Merge branch 'main' of https://github.com/anilgodavarthy/azure-docs-pr-anil

Author: Anil Godavarthy

articles/iot-operations/troubleshoot/known-issues.md

@@ -4,12 +4,14 @@ description: Known issues for the MQTT broker, Layered Network Management (previ
 author: dominicbetts
 ms.author: dobett
 ms.topic: troubleshooting-known-issue
-ms.date: 04/16/2025
+ms.date: 05/07/2025
 ---
 
 # Known issues: Azure IoT Operations
 
-This article lists the current known issues for Azure IoT Operations.
+This article lists the current known issues you might encounter when using Azure IoT Operations. The guidance helps you identify these issues and provides workarounds where available.
+
+For general troubleshooting guidance, see [Troubleshoot Azure IoT Operations](troubleshoot.md).
 
 ## Deploy, update, and uninstall issues
 
@@ -45,13 +47,13 @@ Log signature: `"This codespace is currently running in recovery mode due to a c
 
 If you deploy Azure IoT Operations in GitHub Codespaces, shutting down and restarting the Codespace causes a `This codespace is currently running in recovery mode due to a configuration error` issue.
 
-Currently, there's no workaround for the issue. If you need a cluster that supports shutting down and restarting, choose one of the options in [Prepare your Azure Arc-enabled Kubernetes cluster](../deploy-iot-ops/howto-prepare-cluster.md).
+There's no workaround for this issue. If you need a cluster that supports shutting down and restarting, select one of the options in [Prepare your Azure Arc-enabled Kubernetes cluster](../deploy-iot-ops/howto-prepare-cluster.md).
 
 ## MQTT broker issues
 
 This section lists current known issues for the MQTT broker.
 
-### MQTT broker resources aren't visible in Azure portal
+### MQTT broker resources aren't visible in the Azure portal
 
 ---
 

articles/iot-operations/troubleshoot/troubleshoot.md

@@ -6,13 +6,20 @@ ms.author: sonialopez
 ms.topic: troubleshooting-general
 ms.custom:
   - ignite-2023
-ms.date: 03/07/2025
+ms.date: 05/07/2025
 ---
 
 # Troubleshoot Azure IoT Operations
 
 This article contains troubleshooting tips for Azure IoT Operations.
 
+The troubleshooting guidance helps you diagnose and resolve issues you might encounter when deploying, configuring, or running Azure IoT Operations by:
+
+- Collecting diagnostic information from the Azure IoT Operations service and the Azure IoT Operations components running on your cluster.
+- Providing solutions to common issues such as insufficient security permissions, missing secrets, or incorrect configuration settings.
+
+For information about known issues and temporary workarounds, see [Known issues: Azure IoT Operations](known-issues.md).
+
 ## Troubleshoot Azure IoT Operations deployment
 
 For general deployment and configuration troubleshooting, you can use the Azure CLI IoT Operations `check` and `support` commands.
@@ -31,7 +38,7 @@ If you see the following error message, you either didn't enable the required Az
 Message: Microsoft.ExtendedLocation resource provider does not have the required permissions to create a namespace on the cluster.
 ```
 
-To resolve, follow [this guidance](/azure/azure-arc/kubernetes/custom-locations#enable-custom-locations-on-your-cluster) for enabling the custom locations feature with the correct OID.
+To resolve the issue, follow [this guidance](/azure/azure-arc/kubernetes/custom-locations#enable-custom-locations-on-your-cluster) to enable the custom locations feature with the correct OID.
 
 ### You see a MissingResourceVersionOnHost error message
 
@@ -62,7 +69,7 @@ To resolve the issue, either elevate principal permissions, or don't deploy reso
 
 ### Deployment of MQTT broker fails
 
-A deployment can fail if the cluster doesn't have sufficient resources for the specified MQTT broker cardinality and memory profile. To resolve this situation, adjust the replica count, workers, sharding, and memory profile settings to appropriate values for your cluster.
+A deployment might fail if the cluster doesn't have sufficient resources for the specified MQTT broker cardinality and memory profile. To resolve this situation, adjust the replica count, workers, sharding, and memory profile settings to appropriate values for your cluster.
 
 > [!WARNING]
 > Setting the replica count to one can result in data loss in node failure scenarios.
@@ -78,7 +85,7 @@ Currently, you can't use the `az iot ops` command to enable resource sync rules
 
 To create the device registry rule:
 
-1. Create a file called *rsr_device_registry.json* with the following content. Replace the `<placeholder>` values with your own values:
+1. Create a file called *rsr_device_registry.json* with the following content. Replace the `<placeholder>` values with your values:
 
     ```json
     {
@@ -95,7 +102,7 @@ To create the device registry rule:
     }
     ```
 
-1. Run the following command to create the device registry resource sync rule. Replace the `<placeholder>` values with your own values:
+1. Run the following command to create the device registry resource sync rule. Replace the `<placeholder>` values with your values:
 
     ```azcli
     az rest --url /subscriptions/<subscription Id>/resourceGroups/<resource group name>/providers/Microsoft.ExtendedLocation/customLocations/<custom location name>/resourceSyncRules/<rule name>?api-version=2021-08-31-preview --method PUT --body "@rsr_device_registry.json"
@@ -128,7 +135,7 @@ To create the instance rule:
 
 ## Troubleshoot Azure Key Vault secret management
 
-If you see the following error message related to secret management, you need to update your Azure Key Vault contents:
+If you see the following error message related to secret management, update your Azure Key Vault contents:
 
 ```output
 rpc error: code = Unknown desc = failed to mount objects, error: failed to get objectType:secret,
@@ -138,7 +145,7 @@ If you recently deleted this secret you may be able to recover it using the corr
 For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125182" }
 ```
 
-This error occurs when Azure IoT Operations tries to synchronize a secret from Azure Key Vault that doesn't exist. To resolve this issue, you need to add the secret in Azure Key Vault before you create resources such as a secret provider class.
+This error occurs when Azure IoT Operations tries to synchronize a secret from Azure Key Vault that doesn't exist. To resolve this issue, add the secret in Azure Key Vault before you create resources such as a secret provider class.
 
 ## Troubleshoot OPC UA server connections
 

articles/managed-grafana/quickstart-managed-grafana-cli.md

@@ -5,7 +5,7 @@ ms.service: azure-managed-grafana
 ms.topic: quickstart
 author: maud-lv
 ms.author: malev
-ms.date: 12/17/2024
+ms.date: 03/14/2025
 ms.devlang: azurecli
 ms.custom: engagement-fy23, devx-track-azurecli
 # customer intent: As a developer or a data analyst, I want to create a new Azure Managed Grafana workspace using the Azure CLI.
@@ -16,17 +16,20 @@ ms.custom: engagement-fy23, devx-track-azurecli
 Get started using Azure Managed Grafana by creating an Azure Managed Grafana workspace using the Azure CLI.
 
 >[!NOTE]
-> Azure Managed Grafana has [two pricing plans](overview.md#service-tiers). This guides takes you through creating a new workspace in the Standard plan. To generate a workspace in the Essential (preview) plan, [use the Azure portal](quickstart-managed-grafana-portal.md).
+> Azure Managed Grafana has [two pricing plans](overview.md#service-tiers). This guide takes you through creating a new workspace in the Standard plan. To create a workspace in the Essential (preview) plan, [use the Azure portal](quickstart-managed-grafana-portal.md).
 
 ## Prerequisites
 
 - An Azure account for work or school with an active subscription. [Create an account for free](https://azure.microsoft.com/free).
 - Minimum required role to create a workspace: resource group Contributor.
 - Minimum required role to access the Grafana UI: resource group Owner.
-    >[!NOTE]
-    > If you don't meet this requirement, once you've created a new Azure Managed Grafana workspace, ask a User Access Administrator, subscription Owner or resource group Owner to grant you a Grafana Admin, Grafana Editor or Grafana Viewer role on the workspace.
 
-[!INCLUDE [azure-cli-prepare-your-environment-no-header.md](~/reusable-content/azure-cli/azure-cli-prepare-your-environment-no-header.md)]
+    > [!NOTE]
+    > If you're not a resource group Owner:
+    >  - once you've created the Azure Managed Grafana workspace, ask a User Access Administrator, subscription Owner or resource group Owner to grant you a Grafana Admin, Grafana Editor or Grafana Viewer role
+    >  - or consider creating the workspace using the **Creator can admin (Preview)** feature available from the Azure portal. Refer to the [Azure portal quickstart](quickstart-managed-grafana-portal.md) for more information.
+
+ [!INCLUDE [azure-cli-prepare-your-environment-no-header.md](~/reusable-content/azure-cli/azure-cli-prepare-your-environment-no-header.md)]
 
 ## Sign in to Azure
 

articles/managed-grafana/quickstart-managed-grafana-portal.md

@@ -18,9 +18,6 @@ In this quickstart, you get started with Azure Managed Grafana by creating an Az
 
 - An Azure account for work or school and an active subscription. [Create an account for free](https://azure.microsoft.com/free).
 - Minimum required role to create a workspace: resource group Contributor.
-- Minimum required role to access the Grafana UI: resource group Owner.
-    >[!NOTE]
-    > If you don't meet this requirement, once you've created a new Azure Managed Grafana workspace, ask a User Access Administrator, subscription Owner or resource group Owner to grant you a Grafana Admin, Grafana Editor or Grafana Viewer role on the workspace.
 
 ## Create an Azure Managed Grafana workspace
 
@@ -48,17 +45,26 @@ In this quickstart, you get started with Azure Managed Grafana by creating an Az
     - **Enable API key creation** is set to **Disable** by default.
     - If you've opted for the Standard plan, optionally enable the **Deterministic outbound IP** feature, which is set to **Disable** by default.
 
-1. Select **Next : Permission >** to control access rights for your Grafana workspace and data sources:
-   1. **System assigned managed identity** is set to **On**.
+1. Select **Next : Permission >** to control access rights for your Grafana instance and data sources:
+    - **System assigned managed identity** is set to **On**.
 
-      >[!NOTE]
-      >You can use a user-assigned managed identity instead of the default system-assigned managed identity once the Azure Managed Grafana resource is deployed. To learn more, go to [Set up Azure Managed Grafana authentication and permissions (preview)](how-to-authentication-permissions.md).
+      > [!NOTE]
+      > You can use a user-assigned managed identity instead of the default system-assigned managed identity once the Azure Managed Grafana resource is deployed. For more information, go to [Set up Azure Managed Grafana authentication and permissions (preview)](how-to-authentication-permissions.md).
 
-   1. The box **Add role assignment to this identity with 'Monitoring Reader' role on target subscription** is checked by default.
+    - If you're a subscription Owner or a User Access Administrator:
+        - the box **Add role assignment to this identity with 'Monitoring Reader' role on target subscription** is checked by default. This role assignment allows Azure Managed Grafana to access and display monitoring data from various Azure services.
+        - the box **Include myself** under **Grafana administrator role** is checked. This option grants you the Grafana administrator role, and lets you manage access rights. Optionally select **Add** to share this right with team members.
+    - If you're not a subscription Owner or a User Access Administrator, you can either:
+        - ask a subscription Owner or a User Access Administrator to assign you the Grafana Admin role
+        - or enable **Creator can admin (Preview)**. This option available in preview grants you the required permissions to access and manage the Grafana resource.
 
-   1. The box **Include myself** under **Grafana administrator role** is checked. This option grants you the Grafana administrator role, and lets you manage access rights. You can give this right to more members by selecting **Add**. If this option grays out for you, ask someone with the Owner role on the subscription to assign you the Grafana Admin role.
-   
-   1. If you've opted for the Standard plan, optionally disable public access and create a private endpoint that can access your resource.
+        > [!NOTE]
+        > The **Creator can admin (Preview)** option can only be enabled when creating the workspace. Later on, it can be disabled from the **Configuration** menu if the workspace creator doesn't need this level of access anymore. Once disabled, it cannot be enabled again. If this option is disabled and the user needs to access this Grafana instance again, they will need [a Grafana role](how-to-manage-access-permissions-users-identities.md).
+
+        > [!NOTE]
+        > The **Creator can admin (Preview)** option may not be available in some specific scenarios. For example, it doesn't support workspaces managed by Cloud Solution Providers (CSPs). In CSP scenarios, the necessary information about the individual creator of the resource is not accessible. As a result, the feature cannot grant administrative privileges to the creator.
+
+1. If you've opted for the Standard plan, in the **Networking** tab, optionally disable public access and create a private endpoint that can access your resource.
 
 1. Optionally select **Next : Tags** and add tags to categorize resources.
 
@@ -68,13 +74,16 @@ In this quickstart, you get started with Azure Managed Grafana by creating an Az
 
 1. Once the deployment is complete, select **Go to resource** to open your resource.
 
-1. In the **Overview** tab's Essentials section, select the **Endpoint** URL. Single sign-on via Microsoft Entra ID has been configured for you automatically. If prompted, enter your Azure account.
+1. In the **Overview** tab, select the **Endpoint** URL. Single sign-on via Microsoft Entra ID has been configured for you automatically. If prompted, enter your Azure account. 
 
     :::image type="content" source="media/quickstart-portal/grafana-overview.png" alt-text="Screenshot of the Azure portal. Endpoint URL display.":::
 
+    You can now start interacting with the Grafana application to configure data sources, create dashboards, reports and alerts. Suggested read: [Monitor Azure services and applications using Grafana](/azure/azure-monitor/visualize/grafana-plugin).
+
     :::image type="content" source="media/quickstart-portal/grafana-ui.png" alt-text="Screenshot of an Azure Managed Grafana workspace.":::
 
-You can now start interacting with the Grafana application to configure data sources, create dashboards, reports and alerts. Suggested read: [Monitor Azure services and applications using Grafana](/azure/azure-monitor/visualize/grafana-plugin).
+> [!IMPORTANT]
+> The **Creator can admin (Preview)** option is designed to be used for testing purposes. Whenever possible, we recommend assigning a [Grafana role](how-to-manage-access-permissions-users-identities.md) to all team members who need to access the Grafana portal and disabling the **Creator can edit** option.
 
 ## Clean up resources
 
@@ -84,7 +93,7 @@ In the preceding steps, you created an Azure Managed Grafana workspace in a new
 1. In the **Overview** page, make sure that the listed resources are the ones you want to delete.
 1. Select **Delete**, type the name of your resource group in the text box, and then select **Delete**.
 
-## Next steps
+## Next step
 
 > [!div class="nextstepaction"]
 > [How to configure data sources for Azure Managed Grafana](./how-to-data-source-plugins-managed-identity.md)

articles/managed-grafana/toc.yml

@@ -102,8 +102,12 @@ items:
     href: grafana-settings.md
   - name: Upgrade to Grafana 11
     href: how-to-upgrade-grafana-11.md   
-  - name: Troubleshoot common issues
-    href: troubleshoot-managed-grafana.md 
+  - name: Troubleshoot issues  
+    items:
+    - name: Troubleshoot common issues
+      href: troubleshoot-managed-grafana.md
+    - name: Troubleshoot connecting managed private endpoint to a private link service
+      href: troubleshoot-mpe-connection.md
 - name: Reference
   items:
   - name: Azure CLI

articles/managed-grafana/troubleshoot-managed-grafana.md

@@ -8,7 +8,7 @@ ms.service: azure-managed-grafana
 ms.date: 04/16/2025
 ---
 
-# Troubleshoot issues for Azure Managed Grafana
+# Troubleshoot common Azure Managed Grafana issues 
 
 This article guides you to troubleshoot errors with Azure Managed Grafana, and suggests solutions to resolve them.
 
@@ -200,7 +200,7 @@ After disabling System-Assigned Managed Identity, the data source that has been
 
 Data sources configured with a managed identity may still be able to access data from Azure services for up to 24 hours. When a role assignment is updated in a managed identity for Azure Managed Grafana, this change can take up to 24 hours to be effective, due to limitations of managed identities.
 
-## Next step
+## Related content
 
-> [!div class="nextstepaction"]
-> [Support](./find-help-open-support-ticket.md)
+- [Support](find-help-open-support-ticket.md)
+- [Troubleshoot connecting managed private endpoint to a private link service](troubleshoot-mpe-connection.md)