |
 | HCX Connector | connect.hcx.vmware.com<br> hybridity.depot.vmware.com | TCP | 443 | `connect` is needed to validate license key.<br> `hybridity` is needed for updates. |
 

articles/communication-services/quickstarts/ui-library/includes/get-started-call/ios.md

@@ -44,11 +44,11 @@ In Xcode, create a new project:
 1. Add the following code to your Podfile. Replace `UILibraryQuickStart` with your project name.
 
     ```ruby
-    platform :ios, '14.0'
+    platform :ios, '15.0'
 
     target 'UILibraryQuickStart' do
         use_frameworks!
-        pod 'AzureCommunicationUICalling', '1.6.0'
+        pod 'AzureCommunicationUICalling'
     end
     ```
 

articles/load-testing/how-to-create-load-test-app-service.md

@@ -19,9 +19,7 @@ With the integrated load testing experience in Azure App Service, you can:
 - Create a [URL-based load test](./quickstart-create-and-run-load-test.md) for the app service endpoint or a deployment slot
 - View the test runs associated with the app service
 - Create a load testing resource
-
-> [!IMPORTANT]
-> This feature is currently supported through Microsoft Developer Community. If you are facing any issues, please report it [here](https://developercommunity.microsoft.com/loadtesting/report).
+  
 
 ## Prerequisites
 

articles/machine-learning/component-reference/convert-to-indicator-values.md

@@ -17,6 +17,8 @@ This article describes a component of Azure Machine Learning designer.
 
 Use the **Convert to Indicator Values** component in Azure Machine Learning designer to convert columns that contain categorical values into a series of binary indicator columns.  
 
+The **Convert to Indicator Values** operation enables the conversion of categorical data into indicator values represented by binary or multiple values. This process is one of the data preprocessing steps often used for classification models.
+
 This component also outputs a definition of the transformation used to convert to indicator values. You can reuse this transformation on other datasets that have the same schema, by using the [Apply Transformation](apply-transformation.md) component.
 
 ## How to configure Convert to Indicator Values

includes/azure-monitor-limits-diagnostic-settings.md

@@ -9,6 +9,6 @@ ms.author: robb
 ms.custom: "include file"
 ---
 
-| Limit | Value |
-|:---|:---|
-| Maximum number of diagnostic settings per resource | 5 |
+| Resource | Default Limit | Maximum Limit |
+|:---|:---|:---|
+| Maximum number of diagnostic settings per resource | 5 | Same as default. |