You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/app-provisioning/user-provisioning-sync-attributes-for-mapping.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -19,7 +19,7 @@ Azure Active Directory (Azure AD) must contain all the data (attributes) require
19
19
20
20
For users only in Azure AD, you can [create schema extensions using PowerShell or Microsoft Graph](#create-an-extension-attribute-on-a-cloud-only-user).
21
21
22
-
For users in on-premises Active Directory, you must sync the users to Azure AD. You can sync users and attributes using [Azure AD Connect](../hybrid/whatis-azure-ad-connect.md). Azure AD Connect automatically synchronizes certain attributes to Azure AD, but not all attributes. Furthermore, some attributes (such as SAMAccountName) that are synchronized by default might not be exposed using the Azure AD Graph API. In these cases, you can [use the Azure AD Connect directory extension feature to synchronize the attribute to Azure AD](#create-an-extension-attribute-using-azure-ad-connect). That way, the attribute will be visible to the Azure AD Graph API and the Azure AD provisioning service.
22
+
For users in on-premises Active Directory, you must sync the users to Azure AD. You can sync users and attributes using [Azure AD Connect](../hybrid/whatis-azure-ad-connect.md). Azure AD Connect automatically synchronizes certain attributes to Azure AD, but not all attributes. Furthermore, some attributes (such as SAMAccountName) that are synchronized by default might not be exposed using the Graph API. In these cases, you can [use the Azure AD Connect directory extension feature to synchronize the attribute to Azure AD](#create-an-extension-attribute-using-azure-ad-connect). That way, the attribute will be visible to the Graph API and the Azure AD provisioning service.
23
23
24
24
## Create an extension attribute on a cloud only user
25
25
You can use Microsoft Graph and PowerShell to extend the user schema for users in Azure AD. These extension attributes are automatically discovered in most cases.
Copy file name to clipboardExpand all lines: articles/active-directory/hybrid/reference-connect-version-history.md
+10Lines changed: 10 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -58,6 +58,16 @@ If you want all the latest features and updates, check this page and install wha
58
58
59
59
To read more about auto-upgrade, see [Azure AD Connect: Automatic upgrade](how-to-connect-install-automatic-upgrade.md).
60
60
61
+
## 2.0.91.0
62
+
63
+
### Release status
64
+
65
+
01/19/2022: Released for download only, not available for auto upgrade
66
+
67
+
### Functional changes
68
+
69
+
- We updated the Azure AD Connect Health component in this release from version 3.1.110.0 to version 3.2.1823.12. This new version provides compliance of the Azure AD Connect Health component with the [Federal Information Processing Standards (FIPS)](https://www.nist.gov/standardsgov/compliance-faqs-federal-information-processing-standards-fips) requirements.
Copy file name to clipboardExpand all lines: articles/active-directory/managed-identities-azure-resources/services-azure-active-directory-support.md
+2-1Lines changed: 2 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -23,6 +23,7 @@ The following services support Azure AD authentication. New services are added t
23
23
| Azure Batch |[Authenticate Batch service solutions with Active Directory](../../batch/batch-aad-auth.md)|
24
24
| Azure Container Registry |[Authenticate with an Azure container registry](../../container-registry/container-registry-authentication.md)|
25
25
| Azure Cognitive Services |[Authenticate requests to Azure Cognitive Services](../../cognitive-services/authentication.md?tabs=powershell#authenticate-with-azure-active-directory)|
26
+
| Azure Communication Services |[Authenticate to Azure Communication Services](../../communication-services/concepts/authentication.md)|
26
27
| Azure Databricks | [Authenticate using Azure Active Directory tokens](/azure/databricks/dev-tools/api/latest/aad/)
27
28
| Azure Data Explorer |[How-To Authenticate with Azure Active Directory for Azure Data Explorer Access](/azure/data-explorer/kusto/management/access-control/how-to-authenticate-with-aad)|
28
29
| Azure Data Lake Storage Gen1 |[Authentication with Azure Data Lake Storage Gen1 using Azure Active Directory](../../data-lake-store/data-lakes-store-authentication-using-azure-active-directory.md)|
@@ -49,4 +50,4 @@ The following services support Azure AD authentication. New services are added t
49
50
50
51
-[Azure China developer guide](/azure/china/resources-developer-guide)
51
52
-[Compare Azure Government and global Azure](../../azure-government/compare-azure-government-global-azure.md)
52
-
-[Azure services that can use Managed identities to access other services](managed-identities-status.md)
53
+
-[Azure services that can use Managed identities to access other services](managed-identities-status.md)
Copy file name to clipboardExpand all lines: articles/aks/security-controls-policy.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,7 +1,7 @@
1
1
---
2
2
title: Azure Policy Regulatory Compliance controls for Azure Kubernetes Service (AKS)
3
3
description: Lists Azure Policy Regulatory Compliance controls available for Azure Kubernetes Service (AKS). These built-in policy definitions provide common approaches to managing the compliance of your Azure resources.
Copy file name to clipboardExpand all lines: articles/api-management/api-management-howto-add-products.md
+30-12Lines changed: 30 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,20 +5,21 @@ description: In this tutorial, you create and publish a product in Azure API Man
5
5
author: dlepow
6
6
ms.service: api-management
7
7
ms.topic: tutorial
8
-
ms.date: 12/15/2021
8
+
ms.date: 01/18/2022
9
9
ms.author: danlep
10
10
ms.custom: devdivchpfy22
11
11
12
12
---
13
13
# Tutorial: Create and publish a product
14
14
15
-
In Azure API Management, a [*product*](api-management-terminology.md#term-definitions) contains one or more APIs, a usage quota, and the terms of use. After a product is published, developers can subscribe to the product and begin to use the product's APIs.
15
+
In Azure API Management, a [*product*](api-management-terminology.md#term-definitions) contains one or more APIs, a usage quota, and the terms of use. After a product is published, developers can [subscribe](api-management-subscriptions.md) to the product and begin to use the product's APIs.
16
16
17
17
In this tutorial, you learn how to:
18
18
19
19
> [!div class="checklist"]
20
20
> * Create and publish a product
21
21
> * Add an API to the product
22
+
> * Access product APIs
22
23
23
24
:::image type="content" source="media/api-management-howto-add-products/added-product-1.png" alt-text="API Management products in portal":::
24
25
@@ -46,12 +47,12 @@ In this tutorial, you learn how to:
| Display name | The name as you want it to be shown in the [developer portal](api-management-howto-developer-portal.md). |
48
49
| Description | Provide information about the product such as its purpose, the APIs it provides access to, and other details. |
49
-
|Published| Select **Published** if you want to publish the product. Before the APIs in a product can be called, the product must be published. By default, new products are unpublished, and are visible only to the **Administrators** group. |
50
-
| Requires subscription | Select if a user is required to subscribe to use the product. |
50
+
|State| Select **Published** if you want to publish the product. Before the APIs in a product can be called, the product must be published. By default, new products are unpublished, and are visible only to the **Administrators** group. |
51
+
| Requires subscription | Select if a user is required to subscribe to use the product (the product is *protected*) and a subscription key must be used to access the product's APIs. If a subscription isn't required (the product is *open*), a subscription key isn't required to access the product's APIs. See [Access to product APIs](#access-to-product-apis) later in this article.|
51
52
| Requires approval | Select if you want an administrator to review and accept or reject subscription attempts to this product. If not selected, subscription attempts are auto-approved. |
52
-
| Subscription count limit | Optionally, limit the count of multiple simultaneous subscriptions. |
53
-
| Legal terms | You can include the terms of use for the product, which subscribers must accept to use the product. |
54
-
| APIs | Select one or more APIs. You can also add APIs after creating the product. For more information, see [Add APIs to a product](#add-apis-to-a-product) later in this article. |
53
+
| Subscription count limit | Optionally limit the count of multiple simultaneous subscriptions. |
54
+
| Legal terms | You can include the terms of use for the product which subscribers must accept in order to use the product. |
55
+
| APIs | Select one or more APIs. You can also add APIs after creating the product. For more information, see [Add APIs to a product](#add-apis-to-a-product) later in this article. <br/><br/>If the product is open (doesn't require a subscription), you can only add an API that isn't associated with another open product. |
55
56
56
57
1. Select **Create** to create your new product.
57
58
@@ -77,7 +78,7 @@ You can specify various values for your product:
77
78
|`--product-name`| The name as you want it to be shown in the [developer portal](api-management-howto-developer-portal.md). |
78
79
|`--description`| Provide information about the product such as its purpose, the APIs it provides access to, and other details. |
79
80
|`--state`| Select **published** if you want to publish the product. Before the APIs in a product can be called, the product must be published. By default, new products are unpublished, and are visible only to the **Administrators** group. |
80
-
|`--subscription-required`| Select if a user is required to subscribe to use the product. |
81
+
|`--subscription-required`| Select if a user is required to subscribe to use the product (the product is *protected*) or a subscription isn't required (the product is *open*). See [Access to product APIs](#access-to-product-apis) later in this article. |
81
82
|`--approval-required`| Select if you want an administrator to review and accept or reject subscription attempts to this product. If not selected, subscription attempts are auto-approved. |
82
83
|`--subscriptions-limit`| Optionally, limit the count of multiple simultaneous subscriptions.|
83
84
|`--legal-terms`| You can include the terms of use for the product, which subscribers must accept to use the product. |
@@ -115,8 +116,6 @@ Continue configuring the product after saving it. In your API Management instanc
115
116
116
117
Products are associations of one or more APIs. You can include many APIs and offer them to developers through the developer portal. During the product creation, you can add one or more existing APIs. You can also add APIs to the product later, either from the Products **Settings** page or while creating an API.
117
118
118
-
Developers must first subscribe to a product to get access to the API. When they subscribe, they get a subscription key that is good for any API in that product. If you created the API Management instance, you're an administrator already, so you're subscribed to every product by default.
119
-
120
119
### Add an API to an existing product
121
120
122
121
### [Portal](#tab/azure-portal)
@@ -162,8 +161,26 @@ az apim product api delete --resource-group apim-hello-word-resource-group \
162
161
163
162
---
164
163
165
-
> [!TIP]
166
-
> You can create or update a user's subscription to a product with custom subscription keys through a [REST API](/rest/api/apimanagement/current-ga/subscription/create-or-update) or PowerShell command.
164
+
## Access to product APIs
165
+
166
+
After you publish a product, developers can access the APIs. Depending on how the product is configured, they may need to subscribe to the product for access.
167
+
168
+
***Protected product** - Developers must first subscribe to a protected product to get access to the product's APIs. When they subscribe, they get a subscription key that can access any API in that product. If you created the API Management instance, you are an administrator already, so you are subscribed to every product by default. For more information, see [Subscriptions in Azure API Management](api-management-subscriptions.md).
169
+
170
+
When a client makes an API request with a valid product subscription key, API Management processes the request and permits access in the context of the product. Policies and access control rules configured for the product can be applied.
171
+
172
+
> [!TIP]
173
+
> You can create or update a user's subscription to a product with custom subscription keys through a [REST API](/rest/api/apimanagement/current-ga/subscription/create-or-update) or PowerShell command.
174
+
175
+
***Open product** - Developers can access an open product's APIs without a subscription key. However, you can configure other mechanisms to secure client access to the APIs, including [OAuth 2.0](api-management-howto-protect-backend-with-aad.md), [client certificates](api-management-howto-mutual-certificates-for-clients.md), and [restricting caller IP addresses](./api-management-access-restriction-policies.md#RestrictCallerIPs).
176
+
177
+
When a client makes an API request without a subscription key:
178
+
179
+
* API Management checks whether the API is associated with an open product.
180
+
181
+
* If the open product exists, it then processes the request in the context of that open product. Policies and access control rules configured for the open product can be applied.
182
+
183
+
For more information, see [How API Management handles requests with or without subscription keys](api-management-subscriptions.md#how-api-management-handles-requests-with-or-without-subscription-keys).
167
184
168
185
## Next steps
169
186
@@ -172,6 +189,7 @@ In this tutorial, you learned how to:
Copy file name to clipboardExpand all lines: articles/api-management/api-management-revisions.md
+14-2Lines changed: 14 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -52,8 +52,20 @@ When you create a revision, you can set a description for your own tracking purp
52
52
53
53
When you set a revision as current you can also optionally specify a public change log note. The change log is included in the developer portal for your API users to view. You can modify your change log note using the `Update-AzApiManagementApiRelease` PowerShell cmdlet.
54
54
55
-
> [!NOTE]
56
-
> Certain API properties such as **Display name** and the **API suffix** can only be updated in the current revision.
55
+
> [!CAUTION]
56
+
> If you are editing a non-current revision of an API, you cannot change the following properties:
57
+
>
58
+
> * Name
59
+
> * Type
60
+
> * Description
61
+
> * Subscription required
62
+
> * API version
63
+
> * API version description
64
+
> * Path
65
+
> * Protocols
66
+
>
67
+
> These properties can only be changed in the current revision. If your edits change any of the above
68
+
> properties of a non-current revision, the error message `Can't change property for non-current revision` will be displayed.
0 commit comments