Merge pull request #292374 from MicrosoftDocs/main

Merge main to live, 4 AM

Author: v-ccolin

.openpublishing.redirection.json

@@ -1,5 +1,10 @@
 {
   "redirections": [
+    {
+      "source_path": "articles/cdn/akamai-retirement-faq.md",
+      "redirect_url": "/previous-versions/azure/cdn/akamai-retirement-faq",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/operator-5g-core/concept-centralized-lifecycle-management.md",
       "redirect_url": "/previous-versions/azure/operator-5g-core/concept-centralized-lifecycle-management",

articles/azure-functions/functions-bindings-signalr-service.md

@@ -3,7 +3,7 @@ title: Azure Functions SignalR Service bindings
 description: Understand how to use SignalR Service bindings with Azure Functions.
 ms.topic: reference
 ms.custom: devx-track-extended-java, devx-track-js, devx-track-python
-ms.date: 04/02/2024
+ms.date: 12/24/2024
 zone_pivot_groups: programming-languages-set-functions-lang-workers
 ---
 
@@ -63,14 +63,59 @@ To use the SignalR Service annotations in Java functions, you need to add a depe
 ```
 ::: zone-end
 
-## Connection string settings
+## Connections
 
-Add the `AzureSignalRConnectionString` key to the _host.json_ file that points to the application setting with your connection string. For local development, this value may exist in the _local.settings.json_ file.
+You can use [connection string](#connection-string) or [Microsoft Entra identity](#identity-based-connections) to connect to Azure SignalR Service.
 
-For details on how to configure and use SignalR Service and Azure Functions together, refer to [Azure Functions development and configuration with Azure SignalR Service](../azure-signalr/signalr-concept-serverless-development-config.md).
+### Connection string
+
+For instructions on how to retrieve the connection string for your Azure SignalR Service, see [Connection strings in Azure SignalR Service](../azure-signalr/concept-connection-string.md#how-to-get-connection-strings)
+
+This connection string should be stored in an application setting with a name `AzureSignalRConnectionString`. You can customize the application setting name with the `connectionStringSetting` property of the binding configuration.
+
+### Identity-based connections
+
+If you're using version 1.7.0 or higher, instead of using a connection string with a secret, you can have the app use an [Microsoft Entra identity](../active-directory/fundamentals/active-directory-whatis.md).
+
+First of all, you should make sure your Microsoft Entra identity has role [SignalR Service Owner](../role-based-access-control/built-in-roles.md#signalr-service-owner).
+
+Then you would define settings with a common prefix `AzureSignalRConnectionString`. You can customize prefix name with the `connectionStringSetting` property of the binding configuration.
+
+In this mode, the settings include following items:
+
+| Property   | Environment variable template     | Description     |  Required  | Example value     |
+|--------------|----------|-----|----------|
+| Service URI | `AzureSignalRConnectionString__serviceUri` | The URI of your service endpoint. When you only configure "Service URI", the extensions would attempt to use [DefaultAzureCredential](/dotnet/azure/sdk/authentication/credential-chains?tabs=dac#defaultazurecredential-overview) type to authenticate with the service.  |  Yes |  https://mysignalrsevice.service.signalr.net|
+| Token Credential |  `AzureSignalRConnectionString__credential` | Defines how a token should be obtained for the connection. This setting should be set to `managedidentity` if your deployed Azure Function intends to use managed identity authentication. This value is only valid when a managed identity is available in the hosting environment. | No   | managedidentity |
+| Client ID | `AzureSignalRConnectionString__clientId` | When `credential` is set to `managedidentity`, this property can be set to specify the user-assigned identity to be used when obtaining a token. The property accepts a client ID corresponding to a user-assigned identity assigned to the application. It's invalid to specify both a Resource ID and a client ID. If not specified, the system-assigned identity is used. This property is used differently in [local development scenarios](./functions-reference.md#local-development-with-identity-based-connections), when `credential` shouldn't be set. |   No |  00000000-0000-0000-0000-000000000000  |
+| Resource ID | `AzureSignalRConnectionString__managedIdentityResourceId` | When `credential` is set to `managedidentity`, this property can be set to specify the resource Identifier to be used when obtaining a token. The property accepts a resource identifier corresponding to the resource ID of the user-defined managed identity. It's invalid to specify both a resource ID and a client ID. If neither are specified, the system-assigned identity is used. This property is used differently in [local development scenarios](./functions-reference.md#local-development-with-identity-based-connections), when `credential` shouldn't be set. |   No |  /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup/providers/Microsoft.SignalRService/SignalR/mysignalrservice   |
+
+
+> [!NOTE]
+> When using `local.settings.json` file at local, [Azure App Configuration](../azure-app-configuration/quickstart-azure-functions-csharp.md), or [Key Vault](/azure/key-vault/general/overview) to provide settings for identity-based connections, replace `__` with `:` in the setting name to ensure names are resolved correctly.
+>
+> For example, `AzureSignalRConnectionString:serviceUri`.
+
+#### Multiple endpoints setting
+
+You can also configure multiple endpoints and specify identity settings per endpoint.
+
+In this case, prefix your settings with `Azure__SignalR__Endpoints__{endpointName}`. The `{endpointName}` is an arbitrary name assigned by you to associate a group of settings to a service endpoint. The prefix `Azure__SignalR__Endpoints__{endpointName}` can't be customized by `connectionStringSetting` property.
+
+| Property   | Environment variable template     | Description     |   Required  | Example value     |
+|--------------|----------|-----|----------|
+| Service URI | `Azure__SignalR__Endpoints__{endpointName}__serviceUri` | The URI your service endpoint. When you only configure "Service URI", the extensions would attempt to use [DefaultAzureCredential](/dotnet/azure/sdk/authentication/credential-chains?tabs=dac#defaultazurecredential-overview) type to authenticate with the service. |Yes |  https://mysignalrsevice1.service.signalr.net|
+| Endpoint Type | `Azure__SignalR__Endpoints__{endpointName}__type` | Indicates whether the service endpoint is primary or secondary. If not specified, it defaults to `Primary`. Valid values are `Primary` and `Secondary`, case-insensitive. | No | `Secondary` |
+| Token Credential |  `Azure__SignalR__Endpoints__{endpointName}__credential` | Defines how a token should be obtained for the connection. This setting should be set to `managedidentity` if your deployed Azure Function intends to use managed identity authentication. This value is only valid when a managed identity is available in the hosting environment. | No   | managedidentity |
+| Client ID | `Azure__SignalR__Endpoints__{endpointName}__clientId` | When `credential` is set to `managedidentity`, this property can be set to specify the user-assigned identity to be used when obtaining a token. The property accepts a client ID corresponding to a user-assigned identity assigned to the application. It's invalid to specify both a Resource ID and a client ID. If not specified, the system-assigned identity is used. This property is used differently in [local development scenarios](./functions-reference.md#local-development-with-identity-based-connections), when `credential` shouldn't be set. |   No |  00000000-0000-0000-0000-000000000000  |
+| Resource ID | `Azure__SignalR__Endpoints__{endpointName}__managedIdentityResourceId` | When `credential` is set to `managedidentity`, this property can be set to specify the resource Identifier to be used when obtaining a token. The property accepts a resource identifier corresponding to the resource ID of the user-defined managed identity. It's invalid to specify both a resource ID and a client ID. If neither are specified, the system-assigned identity is used. This property is used differently in [local development scenarios](./functions-reference.md#local-development-with-identity-based-connections), when `credential` shouldn't be set. |   No |  /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myrg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myusermanagedidentity   |
+
+For more information about multiple endpoints, see [Scale SignalR Service with multiple instances](../azure-signalr/signalr-howto-scale-multi-instances.md?pivots=serverless-mode#for-signalr-functions-extensions)
 
 ## Next steps
 
+For details on how to configure and use SignalR Service and Azure Functions together, refer to [Azure Functions development and configuration with Azure SignalR Service](../azure-signalr/signalr-concept-serverless-development-config.md).
+
 - [Handle messages from SignalR Service  (Trigger binding)](./functions-bindings-signalr-service-trigger.md)
 - [Return the service endpoint URL and access token (Input binding)](./functions-bindings-signalr-service-input.md)
 - [Send SignalR Service messages  (Output binding)](./functions-bindings-signalr-service-output.md)

articles/backup/blob-backup-support-matrix.md

@@ -2,7 +2,7 @@
 title: Support matrix for Azure Blobs backup
 description: Provides a summary of support settings and limitations when backing up Azure Blobs.
 ms.topic: reference
-ms.date: 12/18/2024
+ms.date: 12/27/2024
 ms.custom: references_regions, engagement-fy24
 ms.service: azure-backup
 author: AbhishekMallick-MS
@@ -56,7 +56,7 @@ Operational backup of blobs uses blob point-in-time restore, blob versioning, so
 
 - You can back up only block blobs in a *standard general-purpose v2 storage account* using the vaulted backup solution for blobs.
 - HNS-enabled storage accounts are currently not supported. This includes *ADLS Gen2 accounts*, *accounts using NFS 3.0*, and *SFTP protocols* for blobs.
-- You can back up storage accounts with *up to 100 containers*. You can also select a subset of containers to back up (up to 100 containers).
+- You can back up storage accounts with *up to 100 containers*, there is no limit on the number of blobs within those containers. You can also select a subset of containers to back up (up to 100 containers).
   - If your storage account contains more than 100 containers, you need to select *up to 100 containers* to back up.
   - To back up any new containers that get created after backup configuration for the storage account, modify the protection of the storage account. These containers aren't backed up automatically.
 - The storage accounts to be backed up must contain *a minimum of one container*. If the storage account doesn't contain any containers or if no containers are selected, an error may appear when you configure backup.
@@ -69,6 +69,10 @@ Operational backup of blobs uses blob point-in-time restore, blob versioning, so
 - If you suspend and resume protection or delete the **Object Replication policy** on the **source storage account**, the policy triggers a full backup.
 - Backup vaults with User-Assigned Managed Identity (UAMI) aren't compatible with Azure Blob Vaulted backups. Only System-Assigned Managed Identity (SAMI) works, because the vault needs to access the storage account where the blobs are stored. The vault uses its system-assigned managed identity for this access.
 
+- Enabling backups isn't supported for the blob container that are configured with native replication using data factory.
+- The protection of  a container that is part of any object replication isn't supported, either as a source or destination. Attempting to back up such a container will result in backup failure.
+ 
+
 ---
 
 ## Next steps

articles/batch/managed-identity-pools.md

@@ -2,8 +2,9 @@
 title: Configure managed identities in Batch pools
 description: Learn how to enable user-assigned managed identities on Batch pools and how to use managed identities within the nodes.
 ms.topic: conceptual
-ms.date: 08/12/2024
+ms.date: 12/23/2024
 ms.devlang: csharp
+ai-usage: ai-assisted
 ms.custom:
 ---
 # Configure managed identities in Batch pools
@@ -13,6 +14,10 @@ complicated identity and credential management by providing an identity for the
 (Azure AD ID). This identity is used to obtain Microsoft Entra tokens to authenticate with target
 resources in Azure.
 
+When adding a User-Assigned Managed Identity to a Batch Pool, it is crucial to set the *Identity* property in your configuration. This property links the managed identity to the pool, enabling it to access Azure resources securely. Incorrect setting of the *Identity* property can result in common errors, such as access issues or upload errors.
+
+For more information on configuring managed identities in Azure Batch, please refer to the [Azure Batch Managed Identities documentation](/troubleshoot/azure/hpc/batch/use-managed-identities-azure-batch-account-pool).
+
 This topic explains how to enable user-assigned managed identities on Batch pools and how to use managed identities within the nodes.
 
 > [!IMPORTANT]
@@ -106,6 +111,23 @@ ArmOperation<BatchAccountPoolResource> armOperation = batchAccount.GetBatchAccou
 BatchAccountPoolResource pool = armOperation.Value;
 ```
 
+> [!NOTE]
+> To include the *Identity* property use the following example code:
+```csharp
+   var pool = batchClient.PoolOperations.CreatePool(
+       poolId: "myPool",
+       virtualMachineSize: "STANDARD_D2_V2",
+       cloudServiceConfiguration: new CloudServiceConfiguration(osFamily: "4"),
+       targetDedicatedNodes: 1,
+       identity: new PoolIdentity(
+           type: PoolIdentityType.UserAssigned,
+           userAssignedIdentities: new Dictionary<string, UserAssignedIdentity>
+           {
+               { "/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identity-name}", new UserAssignedIdentity() }
+           }
+       ));
+   ```
+
 ## Use user-assigned managed identities in Batch nodes
 
 Many Azure Batch functions that access other Azure resources directly on the compute nodes, such as Azure Storage or

articles/batch/tutorial-run-python-batch-azure-data-factory.md

@@ -3,7 +3,8 @@ title: 'Tutorial: Run a Batch job through Azure Data Factory'
 description: Learn how to use Batch Explorer, Azure Storage Explorer, and a Python script to run a Batch workload through an Azure Data Factory pipeline.
 ms.devlang: python
 ms.topic: tutorial
-ms.date: 03/01/2024
+ms.date: 12/23/2024
+ai-usage: ai-assisted
 ms.custom: mvc, devx-track-python
 ---
 
@@ -82,8 +83,10 @@ Paste the connection string into the following script, replacing the `<storage-a
 
 ``` python
 # Load libraries
-from azure.storage.blob import BlobClient
+# from azure.storage.blob import BlobClient
+from azure.storage.blob import BlobServiceClient
 import pandas as pd
+import io
 
 # Define parameters
 connectionString = "<storage-account-connection-string>"
@@ -93,8 +96,16 @@ outputBlobName	= "iris_setosa.csv"
 # Establish connection with the blob storage account
 blob = BlobClient.from_connection_string(conn_str=connectionString, container_name=containerName, blob_name=outputBlobName)
 
+# Initialize the BlobServiceClient (This initializes a connection to the Azure Blob Storage, downloads the content of the 'iris.csv' file, and then loads it into a Pandas DataFrame for further processing.)
+blob_service_client = BlobServiceClient.from_connection_string(conn_str=connectionString)
+blob_client = blob_service_client.get_blob_client(container_name=containerName, blob_name=outputBlobName)
+
+# Download the blob content
+blob_data = blob_client.download_blob().readall()
+
 # Load iris dataset from the task node
-df = pd.read_csv("iris.csv")
+# df = pd.read_csv("iris.csv")
+df = pd.read_csv(io.BytesIO(blob_data))
 
 # Take a subset of the records
 df = df[df['Species'] == "setosa"]
@@ -106,6 +117,8 @@ with open(outputBlobName, "rb") as data:
     blob.upload_blob(data, overwrite=True)
 ```
 
+For more information on working with Azure Blob Storage, refer to the [Azure Blob Storage documentation](/azure/storage/blobs/storage-blobs-introduction). 
+
 Run the script locally to test and validate functionality. 
 
 ``` bash