Merge pull request #205731 from spelluru/relayrbacga0722

Relay RBAC GA

Author: v-regandowner

articles/azure-relay/TOC.yml

@@ -40,9 +40,9 @@
         href: relay-authentication-and-authorization.md      
       - name: Use Azure Active Directory 
         items:
-        - name: Authenticate with managed identities (Preview)
+        - name: Authenticate with managed identities
           href: authenticate-managed-identity.md 
-        - name: Authenticate from an application (Preview)
+        - name: Authenticate from an application
           href: authenticate-application.md
     - name: Network security
       href: network-security.md      

articles/azure-relay/authenticate-application.md

@@ -1,13 +1,16 @@
 ---
-title: Authenticate from an application - Azure Relay (Preview)
+title: Authenticate from an application - Azure Relay 
 description: This article provides information about authenticating an application with Azure Active Directory to access Azure Relay resources. 
 ms.topic: article
-ms.date: 06/21/2022
+ms.date: 07/22/2022
 ---
 
-# Authenticate and authorize an application with Azure Active Directory to access Azure Relay entities (Preview)
+# Authenticate and authorize an application with Azure Active Directory to access Azure Relay entities 
 Azure Relay supports using Azure Active Directory (Azure AD) to authorize requests to Azure Relay entities (Hybrid Connections, WCF Relays). With Azure AD, you can use Azure role-based access control (Azure RBAC) to grant permissions to a security principal, which may be a user, group, or application service principal. To learn more about roles and role assignments, see [Understanding the different roles](../role-based-access-control/overview.md).   
 
+> [!NOTE]
+> This feature is generally available in all regions except Microsoft Azure operated by 21Vianet (Azure China).
+
 
 [!INCLUDE [relay-roles](./includes/relay-roles.md)]
 
@@ -92,6 +95,12 @@ Here's the code from the sample that shows how to use Azure AD authentication to
     var sender = new HybridConnectionClient(hybridConnectionUri, tokenProvider);    
     ```
 
+## Samples
+
+- Hybrid Connections: [.NET](https://github.com/Azure/azure-relay/tree/master/samples/hybrid-connections/dotnet/rolebasedaccesscontrol), [Java](https://github.com/Azure/azure-relay/tree/master/samples/hybrid-connections/java/role-based-access-control), [JavaScript](https://github.com/Azure/azure-relay/tree/master/samples/hybrid-connections/node/rolebasedaccesscontrol)
+- WCF Relay: [.NET](https://github.com/Azure/azure-relay/tree/master/samples/wcf-relay/RoleBasedAccessControl)
+
+ 
 ## Next steps
 - To learn more about Azure RBAC, see [What is Azure role-based access control (Azure RBAC)](../role-based-access-control/overview.md)?
 - To learn how to assign and manage Azure role assignments with Azure PowerShell, Azure CLI, or the REST API, see these articles:

articles/azure-relay/authenticate-managed-identity.md

@@ -1,15 +1,18 @@
 ---
-title: Authenticate with managed identities for Azure Relay resources (preview)
+title: Authenticate with managed identities for Azure Relay resources 
 description: This article describes how to use managed identities to access with Azure Relay resources.
 ms.topic: article
-ms.date: 06/21/2022
+ms.date: 07/22/2022
 ---
 
-# Authenticate a managed identity with Azure Active Directory to access Azure Relay resources (preview)
+# Authenticate a managed identity with Azure Active Directory to access Azure Relay resources 
 [Managed identities for Azure resources](../active-directory/managed-identities-azure-resources/overview.md) is a cross-Azure feature that enables you to create a secure identity associated with the deployment under which your application code runs. You can then associate that identity with access-control roles that grant custom permissions for accessing specific Azure resources that your application needs.
 
 With managed identities, the Azure platform manages this runtime identity. You don't need to store and protect access keys in your application code or configuration, either for the identity itself, or for the resources you need to access. A Relay client app running inside an Azure App Service application or in a virtual machine with enabled managed entities for Azure resources support doesn't need to handle SAS rules and keys, or any other access tokens. The client app only needs the endpoint address of the Relay namespace. When the app connects, Relay binds the managed entity's context to the client in an operation that is shown in an example later in this article. Once it's associated with a managed identity, your Relay client can do all authorized operations. Authorization is granted by associating a managed entity with Relay roles.
 
+> [!NOTE]
+> This feature is generally available in all regions except Microsoft Azure operated by 21Vianet (Azure China). 
+
 [!INCLUDE [relay-roles](./includes/relay-roles.md)]
 
 ## Enable managed identity
@@ -61,6 +64,11 @@ Here's the code from the sample that shows how to use Azure AD authentication to
     var sender = new HybridConnectionClient(hybridConnectionUri, tokenProvider);    
     ```
 
+## Samples
+
+- Hybrid Connections: [.NET](https://github.com/Azure/azure-relay/tree/master/samples/hybrid-connections/dotnet/rolebasedaccesscontrol), [Java](https://github.com/Azure/azure-relay/tree/master/samples/hybrid-connections/java/role-based-access-control), [JavaScript](https://github.com/Azure/azure-relay/tree/master/samples/hybrid-connections/node/rolebasedaccesscontrol)
+- WCF Relay: [.NET](https://github.com/Azure/azure-relay/tree/master/samples/wcf-relay/RoleBasedAccessControl)
+
 ## Next steps
 To learn more about Azure Relay, see the following topics.
 - [What is Relay?](relay-what-is-it.md)

articles/azure-relay/relay-authentication-and-authorization.md

@@ -2,13 +2,13 @@
 title: Azure Relay authentication and authorization | Microsoft Docs
 description: This article provides an overview of Shared Access Signature (SAS) authentication with the Azure Relay service.
 ms.topic: article
-ms.date: 06/21/2022
+ms.date: 07/22/2022
 ---
 
 # Azure Relay authentication and authorization
 There are two ways to authenticate and authorize access to Azure Relay resources: Azure Active Directory (Azure AD) and Shared Access Signatures (SAS). This article gives you details on using these two types of security mechanisms.
 
-## Azure Active Directory (Preview)
+## Azure Active Directory 
 Azure AD integration for Azure Relay resources provides Azure role-based access control (Azure RBAC) for fine-grained control over a client’s access to resources. You can use Azure RBAC to grant permissions to a security principal, which may be a user, a group, or an application service principal. The security principal is authenticated by Azure AD to return an OAuth 2.0 token. The token can be used to authorize a request to access an Azure Relay resource.
 
 For more information about authenticating with Azure AD, see the following articles:
@@ -50,6 +50,11 @@ To access an entity, the client requires a SAS token generated using a specific
 
 SAS authentication support for Azure Relay is included in the Azure .NET SDK versions 2.0 and later. SAS includes support for a [SharedAccessAuthorizationRule](/dotnet/api/microsoft.servicebus.messaging.sharedaccessauthorizationrule). All APIs that accept a connection string as a parameter include support for SAS connection strings.
 
+## Samples
+
+- Hybrid Connections: [.NET](https://github.com/Azure/azure-relay/tree/master/samples/hybrid-connections/dotnet/rolebasedaccesscontrol), [Java](https://github.com/Azure/azure-relay/tree/master/samples/hybrid-connections/java/role-based-access-control), [JavaScript](https://github.com/Azure/azure-relay/tree/master/samples/hybrid-connections/node/rolebasedaccesscontrol)
+- WCF Relay: [.NET](https://github.com/Azure/azure-relay/tree/master/samples/wcf-relay/RoleBasedAccessControl)
+
 ## Next steps
 
 - Continue reading [Service Bus authentication with Shared Access Signatures](../service-bus-messaging/service-bus-sas.md) for more details about SAS.