MicrosoftDocs
diff --git a/‎articles/azure-arc/servers/manage-vm-extensions-cli.md
Lines changed: 1 addition & 1 deletion b/‎articles/azure-arc/servers/manage-vm-extensions-cli.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/azure-web-pubsub/howto-generate-client-access-url.md
Lines changed: 91 additions & 4 deletions b/‎articles/azure-web-pubsub/howto-generate-client-access-url.md
Lines changed: 91 additions & 4 deletions
diff --git a/‎articles/backup/back-up-azure-stack-hyperconverged-infrastructure-virtual-machines.md
Lines changed: 2 additions & 2 deletions b/‎articles/backup/back-up-azure-stack-hyperconverged-infrastructure-virtual-machines.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/backup/back-up-file-data.md
Lines changed: 2 additions & 2 deletions b/‎articles/backup/back-up-file-data.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/backup/backup-azure-linux-database-consistent-enhanced-pre-post.md
Lines changed: 10 additions & 10 deletions b/‎articles/backup/backup-azure-linux-database-consistent-enhanced-pre-post.md
Lines changed: 10 additions & 10 deletions
diff --git a/‎articles/backup/backup-azure-manage-vms.md
Lines changed: 2 additions & 2 deletions b/‎articles/backup/backup-azure-manage-vms.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/backup/backup-azure-manage-windows-server.md
Lines changed: 2 additions & 2 deletions b/‎articles/backup/backup-azure-manage-windows-server.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/backup/backup-azure-monitoring-built-in-monitor.md
Lines changed: 2 additions & 2 deletions b/‎articles/backup/backup-azure-monitoring-built-in-monitor.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/backup/backup-azure-monitoring-use-azuremonitor.md
Lines changed: 2 additions & 2 deletions b/‎articles/backup/backup-azure-monitoring-use-azuremonitor.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/backup/backup-azure-mysql-flexible-server-support-matrix.md
Lines changed: 2 additions & 2 deletions b/‎articles/backup/backup-azure-mysql-flexible-server-support-matrix.md
Lines changed: 2 additions & 2 deletions
@@ -103,7 +103,7 @@ For the `--extension-targets` parameter, you need to specify the extension and t
 To upgrade the Log Analytics agent extension for Windows that has a newer version available, run the following command:
 
 ```azurecli
-az connectedmachine upgrade-extension --machine-name "myMachineName" --resource-group "myResourceGroup" --extension-targets '{\"Microsoft.EnterpriseCloud.Monitoring.MicrosoftMonitoringAgent\":{\"targetVersion\":\"1.0.18053.0\"}}'
+az connectedmachine upgrade-extension --machine-name "myMachineName" --resource-group "myResourceGroup" --extension-targets '{"Microsoft.EnterpriseCloud.Monitoring.MicrosoftMonitoringAgent":{"targetVersion":"1.0.18053.0"}}'
 ```
 
 You can review the version of installed VM extensions at any time by running the command [az connectedmachine extension list](/cli/azure/connectedmachine/extension#az-connectedmachine-extension-list). The `typeHandlerVersion` property value represents the version of the extension.
 
@@ -40,9 +40,13 @@ The same Client Access URL can be generated by using the Web PubSub server SDK.
 
 2. Generate Client Access URL by calling `WebPubSubServiceClient.getClientAccessToken`:
 
-   - Generate MQTT client access token
+   - Generate client access token
 
      ```js
+     // for web pubsub native clients
+     let token = await serviceClient.getClientAccessToken();
+
+     // for mqtt clients
      let token = await serviceClient.getClientAccessToken({ clientProtocol: "mqtt" });
      ```
 
@@ -90,9 +94,13 @@ The same Client Access URL can be generated by using the Web PubSub server SDK.
 
 2. Generate Client Access URL by calling `WebPubSubServiceClient.GetClientAccessUri`:
 
-   - Generate MQTT client access token
+   - Generate client access token
 
      ```csharp
+     // for web pubsub native clients
+     var url = service.GetClientAccessUri();
+     
+     // for mqtt clients
      var url = service.GetClientAccessUri(clientProtocol: WebPubSubClientProtocol.Mqtt);
      ```
 
@@ -132,9 +140,13 @@ The same Client Access URL can be generated by using the Web PubSub server SDK.
 
 2. Generate Client Access URL by calling `WebPubSubServiceClient.get_client_access_token`:
 
-   - Generate MQTT client access token
+   - Generate client access token
 
      ```python
+     # for web pubsub native clients
+     token = service.get_client_access_token();
+     
+     # for mqtt clients
      token = service.get_client_access_token(client_protocol="MQTT")
      ```
 
@@ -174,7 +186,14 @@ The same Client Access URL can be generated by using the Web PubSub server SDK.
 
 2. Generate Client Access URL by calling `WebPubSubServiceClient.getClientAccessToken`:
 
-   - Generate MQTT client access token
+   - Generate client access token for Web PubSub native clients
+
+     ```java
+     GetClientAccessTokenOptions option = new GetClientAccessTokenOptions();
+     WebPubSubClientAccessToken token = service.getClientAccessToken(option);
+     ```
+
+   - Generate client access token for MQTT clients
 
      ```java
      GetClientAccessTokenOptions option = new GetClientAccessTokenOptions();
@@ -225,3 +244,71 @@ The same Client Access URL can be generated by using the Web PubSub server SDK.
 ---
 
 In real-world code, we usually have a server side to host the logic generating the Client Access URL. When a client request comes in, the server side can use the general authentication/authorization workflow to validate the client request. Only valid client requests can get the Client Access URL back.
+
+## Generate from REST API `:generateToken`
+You could also use Microsoft Entra ID and generate the token by invoking [Generate Client Token REST API](/rest/api/webpubsub/dataplane/web-pub-sub/generate-client-token).
+
+> [!NOTE]
+> Web PubSub does not recommend that you create Microsoft Entra ID tokens for Microsoft Entra ID service principals manually. This is because each Microsoft Entra ID token is short-lived, typically expiring within one hour. After this time, you must manually generate a replacement Microsoft Entra ID token. Instead, use [our SDKs](#generate-from-service-sdk) that automatically generate and replace expired Microsoft Entra ID tokens for you.
+
+1. Follow [Authorize from application ](./howto-authorize-from-application.md#add-a-client-secret) to enable Microsoft Entra ID and add a client secret.
+
+1. Gather the following information:
+   
+    | Value name | How to get the value |
+    | --- | --- |
+    | TenantId | TenantId is the value of **Directory (tenant) ID** on the **Overview** pane of the application you registered. |
+    | ClientId | ClientId is the value of **Application (client) ID** from the **Overview** pane of the application you registered. |
+    | ClientSecret | ClientSecret is the value of the client secret you just added in step #1 |
+   
+1. Get the Microsoft Entra ID token from Microsoft identity platform
+   
+    We use [CURL](https://curl.se/) tool to show how to invoke the REST APIs. The tool is bundled into Windows 10/11, and you could install the tool following [Install CURL](https://curl.se/download.html).
+
+    ```bash
+    # set neccessory values, replace the placeholders with your actual values
+    export TenantId=<your_tenant_id>
+    export ClientId=<your_client_id>
+    export ClientSecret=<your_client_secret>
+
+    curl -X POST "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token" \
+    -H "Content-Type: application/x-www-form-urlencoded" \
+    --data-urlencode "grant_type=client_credentials" \
+    --data-urlencode "client_id=$ClientId" \
+    --data-urlencode "client_secret=$ClientSecret" \
+    --data-urlencode "scope=https://webpubsub.azure.com/.default"
+
+    ```
+    The above curl command sends a POST request to Microsoft identity endpoint to get the [Microsoft Entra ID token](/entra/identity-platform/id-tokens) back.
+    In the response you see the Microsoft Entra ID token in `access_token` field. Copy and store it for later use.
+
+1. Use the Microsoft Entra ID token to invoke `:generateToken`
+
+    ```bash
+    # Replace the values in {} with your actual values.
+    export Hostname={your_service_hostname}
+    export Hub={your_hub}
+    export Microsoft_Entra_Token={Microsoft_entra_id_token_from_previous_step}
+    curl -X POST "https://$Hostname/api/hubs/$Hub/:generateToken?api-version=2024-01-01" \
+    -H "Authorization: Bearer $Microsoft_Entra_Token" \
+    -H "Content-Type: application/json"
+    ```
+
+    If you need to generate the token for MQTT clients, append the `clientType=mqtt` parameter to the URL:
+
+    ```bash
+    export Hostname={your_service_hostname}
+    export Hub={your_hub}
+    export Microsoft_Entra_Token={Microsoft_entra_id_token_from_previous_step}
+    curl -X POST "https://$Hostname/api/hubs/$Hub/:generateToken?api-version=2024-01-01&clientType=mqtt" \
+    -H "Authorization: Bearer $Microsoft_Entra_Token" \
+    -H "Content-Type: application/json"
+    ```
+
+    After running the `cURL` command, you should get a response like this:
+
+    ```json
+    {
+      "token": "ABCDEFG.ABC.ABC"
+    }
+    ```
@@ -1,8 +1,8 @@
 ---
 title: Back up Azure Stack HCI virtual machines with MABS
 description: This article contains the procedures to back up and recover virtual machines using Microsoft Azure Backup Server (MABS).
-ms.topic: conceptual
-ms.date: 05/06/2024
+ms.topic: how-to
+ms.date: 09/11/2024
 ms.service: azure-backup
 ms.custom: engagement-fy24
 author: AbhishekMallick-MS
 
@@ -1,8 +1,8 @@
 ---
 title: Back up file data with MABS
 description: You can back up file data on server and client computers with MABS.
-ms.topic: conceptual
-ms.date: 08/19/2021
+ms.topic: how-to
+ms.date: 09/11/2024
 author: AbhishekMallick-MS
 ms.author: v-abhmallick
 ---
 
@@ -1,16 +1,16 @@
 ---
-title: Database consistent snapshots using enhanced pre-post script framework
-description: Learn how Azure Backup allows you to take database consistent snapshots, leveraging Azure VM backup and using packaged pre-post scripts
-ms.topic: conceptual
+title: Database consistent snapshots using enhanced prepost script framework
+description: Learn how Azure Backup allows you to take database consistent snapshots, leveraging Azure Virtual Machine (VM) backup and using packaged prepost scripts
+ms.topic: how-to
 ms.custom: linux-related-content
-ms.date: 09/16/2021 
+ms.date: 09/11/2024 
 author: AbhishekMallick-MS
 ms.author: v-abhmallick
 ---
 
-# Enhanced pre-post scripts for database consistent snapshot
+# Enhanced prepost scripts for database consistent snapshot
 
-Azure Backup service already provides a [_pre-post_ script framework](./backup-azure-linux-app-consistent.md) to achieve application consistency in Linux VMs using Azure Backup. This involves invoking a pre-script (to quiesce the applications) before taking
+Azure Backup service already provides a [_prepost_ script framework](./backup-azure-linux-app-consistent.md) to achieve application consistency in Linux VMs using Azure Backup. This process involves invoking a pre-script (to quiesce the applications) before taking
 snapshot of disks and calling post-script (commands to un-freeze the applications) after the snapshot is completed to return the applications to the normal mode.
 
 Authoring, debugging and maintenance of e pre/post scripts could be challenging. To remove this complexity, Azure Backup provides simplified pre/post-script experience for marquee databases to get application consistent snapshot with least overhead.
@@ -19,7 +19,7 @@ Authoring, debugging and maintenance of e pre/post scripts could be challenging.
 
 The new _enhanced_ pre-post script framework has the following key benefits:
 
-- These pre-post scripts are directly installed in Azure VMs along with the backup extension. This helps to eliminate authoring and download them from an external location.
+- These pre-post scripts are directly installed in Azure VMs along with the backup extension, which helps to eliminate authoring and download them from an external location.
 - You can view the definition and content of pre-post scripts in [GitHub](https://github.com/Azure/azure-linux-extensions/tree/master/VMBackup/main/workloadPatch/DefaultScripts), even submit suggestions and changes. You can even submit suggestions and changes via GitHub, which will be triaged and added to benefit the broader community.
 - You can even add new pre-post scripts for other databases via [GitHub](https://github.com/Azure/azure-linux-extensions/tree/master/VMBackup/main/workloadPatch/DefaultScripts), _which will be triaged and addressed to benefit the broader community_.
 - The robust framework is efficient to handle scenarios, such as pre-script execution failure or crashes. In any event, the post-script automatically runs to roll back all changes done in the pre-script.
@@ -56,7 +56,7 @@ The following table describes the parameters:
 |Parameter  |Mandatory  |Explanation  |
 |---------|---------|---------|
 |workload_name     |   Yes      |     This will contain the name of the database for which you need application consistent backup. The current supported values are `oracle` or `mysql`.    |
-|command_path/configuration_path     |         |   This will contain path to the workload binary. This is not a mandatory field if the workload binary is set as path variable.      |
+|command_path/configuration_path     |         |   This will contain path to the workload binary. This isn't a mandatory field if the workload binary is set as path variable.      |
 |linux_user     |    Yes     |   This will contain the username of the Linux user with access to the database user login. If this value isn't set, then root is considered as the default user.      |
 |credString     |         |     This stands for credential string to connect to the database. This will contain the entire login string.    |
 |ipc_folder     |         |   The workload can only write to certain file system paths. You need to provide here this folder path so that the pre-script can write the states to this folder path.      |
@@ -87,9 +87,9 @@ Therefore, a daily snapshot + logs with occasional full backup for long-term ret
 
 ### Log backup strategy
 
-The enhanced pre-post script framework is built on Azure VM backup that schedules backup once per day. So, the data loss window with RPO as 24 hours isn’t suitable for production databases. This solution is complemented with a log backup strategy where log backups are streamed out explicitly.
+The enhanced pre-post script framework is built on Azure VM backup that schedules backup once per day. So, the data loss window with Recovery Point Objective (RPO) as 24 hours isn’t suitable for production databases. This solution is complemented with a log backup strategy where log backups are streamed out explicitly.
 
-[NFS on blob](../storage/blobs/network-file-system-protocol-support.md) and [NFS on AFS (Preview)](../storage/files/files-nfs-protocol.md) help in easy mounting of volumes directly on database VMs and use database clients to transfer log backups. The data loss window, that is RPO, falls to the frequency of log backups. Also, NFS targets don't need to be highly performant as you might not need to trigger regular streaming (full and incremental) for operational backups after you have a database consistent snapshots.
+[NFS on blob](../storage/blobs/network-file-system-protocol-support.md) and [NFS on AFS (Preview)](../storage/files/files-nfs-protocol.md) help in easy mounting of volumes directly on database VMs and use database clients to transfer log backups. The data loss window that is RPO, falls to the frequency of log backups. Also, NFS targets don't need to be highly performant as you might not need to trigger regular streaming (full and incremental) for operational backups after you have a database consistent snapshots.
 
 >[!NOTE]
 >The enhanced pre- script usually takes care to flush all the log transactions in transit to the log backup destination, before quiescing the database to take a snapshot. Therefore, the snapshots are database consistent and reliable during recovery.
 
@@ -1,8 +1,8 @@
 ---
 title: Manage and monitor Azure VM backups
 description: Learn how to manage and monitor Azure VM backups by using the Azure Backup service.
-ms.topic: conceptual
-ms.date: 07/05/2022
+ms.topic: how-to
+ms.date: 09/11/2024
 ms.service: azure-backup
 author: AbhishekMallick-MS
 ms.author: v-abhmallick
 
@@ -1,8 +1,8 @@
 ---
 title: Manage Azure Recovery Services vaults and servers
 description: In this article, learn how to use the Recovery Services vault Overview dashboard to monitor and manage your Recovery Services vaults. 
-ms.topic: conceptual
-ms.date: 07/08/2019
+ms.topic: how-to
+ms.date: 09/11/2024
 author: AbhishekMallick-MS
 ms.author: v-abhmallick
 ---
 
@@ -1,8 +1,8 @@
 ---
 title: Monitor Azure Backup protected workloads
 description: In this article, learn about the monitoring and notification capabilities for Azure Backup workloads using the Azure portal.
-ms.topic: conceptual
-ms.date: 09/14/2022
+ms.topic: how-to
+ms.date: 09/11/2024
 ms.assetid: 86ebeb03-f5fa-4794-8a5f-aa5cbbf68a81
 ms.service: azure-backup
 author: AbhishekMallick-MS
 
@@ -1,8 +1,8 @@
 ---
 title: Monitor Azure Backup with Azure Monitor
 description: Monitor Azure Backup workloads and create custom alerts by using Azure Monitor.
-ms.topic: conceptual
-ms.date: 08/01/2023
+ms.topic: how-to
+ms.date: 09/11/2024
 ms.assetid: 01169af5-7eb0-4cb0-bbdb-c58ac71bf48b
 author: AbhishekMallick-MS
 ms.author: v-abhmallick
 
@@ -1,8 +1,8 @@
 ---
 title: Support matrix for Azure Database for MySQL - Flexible Server retention for long term by using Azure Backup
 description: Provides a summary of support settings and limitations when backing up Azure Database for MySQL - Flexible Server.
-ms.topic: conceptual
-ms.date: 03/08/2024
+ms.topic: reference
+ms.date: 09/11/2024
 ms.custom: references_regions
 ms.service: azure-backup
 author: AbhishekMallick-MS