Merge pull request #194631 from MicrosoftDocs/main

Merge main to live, 4 AM

Author: ttorble

articles/azure-app-configuration/howto-integrate-azure-managed-service-identity.md

@@ -8,15 +8,26 @@ ms.service: azure-app-configuration
 ms.custom: devx-track-csharp, fasttrack-edit, subject-rbac-steps
 ms.topic: conceptual
 ms.date: 04/08/2021
+zone_pivot_groups: appconfig-provider
 ---
 # Use managed identities to access App Configuration
 
 Azure Active Directory [managed identities](../active-directory/managed-identities-azure-resources/overview.md) simplify secrets management for your cloud application. With a managed identity, your code can use the service principal created for the Azure service it runs on. You use a managed identity instead of a separate credential stored in Azure Key Vault or a local connection string.
 
 Azure App Configuration and its .NET Core, .NET Framework, and Java Spring client libraries have managed identity support built into them. Although you aren't required to use it, the managed identity eliminates the need for an access token that contains secrets. Your code can access the App Configuration store using only the service endpoint. You can embed this URL in your code directly without exposing any secret.
 
+:::zone target="docs" pivot="framework-dotnet"
+
 This article shows how you can take advantage of the managed identity to access App Configuration. It builds on the web app introduced in the quickstarts. Before you continue,  [Create an ASP.NET Core app with App Configuration](./quickstart-aspnet-core-app.md) first.
 
+:::zone-end
+
+:::zone target="docs" pivot="framework-spring"
+
+This article shows how you can take advantage of the managed identity to access App Configuration. It builds on the web app introduced in the quickstarts. Before you continue,  [Create a Java Spring app with Azure App Configuration](./quickstart-java-spring-app.md) first.
+
+:::zone-end
+
 > [!IMPORTANT]
 > Managed Identity cannot be used to authenticate locally-running applications. Your application must be deployed to an Azure service that supports Managed Identity. This article uses Azure App Service as an example, but the same concept applies to any other Azure service that supports managed identity, for example, [Azure Kubernetes Service](../aks/use-azure-ad-pod-identity.md), [Azure Virtual Machine](../active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm.md), and [Azure Container Instances](../container-instances/container-instances-managed-identity.md). If your workload is hosted in one of those services, you can leverage the service's managed identity support, too.
 
@@ -28,14 +39,25 @@ In this article, you learn how to:
 > * Grant a managed identity access to App Configuration.
 > * Configure your app to use a managed identity when you connect to App Configuration.
 
-
 ## Prerequisites
 
 To complete this tutorial, you must have:
 
+:::zone target="docs" pivot="framework-dotnet"
+
 * [.NET Core SDK](https://dotnet.microsoft.com/download).
 * [Azure Cloud Shell configured](../cloud-shell/quickstart.md).
 
+:::zone-end
+
+:::zone target="docs" pivot="framework-spring"
+
+- Azure subscription - [create one for free](https://azure.microsoft.com/free/)
+- A supported [Java Development Kit (JDK)](/java/azure/jdk) with version 11.
+- [Apache Maven](https://maven.apache.org/download.cgi) version 3.0 or above.
+
+:::zone-end
+
 [!INCLUDE [quickstarts-free-trial-note](../../includes/quickstarts-free-trial-note.md)]
 
 ## Add a managed identity
@@ -66,16 +88,18 @@ The following steps describe how to assign the App Configuration Data Reader rol
 
 1. On the **Role** tab, select the **App Configuration Data Reader** role.
 
-    ![Add role assignment page with Role tab selected.](../../includes/role-based-access-control/media/add-role-assignment-role-generic.png)
+    ![Add role assignment page with Role tab selected.](./media/add-role-assignment-role.png)
 
 1. On the **Members** tab, select **Managed identity**, and then select **Select members**.
 
-1. Select your Azure subscription, select **System-assigned managed identity**, and then select **App Service**.
+1. Select your Azure subscription, for Managed Identity select **App Service**, then select your App Service name.
 
 1. On the **Review + assign** tab, select **Review + assign** to assign the role.
 
 ## Use a managed identity
 
+:::zone target="docs" pivot="framework-dotnet"
+
 1. Add a reference to the *Azure.Identity* package:
 
     ```bash
@@ -158,13 +182,38 @@ The following steps describe how to assign the App Configuration Data Reader rol
     >        });
     >```
     >As explained in the [Managed Identities for Azure resources FAQs](../active-directory/managed-identities-azure-resources/known-issues.md), there is a default way to resolve which managed identity is used. In this case, the Azure Identity library enforces you to specify the desired identity to avoid posible runtime issues in the future (for instance, if a new user-assigned managed identity is added or if the system-assigned managed identity is enabled). So, you will need to specify the clientId even if only one user-assigned managed identity is defined, and there is no system-assigned managed identity.
- 
-    
+
+:::zone-end
+
+:::zone target="docs" pivot="framework-spring"
+
+1. Find the endpoint to your App Configuration store. This URL is listed on the **Overview** tab for the store in the Azure portal.
+
+1. Open `bootstrap.properties`, remove the connection-string property and replace it with endpoint:
+
+```properties
+spring.cloud.azure.appconfiguration.stores[0].endpoint=<service_endpoint>
+```
+
+> [!NOTE]
+> If you want to use **user-assigned managed identity** the property `spring.cloud.azure.appconfiguration.stores[0].managed-identity.client-id`, be sure to specify the clientId when creating the [ManagedIdentityCredential](/java/api/com.azure.identity.managedidentitycredential).
+
+:::zone-end
 
 ## Deploy your application
 
+:::zone target="docs" pivot="framework-dotnet"
+
 Using managed identities requires you to deploy your app to an Azure service. Managed identities can't be used for authentication of locally-running apps. To deploy the .NET Core app that you created in the [Create an ASP.NET Core app with App Configuration](./quickstart-aspnet-core-app.md) quickstart and modified to use managed identities, follow the guidance in [Publish your web app](../app-service/quickstart-dotnetcore.md?pivots=development-environment-vs&tabs=netcore31#publish-your-web-app).
 
+:::zone-end
+
+:::zone target="docs" pivot="framework-spring"
+
+Using managed identities requires you to deploy your app to an Azure service. Managed identities can't be used for authentication of locally-running apps. To deploy the Spring app that you created in the [Create a Java Spring app with Azure App Configuration](./quickstart-java-spring-app.md) quickstart and modified to use managed identities, follow the guidance in [Publish your web app](../app-service/quickstart-java.md?tabs=javase&pivots=platform-linux).
+
+:::zone-end
+
 In addition to App Service, many other Azure services support managed identities. For more information, see [Services that support managed identities for Azure resources](../active-directory/managed-identities-azure-resources/services-support-managed-identities.md).
 
 ## Clean up resources

articles/azure-app-configuration/media/add-role-assignment-role.png

@@ -28,7 +28,7 @@ Currently, Azure Arc allows you to manage the following resource types hosted ou
 * [Azure data services](data/overview.md): Run Azure data services on-premises, at the edge, and in public clouds using Kubernetes and the infrastructure of your choice. SQL Managed Instance
 and PostgreSQL Hyperscale (preview) services are currently available.
 * [SQL Server](/sql/sql-server/azure-arc/overview): Extend Azure services to SQL Server instances hosted outside of Azure.
-* Virtual machines (preview): Provision, resize, delete and manage virtual machines based on [VMware vSphere](/vmware-vsphere/overview.md) or [Azure Stack HCI](/azure-stack/hci/manage/azure-arc-enabled-virtual-machines) and enable VM self-service through role-based access.
+* Virtual machines (preview): Provision, resize, delete and manage virtual machines based on [VMware vSphere](/azure/azure-arc/vmware-vsphere/overview) or [Azure Stack HCI](/azure-stack/hci/manage/azure-arc-enabled-virtual-machines) and enable VM self-service through role-based access.
 
 ## Key features and benefits
 
@@ -48,7 +48,7 @@ Some of the key scenarios that Azure Arc supports are:
 
 * Create [custom locations](./kubernetes/custom-locations.md) on top of your [Azure Arc-enabled Kubernetes](./kubernetes/overview.md) clusters, using them as target locations for deploying Azure services instances. Deploy your Azure service cluster extensions for [Azure Arc-enabled Data Services](./data/create-data-controller-direct-azure-portal.md), [App Services on Azure Arc](../app-service/overview-arc-integration.md) (including web, function, and logic apps) and [Event Grid on Kubernetes](../event-grid/kubernetes/overview.md).
 
-* Perform virtual machine lifecycle and management operations for [VMware vSphere](/vmware-vsphere/overview.md) and [Azure Stack HCI](/azure-stack/hci/manage/azure-arc-enabled-virtual-machines) environments.
+* Perform virtual machine lifecycle and management operations for [VMware vSphere](/azure/azure-arc/vmware-vsphere/overview) and [Azure Stack HCI](/azure-stack/hci/manage/azure-arc-enabled-virtual-machines) environments.
 
 * A unified experience viewing your Azure Arc-enabled resources, whether you are using the Azure portal, the Azure CLI, Azure PowerShell, or Azure REST API.
 
@@ -84,5 +84,5 @@ For information, see the [Azure pricing page](https://azure.microsoft.com/pricin
 * Learn about [Azure Arc-enabled Kubernetes](./kubernetes/overview.md).
 * Learn about [Azure Arc-enabled data services](https://azure.microsoft.com/services/azure-arc/hybrid-data-services/).
 * Learn about [SQL Server on Azure Arc-enabled servers](/sql/sql-server/azure-arc/overview).
-* Learn about [Azure Arc-enabled VMware vSphere](vmware-vsphere/overview.md) and [Azure Arc-enabled Azure Stack HCI](https://docs.microsoft.com/azure-stack/hci/manage/azure-arc-enabled-virtual-machines)
+* Learn about [Azure Arc-enabled VMware vSphere](vmware-vsphere/overview.md) and [Azure Arc-enabled Azure Stack HCI](/azure-stack/hci/manage/azure-arc-enabled-virtual-machines)
 * Experience Azure Arc-enabled services by exploring the [Jumpstart proof of concept](https://azurearcjumpstart.io/azure_arc_jumpstart/).

articles/azure-arc/overview.md

@@ -18,9 +18,9 @@ Before using Activity log insights, you'll have to [enable sending logs to your
 
 ## How does Activity logs insights work?
 
-Activity logs you send to a [Log Analytics workspace](/articles/azure-monitor/logs/log-analytics-workspace-overview.md) are stored in a table called AzureActivity. 
+Activity logs you send to a [Log Analytics workspace](/azure/azure-monitor/logs/log-analytics-workspace-overview) are stored in a table called AzureActivity. 
 
-Activity logs insights are a curated [Log Analytics workbook](/articles/azure-monitor/visualize/workbooks-overview.md) with dashboards that visualize the data in the AzureActivity table. For example, which administrators deleted, updated or created resources, and whether the activities failed or succeeded.
+Activity logs insights are a curated [Log Analytics workbook](/azure/azure-monitor/visualize/workbooks-overview) with dashboards that visualize the data in the AzureActivity table. For example, which administrators deleted, updated or created resources, and whether the activities failed or succeeded.
 
 :::image type="content" source="media/activity-log/activity-logs-insights-main.png" lightbox="media/activity-log/activity-logs-insights-main.png" alt-text="A screenshot showing Azure Activity logs insights dashboards":::
 
@@ -52,7 +52,7 @@ To view Activity logs insights on a resource level:
 1. At the top of the **Activity Logs Insights** page, select:
 
     1. A time range for which to view data from the **TimeRange** dropdown.
-    * **Azure Activity Logs Entries** shows the count of Activity log records in each [activity log category](/articles/azure-monitor/essentials/activity-log-schema#categories).
+    * **Azure Activity Logs Entries** shows the count of Activity log records in each [activity log category](/azure/azure-monitor/essentials/activity-log-schema#categories).
 
         :::image type="content" source="media/activity-log/activity-logs-insights-category-value.png" lightbox= "media/activity-log/activity-logs-insights-category-value.png" alt-text="Azure Activity Logs by Category Value":::
 
@@ -68,4 +68,4 @@ To view Activity logs insights on a resource level:
 Learn more about:
 * [Platform logs](./platform-logs-overview.md)
 * [Activity log event schema](activity-log-schema.md)
-* [Creating a diagnostic setting to send Activity logs to other destinations](./diagnostic-settings.md)
+* [Creating a diagnostic setting to send Activity logs to other destinations](./diagnostic-settings.md)

articles/azure-monitor/essentials/activity-logs-insights.md

@@ -50,20 +50,10 @@ Below you'll find more information on prerequisites and steps to set up the samp
 
 ## Prerequisites
 
+- [Visual Studio Code (Stable Build)](https://code.visualstudio.com/download)
+- [Node.js (16.14.2 and above)](https://nodejs.org/en/download/)
 - Create an Azure account with an active subscription. For details, see [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
-- [Node.js (8.11.2 and above)](https://nodejs.org/en/download/)
-- [Visual Studio (2017 and above)](https://visualstudio.microsoft.com/vs/)
-- [.NET Core 3.1](https://dotnet.microsoft.com/download/dotnet-core/3.1) (Make sure to install version that corresponds with your visual studio instance, 32 vs 64 bit)
-- Create an Azure Communication Services resource. For details, see [Create an Azure Communication Services resource](../quickstarts/create-communication-resource.md). You'll need to record your resource **connection string** for this quickstart.
-
-## Locally deploying the service & client app
-
-The single threaded chat sample is essentially two "applications" a client and server application.
-
-Open up Visual Studio on the chat.csproj and run in Debug mode, this will start up the chat front end service. When the server app is visited
-from the browser, it will redirect traffic towards the locally deployed chat front end service.
-
-You can test the sample locally by opening multiple browser sessions with the URL of your chat to simulate a multi-user chat.
+- Create an Azure Communication Services resource. For details, see [Create an Azure Communication Resource](../quickstarts/create-communication-resource.md). You'll need to record your resource **connection string** for this quickstart.
 
 ## Before running the sample for the first time
 
@@ -72,22 +62,24 @@ You can test the sample locally by opening multiple browser sessions with the UR
 3. Get the `Connection String` and `Endpoint URL` from the Azure portal. For more information on connection strings, see [Create an Azure Communication Services resources](../quickstarts/create-communication-resource.md)
 4. Once you get the `Connection String` and `Endpoint URL`, Add both values to the **Server/appsettings.json** file found under the Chat Hero Sample folder. Input your connection string in the variable: `ResourceConnectionString` and endpoint URL in the variable: `EndpointUrl`.
 
-### Local run
-
-1. Go to the Chat folder and open the `Chat.csproj` solution in Visual Studio
-2. Run the project. The browser will open at localhost:5000.
+## Local run
 
-#### Troubleshooting
+1. Set your connection string in `Server/appsettings.json`
+2. Set your endpoint URL string in `Server/appsettings.json`
+3. `npm run setup` from the root directory
+4. `npm run start` from the root directory
 
-- Solution doesn't build, it throws errors during NPM installation/build
-
-   Clean/rebuild the C# solution
+You can test the sample locally by opening multiple browser sessions with the URL of your chat to simulate a multi-user chat.
 
 ## Publish the sample to Azure
 
-1. Right click on the `Chat` project and select Publish.
-2. Create a new publish profile and select your Azure subscription.
-3. Before publishing, add your connection string with `Edit App Service Settings`, and fill in `ResourceConnectionString` as the key and provide your connection string (copied from appsettings.json) as the value.
+1. Under the root director, run these commands:
+```
+npm run setup
+npm run build
+npm run package
+```
+2. Use the Azure extension and deploy the Chat/dist directory to your app service
 
 ## Clean up resources
 
@@ -110,4 +102,3 @@ For more information, see the following articles:
 - [Redux](https://redux.js.org/) - Client-side state management
 - [FluentUI](https://aka.ms/fluent-ui) - Microsoft powered UI library
 - [React](https://reactjs.org/) - Library for building user interfaces
-- [ASP.NET Core](/aspnet/core/introduction-to-aspnet-core?preserve-view=true&view=aspnetcore-3.1) - Framework for building web applications

articles/communication-services/samples/chat-hero-sample.md

@@ -5,7 +5,7 @@ author: markjbrown
 ms.author: mjbrown
 ms.service: cosmos-db
 ms.topic: conceptual
-ms.date: 02/16/2022
+ms.date: 04/08/2022
 ---
 
 # Azure Cosmos DB service quotas
@@ -216,7 +216,7 @@ Cosmos DB supports querying items using [SQL](./sql-query-getting-started.md). T
 | Resource | Default limit |
 | --- | --- |
 | Maximum length of SQL query| 256 KB |
-| Maximum JOINs per query| 5 <sup>*</sup>|
+| Maximum JOINs per query| 10 <sup>*</sup>|
 | Maximum UDFs per query| 10 <sup>*</sup>|
 | Maximum points per polygon| 4096 |
 | Maximum included paths per container| 500 |