Merge pull request #206538 from MicrosoftDocs/release-ga-managed-grafana

Release ga managed grafana--scheduled release on 8/23 10AM

Author: huypub

articles/managed-grafana/encryption.md

@@ -0,0 +1,40 @@
+---
+title: Encryption in Azure Managed Grafana
+description: Learn how data is encrypted in Azure Managed Grafana.
+author: maud-lv
+ms.author: malev
+ms.service: managed-grafana
+ms.topic: conceptual
+ms.date: 07/22/2022
+ms.custom: concept
+---
+
+# Encryption in Azure Managed Grafana
+
+This article provides a short description of encryption within Azure Managed Grafana.
+
+## Data storage
+
+ Azure Managed Grafana stores data in the following services:
+
+- Resource-provider related system metadata is stored in Azure Cosmos DB.
+- Grafana instance user data is stored in a per instance Azure Database for PostgreSQL.
+
+## Encryption in Cosmos DB and Azure Database for PostgreSQL
+
+Managed Grafana leverages encryption offered by Cosmos DB and Azure Database for PostgreSQL.
+
+Data stored in Cosmos DB and Azure Database for PostgreSQL is encrypted at rest on storage devices and in transport over the network.
+
+For more information, go to [Encryption at rest in Azure Cosmos DB](/azure/cosmos-db/database-encryption-at-rest) and [Security in Azure Database for PostgreSQL - Flexible Server](/azure/postgresql/flexible-server/concepts-security).
+
+## Server-side encryption
+
+The encryption model used by Managed Grafana is the server-side encryption model with Service-Managed keys.
+
+In this model, all key management aspects such as key issuance, rotation, and backup are managed by Microsoft. The Azure resource providers create the keys, place them in secure storage, and retrieve them when needed. For more information, go to [Server-side encryption using Service-Managed key](/azure/security/fundamentals/encryption-models).
+
+## Next steps
+
+> [!div class="nextstepaction"]
+> [Monitor your Azure Managed Grafana instance](how-to-monitor-managed-grafana-workspace.md)

articles/managed-grafana/grafana-app-ui.md

@@ -76,4 +76,4 @@ A Grafana dashboard is a collection of [panels](#panels) arranged in rows and co
 ## Next steps
 
 > [!div class="nextstepaction"]
-> [How to share an Azure Managed Grafana Preview instance](./how-to-share-grafana-workspace.md)
+> [How to share an Azure Managed Grafana instance](./how-to-share-grafana-workspace.md)

articles/managed-grafana/high-availability.md

@@ -1,31 +1,41 @@
 ---
-title: High availability in Azure Managed Grafana Preview
-description: Learn about high availability options provided by Azure Managed Grafana Preview
+title: Azure Managed Grafana service reliability 
+description: Learn about service reliability and availability options provided by Azure Managed Grafana
 author: maud-lv 
 ms.author: malev 
 ms.service: managed-grafana 
 ms.topic: conceptual
-ms.date: 6/18/2022 
+ms.date: 7/27/2022 
 ---
 
-# High availability in Azure Managed Grafana Preview
+# Azure Managed Grafana service reliability
 
-An Azure Managed Grafana Preview instance in the Standard tier is hosted on a dedicated set of virtual machines (VMs). By default, two VMs are deployed to provide redundancy. Each VM runs a Grafana server. A network load balancer distributes browser requests amongst the Grafana servers. On the backend, the Grafana servers are connected to a shared database that stores the configuration and other persistent data for an entire Managed Grafana instance.
+An Azure Managed Grafana instance in the Standard tier is hosted on a dedicated set of virtual machines (VMs). By default, two VMs are deployed to provide redundancy. Each VM runs a Grafana server. A network load balancer distributes browser requests amongst the Grafana servers. On the backend, the Grafana servers are connected to a shared database that stores the configuration and other persistent data for an entire Managed Grafana instance.
 
-:::image type="content" source="media/high-availability/high-availability.png" alt-text="Diagram of the Managed Grafana Standard tier instance setup.":::
+:::image type="content" source="media/service-reliability/diagram.png" alt-text="Diagram of the Managed Grafana Standard tier instance setup.":::
 
 The load balancer always keeps track of which Grafana servers are available. In a dual-server setup, if it detects that one server is down, the load balancer starts sending all requests to the remaining server. That server should be able to pick up the browser sessions previously served by the other one based on information saved in the shared database. In the meantime, the Managed Grafana service will work to repair the unhealthy server or bring up a new one.
 
+Microsoft is not providing or setting up disaster recovery for this service. In case of a region level outage, service will experience downtime and users can set up additional instances in other regions for disaster recovery purposes.
+
 ## Zone redundancy
 
-Normally the network load balancer, VMs and database that underpin a Managed Grafana instance are located within one Azure datacenter. The Managed Grafana Standard tier supports *zone redundancy*, which provides protection against zonal outages. When the zone redundancy option is selected, the VMs are spread across [availability zones](../availability-zones/az-overview.md#availability-zones) and other resources with availability zone enabled.
+Normally the network load balancer, VMs and database that underpin a Managed Grafana instance are located in a region based on system resource availability, and could end up being in a same Azure datacenter
 
-> [!NOTE]
-> Zone redundancy can only be enabled when creating the Managed Grafana instance, and can't be modified subsequently. There's also an additional charge for using the zone redundancy option. Go to [Azure Managed Grafana pricing](https://azure.microsoft.com/pricing/details/managed-grafana/) for details.
+### With zone redundancy enabled
+
+When the zone redundancy option is enabled, VMs are spread across [availability zones](../availability-zones/az-overview.md#availability-zones) and other resources with availability zone enabled.
 
 In a zone-wide outage, no user action is required. An impacted Managed Grafana instance will rebalance itself to take advantage of the healthy zone automatically. The Managed Grafana service will attempt to heal the affected instances during zone recovery.
 
+> [!NOTE]
+> Zone redundancy can only be enabled when creating the Managed Grafana instance, and can't be modified subsequently. The zone redundancy option comes with an additional cost. Go to [Azure Managed Grafana pricing](https://azure.microsoft.com/pricing/details/managed-grafana/) for details.
+
+### With zone redundancy disabled
+
+Zone redundancy is disabled in the Managed Grafana Standard tier by default. In this scenario, virtual machines are created as regional resources and should not be expected to survive zone-downs scenarios as they can go down at same time.
+
 ## Next steps
 
 > [!div class="nextstepaction"]
-> [Create an Azure Managed Grafana Preview instance](./quickstart-managed-grafana-portal.md)
+> [Create an Azure Managed Grafana instance](./quickstart-managed-grafana-portal.md)

articles/managed-grafana/how-to-api-calls.md

@@ -1,44 +1,95 @@
 ---
-title: 'Call Grafana APIs programmatically'
-titleSuffix: Azure Managed Grafana Preview
-description: Learn how to call Grafana APIs programmatically with Azure Active Directory (Azure AD) and an Azure service principal
+title: 'Call Grafana APIs programmatically with Azure Managed Grafana'
+titleSuffix: Azure Managed Grafana
+description: Learn how to call Grafana APIs programmatically with Azure Active Directory and an Azure service principal
 author: maud-lv 
 ms.author: malev 
 ms.service: managed-grafana 
-ms.topic: how-to 
-ms.date: 4/18/2022 
+ms.topic: tutorial
+ms.date: 08/11/2022 
 ---
 
-# How to call Grafana APIs programmatically
+# Tutorial: Call Grafana APIs programmatically
 
-In this article, you'll learn how to call Grafana APIs within Azure Managed Grafana Preview using a service principal.
+In this tutorial, you learn how to:
+
+> [!div class="checklist"]
+> * Assign an Azure Managed Grafana role to the service principal of your application
+> * Retrieve application details
+> * Get an access token
+> * Call Grafana APIs
 
 ## Prerequisites
 
-- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/dotnet).
-- An Azure Managed Grafana instance. If you don't have one yet, [create an Azure Managed Grafana instance](./quickstart-managed-grafana-portal.md).
+* An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/).
+* An Azure Managed Grafana workspace. [Create an Azure Managed Grafana instance](./quickstart-managed-grafana-portal.md).
+* An Azure Active Directory (Azure AD) application with a service principal. [Create an Azure AD application and service principal](../active-directory/develop/howto-create-service-principal-portal.md). For simplicity, use an application located in the same Azure AD tenant as your Managed Grafana instance.
 
 ## Sign in to Azure
 
 Sign in to the Azure portal at [https://portal.azure.com/](https://portal.azure.com/) with your Azure account.
 
-## Assign roles to the service principal of your application and of your Azure Managed Grafana Preview instance
+## Assign an Azure Managed Grafana role to the service principal of your application
+
+1. In the Azure portal, open your Managed Grafana instance.
+1. Select **Access control (IAM)** in the navigation menu.
+1. Select **Add**, then **Add role assignment**.
+1. Select the **Grafana Editor** role and then **Next**.
+1. Under **Assign access to**, select **User,group, or service principal**.
+1. Select **Select members**, select your service principal, and hit **Select**.
+1. Select **Review + assign**.
+
+    :::image type="content" source="media/tutorial-api/role-assignment.png" alt-text="Screenshot of Add role assignment in the Azure platform.":::
+
+## Retrieve application details
+
+You now need to gather some information, which you'll use to get a Grafana API access token, and call Grafana APIs.
+
+1. Find your tenant ID:
+   1. In the Azure portal, enter *Azure Active Directory* in the **Search resources, services, and docs (G+ /)**.
+   1. Select **Azure Active Directory**.
+   1. Select **Properties** from the left menu.
+   1. Locate the field **Tenant ID** and save its value.
+
+    :::image type="content" source="./media/tutorial-api/tenant-id.png" alt-text="Screenshot of the Azure portal, getting tenant ID.":::
+
+1. Find your client ID:
+   1. In the Azure portal, in Azure Active Directory, select **App registrations** from the left menu.
+   1. Select your app.
+   1. In **Overview**, find the **Application (client) ID** field and save its value.
+
+    :::image type="content" source="./media/tutorial-api/client-id.png" alt-text="Screenshot of the Azure portal, getting client ID.":::
+  
+1. Create an application secret:
+   1. In the Azure portal, in Azure Active Directory, select **App registrations** from the left menu.
+   1. Select your app.
+   1. Select **Certificates & secrets** from the left menu.
+   1. Select **New client secret**.
+   1. Create a new client secret and save its value.
 
-1. Start by [Creating an Azure AD application and service principal that can access resources](../active-directory/develop/howto-create-service-principal-portal.md). This guide takes you through creating an application and assigning a role to its service principal. For simplicity, use an application located in the same Azure Active Directory (Azure AD) tenant as your Grafana instance.
-1. Assign the role of your choice to the service principal for your Grafana resource. Refer to [How to share a Managed Grafana instance](how-to-share-grafana-workspace.md) to learn how to grant access to a Grafana instance. Instead of selecting a user, select **Service principal**.
+    :::image type="content" source="./media/tutorial-api/create-new-secret.png" alt-text="Screenshot of the Azure portal, creating a secret.":::
+
+    > [!NOTE]
+    > You can only access a secret's value immediately after creating it. Copy the value before leaving the page to use it in the next step of this tutorial.
+
+1. Find your Grafana endpoint URL:
+
+   1. In the Azure portal, enter *Azure Managed Grafana* in the **Search resources, services, and docs (G+ /)** bar.
+   1. Select **Azure Managed Grafana** and open your Managed Grafana workspace.
+   1. Select **Overview** from the left menu and save the **Endpoint** value.
+
+    :::image type="content" source="media/tutorial-api/endpoint-url.png" alt-text="Screenshot of the Azure platform. Endpoint displayed in the Overview page.":::
 
 ## Get an access token
 
-To access Grafana APIs, you first need to get an access token. Here's an example showing how you can call Azure AD to retrieve a token:
+To access Grafana APIs, you need to get an access token. Follow the example below to call Azure AD and retrieve a token. Replace `<tenant-id>`, `<client-id>`, and `<client-secret>` with the tenant ID, application (client) ID, and client secret collected in the previous step.
 
 ```bash
 curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' \
--d 'grant_type=client_credentials&client_id=<client-id>&client_secret=<application-secret>&resource=ce34e7e5-485f-4d76-964f-b3d2b16d1e4f' \
+-d 'grant_type=client_credentials&client_id=<client-id>&client_secret=<client-secret>&resource=ce34e7e5-485f-4d76-964f-b3d2b16d1e4f' \
 https://login.microsoftonline.com/<tenant-id>/oauth2/token
 ```
 
-Replace `<tenant-id>` with your own Azure AD tenant ID, replace `<client-id>` with your client ID and `<application-secret>` with the application secret of the application you want to share.
-
 Here's an example of response:
 
 ```bash
@@ -53,21 +104,34 @@ Here's an example of response:
 }
 ```
 
-## Call a Grafana API
+## Call Grafana APIs
 
-You can now call the Grafana API using the access token retrieved in the previous step as the Authorization header. For example:
+You can now call Grafana APIs using the access token retrieved in the previous step as the Authorization header. For example:
 
 ```bash
 curl -X GET \
 -H 'Authorization: Bearer <access-token>' \
 https://<grafana-url>/api/user
 ```
 
-Replace `<access-token>` with the access token retrieved in the previous step and replace `<grafana-url>` with the URL of your Grafana instance. For example `https://grafanaworkspace-abcd.cuse.grafana.azure.com`. This URL is displayed in the Azure platform, in the **Overview** page of your Managed Grafana instance.
+Replace `<access-token>` and `<grafana-url>` with the access token retrieved in the previous step and the endpoint URL of your Grafana instance. For example `https://my-grafana-abcd.cuse.grafana.azure.com`.
+
+## Clean up resources
+
+If you're not going to continue to use these resources, delete them with the following steps:
+
+1. Delete Azure Managed Grafana:
+   1. In the Azure portal, in Azure Managed Grafana, select **Overview** from the left menu.
+   1. Select **Delete**.
+   1. Enter the resource name to confirm deletion and select **Delete**.
 
-:::image type="content" source="media/managed-grafana-how-to-api-endpoint.png" alt-text="Screenshot of the Azure platform. Endpoint displayed in the Overview page.":::
+1. Delete the Azure AD application:
+   1. In the Azure portal, in Azure Active Directory, select **App registrations** from the left menu.
+   1. Select your app.
+   1. In the **Overview** tab, select **Delete**.
+   1. Select **Delete**.
 
 ## Next steps
 
 > [!div class="nextstepaction"]
-> [Grafana UI](./grafana-app-ui.md)
+> [Create and manage API keys](./how-to-create-api-keys.md)