Merge pull request #16895 from sethmanheim/appsv

Fixes to app serv relnotes

Author: sethmanheim

azure-stack/includes/app-service-hub-update-banner.md

@@ -3,16 +3,14 @@ author: apwestgarth
 ms.author: anwestg
 ms.service: azure-stack
 ms.topic: include
-ms.date: 12/09/2024
+ms.date: 01/31/2025
 ms.reviewer: sethm
 ms.lastreviewed: 10/28/2020
 ---
 <!-- TODO - For each release: add AzS Hub build number, App Service RP version number, & corresponding App Service release notes text/link -->
 > [!IMPORTANT]
-> Update Azure Stack Hub to a supported version (or deploy the latest Azure Stack Development Kit) if necessary, before deploying or updating the App Service resource provider (RP). Be sure to read the RP release notes to learn about new functionality, fixes, and any known issues that could affect your deployment.
-
-> | Supported Minimum Azure Stack Hub version | App Service RP version |
+> Update Azure Stack Hub to a supported version if necessary, before deploying or updating the App Service resource provider (RP). Be sure to read the RP release notes to learn about new functionality, fixes, and any known issues that can affect your deployment.
+>
+> | Supported minimum Azure Stack Hub version | App Service RP version |
 > |-----|---|
-> | 
-> | 2311 and later | 24R1 [Installer](https://aka.ms/appsvcupdate24R1installer) ([release notes](../operator/app-service-release-notes-2024R1.md)) | 
-
+> | 2311 and later | 24R1 [Installer](https://aka.ms/appsvcupdate24R1installer) ([release notes](../operator/app-service-release-notes-2024R1.md)) |

azure-stack/operator/app-service-release-notes-2024R1.md

@@ -45,7 +45,7 @@ Before you begin the upgrade of Azure App Service on Azure Stack to 24R1:
 
 - Back up the Tenant App content file share.
 
-  > [!Important]
+  > [!IMPORTANT]
   > Cloud operators are responsible for the maintenance and operation of the File Server and SQL Server.  The resource provider does not manage these resources.  The cloud operator is responsible for backing up the App Service databases and tenant content file share.
 
 - Syndicate the **Custom Script Extension** version **1.9.3** from the Marketplace.
@@ -218,16 +218,16 @@ This script must be run under the following conditions:
 - By a user that has the system administrator privilege, for example the SQL SA (System Administrator) Account;
 - If using SQL Always on, ensure the script is run from the SQL instance that contains all App Service logins in the form:
 
-    - appservice_hosting_FileServer
-    - appservice_hosting_HostingAdmin
-    - appservice_hosting_LoadBalancer
-    - appservice_hosting_Operations
-    - appservice_hosting_Publisher
-    - appservice_hosting_SecurePublisher
-    - appservice_hosting_WebWorkerManager
-    - appservice_metering_Common
-    - appservice_metering_Operations
-    - All WebWorker logins - which are in the form WebWorker_\<instance ip address\>
+  - appservice_hosting_FileServer
+  - appservice_hosting_HostingAdmin
+  - appservice_hosting_LoadBalancer
+  - appservice_hosting_Operations
+  - appservice_hosting_Publisher
+  - appservice_hosting_SecurePublisher
+  - appservice_hosting_WebWorkerManager
+  - appservice_metering_Common
+  - appservice_metering_Operations
+  - All WebWorker logins - which are in the form WebWorker_\<instance ip address\>
 
 ```sql
         USE appservice_hosting
@@ -283,50 +283,52 @@ This script must be run under the following conditions:
         GO
 ```
 
-- A new Redirect URL must be added to the Identity Application created in order to support Single Sign On(SSO) Scenarios (for example Kudu)
+- A new Redirect URL must be added to the identity application created in order to support Single Sign On(SSO) Scenarios (for example Kudu)
 
 # [Entra ID](#tab/EntraID)
 
-  ## Retrieve the Identity Application Client ID
-  1. In the Azure Stack admin portal, navigate to the **ControllersNSG** Network Security Group.
-  1. By default, remote desktop access is disabled to all App Service infrastructure roles. Modify the **Inbound_Rdp_3389** rule action to **Allow** access.
-  1. Navigate to the resource group containing the App Service Resource Provider deployment. By default, the resource group is named with the format `AppService.<region>`, and connected to **CN0-VM**.
-  1. Launch the **Web Cloud Management Console**.
-  1. Check the **Web Cloud Management Console -> Web Cloud** screen and verify that both **Controllers** are **Ready**.
-  1. Select **Settings**.
-  1. Find the **ApplicationClientId** setting. Retrieve the value.
-  1. In the Azure Stack admin portal, navigate back to the **ControllersNSG** Network Security Group.
-  1. Modify the **Inbound_Rdp_3389** rule to deny access.
-
-  ## Update the Entra ID Application with new Redirect URI
-  
-  1. Sign into the **Azure** Portal to access the Entra ID tenant you connected your Azure Stack Hub to at deployment time.
-  1. Using the **Azure** Portal and navigate to **Microsoft Entra ID**
-  1. Search your tenant for the ApplicationClientId you retrieved earlier.
-  1. Select the Application
-  1. Select **Authentication**
-  1. Add an additional Redirect URI to the existing list - **https://azsstamp.sso.appservice.\<region\>.\<DomainName\>.\<extension\>**
+## Retrieve the Identity Application Client ID
+
+1. In the Azure Stack admin portal, navigate to the **ControllersNSG** Network Security Group.
+1. By default, remote desktop access is disabled to all App Service infrastructure roles. Modify the **Inbound_Rdp_3389** rule action to **Allow** access.
+1. Navigate to the resource group containing the App Service Resource Provider deployment. By default, the resource group is named with the format `AppService.<region>`, and connected to **CN0-VM**.
+1. Launch the **Web Cloud Management Console**.
+1. Check the **Web Cloud Management Console -> Web Cloud** screen and verify that both **Controllers** are **Ready**.
+1. Select **Settings**.
+1. Find the **ApplicationClientId** setting. Retrieve the value.
+1. In the Azure Stack admin portal, navigate back to the **ControllersNSG** Network Security Group.
+1. Modify the **Inbound_Rdp_3389** rule to deny access.
 
+## Update the Entra ID Application with new Redirect URI
+  
+1. Sign into the Azure portal to access the Entra ID tenant you connected your Azure Stack Hub to at deployment time.
+1. Using the Azure portal and navigate to **Microsoft Entra ID**.
+1. Search your tenant for the `ApplicationClientId` you retrieved earlier.
+1. Select the application.
+1. Select **Authentication**.
+1. Add another **Redirect URI** to the existing list: `https://azsstamp.sso.appservice.<region>.<DomainName>.<extension>`.
 
 # [ADFS](#tab/ADFS)
 
-  ## Retrieve the Identity Application
-  1. Open a [session to the Privileged Endpoint](azure-stack-privileged-endpoint.md)
-  1. Run the following command to retrieve the ADFS Graph Applications
+## Retrieve the identity application
+
+1. Open a [session to the Privileged Endpoint](azure-stack-privileged-endpoint.md).
+1. Run the following command to retrieve the AD FS Graph applications:
+
+   ``` PowerShell
+   Get-GraphApplication
+   ```
 
-  ``` PowerShell
-  Get-GraphApplication
-  ```
+1. Find the identifier for the **AzureStack-AppService** application.
+1. Update the `RedirectURIs` for the application:
 
-  1. Find the Identifier for the AzureStack-AppService application
-  1. Update the RedirectURIs for the application:
+   ``` PowerShell
+   $RedirectURIs = "@("https://appservice.sso.appservice.<region>.<DomainName>.<extension>", "https://azsstamp.sso.appservice.<region>.<DomainName>.<extension>", "https://api.appservice.<region>.<DomainName>.<extension>:44300/manage")
+   Set-GraphApplication -ApplicationIdentifier <insert Identifier value> -ClientRedirectUris $RedirectURIs
+   ```
 
-  ``` PowerShell
-  $RedirectURIs = "@("https://appservice.sso.appservice.\<region\>.\<DomainName\>.\<extension\>", "https://azsstamp.sso.appservice.\<region\>.\<DomainName\>.\<extension\>", "https://api.appservice.\<region\>.\<DomainName\>.\<extension\>:44300/manage")
-  Set-GraphApplication -ApplicationIdentifier <insert Identifier value> -ClientRedirectUris $RedirectURIs
-  ```
+1. Close the Privileged Endpoint session.
 
-  1. Close the session to the Privileged Endpoint
 ---
 
 ## Known issues (post-installation)