Skip to content

Commit 8d7177f

Browse files
Learn Build Service GitHub AppLearn Build Service GitHub App
authored andcommitted
Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)
2 parents 72ef105 + c960053 commit 8d7177f

File tree

66 files changed

+645
-431
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

66 files changed

+645
-431
lines changed

articles/active-directory/develop/msal-error-handling-js.md

Lines changed: 18 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -54,17 +54,20 @@ The following error types are available:
5454

5555
- `InteractionRequiredAuthError`: Error class, extends `ServerError` to represent server errors, which require an interactive call. This error is thrown by `acquireTokenSilent` if the user is required to interact with the server to provide credentials or consent for authentication/authorization. Error codes include `"interaction_required"`, `"login_required"`, and `"consent_required"`.
5656

57-
For error handling in authentication flows with redirect methods (`loginRedirect`, `acquireTokenRedirect`), you'll need to register the callback, which is called with success or failure after the redirect using `handleRedirectCallback()` method as follows:
57+
For error handling in authentication flows with redirect methods (`loginRedirect`, `acquireTokenRedirect`), you'll need to handle the redirect promise, which is called with success or failure after the redirect using the `handleRedirectPromise()` method as follows:
5858

5959
```javascript
60-
function authCallback(error, response) {
61-
//handle redirect response
62-
}
63-
64-
var myMSALObj = new Msal.UserAgentApplication(msalConfig);
60+
const msal = require('@azure/msal-browser');
61+
const myMSALObj = new msal.PublicClientApplication(msalConfig);
6562

6663
// Register Callbacks for redirect flow
67-
myMSALObj.handleRedirectCallback(authCallback);
64+
myMSALObj.handleRedirectPromise()
65+
.then(function (response) {
66+
//success response
67+
})
68+
.catch((error) => {
69+
console.log(error);
70+
})
6871
myMSALObj.acquireTokenRedirect(request);
6972
```
7073

@@ -97,10 +100,8 @@ myMSALObj.acquireTokenSilent(request).then(function (response) {
97100
// call API
98101
}).catch( function (error) {
99102
// call acquireTokenPopup in case of acquireTokenSilent failure
100-
// due to consent or interaction required
101-
if (error.errorCode === "consent_required"
102-
|| error.errorCode === "interaction_required"
103-
|| error.errorCode === "login_required") {
103+
// due to interaction required
104+
if (error instanceof InteractionRequiredAuthError) {
104105
myMSALObj.acquireTokenPopup(request).then(
105106
function (response) {
106107
// call API
@@ -123,10 +124,9 @@ myMSALObj.acquireTokenSilent(accessTokenRequest).then(function(accessTokenRespon
123124
}).catch(function(error) {
124125
if (error instanceof InteractionRequiredAuthError) {
125126

126-
// extract, if exists, claims from error message
127-
if (error.ErrorMessage.claims) {
128-
accessTokenRequest.claimsRequest = JSON.stringify(error.ErrorMessage.claims);
129-
}
127+
// extract, if exists, claims from the error object
128+
if (error.claims) {
129+
accessTokenRequest.claims = error.claims,
130130

131131
// call acquireTokenPopup in case of InteractionRequiredAuthError failure
132132
myMSALObj.acquireTokenPopup(accessTokenRequest).then(function(accessTokenResponse) {
@@ -140,13 +140,12 @@ myMSALObj.acquireTokenSilent(accessTokenRequest).then(function(accessTokenRespon
140140
141141
Interactively acquiring the token prompts the user and gives them the opportunity to satisfy the required Conditional Access policy.
142142
143-
When calling an API requiring Conditional Access, you can receive a claims challenge in the error from the API. In this case, you can pass the claims returned in the error to the `claimsRequest` field of the `AuthenticationParameters.ts` class to satisfy the appropriate policy.
144-
145-
See [Requesting Additional Claims](active-directory-optional-claims.md) for more detail.
143+
When calling an API requiring Conditional Access, you can receive a claims challenge in the error from the API. In this case, you can pass the claims returned in the error to the `claims` parameter in the [access token request object](https://learn.microsoft.com/azure/active-directory/develop/msal-js-pass-custom-state-authentication-request) to satisfy the appropriate policy.
146144
145+
See [How to use Continuous Access Evaluation enabled APIs in your applications](./app-resilience-continuous-access-evaluation.md) for more detail.
147146
148147
[!INCLUDE [Active directory error handling retries](../../../includes/active-directory-develop-error-handling-retries.md)]
149148
150149
## Next steps
151150
152-
Consider enabling [Logging in MSAL.js](msal-logging-js.md) to help you diagnose and debug issues.
151+
Consider enabling [Logging in MSAL.js](msal-logging-js.md) to help you diagnose and debug issues

articles/active-directory/hybrid/reference-connect-version-history.md

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,6 @@ Required permissions | For permissions required to apply an update, see [Azure A
4747
>
4848
> The following versions will retire on 15 March 2023:
4949
>
50-
> - 2.0.91.0
5150
> - 2.0.89.0
5251
> - 2.0.88.0
5352
> - 2.0.28.0

articles/active-directory/saas-apps/servicenow-provisioning-tutorial.md

Lines changed: 10 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -3,12 +3,13 @@ title: Configure ServiceNow for automatic user provisioning with Azure Active Di
33
description: Learn how to automatically provision and deprovision user accounts from Azure AD to ServiceNow.
44
services: active-directory
55
author: twimmers
6-
manager: CelesteDG
7-
ms.reviewer: celested
6+
writer: twimmers
7+
manager: beatrizd
8+
ms.assetid: 5f03d8b7-c3a0-443e-91af-99cc3956fa18
89
ms.service: active-directory
910
ms.subservice: saas-app-tutorial
1011
ms.workload: identity
11-
ms.topic: how-to
12+
ms.topic: tutorial
1213
ms.date: 3/10/2023
1314
ms.author: thwimmer
1415
---
@@ -87,13 +88,13 @@ To configure automatic user provisioning for ServiceNow in Azure AD:
8788
1. Set **Provisioning Mode** to **Automatic**.
8889

8990
1. In the **Admin Credentials** section, enter your ServiceNow tenant URL, Client ID, Client Secret and Authorization Endpoint. Select **Test Connection** to ensure that Azure AD can connect to ServiceNow. [This ServiceNow documentation](https://docs.servicenow.com/bundle/utah-platform-security/page/administer/security/task/t_CreateEndpointforExternalClients.html) outlines how to generate these values.
91+
![Screenshot that shows the Service Provisioning page, where you can enter admin credentials.](./media/servicenow-provisioning-tutorial/servicenow-provisioning.png)
9092

91-
- Tenant URL: https://**InsertInstanceName**.service-now.com/api/now/scim
92-
- Authorization Endpoint: https://**InsertInstanceName**.service-now.com/oauth_auth.do?response_type=code&client_id=**InsertClientID**&state=1&scope=useraccount&redirect_uri=https%3A%2F%2Fportal.azure.com%2FTokenAuthorize
93-
- Token Endoint: https://**InsertInstanceName**.service-now.com/api/now/scim
94-
95-
![Screenshot that shows the Service Provisioning page, where you can enter admin credentials.](./media/servicenow-provisioning-tutorial/servicenow-provisioning.png)
96-
93+
> [!NOTE]
94+
> - Tenant URL: https://**InsertInstanceName**.service-now.com/api/now/scim
95+
> - Authorization Endpoint: https://**InsertInstanceName**.service-now.com/oauth_auth.do?response_type=code&client_id=**InsertClientID**&state=1&scope=useraccount&redirect_uri=https%3A%2F%2Fportal.azure.com%2FTokenAuthorize
96+
> - Token Endoint: https://**InsertInstanceName**.service-now.com/api/now/scim
97+
9798
1. In the **Notification Email** box, enter the email address of a person or group that should receive the provisioning error notifications. Then select the **Send an email notification when a failure occurs** check box.
9899

99100
1. Select **Save**.

articles/aks/learn/quick-kubernetes-deploy-portal.md

Lines changed: 12 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -30,18 +30,15 @@ This quickstart assumes a basic understanding of Kubernetes concepts. For more i
3030
## Create an AKS cluster
3131

3232
1. Sign in to the [Azure portal](https://portal.azure.com).
33-
34-
2. On the Azure portal menu or from the **Home** page, select **Create a resource**.
35-
36-
3. Select **Containers** > **Kubernetes Service**.
37-
38-
4. On the **Basics** page, configure the following options:
33+
1. On the Azure portal menu or from the **Home** page, select **Create a resource**.
34+
1. Select **Containers** > **Kubernetes Service**.
35+
1. On the **Basics** page, configure the following options:
3936

4037
- **Project details**:
4138
* Select an Azure **Subscription**.
4239
* Select or create an Azure **Resource group**, such as *myResourceGroup*.
4340
- **Cluster details**:
44-
* Ensure the the **Preset configuration** is *Standard ($$)*. For more details on preset configurations, see [Cluster configuration presets in the Azure portal][preset-config].
41+
* Ensure the **Preset configuration** is *Standard ($$)*. For more details on preset configurations, see [Cluster configuration presets in the Azure portal][preset-config].
4542
* Enter a **Kubernetes cluster name**, such as *myAKSCluster*.
4643
* Select a **Region** for the AKS cluster, and leave the default value selected for **Kubernetes version**.
4744
* Select **99.5%** for **API server availability**.
@@ -54,20 +51,20 @@ This quickstart assumes a basic understanding of Kubernetes concepts. For more i
5451
> You can change the preset configuration when creating your cluster by selecting *Learn more and compare presets* and choosing a different option.
5552
> :::image type="content" source="media/quick-kubernetes-deploy-portal/cluster-preset-options.png" alt-text="Screenshot of Create AKS cluster - portal preset options.":::
5653
57-
5. Select **Next: Node pools** when complete.
58-
59-
6. Keep the default **Node pools** options. At the bottom of the screen, click **Next: Access**.
60-
61-
7. On the **Access** page, configure the following options:
54+
1. Select **Next: Node pools** when complete.
55+
1. Keep the default **Node pools** options. At the bottom of the screen, click **Next: Access**.
56+
1. On the **Access** page, configure the following options:
6257

6358
- The default value for **Resource identity** is **System-assigned managed identity**. Managed identities provide an identity for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication. For more details about managed identities, see [What are managed identities for Azure resources?](../../active-directory/managed-identities-azure-resources/overview.md).
6459
- The Kubernetes role-based access control (RBAC) option is the default value to provide more fine-grained control over access to the Kubernetes resources deployed in your AKS cluster.
6560

6661
By default, *Basic* networking is used, and [Container insights](../../azure-monitor/containers/container-insights-overview.md) is enabled.
6762

68-
8. Click **Review + create**. When you navigate to the **Review + create** tab, Azure runs validation on the settings that you have chosen. If validation passes, you can proceed to create the AKS cluster by selecting **Create**. If validation fails, then it indicates which settings need to be modified.
69-
70-
9. It takes a few minutes to create the AKS cluster. When your deployment is complete, navigate to your resource by either:
63+
1. Select **Next: Networking** when complete.
64+
1. Keep the default **Networking** options. At the bottom of the screen, click **Next: Integrations**.
65+
1. On the **Integrations** page, if you want to enable the [recommended out-of-the-box alerts](../../azure-monitor/alerts/alerts-overview.md#recommended-alert-rules) for AKS clusters, select **Enable recommended alert rules**. You can see the list of alerts that are automatically enabled if you select this option.
66+
1. Click **Review + create**. When you navigate to the **Review + create** tab, Azure runs validation on the settings that you have chosen. If validation passes, you can proceed to create the AKS cluster by selecting **Create**. If validation fails, then it indicates which settings need to be modified.
67+
1. It takes a few minutes to create the AKS cluster. When your deployment is complete, navigate to your resource by either:
7168
* Selecting **Go to resource**, or
7269
* Browsing to the AKS cluster resource group and selecting the AKS resource. In this example you browse for *myResourceGroup* and select the resource *myAKSCluster*.
7370

articles/azure-monitor/alerts/alerts-create-new-alert-rule.md

Lines changed: 19 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,8 @@ Then you define these elements for the resulting alert actions by using:
3737

3838
1. Select **Apply**.
3939
1. Select **Next: Condition** at the bottom of the page.
40-
1. On the **Select a signal** pane, you can search for the signal name or you can filter the list of signals by:
40+
1. On the **Condition** tab, when you select the **Signal name** field, the most commonly used signals are displayed in the drop-down list. Select one of these popular signals, or select **See all signals** if you want to choose a different signal for the condition.
41+
1. (Optional.) If you chose to **See all signals** in the previous step, use the **Select a signal** pane to search for the signal name or filter the list of signals. Filter by:
4142
- **Signal type**: The [type of alert rule](alerts-overview.md#types-of-alerts) you're creating.
4243
- **Signal source**: The service sending the signal. The list is pre-populated based on the type of alert rule you selected.
4344

@@ -57,30 +58,17 @@ Then you define these elements for the resulting alert actions by using:
5758
|Resource health|Resource health|The service that provides the resource-level health status. |
5859
|Service health|Service health|The service that provides the subscription-level health status. |
5960

60-
1. Select the **Signal name** and **Apply**.
61+
Select the **Signal name** and **Apply**.
6162
1. Follow the steps in the tab that corresponds to the type of alert you're creating.
6263

6364
### [Metric alert](#tab/metric)
6465

65-
1. On the **Configure signal logic** pane, you can preview the results of the selected metric signal. Select values for the following fields.
66+
1. Preview the results of the selected metric signal in the **Preview** section. Select values for the following fields.
6667

6768
|Field |Description |
6869
|---------|---------|
69-
|Select time series|Select the time series to include in the results. |
70-
|Chart period|Select the time span to include in the results. Can be from the last six hours to the last week.|
71-
72-
1. (Optional) Depending on the signal type, you might see the **Split by dimensions** section.
73-
74-
Dimensions are name-value pairs that contain more data about the metric value. By using dimensions, you can filter the metrics and monitor specific time-series, instead of monitoring the aggregate of all the dimensional values.
75-
76-
If you select more than one dimension value, each time series that results from the combination triggers its own alert and is charged separately. For example, the transactions metric of a storage account can have an API name dimension that contains the name of the API called by each transaction (for example, GetBlob, DeleteBlob, and PutPage). You can choose to have an alert fired when there's a high number of transactions in a specific API (the aggregated data). Or you can use dimensions to alert only when the number of transactions is high for specific APIs.
77-
78-
|Field |Description |
79-
|---------|---------|
80-
|Dimension name|Dimensions can be either number or string columns. Dimensions are used to monitor specific time series and provide context to a fired alert.<br>Splitting on the **Azure Resource ID** column makes the specified resource into the alert target. If detected, the **ResourceID** column is selected automatically and changes the context of the fired alert to the record's resource. |
81-
|Operator|The operator used on the dimension name and value. |
82-
|Dimension values|The dimension values are based on data from the last 48 hours. Select **Add custom value** to add custom dimension values. |
83-
|Include all future values| Select this field to include any future values added to the selected dimension. |
70+
|Time range|The time range to include in the results. Can be from the last six hours to the last week.|
71+
|Time series|The time series to include in the results.|
8472

8573
1. In the **Alert logic** section:
8674

@@ -94,6 +82,19 @@ Then you define these elements for the resulting alert actions by using:
9482
|Threshold sensitivity| If you selected a **dynamic** threshold, enter the sensitivity level. The sensitivity level affects the amount of deviation from the metric series pattern that's required to trigger an alert. <br> - **High**: Thresholds are tight and close to the metric series pattern. An alert rule is triggered on the smallest deviation, resulting in more alerts. <br> - **Medium**: Thresholds are less tight and more balanced. There will be fewer alerts than with high sensitivity (default). <br> - **Low**: Thresholds are loose, allowing greater deviation from the metric series pattern. Alert rules are only triggered on large deviations, resulting in fewer alerts. |
9583
|Aggregation granularity| Select the interval that's used to group the data points by using the aggregation type function. Choose an **Aggregation granularity** (period) that's greater than the **Frequency of evaluation** to reduce the likelihood of missing the first evaluation period of an added time series.|
9684
|Frequency of evaluation|Select how often the alert rule is to be run. Select a frequency that's smaller than the aggregation granularity to generate a sliding window for the evaluation.|
85+
86+
1. (Optional) Depending on the signal type, you might see the **Split by dimensions** section.
87+
88+
Dimensions are name-value pairs that contain more data about the metric value. By using dimensions, you can filter the metrics and monitor specific time-series, instead of monitoring the aggregate of all the dimensional values.
89+
90+
If you select more than one dimension value, each time series that results from the combination triggers its own alert and is charged separately. For example, the transactions metric of a storage account can have an API name dimension that contains the name of the API called by each transaction (for example, GetBlob, DeleteBlob, and PutPage). You can choose to have an alert fired when there's a high number of transactions in a specific API (the aggregated data). Or you can use dimensions to alert only when the number of transactions is high for specific APIs.
91+
92+
|Field |Description |
93+
|---------|---------|
94+
|Dimension name|Dimensions can be either number or string columns. Dimensions are used to monitor specific time series and provide context to a fired alert.<br>Splitting on the **Azure Resource ID** column makes the specified resource into the alert target. If detected, the **ResourceID** column is selected automatically and changes the context of the fired alert to the record's resource. |
95+
|Operator|The operator used on the dimension name and value. |
96+
|Dimension values|The dimension values are based on data from the last 48 hours. Select **Add custom value** to add custom dimension values. |
97+
|Include all future values| Select this field to include any future values added to the selected dimension. |
9798

9899
1. (Optional) In the **When to evaluate** section:
99100

articles/azure-monitor/alerts/alerts-manage-alert-rules.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,7 @@ To enable recommended alert rules:
6868
1. On the **Alerts** page, select **Enable recommended alert rules**. The **Enable recommended alert rules** pane opens with a list of recommended alert rules based on your type of resource.
6969
1. In the **Alert me if** section, select all of the rules you want to enable. The rules are populated with the default values for the rule condition, such as the percentage of CPU usage that you want to trigger an alert. You can change the default values if you would like.
7070
1. In the **Notify me by** section, select the way you want to be notified if an alert is fired.
71+
1. Select **Use an existing action group**, and enter the details of the existing action group if you want to use an action group that already exists.
7172
1. Select **Enable**.
7273

7374
:::image type="content" source="media/alerts-managing-alert-instances/alerts-enable-recommended-alert-rule-pane.png" alt-text="Screenshot of recommended alert rules pane.":::

articles/azure-monitor/alerts/alerts-overview.md

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -59,8 +59,13 @@ This table provides a brief description of each alert type. For more information
5959

6060
If you don't have alert rules defined for the selected resource, you can [enable recommended out-of-the-box alert rules in the Azure portal](alerts-manage-alert-rules.md#enable-recommended-alert-rules-in-the-azure-portal).
6161

62+
The system compiles a list of recommended alert rules based on:
63+
64+
- The resource provider’s knowledge of important signals and thresholds for monitoring the resource.
65+
- Telemetry that tells us what customers commonly alert on for this resource.
66+
6267
> [!NOTE]
63-
> The alert rule recommendations feature is currently in preview and is only enabled for:
68+
> Recommended alert rules is enabled for:
6469
> - Virtual machines
6570
> - AKS resources
6671
> - Log Analytics workspaces

0 commit comments

Comments
 (0)