Merge pull request #209940 from MicrosoftDocs/release-ga-du

Release ga du--scheduled release at 10AM of 11/01

Author: huypub

.openpublishing.publish.config.json

@@ -908,6 +908,7 @@
     ".openpublishing.redirection.azure-percept.json",
     ".openpublishing.redirection.azure-productivity.json",
     ".openpublishing.redirection.azure-australia.json",
+    ".openpublishing.redirection.iot-hub-device-update.json",
     "articles/azure-fluid-relay/.openpublishing.redirection.fluid-relay.json",
     "articles/azure-netapp-files/.openpublishing.redirection.azure-netapp-files.json",
     "articles/azure-relay/.openpublishing.redirection.relay.json",

.openpublishing.redirection.iot-hub-device-update.json

@@ -0,0 +1,9 @@
+{
+    "redirections": [
+        {
+            "source_path_from_root": "/articles/iot-hub-device-update/migration-pp-to-ppr.md",
+            "redirect_url": "/azure/iot-hub-device-update/migration-public-preview-refresh-to-ga",
+            "redirect_document_id": true
+        }
+      ]
+}

articles/iot-hub-device-update/configure-access-control-device-update.md

@@ -0,0 +1,122 @@
+---
+title: Configure Access Control in Device Update for IoT Hub | Microsoft Docs
+description: Configure Access Control in Device Update for IoT Hub.
+author: eshashah
+ms.author: eshashah
+ms.date: 10/31/2022
+ms.topic: how-to
+ms.service: iot-hub-device-update
+---
+
+# Configure access control roles for Device Update resources
+
+In order for users to have access to Device Update, they must be granted access to the Device Update account, Instance and set the required access to the linked IoT hub. 
+
+## Configure access control for Device Update account
+
+# [Azure portal](#tab/portal)
+
+1. In your Device Update account, select **Access control (IAM)** from the navigation menu.
+
+   :::image type="content" source="media/create-device-update-account/account-access-control.png" alt-text="Screenshot of access Control within Device Update account." lightbox="media/create-device-update-account/account-access-control.png":::
+
+2. Select **Add role assignments**.
+
+3. On the **Role** tab, select a Device Update role from the available options:
+
+   * Device Update Administrator
+   * Device Update Reader
+   * Device Update Content Administrator
+   * Device Update Content Reader
+   * Device Update Deployments Administrator
+   * Device Update Deployments Reader
+
+   For more information, [Learn about Role-based access control in Device Update for IoT Hub](device-update-control-access.md).
+
+   :::image type="content" source="media/create-device-update-account/role-assignment.png" alt-text="Screenshot of access Control role assignments within Device Update account." lightbox="media/create-device-update-account/role-assignment.png":::
+
+4. Select **Next**
+5. On the **Members** tab, select the users or groups that you want to assign the role to.
+
+   :::image type="content" source="media/create-device-update-account/role-assignment-2.png" alt-text="Screenshot of access Control member selection within Device Update account." lightbox="media/create-device-update-account/role-assignment-2.png":::
+
+6. Select **Review + assign**
+7. Review the new role assignments and select **Review + assign** again
+8. You're now ready to use Device Update from within your IoT Hub
+
+# [Azure CLI](#tab/cli)
+
+The following roles are available for assigning access to Device Update:
+
+* Device Update Administrator
+* Device Update Reader
+* Device Update Content Administrator
+* Device Update Content Reader
+* Device Update Deployments Administrator
+* Device Update Deployments Reader
+
+For more information, [Learn about Role-based access control in Device Update for IoT Hub](device-update-control-access.md).
+
+Use the [az role assignment create](/cli/azure/role/assignment#az-role-assignment-create) command to configure access control for your Device Update account.
+
+Replace the following placeholders with your own information:
+
+* *\<role>*: The Device Update role that you're assigning.
+* *\<user_group>*: The user or group that you want to assign the role to.
+* *\<account_id>*: The resource ID for the Device Update account that the user or group will get access to. You can retrieve the resource ID by using the [az iot device-update account show](/cli/azure/iot/device-update/account#az-iot-device-update-account-show) command and querying for the ID value: `az iot device-update account show -n <account_name> --query id`.
+
+```azurecli-interactive
+az role assignment create --role '<role>' --assignee <user_group> --scope <account_id>
+```
+---
+
+## Configure access for Azure Device Update service principal in linked IoT hub
+
+Device Update for IoT Hub communicates with IoT Hub to manage deployments and updates and to get information about devices. To enable the access, you need to give the **Azure Device Update** service principal access with the **IoT Hub Data Contributor** role.
+
+# [Azure portal](#tab/portal)
+
+1. In the Azure portal, navigate to the IoT hub connected to your Device Update instance.
+
+   :::image type="content" source="media/create-device-update-account/navigate-to-iot-hub.png" alt-text="Screenshot of instance and linked IoT hub." lightbox="media/create-device-update-account/navigate-to-iot-hub.png":::
+
+1. Select **Access Control(IAM)** from the navigation menu. Select **Add** > **Add role assignment**.
+
+   :::image type="content" source="media/create-device-update-account/iot-hub-access-control.png" alt-text="Screenshot of access Control within IoT Hub." lightbox="media/create-device-update-account/iot-hub-access-control.png":::
+
+3. In the **Role** tab, select **IoT Hub Data Contributor**. Select **Next**.
+
+   :::image type="content" source="media/create-device-update-account/role-assignment-iot-hub.png" alt-text="Screenshot of access Control role assignment within IoT Hub." lightbox="media/create-device-update-account/role-assignment-iot-hub.png":::**
+
+4. For **Assign access to**, select **User, group, or service principal**. Select **Select Members** and search for '**Azure Device Update**'
+
+   :::image type="content" source="media/create-device-update-account/assign-role-to-du-service-principal.png" alt-text="Screenshot of access Control member selection for IoT Hub." lightbox="media/create-device-update-account/assign-role-to-du-service-principal.png":::
+
+6. Select **Next** > **Review + Assign**
+
+To validate that you've set permissions correctly:
+
+1. In the Azure portal, navigate to the IoT hub connected to your Device Update instance.
+1. Select **Access Control(IAM)** from the navigation menu.
+1. Select **Check access**.
+1. Select **User, group, or service principal** and search for '**Azure Device Update**'
+1. After clicking on **Azure Device Update**, verify that the **IoT Hub Data Contributor** role is listed under **Role assignments**
+
+# [Azure CLI](#tab/cli)
+
+Use the [az role assignment create](/cli/azure/role/assignment#az-role-assignment-create) command to create a role assignment for the Azure Device Update service principal.
+
+Replace *\<resource_id>* with the resource ID of your IoT hub. You can retrieve the resource ID by using the [az iot hub show](/cli/azure/iot/hub#az-iot-hub-show) command and querying for the ID value: `az iot hub show -n <hub_name> --query id`.
+
+```azurecli
+az role assignment create --role "IoT Hub Data Contributor" --assignee https://api.adu.microsoft.com/ --scope <resource_id>
+```
+---
+
+## Next steps
+
+Try updating a device using one of the following quick tutorials:
+
+* [Update a simulated IoT Edge device](device-update-simulator.md)
+* [Update a Raspberry Pi](device-update-raspberry-pi.md)
+* [Update an Ubuntu Server 18.04 x64 Package agent](device-update-ubuntu-agent.md)

articles/iot-hub-device-update/configure-private-endpoints.md

@@ -103,7 +103,7 @@ You can use either the Azure portal or the Azure CLI to create private endpoints
 1. Fill all the required fields on the **Resource** tab
 
    * **Connection method**: Select **Connect to an Azure resource by resource ID or alias**.
-   * **Resource ID or alias**: Enter the Resource ID of the Device Update account. You can retrieve the resource ID of a Device Update account from the Azure portal by selecting **JSON View** on the **Overview** page. Or, you can retrieve it by using the [az iot device-update account show](/cli/azure/iot/device-update/account#az-iot-device-update-account-show) command and querying for the ID value: `az iot device-update account show -n <account_name> --query id`.
+   * **Resource ID or alias**: Enter the Resource ID of the Device Update account. You can retrieve the resource ID of a Device Update account from the Azure portal by selecting **JSON View** on the **Overview** page. Or, you can retrieve it by using the [az iot du account show](/cli/azure/iot/device-update/account#az-iot-device-update-account-show) command and querying for the ID value: `az iot du account show -n <account_name> --query id`.
    * **Target sub-resource**: Value must be **DeviceUpdate**
 
    :::image type="content" source="./media/configure-private-endpoints/private-endpoint-manual-create.png" alt-text="Screenshot showing the Resource page of the Create a private endpoint tab in Private Link Center.":::
@@ -130,7 +130,7 @@ Replace the following placeholders with your own information:
 * **PRIVATE_LINK_CONNECTION_NAME**: Name of the private link service connection.
 * **VIRTUAL_NETWORK_NAME**: Name of an existing virtual network associated with the subnet.
 * **SUBNET_NAME**: Name or ID of an existing subnet. If you use a subnet name, then you also need to include the virtual network name. If you use a subnet ID, you can omit the `--vnet-name` parameter.
-* **DEVICE_UPDATE_RESOURCE_ID**: You can retrieve the resource ID of a Device Update account from the Azure portal by selecting **JSON View** on the **Overview** page. Or, you can retrieve it by using the [az iot device-update account show](/cli/azure/iot/device-update/account#az-iot-device-update-account-show) command and querying for the ID value: `az iot device-update account show -n <account_name> --query id`.
+* **DEVICE_UPDATE_RESOURCE_ID**: You can retrieve the resource ID of a Device Update account from the Azure portal by selecting **JSON View** on the **Overview** page. Or, you can retrieve it by using the [az iot du account show](/cli/azure/iot/device-update/account#az-iot-device-update-account-show) command and querying for the ID value: `az iot du account show -n <account_name> --query id`.
 * **LOCATION**: Name of the Azure region. Your private endpoint must be in the same region as your virtual network, but can in a different region from the Device Update account.
 
 ```azurecli-interactive
@@ -192,7 +192,7 @@ There are four provisioning states:
 
 # [Azure CLI](#tab/cli)
 
-Use the [az iot device-update account private-endpoint-connection set](/cli/azure/iot/device-update/account/private-endpoint-connection#az-iot-device-update-account-private-endpoint-connection-set) command to manage private endpoint connection.
+Use the [az iot du account private-endpoint-connection set](/cli/azure/iot/device-update/account/private-endpoint-connection#az-iot-device-update-account-private-endpoint-connection-set) command to manage private endpoint connection.
 
 Replace the following placeholders with your own information:
 
@@ -201,7 +201,7 @@ Replace the following placeholders with your own information:
 * **STATUS**: Either `Approved` or `Rejected`.
 
 ```azurecli-interactive
-az iot device-update account private-endpoint-connection set \
+az iot du account private-endpoint-connection set \
     --name <ACCOUNT_NAME> \
     --connection-name <PRIVATE_LINK_CONNECTION_NAME> \
     --status <STATUS> \