Skip to content

Commit d611f6c

Browse files
authored
Merge pull request #272671 from MicrosoftDocs/main
4/18/2024 PM Publish
2 parents 501f390 + 673a28f commit d611f6c

File tree

42 files changed

+504
-287
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

42 files changed

+504
-287
lines changed

articles/ai-services/openai/how-to/use-your-data-securely.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ ms.service: azure-ai-openai
88
ms.topic: how-to
99
author: aahill
1010
ms.author: aahi
11-
ms.date: 04/05/2024
11+
ms.date: 04/18/2024
1212
recommendations: false
1313
---
1414

@@ -215,7 +215,7 @@ You can disable public network access of your Azure AI Search resource in the Az
215215
To allow access to your Azure AI Search resource from your client machines, like using Azure OpenAI Studio, you need to create [private endpoint connections](/azure/search/service-create-private-endpoint) that connect to your Azure AI Search resource.
216216

217217
> [!NOTE]
218-
> To allow access to your Azure AI Search resource from Azure OpenAI resource, you need to submit an [application form](https://aka.ms/applyacsvpnaoaioyd). The application will be reviewed in 10 business days and you will be contacted via email about the results. If you are eligible, we will provision the private endpoint in Microsoft managed virtual network, and send a private endpoint connection request to your search service, and you will need to approve the request.
218+
> To allow access to your Azure AI Search resource from Azure OpenAI resource, you need to submit an [application form](https://aka.ms/applyacsvpnaoaioyd). The application will be reviewed in 5 business days and you will be contacted via email about the results. If you are eligible, we will provision the private endpoint in Microsoft managed virtual network, and send a private endpoint connection request to your search service, and you will need to approve the request.
219219
220220
:::image type="content" source="../media/use-your-data/approve-private-endpoint.png" alt-text="A screenshot showing private endpoint approval screen." lightbox="../media/use-your-data/approve-private-endpoint.png":::
221221

articles/aks/dapr-workflow.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ The workflow example is an ASP.NET Core project with:
2929
- Workflow activity definitions found in the [`Activities` directory][dapr-activities-dir].
3030

3131
> [!NOTE]
32-
> Dapr Workflow is currently an [alpha][dapr-workflow-alpha] feature and is on a self-service, opt-in basis. Alpha Dapr APIs and components are provided "as is" and "as available," and are continually evolving as they move toward stable status. Alpha APIs and components are not covered by customer support.
32+
> Dapr Workflow is currently a [beta][dapr-workflow-preview] feature and is on a self-service, opt-in basis. Beta Dapr APIs and components are provided "as is" and "as available," and are continually evolving as they move toward stable status. Beta APIs and components are not covered by customer support.
3333
3434
## Prerequisites
3535

@@ -199,7 +199,7 @@ Notice that the workflow status is marked as completed.
199199
[dapr-program]: https://github.com/Azure/dapr-workflows-aks-sample/blob/main/Program.cs
200200
[dapr-workflow-dir]: https://github.com/Azure/dapr-workflows-aks-sample/tree/main/Workflows
201201
[dapr-activities-dir]: https://github.com/Azure/dapr-workflows-aks-sample/tree/main/Activities
202-
[dapr-workflow-alpha]: https://docs.dapr.io/operations/support/support-preview-features/#current-preview-features
202+
[dapr-workflow-preview]: https://docs.dapr.io/operations/support/support-preview-features/#current-preview-features
203203
[deployment-yaml]: https://github.com/Azure/dapr-workflows-aks-sample/blob/main/Deploy/deployment.yaml
204204
[docker]: https://docs.docker.com/get-docker/
205205
[helm]: https://helm.sh/docs/intro/install/

articles/application-gateway/configuration-infrastructure.md

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ services: application-gateway
55
author: greg-lindsay
66
ms.service: application-gateway
77
ms.topic: conceptual
8-
ms.date: 03/15/2024
8+
ms.date: 04/18/2024
99
ms.author: greglin
1010
---
1111

@@ -68,11 +68,13 @@ The virtual network resource supports [DNS server](../virtual-network/manage-vir
6868
6969
### Virtual network permission
7070

71-
The Application Gateway resource is deployed inside a virtual network, so we also perform a check to verify the permission on the provided virtual network resource. This validation is performed during both creation and management operations.
71+
The Application Gateway resource is deployed inside a virtual network, so checks are also performed to verify the permission on the virtual network resource. This validation is performed during both creation and management operations and also applies to the [managed identities for Application Gateway Ingress Controller](./tutorial-ingress-controller-add-on-new.md#deploy-an-aks-cluster-with-the-add-on-enabled).
7272

73-
Check your [Azure role-based access control](../role-based-access-control/role-assignments-list-portal.md) to verify that the users (and service principals) that operate application gateways also have at least **Microsoft.Network/virtualNetworks/subnets/join/action** permission on the virtual network or subnet. This validation also applies to the [managed identities for Application Gateway Ingress Controller](./tutorial-ingress-controller-add-on-new.md#deploy-an-aks-cluster-with-the-add-on-enabled).
73+
Check your [Azure role-based access control](../role-based-access-control/role-assignments-list-portal.md) to verify that the users and service principals that operate application gateways have at least the following permissions on the virtual network or subnet:
74+
- **Microsoft.Network/virtualNetworks/subnets/join/action**
75+
- **Microsoft.Network/virtualNetworks/subnets/read**
7476

75-
You can use the built-in roles, such as [Network contributor](../role-based-access-control/built-in-roles.md#network-contributor), which already support this permission. If a built-in role doesn't provide the right permission, you can [create and assign a custom role](../role-based-access-control/custom-roles-portal.md). Learn more about [managing subnet permissions](../virtual-network/virtual-network-manage-subnet.md#permissions).
77+
You can use the built-in roles, such as [Network contributor](../role-based-access-control/built-in-roles.md#network-contributor), which already support these permissions. If a built-in role doesn't provide the right permission, you can [create and assign a custom role](../role-based-access-control/custom-roles-portal.md). Learn more about [managing subnet permissions](../virtual-network/virtual-network-manage-subnet.md#permissions).
7678

7779
> [!NOTE]
7880
> You might have to allow sufficient time for [Azure Resource Manager cache refresh](../role-based-access-control/troubleshooting.md?tabs=bicep#symptom---role-assignment-changes-are-not-being-detected) after role assignment changes.

articles/azure-arc/resource-bridge/troubleshoot-resource-bridge.md

Lines changed: 1 addition & 62 deletions
Original file line numberDiff line numberDiff line change
@@ -263,9 +263,7 @@ When deploying the resource bridge on VMware vCenter, you might get an error say
263263
**Datastore** 
264264

265265
- Allocate space
266-
267266
- Browse datastore
268-
269267
- Low level file operations
270268

271269
**Folder** 
@@ -283,9 +281,7 @@ When deploying the resource bridge on VMware vCenter, you might get an error say
283281
**Resource**
284282

285283
- Assign virtual machine to resource pool
286-
287284
- Migrate powered off virtual machine
288-
289285
- Migrate powered on virtual machine
290286

291287
**Sessions**
@@ -295,125 +291,68 @@ When deploying the resource bridge on VMware vCenter, you might get an error say
295291
**vApp**
296292

297293
- Assign resource pool
298-
299294
- Import 
300295

301296
**Virtual machine**
302297

303298
- Change Configuration
304-
305299
- Acquire disk lease
306-
307300
- Add existing disk
308-
309301
- Add new disk
310-
311302
- Add or remove device
312-
313303
- Advanced configuration
314-
315304
- Change CPU count
316-
317305
- Change Memory
318-
319306
- Change Settings
320-
321307
- Change resource
322-
323308
- Configure managedBy
324-
325309
- Display connection settings
326-
327310
- Extend virtual disk
328-
329311
- Modify device settings
330-
331312
- Query Fault Tolerance compatibility
332-
333313
- Query unowned files
334-
335314
- Reload from path
336-
337315
- Remove disk
338-
339316
- Rename
340-
341317
- Reset guest information
342-
343318
- Set annotation
344-
345319
- Toggle disk change tracking
346-
347320
- Toggle fork parent
348-
349321
- Upgrade virtual machine compatibility
350-
351322
- Edit Inventory
352-
353323
- Create from existing
354-
355324
- Create new
356-
357325
- Register
358-
359326
- Remove
360-
361327
- Unregister
362-
363328
- Guest operations
364-
365329
- Guest operation alias modification
366-
367330
- Guest operation modifications
368-
369331
- Guest operation program execution
370-
371332
- Guest operation queries
372-
373333
- Interaction
374-
375334
- Connect devices
376-
377335
- Console interaction
378-
379336
- Guest operating system management by VIX API
380-
381337
- Install VMware Tools
382-
383338
- Power off
384-
385339
- Power on
386-
387340
- Reset
388-
389341
- Suspend
390-
391342
- Provisioning
392-
393343
- Allow disk access
394-
395344
- Allow file access
396-
397345
- Allow read-only disk access
398-
399346
- Allow virtual machine download
400-
401347
- Allow virtual machine files upload
402-
403348
- Clone virtual machine
404-
405349
- Deploy template
406-
407350
- Mark as template
408-
409351
- Mark as virtual machine
410-
352+
- Customize guest
411353
- Snapshot management
412-
413354
- Create snapshot
414-
415355
- Remove snapshot
416-
417356
- Revert to snapshot
418357

419358
## Next steps

articles/azure-arc/servers/agent-release-notes-archive.md

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,27 @@ The Azure Connected Machine agent receives improvements on an ongoing basis. Thi
1919
- Known issues
2020
- Bug fixes
2121

22+
## Version 1.35 - October 2023
23+
24+
Download for [Windows](https://download.microsoft.com/download/e/7/0/e70b1753-646e-4aea-bac4-40187b5128b0/AzureConnectedMachineAgent.msi) or [Linux](manage-agent.md#installing-a-specific-version-of-the-agent)
25+
26+
### Known issues
27+
28+
The Windows Admin Center in Azure feature is incompatible with Azure Connected Machine agent version 1.35. Upgrade to version 1.37 or later to use this feature.
29+
30+
### New features
31+
32+
- The Linux installation script now downloads supporting assets with either wget or curl, depending on which tool is available on the system
33+
- [azcmagent connect](azcmagent-connect.md) and [azcmagent disconnect](azcmagent-disconnect.md) now accept the `--user-tenant-id` parameter to enable Lighthouse users to use a credential from their tenant and onboard a server to a different tenant.
34+
- You can configure the extension manager to run, without allowing any extensions to be installed, by configuring the allowlist to `Allow/None`. This supports Windows Server 2012 ESU scenarios where the extension manager is required for billing purposes but doesn't need to allow any extensions to be installed. Learn more about [local security controls](security-overview.md#local-agent-security-controls).
35+
36+
### Fixed
37+
38+
- Improved reliability when installing Microsoft Defender for Endpoint on Linux by increasing [available system resources](agent-overview.md#agent-resource-governance) and extending the timeout
39+
- Better error handling when a user specifies an invalid location name to [azcmagent connect](azcmagent-connect.md)
40+
- Fixed a bug where clearing the `incomingconnections.enabled` [configuration setting](azcmagent-config.md) would show `<nil>` as the previous value
41+
- Security fix for the extension allowlist and blocklist feature to address an issue where an invalid extension name could impact enforcement of the lists.
42+
2243
## Version 1.34 - September 2023
2344

2445
Download for [Windows](https://download.microsoft.com/download/b/3/2/b3220316-13db-4f1f-babf-b1aab33b364f/AzureConnectedMachineAgent.msi) or [Linux](manage-agent.md#installing-a-specific-version-of-the-agent)

articles/azure-arc/servers/agent-release-notes.md

Lines changed: 17 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
title: What's new with Azure Connected Machine agent
33
description: This article has release notes for Azure Connected Machine agent. For many of the summarized issues, there are links to more details.
44
ms.topic: overview
5-
ms.date: 02/07/2024
5+
ms.date: 04/09/2024
66
ms.custom: references_regions
77
---
88

@@ -16,6 +16,21 @@ The Azure Connected Machine agent receives improvements on an ongoing basis. To
1616

1717
This page is updated monthly, so revisit it regularly. If you're looking for items older than six months, you can find them in [archive for What's new with Azure Connected Machine agent](agent-release-notes-archive.md).
1818

19+
## Version 1.40 - April 2024
20+
21+
Download for [Windows](https://download.microsoft.com/download/c/c/e/cce7456c-e998-4fa1-9566-f43f4a2f6a6f/AzureConnectedMachineAgent.msi) or [Linux](manage-agent.md#installing-a-specific-version-of-the-agent)
22+
23+
### New features
24+
25+
- Oracle Linux 9 is now a [supported operating system](prerequisites.md#supported-operating-systems)
26+
27+
### Fixed
28+
29+
- Improved error handling when a machine configuration policy has an invalid SAS token
30+
- The installation script for Windows now includes a flag to suppress reboots in case any agent executables are in use during an upgrade
31+
- Fixed an issue that could block agent installation or upgrades on Windows when the installer can't change the access control list on the agent's log directories.
32+
- Extension package maximum download size increased to fix access to the [latest versions of the Azure Monitor Agent](/azure/azure-monitor/agents/azure-monitor-agent-extension-versions) on Azure Arc-enabled servers.
33+
1934
## Version 1.39 - March 2024
2035

2136
Download for [Windows](https://download.microsoft.com/download/1/9/f/19f44dde-2c34-4676-80d7-9fa5fc44d2a8/AzureConnectedMachineAgent.msi) or [Linux](manage-agent.md#installing-a-specific-version-of-the-agent)
@@ -38,7 +53,7 @@ Download for [Windows](https://download.microsoft.com/download/4/8/f/48f69eb1-f7
3853

3954
### Known issues
4055

41-
Windows machines that try to upgrade to version 1.38 via Microsoft Update and encounter an error might fail to roll back to the previously installed version. As a result, the machine will appear "Disconnected" and won't be manageable from Azure. The update has been removed from the Microsoft Update Catalog while Microsoft investigates this behavior. Manual installations of the agent on new and existing machines aren't affected.
56+
Windows machines that try and fail to upgrade to version 1.38 manually or via Microsoft Update might not roll back to the previously installed version. As a result, the machine will appear "Disconnected" and won't be manageable from Azure. A new version of 1.38 was released to Microsoft Update and the Microsoft Download Center on March 5, 2024 that resolves this issue.
4257

4358
If your machine was affected by this issue, you can repair the agent by downloading and installing the agent again. The agent will automatically discover the existing configuration and restore connectivity with Azure. You don't need to run `azcmagent connect`.
4459

@@ -97,27 +112,6 @@ The Windows Admin Center in Azure feature is incompatible with Azure Connected M
97112
- Fixed an issue that could prevent the agent from reporting the correct product type on Windows machines.
98113
- Improved handling of upgrades when the previously installed extension version wasn't in a successful state.
99114

100-
## Version 1.35 - October 2023
101-
102-
Download for [Windows](https://download.microsoft.com/download/e/7/0/e70b1753-646e-4aea-bac4-40187b5128b0/AzureConnectedMachineAgent.msi) or [Linux](manage-agent.md#installing-a-specific-version-of-the-agent)
103-
104-
### Known issues
105-
106-
The Windows Admin Center in Azure feature is incompatible with Azure Connected Machine agent version 1.35. Upgrade to version 1.37 or later to use this feature.
107-
108-
### New features
109-
110-
- The Linux installation script now downloads supporting assets with either wget or curl, depending on which tool is available on the system
111-
- [azcmagent connect](azcmagent-connect.md) and [azcmagent disconnect](azcmagent-disconnect.md) now accept the `--user-tenant-id` parameter to enable Lighthouse users to use a credential from their tenant and onboard a server to a different tenant.
112-
- You can configure the extension manager to run, without allowing any extensions to be installed, by configuring the allowlist to `Allow/None`. This supports Windows Server 2012 ESU scenarios where the extension manager is required for billing purposes but doesn't need to allow any extensions to be installed. Learn more about [local security controls](security-overview.md#local-agent-security-controls).
113-
114-
### Fixed
115-
116-
- Improved reliability when installing Microsoft Defender for Endpoint on Linux by increasing [available system resources](agent-overview.md#agent-resource-governance) and extending the timeout
117-
- Better error handling when a user specifies an invalid location name to [azcmagent connect](azcmagent-connect.md)
118-
- Fixed a bug where clearing the `incomingconnections.enabled` [configuration setting](azcmagent-config.md) would show `<nil>` as the previous value
119-
- Security fix for the extension allowlist and blocklist feature to address an issue where an invalid extension name could impact enforcement of the lists.
120-
121115
## Next steps
122116

123117
- Before evaluating or enabling Azure Arc-enabled servers across multiple hybrid machines, review [Connected Machine agent overview](agent-overview.md) to understand requirements, technical details about the agent, and deployment methods.

articles/azure-arc/servers/prerequisites.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
---
22
title: Connected Machine agent prerequisites
33
description: Learn about the prerequisites for installing the Connected Machine agent for Azure Arc-enabled servers.
4-
ms.date: 02/07/2024
4+
ms.date: 04/09/2024
55
ms.topic: conceptual
66
ms.custom: devx-track-azurepowershell
77
---
@@ -44,7 +44,7 @@ Azure Arc supports the following Windows and Linux operating systems. Only x86-6
4444
* Azure Stack HCI
4545
* CentOS Linux 7 and 8
4646
* Debian 10, 11, and 12
47-
* Oracle Linux 7 and 8
47+
* Oracle Linux 7, 8, and 9
4848
* Red Hat Enterprise Linux (RHEL) 7, 8 and 9
4949
* Rocky Linux 8 and 9
5050
* SUSE Linux Enterprise Server (SLES) 12 SP3-SP5 and 15

articles/communication-services/tutorials/includes/proxy-calling-support-tutorial-android.md

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ CallNetworkOptions callNetworkOptions = new CallNetworkOptions();
3636
IceServer iceServer = new IceServer();
3737
iceServer.setUrls(Arrays.asList("turn:20.202.255.255"));
3838
iceServer.setUdpPort(3478);
39-
iceServer.setRealm("turn.azure.com");
39+
iceServer.setRealm("turn.azure.com"); // Realm information is required.
4040
iceServer.setUsername("turnserver1username");
4141
iceServer.setPassword("turnserver1password");
4242

@@ -45,16 +45,19 @@ callNetworkOptions.setIceServers(Arrays.asList(iceServer));
4545
// Supply the network options when creating an instance of the CallClient
4646
callClientOptions.setNetwork(callNetworkOptions);
4747
CallClient callClient = new CallClient(callClientOptions);
48-
49-
// ...continue normally with your SDK setup and usage.
5048
```
5149

5250
> [!IMPORTANT]
5351
> If you provided your TURN server details while you initialized `CallClient`, all the media traffic <i>exclusively</i> flows through these TURN servers. Any other ICE candidates that are normally generated when you create a call won't be considered while trying to establish connectivity between peers. That means only `relay` candidates are considered. To learn more about different types of Ice candidates, see [RTCIceCandidate: type property](https://developer.mozilla.org/en-US/docs/Web/API/RTCIceCandidate/type).
5452
55-
Currently, the Android SDK supports only <b>one IPv4 address</b> and <b>UDP</b> protocol for media proxy. Any URLs in non-ipv4 format are ignored. When multiple URLs are provided, only the last one is used by the SDK. If a UDP port isn't provided, a default UDP port 3478 is used.
53+
Currently, the Android SDK supports only <b>one single IPv4 address</b> and <b>UDP</b> protocol for media proxy. If a UDP port isn't provided, a default UDP port 3478 is used. The SDK will throw an `Failed to set media proxy` error when calling `setIceServer` with unsupported input as follows:
54+
* More than one ICE server is provided in the IceServers list.
55+
* More than one url is provided in the IceServer's url list.
56+
* IPv6 url is provided in the url list.
57+
* Only TCP port is provided.
58+
* Realm information is not provided.
5659

57-
If any of the URLs provided are invalid, the `CallClient` initialization fails and throws errors accordingly.
60+
If the ICE server information provided is invalid, the `CallClient` initialization fails and throws errors accordingly.
5861

5962
### Set up a TURN server in Azure
6063
You can create a Linux virtual machine in the Azure portal. For more information, see [Quickstart: Create a Linux virtual machine in the Azure portal](/azure/virtual-machines/linux/quick-create-portal?tabs=ubuntu). To deploy a TURN server, use [coturn](https://github.com/coturn/coturn). Coturn is a free and open-source implementation of a TURN and STUN server for VoIP and WebRTC.

0 commit comments

Comments
 (0)