Merge pull request #246602 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: Taojunshen

articles/active-directory/develop/tutorial-blazor-server.md

@@ -22,7 +22,7 @@ In this tutorial:
 
 > [!div class="checklist"]
 >
-> - Create a new Blazor Server app configured to use Azure AD for authentication
+> - Create a new Blazor Server app configured to use Azure AD for authentication for users in a single organization (in the Azure Active Directory tenant the app is registered)
 > - Handle both authentication and authorization using `Microsoft.Identity.Web`
 > - Retrieve data from a protected web API, Microsoft Graph
 
@@ -34,169 +34,64 @@ In this tutorial:
   - [Application administrator](../roles/permissions-reference.md#application-administrator)
   - [Application developer](../roles/permissions-reference.md#application-developer)
   - [Cloud application administrator](../roles/permissions-reference.md#cloud-application-administrator)
-
-## Register the app in the Azure portal
-
-Every app that uses Azure AD for authentication must be registered with Azure AD. Follow the instructions in [Register an application](quickstart-register-app.md) with these additions:
-
-- For **Supported account types**, select **Accounts in this organizational directory only**.
-- Leave the **Redirect URI** drop down set to **Web** and enter `https://localhost:5001/signin-oidc`. The default port for an app running on Kestrel is `5001`. If the app is available on a different port, specify that port number instead of `5001`.
-
-Under **Manage**, select **Authentication** > **Implicit grant and hybrid flows**. Select **ID tokens**, and then select **Save**.
-
-Finally, because the app calls a protected API (in this case Microsoft Graph), it needs a client secret in order to verify its identity when it requests an access token to call that API.
-
-1. Within the same app registration, under **Manage**, select **Certificates & secrets** and then **Client secrets**.
-2. Create a **New client secret** that never expires.
-3. Make note of the secret's **Value** as you'll use it in the next step. You can’t access it again once you navigate away from this pane. However, you can recreate it as needed.
+- The tenant-id or domain of the Azure Active Directory associated with your Azure Account
 
 ## Create the app using the .NET CLI
 
-To create the application, run the following command. Replace the placeholders in the command with the proper information from your app's overview page and execute the command in a command shell. The output location specified with the `-o|--output` option creates a project folder if it doesn't exist and becomes part of the app's name.
-
 ```dotnetcli
-dotnet new blazorserver --auth SingleOrg --calls-graph -o {APP NAME} --client-id "{CLIENT ID}" --tenant-id "{TENANT ID}" --domain "{DOMAIN}" -f net7.0
+mkdir <new-project-folder>
+cd <new-project-folder>
+dotnet new blazorserver --auth SingleOrg --calls-graph
 ```
 
-| Placeholder   | Azure portal name       | Example                                |
-| ------------- | ----------------------- | -------------------------------------- |
-| `{APP NAME}`  | &mdash;                 | `BlazorSample`                         |
-| `{CLIENT ID}` | Application (client) ID | `41451fa7-0000-0000-0000-69eff5a761fd` |
-| `{TENANT ID}` | Directory (tenant) ID   | `e86c78e2-0000-0000-0000-918e0565a45e` |
-| `{DOMAIN}`    | Primary domain          | `tenantname.onmicrosoft.com`           |
-
-Now, navigate to your new Blazor app in your editor and add the client secret to the _appsettings.json_ file, replacing the text "secret-from-app-registration".
+## Install the Microsoft Identity App Sync .NET Tool
 
-```json
-"ClientSecret": "secret-from-app-registration",
+```dotnetcli
+dotnet tool install --global msidentity-app-sync
 ```
 
-## Test the app
+This tool will automate the following tasks for you:
 
-In your terminal, run the following command:
+- Register your application in Azure Active Directory
+  - Create a secret for your registered application
+  - Register redirect URIs based on your launchsettings.json
+- Initialize the use of user secrets in your project
+- Store your application secret in user secrets storage
+- Update your appsettings.json with the client-id, tenant-id, and others.
 
-```dotnetcli
-dotnet run
-```
+.NET Tools extend the capabilities of the dotnet CLI command. To learn more about .NET Tools, see [.NET Tools](/dotnet/core/tools/global-tools).
 
-In your browser, navigate to `https://localhost:<port number> `, and log in using an Azure AD user account to see the app running.
+For more information on user secrets storage, see [safe storage of app secrets during development](/aspnet/core/security/app-secrets).
 
-## Retrieving data from Microsoft Graph
+## Use the Microsoft Identity App Sync Tool
 
-[Microsoft Graph](/graph/overview) offers a range of APIs that provide access to your users' Microsoft 365 data. By using the Microsoft identity platform as the identity provider for your app, you have easier access to this information since Microsoft Graph directly supports the tokens issued by the Microsoft identity platform. In this section, you add code to display the signed in user's emails on the application's "fetch data" page.
+Run the following command to register your app in your tenant and update the .NET configuration of your application. Provide the username/upn belonging to your Azure Account (for instance, `[email protected]`) and the tenant ID or domain name of the Azure Active Directory associated with your Azure Account. If you use an account that is signed in in either Visual Studio, Azure CLI, or Azure PowerShell, you'll benefit from single sign-on (SSO).
 
-Before you start, log out of your app since you'll be making changes to the required permissions, and your current token won't work. If you haven't already, run your app again and select **Log out** before updating the code below.
+```dotnetcli
+msidentity-app-sync --username <username/upn> --tenant-id <tenantID>
+```
 
-Now you'll update your app's registration and code to pull a user's email and display the messages within the app. To achieve this, first extend the app registration permissions in Azure AD to enable access to the email data. Then, add code to the Blazor app to retrieve and display this data in one of the pages.
+> [!Note]
+> - You don't need to provide the username if you are signed in with only one account in the developer tools.
+> - You don't need to provide the tenant-id if the tenant in which you want to create the application is your home tenant.
 
-1. In the Azure portal, select your app in **App registrations**.
-1. Under **Manage**, select **API permissions**.
-1. Select **Add a permission** > **Microsoft Graph**.
-1. Select **Delegated Permissions**, then search for and select the **Mail.Read** permission.
-1. Select **Add permissions**.
+## Optional - Create a development SSL certificate
 
-In the _appsettings.json_ file, update your code so it fetches the appropriate token with the right permissions. Add `mail.read` after the `user.read` scope under `DownstreamAPI`. This is specifying which scopes (or permissions) the app will request access to.
+In order to avoid SSL errors/warnings when browsing the running application, you can use the following on macOS and Windows to generate a self-signed SSL certificate for use by .NET Core.
 
-```json
-"Scopes": "user.read mail.read"
+```dotnetcli
+dotnet dev-certs https --trust
 ```
 
-Next, in the _Pages_ folder, update the code in the _FetchData.razor_ file to retrieve email data instead of the default (random) weather details. Replace the code in that file with the following code snippet:
-
-```csharp
-@page "/fetchdata"
-
-@inject IHttpClientFactory HttpClientFactory
-@inject Microsoft.Identity.Web.ITokenAcquisition TokenAcquisitionService
-
-<p>This component demonstrates fetching data from a service.</p>
-
-@if (messages == null)
-{
-    <p><em>Loading...</em></p>
-}
-else
-{
-    <h1>Hello @userDisplayName !!!!</h1>
-    <table class="table">
-        <thead>
-            <tr>
-                <th>Subject</th>
-                <th>Sender</th>
-                <th>Received Time</th>
-            </tr>
-        </thead>
-        <tbody>
-            @foreach (var mail in messages)
-            {
-                <tr>
-                    <td>@mail.Subject</td>
-                    <td>@mail.Sender</td>
-                    <td>@mail.ReceivedTime</td>
-                </tr>
-            }
-        </tbody>
-    </table>
-}
-
-@code {
-
-    private string userDisplayName;
-    private List<MailMessage> messages = new List<MailMessage>();
-
-    private HttpClient _httpClient;
-
-    protected override async Task OnInitializedAsync()
-    {
-        _httpClient = HttpClientFactory.CreateClient();
-
-
-        // get a token
-        var token = await TokenAcquisitionService.GetAccessTokenForUserAsync(new string[] { "User.Read", "Mail.Read" });
-
-        // make API call
-        _httpClient.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", token);
-        var dataRequest = await _httpClient.GetAsync("https://graph.microsoft.com/beta/me");
-
-        if (dataRequest.IsSuccessStatusCode)
-        {
-            var userData = System.Text.Json.JsonDocument.Parse(await dataRequest.Content.ReadAsStreamAsync());
-            userDisplayName = userData.RootElement.GetProperty("displayName").GetString();
-        }
-
-        var mailRequest = await _httpClient.GetAsync("https://graph.microsoft.com/beta/me/messages?$select=subject,receivedDateTime,sender&$top=10");
-
-        if (mailRequest.IsSuccessStatusCode)
-        {
-            var mailData = System.Text.Json.JsonDocument.Parse(await mailRequest.Content.ReadAsStreamAsync());
-            var messagesArray = mailData.RootElement.GetProperty("value").EnumerateArray();
-
-            foreach (var m in messagesArray)
-            {
-                var message = new MailMessage();
-                message.Subject = m.GetProperty("subject").GetString();
-                message.Sender = m.GetProperty("sender").GetProperty("emailAddress").GetProperty("address").GetString();
-                message.ReceivedTime = m.GetProperty("receivedDateTime").GetDateTime();
-                messages.Add(message);
-            }
-        }
-    }
-
-    public class MailMessage
-    {
-        public string Subject;
-        public string Sender;
-        public DateTime ReceivedTime;
-    }
-}
+## Run the app
 
-```
-
-Launch the app. You’ll notice that you're prompted for the newly added permissions, indicating that everything is working as expected. Now, beyond basic user profile data, the app is requesting access to email data.
+In your terminal, run the following command:
 
-After granting consent, navigate to the "Fetch data" page to read some email.
+```dotnetcli
+dotnet run
+```
 
-:::image type="content" source="./media/tutorial-blazor-server/final-app-2.png" alt-text="Screenshot of the final app. It has a heading that says Hello Nicholas and it shows a list of emails belonging to Nicholas.":::
+Browse to the running web application using the URL outputted by the command line.
 
 ## Next steps
 

articles/active-directory/hybrid/connect/plan-connect-performance-factors.md

@@ -166,6 +166,7 @@ The size of your source Active Directory topology will influence your SQL databa
 
 
 - Organizations with more than 100,000 users can reduce network latencies by colocating SQL database and the provisioning engine on the same server.
+- SQL Named Pipes protocol is not supported as it introduces significant delays in the sync cycle and should be disabled in the SQL Server Configuration Manager under SQL Native Clients and SQL Server Network. Please note that changing Named Pipes configuration only takes effect after restarting database and ADSync services.
 - Due to the high disk input and output (I/O) requirements of the sync process, use Solid State Drives (SSD) for the SQL database of the provisioning engine for optimal results, if not possible, consider RAID 0 or RAID 1 configurations.
 - Don’t do a full sync preemptively; it causes unnecessary churn and slower response times.
 

articles/active-directory/hybrid/connect/reference-connect-sync-attributes-synchronized.md

@@ -124,7 +124,7 @@ In this case, start with the list of attributes in this topic and identify those
 | msExchRecipientTypeDetails |X |X |X | |
 | msExchRemoteRecipientType |X | | | |
 | msExchRequireAuthToSendTo |X |X |X | |
-| msExchResourceCapacity |X | | | |
+| msExchResourceCapacity |X| | |This attribute is currently not consumed by Exchange Online. |
 | msExchResourceDisplay |X | | | |
 | msExchResourceMetaData |X | | | |
 | msExchResourceSearchProperties |X | | | |

articles/azure-large-instances/what-is-azure-large-instances.md

@@ -181,7 +181,7 @@ Shows Azure IaaS, and in this case, use of VMs to host your applications, which
 Shows using your ExpressRoute Gateway enabled with ExpressRoute FastPath for Azure Large Instances connectivity offering low latency.
 
 > [!Note]
->To support this configuration, your ExpressRoute Gateway should be UltraPerformance. For more information, [About ExpressRoute virtual network gateways](../expressroute/expressroute-about-virtual-network-gateways.md).
+>To support this configuration, your ExpressRoute Gateway should be UltraPerformance. For more information, see [About ExpressRoute virtual network gateways](../expressroute/expressroute-about-virtual-network-gateways.md).
 
 
 

articles/azure-large-instances/work-with-azure-large-instances-in-azure-portal.md

@@ -16,24 +16,25 @@ ms.date: 06/01/2023
 In this article, you learn what to do in the Azure portal with your implementation of Azure Large Instances.
 
 > [!Note]
-> For now, BareMetal Infrastructure or BareMetal Instances are being used as synonyms with Azure Large Instances.
+> For now, BareMetal Infrastructure and BareMetal Instances are being used as synonyms for Azure Large Instances.
 
 ## Register the resource provider
 
-An Azure resource provider for Azure Large Instances enables you to see the instances in the Azure portal. By default, the Azure subscription you use for Azure Large Instances deployments registers the Azure Large Instances resource provider. If you don't see your deployed Azure Large Instances, register the resource provider with your subscription.
+An Azure resource provider for Azure Large Instances enables you to see the instances in the Azure portal.
+By default, the Azure subscription you use for Azure Large Instances deployments registers the Azure Large Instances resource provider.
+If you don't see your deployed Azure Large Instances, register the resource provider with your subscription.
 
 You can register the Azure Large Instance resource provider using the Azure portal or the Azure CLI.
 
 ### [Portal](#tab/azure-portal)
 
-
 You need to list your subscription in the Azure portal and then double-click the subscription used to deploy your Azure Large Instances tenant.
 
 1. Sign in to the Azure portal.
 2. On the Azure portal menu, select **All services**.
 3. In the **All services** box, enter **subscription**, and then select **Subscriptions**.
 4. Select the subscription from the subscription list.
-5. Select **Resource providers** and type **BareMetalInfrastructure** in the search box. The resource provider should be Registered, as the image shows. 
+5. Select **Resource providers** and type **BareMetalInfrastructure** in the search box. The resource provider should be registered, as the image shows.
 
 :::image type="content" source="../baremetal-infrastructure/media/connect-baremetal-infrastructure/register-resource-provider-azure-portal.png" alt-text="Networking diagram of Azure Large Instances." lightbox="../baremetal-infrastructure/media/connect-baremetal-infrastructure/register-resource-provider-azure-portal.png"  border="false":::
 
@@ -46,23 +47,8 @@ To begin using Azure CLI:
 
 [!INCLUDE [azure-cli-prepare-your-environment-no-header](~/articles/reusable-content/azure-cli/azure-cli-prepare-your-environment-no-header.md)]
 
-[comment]: <The following section duplicates the content provided by the INCLUDE above> 
-
-Use the Bash environment in [Azure Cloud Shell](../cloud-shell/overview.md).
-For more information, see [Quickstart for Bash in Azure Cloud Shell](../cloud-shell/quickstart.md). 
-
-If you prefer to run CLI reference commands locally, [install](https://learn.microsoft.com/cli/azure/install-azure-cli) the Azure CLI. If you're running on Windows or macOS, consider running Azure CLI in a Docker container. For more information, see [How to run the Azure CLI in a Docker container](https://learn.microsoft.com/cli/azure/run-azure-cli-docker).
-
-If you're using a local installation, sign in to the Azure CLI by using the [az login command](https://learn.microsoft.com/cli/azure/reference-index?view=azure-cli-latest#az-login). To finish the authentication process, follow the steps displayed in your terminal. For other sign-in options, see [Sign in with the Azure CLI](https://learn.microsoft.com/cli/azure/authenticate-azure-cli).
-
-When you're prompted, install the Azure CLI extension on first use. For more information about extensions, see [Use extensions with the Azure CLI](https://learn.microsoft.com/cli/azure/azure-cli-extensions-overview).
-
-Run [az version](https://learn.microsoft.com/cli/azure/reference-index?view=azure-cli-latest#az-version) to find the version and dependent libraries that are installed. To upgrade to the latest version, run [az upgrade](https://learn.microsoft.com/cli/azure/reference-index?view=azure-cli-latest#az-upgrade).
-
 For more information about resource providers, see [Azure resource providers and types](./../azure-resource-manager/management/resource-providers-and-types.md).
 
-[comment]: <End of Include content> 
-
 Sign in to the Azure subscription you use for the Azure Large Instances deployment through the Azure CLI.
 Register the BareMetalInfrastructure Azure Large Instance resource provider with the az provider register command:
 
@@ -74,8 +60,6 @@ You can use the az provider list command to see all available providers.
 
 ---
 
-For more information about resource providers, see [Azure resource providers and types](../azure-resource-manager/management/resource-providers-and-types.md).
-
 ## Azure Large Instances in the Azure portal
 
 When you submit an Azure Large Instances deployment request, specify the Azure subscription you're connecting to the Azure Large Instances. Use the same subscription you use to deploy the application layer that works against the Azure Large Instances.

articles/baremetal-infrastructure/workloads/nc2-on-azure/supported-instances-and-regions.md

@@ -18,7 +18,7 @@ Learn about instances and regions supported for NC2 on Azure.
 Nutanix Clusters on Azure supports:
 
 * Minimum of three bare metal nodes per cluster.
-* Maximum of 13 bare metal nodes.
+* Maximum of 28 bare metal nodes.
 * Only the Nutanix AHV hypervisor on Nutanix clusters running in Azure.
 * Prism Central instance deployed on Nutanix Clusters on Azure to manage the Nutanix clusters in Azure.