Merge remote-tracking branch 'upstream/main' into prot

Author: tarTech23

articles/defender-for-iot/organizations/cli-ot-sensor.md

@@ -39,7 +39,7 @@ The following tables list the activities available by CLI and the privileged use
 |Service area  |Users  |Actions  |
 |---------|---------|---------|
 |Sensor health     |   *admin*, *cyberx*      | [Check OT monitoring services health](cli-ot-sensor.md#check-ot-monitoring-services-health)        |
-|Reboot and shutdown     |  *admin*, *cyberx*, *cyberx_host*       | [Restart an appliance](cli-ot-sensor.md#restart-an-appliance)<br>[Shut down an appliance](cli-ot-sensor.md#shutdown-an-appliance)        |
+|Reboot and shutdown     |  *admin*, *cyberx*, *cyberx_host*       | [Restart an appliance](cli-ot-sensor.md#restart-an-appliance)<br>[Shut down an appliance](cli-ot-sensor.md#shut-down-an-appliance)        |
 |Software versions     |  *admin*, *cyberx*       |  [Show installed software version](cli-ot-sensor.md#show-installed-software-version)  <br>[Update software version](update-ot-software.md)     |
 |Date and time     |   *admin*, *cyberx*, *cyberx_host*          |  [Show current system date/time](cli-ot-sensor.md#show-current-system-datetime)       |
 |NTP     | *admin*, *cyberx*        | [Turn on NTP time sync](cli-ot-sensor.md#turn-on-ntp-time-sync)<br>[Turn off NTP time sync](cli-ot-sensor.md#turn-off-ntp-time-sync)        |
@@ -69,6 +69,12 @@ The following tables list the activities available by CLI and the privileged use
 |Physical interfaces management     | *admin*        | [Locate a physical port by blinking interface lights](cli-ot-sensor.md#locate-a-physical-port-by-blinking-interface-lights)        |
 |Physical interfaces management    | *admin*, *cyberx*        |     [List connected physical interfaces](cli-ot-sensor.md#list-connected-physical-interfaces)    |
 
+### Traffic capture filter commands
+
+|Service area  |Users  |Actions  |
+|---------|---------|---------|
+| Capture filter management    |  *admin*, *cyberx*       | [Create a basic filter for all components](cli-ot-sensor.md#create-a-basic-filter-for-all-components)<br>[Create an advanced filter for specific components](cli-ot-sensor.md#create-an-advanced-filter-for-specific-components)  <br>[List current capture filters for specific components](cli-ot-sensor.md#list-current-capture-filters-for-specific-components)  <br> [Reset all capture filters](cli-ot-sensor.md#reset-all-capture-filters)   |
+
 ## Defender for IoT CLI access
 
 To access the Defender for IoT CLI, sign in to your OT or Enterprise IoT sensor or your on-premises management console using a terminal emulator and SSH.

articles/defender-for-iot/organizations/references-work-with-defender-for-iot-cli-commands.md

@@ -3,7 +3,7 @@ title: Archived release notes for Azure HDInsight on AKS
 description: Archived release notes for Azure HDInsight on AKS. Get development tips and details for Trino, Flink, and Spark.
 ms.service: azure-hdinsight-on-aks
 ms.topic: conceptual
-ms.date: 08/05/2024
+ms.date: 09/05/2024
 ---
 
 # Azure HDInsight on AKS archived release notes
@@ -14,6 +14,76 @@ ms.date: 08/05/2024
 
 Azure HDInsight on AKS is one of the most popular services among enterprise customers for open-source analytics on Azure. If you would like to subscribe on release notes, watch releases on this [GitHub repository](https://github.com/Azure/HDInsight-on-aks/releases).
 
+### Release date: Aug 05, 2024
+
+**This release applies to the following**
+
+- Cluster Pool Version: 1.2
+- Cluster Version: 1.2.1
+- AKS version: 1.27
+
+### New Features
+
+**MSI based SQL authentication**
+Users can now authenticate external Azure SQL DB Metastore with MSI instead of User ID password authentication. This feature helps to further secure the cluster connection with Metastore.
+
+**Configurable VM SKUs for Head node, SSH node** 
+This functionality allows users to choose specific SKUs for head nodes, worker nodes, and SSH nodes, offering the flexibility to select according to the use case and the potential to lower total cost of ownership (TCO).
+
+**Multiple MSI in cluster**
+Users can configure multiple MSI for cluster admins operations and for job related resource access. This feature allows users to demarcate and control the access to the cluster and data lying in the storage account.
+For example, one MSI for access to data in storage account and dedicated MSI for cluster operations.
+
+### Updated
+
+**Script action**
+Script Action now can be added with Sudo user permission. Users can now install multiple dependencies including custom jars to customize the clusters as required. 
+
+**Library Management**
+Maven repository shortcut feature added to the Library Management in this release. User can now install Maven dependencies directly from the open-source repositories.
+
+**Spark 3.4**
+Spark 3.4 update brings a range of new features includes 
+* API enhancements
+* Structured streaming improvements
+* Improved usability and developer experience
+
+> [!IMPORTANT]
+> To take benefit of all these **latest features**, you are required to create a new cluster pool with 1.2 and cluster version 1.2.1
+
+### Known issues
+
+- **Workload identity limitation:**
+  - There's a known [limitation](/azure/aks/workload-identity-overview#limitations) when transitioning to workload identity. This limitation is due to the permission-sensitive nature of FIC operations. Users can't perform deletion of a cluster by deleting the resource group. Cluster deletion requests must be triggered by the application/user/principal with FIC/delete permissions. In case, the FIC deletion fails, the high-level cluster deletion also fails.
+  - **User Assigned Managed Identities (UAMI)** support – There's a limit of 20 FICs per UAMI. You can only create 20 Federated Credentials on an identity. In HDInsight on AKS cluster, FIC (Federated Identity Credential) and SA have one-to-one mapping and only 20 SAs can be created against an MSI. If you want to create more clusters, then you are required to provide different MSIs to overcome the limitation.
+  - Creation of federated identity credentials is currently not supported on user-assigned managed identities created in [these regions](/entra/workload-id/workload-identity-federation-considerations#unsupported-regions-user-assigned-managed-identities) 
+
+ 
+### Operating System version
+
+- Mariner OS 2.0
+
+**Workload versions**
+
+|Workload|Version|
+| -------- | -------- |
+|Trino | 440 |
+|Flink | 1.17.0 |
+|Apache Spark | 3.4 |
+
+**Supported Java and Scala versions**
+
+|Workload |Java|Scala|
+| ----------- | -------- | -------- |
+|Trino |Open JDK 21.0.2  |- |
+|Flink  |Open JDK 11.0.21 |2.12.7 |
+|Spark  |Open JDK 1.8.0_345  |2.12.15 |
+
+The preview is available in the following [regions](../overview.md#region-availability-public-preview).
+
+If you have any more questions, contact [Azure Support](https://ms.portal.azure.com/#view/Microsoft_Azure_Support/HelpAndSupportBlade/~/overview) or refer to the [Support options](../hdinsight-aks-support-help.md) page. If you have product specific feedback, write us on [aka.ms/askhdinsight](https://forms.office.com/pages/responsepage.aspx?id=v4j5cvGGr0GRqy180BHbR6HHTBN7UDpEhLm8BJmDhGJURDhLWEhBVE5QN0FQRUpHWDg4ODlZSDA4RCQlQCN0PWcu).
+
+
 ### Release date: March 20, 2024
 
 **This release applies to the following**

articles/hdinsight-aks/release-notes/hdinsight-aks-release-notes-archive.md

@@ -3,16 +3,14 @@ title: Release notes for Azure HDInsight on AKS
 description: Latest release notes for Azure HDInsight on AKS. Get development tips and details for Trino, Flink, Spark, and more.
 ms.service: azure-hdinsight-on-aks
 ms.topic: conceptual
-ms.date: 08/05/2024
+ms.date: 09/16/2024
 ---
 
 # Azure HDInsight on AKS release notes
 
 [!INCLUDE [retirement-notice](../includes/retirement-notice.md)]
 [!INCLUDE [feature-in-preview](../includes/feature-in-preview.md)]
 
-
-
 This article provides information about the **most recent** Azure HDInsight on AKS release updates. For information on earlier releases, see [Azure HDInsight on AKS archived release notes](./hdinsight-aks-release-notes-archive.md). If you would like to subscribe on release notes, watch releases on this [GitHub repository](https://github.com/Azure/HDInsight-on-aks/releases).
 
 ## Summary
@@ -34,39 +32,21 @@ You can refer to [What's new](../whats-new.md) page for all the details of the f
 
 ## Release Information
 
-### Release date: Aug 05, 2024
+### Release date: Sep 05, 2024
 
 **This release applies to the following**
 
 - Cluster Pool Version: 1.2
 - Cluster Version: 1.2.1
 - AKS version: 1.27
 
-### New Features
-
-**MSI based SQL authentication**
-Users can now authenticate external Azure SQL DB Metastore with MSI instead of User ID password authentication. This feature helps to further secure the cluster connection with Metastore.
 
-**Configurable VM SKUs for Head node, SSH node** 
-This functionality allows users to choose specific SKUs for head nodes, worker nodes, and SSH nodes, offering the flexibility to select according to the use case and the potential to lower total cost of ownership (TCO).
-
-**Multiple MSI in cluster**
-Users can configure multiple MSI for cluster admins operations and for job related resource access. This feature allows users to demarcate and control the access to the cluster and data lying in the storage account.
-For example, one MSI for access to data in storage account and dedicated MSI for cluster operations.
 
 ### Updated
 
-**Script action**
-Script Action now can be added with Sudo user permission. Users can now install multiple dependencies including custom jars to customize the clusters as required. 
-
-**Library Management**
-Maven repository shortcut feature added to the Library Management in this release. User can now install Maven dependencies directly from the open-source repositories.
+The latest API version release is as follows.
 
-**Spark 3.4**
-Spark 3.4 update brings a range of new features includes 
-* API enhancements
-* Structured streaming improvements
-* Improved usability and developer experience
+https://github.com/Azure/azure-rest-api-specs/blob/main/specification/hdinsight/resource-manager/Microsoft.HDInsight/HDInsightOnAks/preview/2024-05-01-preview/hdinsight.json.
 
 > [!IMPORTANT]
 > To take benefit of all these **latest features**, you are required to create a new cluster pool with 1.2 and cluster version 1.2.1

articles/hdinsight-aks/release-notes/hdinsight-aks-release-notes.md

@@ -44,40 +44,29 @@ Example service config that runs visual comparisons and configures the path for
 
 ```typeScript
 import { defineConfig } from '@playwright/test';
+import { getServiceConfig, ServiceOS } from '@azure/microsoft-playwright-testing';
 import config from './playwright.config';
-import dotenv from 'dotenv';
-
-dotenv.config();
-
-// Name the test run if it's not named yet.
-process.env.PLAYWRIGHT_SERVICE_RUN_ID = process.env.PLAYWRIGHT_SERVICE_RUN_ID || new Date().toISOString();
-
-// Can be 'linux' or 'windows'.
-const os = process.env.PLAYWRIGHT_SERVICE_OS || 'linux';
-
-export default defineConfig(config, {
-  workers: 20,
-
-  // Enable screenshot testing and configure directory with expectations.
-  ignoreSnapshots: false,
-  snapshotPathTemplate: `{testDir}/__screenshots__/{testFilePath}/${os}/{arg}{ext}`,
-
-  use: {
-    // Specify the service endpoint.
-    connectOptions: {
-      wsEndpoint: `${process.env.PLAYWRIGHT_SERVICE_URL}?cap=${JSON.stringify({
-        os,
-        runId: process.env.PLAYWRIGHT_SERVICE_RUN_ID
-      })}`,
-      timeout: 30000,
-      headers: {
-        'x-mpt-access-key': process.env.PLAYWRIGHT_SERVICE_ACCESS_TOKEN!
-      },
-      // Allow service to access the localhost.
-      exposeNetwork: '<loopback>'
-    }
+
+/* Learn more about service configuration at https://aka.ms/mpt/config */
+export default defineConfig(
+  config,
+  getServiceConfig(config, {
+    exposeNetwork: '<loopback>',
+    timeout: 30000,
+    os: ServiceOS.LINUX
+  }),
+  {
+    /* 
+    Playwright Testing service reporter is added by default.
+    This will override any reporter options specified in the base playwright config.
+    If you are using more reporters, please update your configuration accordingly.
+    */
+    reporter: [["list"], ['@azure/microsoft-playwright-testing/reporter']],
+    ignoreSnapshots: false,
+    // Enable screenshot testing and configure directory with expectations. 
+    snapshotPathTemplate: `{testDir}/__screenshots__/{testFilePath}/${ServiceOS.LINUX}/{arg}{ext}`,
   }
-});
+);
 ```
 
 ## Related content

articles/playwright-testing/how-to-configure-visual-comparisons.md

@@ -105,3 +105,4 @@ You can only delete access tokens that you created in a workspace. To create an
 ## Related content
 
 - Learn more about [managing access to a workspace](./how-to-manage-workspace-access.md).
+- Learn more about [managing authentication to the workspace](./how-to-manage-authentication.md)

articles/playwright-testing/how-to-manage-access-tokens.md

@@ -0,0 +1,96 @@
+---
+title: Microsoft Playwright Testing authentication
+description: Learn how to manage authentication and authorization for Microsoft Playwright Testing preview
+ms.topic: how-to
+ms.date: 09/07/2024
+ms.custom: playwright-testing-preview
+---
+
+# Manage authentication and authorization for Microsoft Playwright Testing preview
+
+In this article, you learn how to manage authentication and authorization for Microsoft Playwright Testing preview. Authentication is required to run Playwright tests on cloud-hosted browsers and to publish test results and artifacts to the service.
+
+By default, [Microsoft Entra ID](/entra/identity/) is used for authentication. This method is more secure and is the recommended authentication method. You can't disable authentication using Microsoft Entra ID. However, you can also use access tokens to authenticate and authorize.
+
+
+> [!IMPORTANT]
+> Microsoft Playwright Testing is currently in preview. For legal terms that apply to Azure features that are in beta, in preview, or otherwise not yet released into general availability, see the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
+
+## Background  
+
+Microsoft Playwright Testing Preview is built on the Playwright open-source framework. It runs Playwright tests on cloud-hosted browsers and publishes reports and artifacts back to the service. 
+
+To use the service, the client must authenticate with the service to access the browsers. Similarly, publishing results and artifacts requires authenticated API interactions. The service offers two authentication methods: Microsoft Entra ID and access tokens.
+
+Microsoft Entra ID uses your Azure credentials, requiring a sign-in to your Azure account for secure access. Alternatively, you can generate an access token from your Playwright workspace and use it in your setup. However, we strongly recommend Microsoft Entra ID for authentication due to its enhanced security. Access tokens, while convenient, function like long-lived passwords and are more susceptible to being compromised.
+
+## Enable authentication using access-tokens
+
+Microsoft Playwright Testing service also supports authentication using access tokens. This authentication method is less secure. We recommend using Microsoft Entra ID to authenticate to the service. 
+
+> [!CAUTION]
+> Your workspace access tokens are similar to a password for your Microsoft Playwright Testing workspace. Always be careful to protect your access tokens. Avoid distributing access tokens to other users, hard-coding them, or saving them anywhere in plain text that is accessible to others.
+
+Revoke and recreate your tokens if you believe they are compromised.
+
+To enable authentication using access tokens:
+
+1. Sign in to the [Playwright portal](https://aka.ms/mpt/portal) with your Azure account and select your workspace.
+
+1. Select the settings icon on the home page to go to the workspace settings.
+
+1. Select the **Authentication** page and turn on **Enable authentication using Access tokens**
+
+
+    :::image type="content" source="./media/how-to-manage-authentication/playwright-testing-enable-access-token.png" alt-text="Screenshot that shows the access tokens settings page in the Playwright portal." lightbox="./media/how-to-manage-authentication/playwright-testing-enable-access-token.png":::
+
+> [!CAUTION]
+> Authentication using access tokens is less secure. [Learn how to manage access tokens](./how-to-manage-access-tokens.md)
+
+## Set up authentication using access-tokens
+
+1. While running the tests, enable access token auth in the `playwright.service.config.ts` file in your setup. 
+
+    ```typescript
+    /* Learn more about service configuration at https://aka.ms/mpt/config */
+    export default defineConfig(config, getServiceConfig( config {
+        serviceAuthType:'ACCESS_TOKEN'
+    }));
+    ```
+
+1. Create access token 
+
+    Follow the steps to [create an access token](./how-to-manage-access-tokens.md#generate-a-workspace-access-token)
+
+1. Set up your environment
+
+    To set up your environment, you have to configure the `PLAYWRIGHT_SERVICE_ACCESS_TOKEN` environment variable with the value you obtained in the previous steps.
+
+    We recommend that you use the `dotenv` module to manage your environment. With `dotenv`, you define your environment variables in the `.env` file.
+
+    1. Add the `dotenv` module to your project:
+
+        ```shell
+        npm i --save-dev dotenv
+        ```
+
+    1. Create a `.env` file alongside the `playwright.config.ts` file in your Playwright project:
+        
+        ```
+        PLAYWRIGHT_SERVICE_ACCESS_TOKEN={MY-ACCESS-TOKEN}
+        ```
+
+        Make sure to replace the `{MY-ACCESS-TOKEN}` text placeholder with the value you copied earlier.
+
+
+## Run tests on the service and publish results
+
+Run Playwright tests against cloud-hosted browsers and publish the results to the service using the configuration you created above.
+
+```typescript
+npx playwright test --config=playwright.service.config.ts --workers=20
+```
+
+## Related content
+
+- Learn more about [managing access tokens](./how-to-manage-access-tokens.md).

articles/playwright-testing/how-to-manage-authentication.md

@@ -24,25 +24,18 @@ You can specify one or multiple networks by using a list of rules. For example,
 You can configure the `exposeNetwork` option in `playwright.service.config.ts`. The following example shows how to expose the `localhost` network by using the [`<loopback>`](https://en.wikipedia.org/wiki/Loopback) rule:
 
 ```typescript
-export default defineConfig(config, {
-    workers: 20,
-    use: {
-        // Specify the service endpoint.
-        connectOptions: {
-            wsEndpoint: `${process.env.PLAYWRIGHT_SERVICE_URL}?cap=${JSON.stringify({
-                // Can be 'linux' or 'windows'.
-                os: process.env.PLAYWRIGHT_SERVICE_OS || 'linux',
-                runId: process.env.PLAYWRIGHT_SERVICE_RUN_ID
-            })}`,
-            timeout: 30000,
-            headers: {
-                'x-mpt-access-key': process.env.PLAYWRIGHT_SERVICE_ACCESS_TOKEN!
-            },
-            // Allow service to access the localhost.
-            exposeNetwork: '<loopback>'
-        }
-    }
-});
+import { getServiceConfig, ServiceOS } from "@azure/microsoft-playwright-testing";
+import { defineConfig } from "@playwright/test";
+import { AzureCliCredential } from "@azure/identity";
+import config from "./playwright.config";
+
+export default defineConfig(
+  config,
+  getServiceConfig(config, {
+    exposeNetwork: '<loopback>', // Allow service to access the localhost.
+  }),
+);
+
 ```
 
 You can now reference `localhost` in the Playwright test code, and run the tests on cloud-hosted browsers with Microsoft Playwright Testing: