Merge pull request #2782 from MicrosoftDocs/main638989777708654002sync_temp

For protected branch, push strategy should use PR and merge to target branch method to work around git push error

Author: learn-build-service-prod[bot]

data-explorer/includes/cross-repo/ingest-nlog-sink-3.md

@@ -115,4 +115,4 @@ Use the sample log generator app as an example showing how to configure and use
 
     Your output should look similar to the following image:
 
-    :::image type="content" source="../media/nlog-connector/take-10-results.png" alt-text="Screenshot of table with take 10 function and results":::
+    :::image type="content" source="../../media/nlog-connector/take-10-results.png" alt-text="Screenshot of table with take 10 function and results":::

data-explorer/kusto/api/get-started/app-authentication-methods.md

@@ -3,8 +3,7 @@ title: Authentication methods for Kusto client libraries
 description: Learn about the different authentication methods that can be used in apps using Kusto client libraries.
 ms.reviewer: yogilad
 ms.topic: how-to
-ms.date: 11/02/2025
-monikerRange: "azure-data-explorer"
+ms.date: 11/16/2025
 ms.custom: sfi-ropc-nochange
 #customer intent: To learn about the different authentication methods that can be used in apps.
 ---

data-explorer/kusto/api/get-started/app-basic-query.md

@@ -4,7 +4,6 @@ description: Learn how to create an app to run basic queries using Kusto client
 ms.reviewer: yogilad
 ms.topic: how-to
 ms.date: 05/28/2025
-monikerRange: "azure-data-explorer"
 ms.custom: sfi-ropc-nochange
 #customer intent: To learn about creating an app to run basic queries using Kusto client libraries.
 ---

data-explorer/kusto/api/get-started/app-client-network-restrictions.md

@@ -0,0 +1,180 @@
+---
+title: Manage Client Network Restrictions
+description: Resolve DNS validation errors in Kusto tools by adding custom allowances or disabling validation for specific use cases.
+ms.reviewer: yogilad
+ms.author: spelluru
+author: spelluru
+ms.topic: how-to
+ms.date: 11/16/2025
+ms.custom: 
+---
+
+# Manage client network restrictions
+
+When you use Kusto tools and SDKs, network security is a top priority. To protect customer data, queries, and authentication tokens, Kusto enforces DNS restrictions that limit connections to a predefined set of trusted domains. While these restrictions improve security, some scenarios might require bypassing them to support custom configurations, like hosting Kusto behind custom URIs or using older SDK versions. These scenarios include:
+
+- Customers hosting Kusto behind custom URIs
+- Customers hosting Kusto behind Azure Front Door for redundancy or high availability
+- Customers using an older version of the SDK where new domains aren't yet allowed
+- Customers using an older version of the SDK in new clouds
+
+In these cases, Kusto SDK and Tools allow adding custom allowances to bypass the default restrictions.
+
+> [!IMPORTANT]
+>
+> For the latter two cases, the best way to resolve the issue is to update to the latest version of the SDK or tool you use. Use custom domains and policy overrides only as a short-term solution.
+
+This article gives step-by-step guidance on managing DNS restrictions in Kusto tools, including adding trusted hosts, disabling DNS validation, and customizing validation policies programmatically.
+
+## Bypass DNS restrictions with Kusto Explorer
+
+1. Open Kusto Explorer.
+1. From the **Tools** ribbon, select **Options**.
+1. Select **Connections**.
+1. In **Additional Trusted Hosts**, add the fully qualified hostname or DNS suffix (preceded with an asterisk `*`) you want to work with. You can list multiple FQDNs or DNS suffixes by separating them with a semicolon `;`.
+
+    :::image type="content" source="../../media/bypass-dns-restrictions/kusto-explorer-options.png" alt-text="Screenshot of the Options editor open with the Additional Trusted Hosts field highlighted.":::
+
+## Bypass DNS restrictions with Azure Data Explorer
+
+1. Open Azure Data Explorer.
+1. Select the *Settings* icon in the top-right corner.
+1. Select **Connection**.
+1. In **Additional trusted hosts**, add the fully qualified hostname or DNS suffix (preceded with an asterisk `*`) you want to work with. List multiple FQDNs or DNS suffixes by separating them with a semicolon `;`.
+
+    :::image type="content" source="../../media/bypass-dns-restrictions/kusto-web-explorer-settings.png" alt-text="Screenshot of ADX Settings editor open with the Additional trusted hosts field highlighted.":::
+
+## Bypass DNS restrictions with command-line applications and tools
+
+For command-line applications and tools, disable DNS validation entirely by passing a command-line argument or setting an environment variable.
+
+> [!NOTE]
+> Disabling DNS validation using environment variables affects all applications and tools using the C# SDK, including Kusto Explorer, Light Ingest, Kusto CLI, Perkus, and any third-party application developed with the C# Kusto SDK.
+
+To disable using a command-line argument, add the following argument to the tool's command line.
+
+```shell
+-tweaks:Kusto.Cloud.Platform.Data.EnableWellKnownKustoEndpointsValidation=false
+```
+
+To disable using an environment variable:
+
+```shell
+SET TWEAKS="Kusto.Cloud.Platform.Data.EnableWellKnownKustoEndpointsValidation=false"
+```
+
+## Bypass DNS restrictions with Kusto SDKs
+
+Use Kusto SDKs to programmatically control DNS validation by adding trusted hosts and DNS domains, or by providing the SDK with a predicate that takes the target hostname and returns *true* or *false* depending on whether the connection is allowed.
+
+### [C#](#tab/csharp)
+
+```csharp
+
+using Kusto.Data.Common;
+ 
+// Add a DNS domain
+KustoTrustedEndpoints.AddTrustedHosts(
+    new[] { new FastSuffixMatcher<EndpointContext>.MatchRule("*.domain.com", exact: false, context: KustoTrustedEndpoints.KustoEndpointContext) },
+    replace:false);
+ 
+// Add a fully qualified domain name
+KustoTrustedEndpoints.AddTrustedHosts(
+    new[] { new FastSuffixMatcher<EndpointContext>.MatchRule("mykusto.domain.com", exact: true, context: KustoTrustedEndpoints.KustoEndpointContext) },
+    replace:false);
+
+// Set a custom validation policy 
+KustoTrustedEndpoints.SetOverridePolicy(
+    (hostname) => true, 
+    KustoTrustedEndpoints.KustoEndpointContext);
+
+```
+
+### [Go](#tab/go)
+
+```go
+
+import (
+    "github.com/Azure/azure-kusto-go/azkustodata/trustedEndpoints"
+)
+
+// Add a DNS domain
+trustedEndpoints.Instance.AddTrustedHosts([]trustedEndpoints.MatchRule{
+    security.NewMatchRule("*.domain.com", false),
+})
+
+// Add a fully qualified domain name
+trustedEndpoints.Instance.AddTrustedHosts([]trustedEndpoints.MatchRule{
+    security.NewMatchRule("mykusto.domain.com", true),
+})
+
+// Set a custom validation policy
+trustedEndpoints.Instance.SetOverrideMatcher(
+    func(h string) bool {
+        return true
+            },
+    security.KustoTrustedEndpoints.KustoEndpointContext,
+)
+
+```
+
+### [Java](#tab/java)
+
+```java
+
+import com.microsoft.azure.kusto.data.auth.endpoints.KustoTrustedEndpoints;
+import com.microsoft.azure.kusto.data.auth.endpoints.MatchRule;
+
+// Add a DNS domain
+KustoTrustedEndpoints.addTrustedHosts(
+    java.util.Arrays.asList(new MatchRule("*.domain.com", false)));
+
+// Add a fully qualified domain name
+KustoTrustedEndpoints.addTrustedHosts(
+    java.util.Arrays.asList(new MatchRule("mykusto.domain.com", true)));
+
+// Set a custom validation policy
+KustoTrustedEndpoints.setOverridePolicy(
+    h -> true,
+    KustoTrustedEndpoints.KustoEndpointContext);
+
+```
+
+### [JavaScript](#tab/javascript)
+
+```javascript
+
+import { KustoTrustedEndpoints, MatchRule } from "azure.kusto.data";
+
+// Add a DNS domain
+KustoTrustedEndpoints.addTrustedHosts([new MatchRule("*.domain.com", false)]);
+
+// Add a fully qualified domain name
+KustoTrustedEndpoints.addTrustedHosts([new MatchRule("mykusto.domain.com", true)]);
+
+// Set a custom validation policy
+KustoTrustedEndpoints.setOverrideMatcher(
+    (h) => true,
+    KustoTrustedEndpoints.KustoEndpointContext
+);
+
+```
+
+### [Python](#tab/python)
+
+```python
+
+from azure.kusto.data.security import KustoTrustedEndpoints, MatchRule
+
+# Add a DNS domain
+KustoTrustedEndpoints.add_trusted_hosts([MatchRule("*.domain.com", exact=False)])
+
+# Add a fully qualified domain name
+KustoTrustedEndpoints.add_trusted_hosts([MatchRule("mykusto.domain.com", exact=True)])
+
+# Set a custom validation policy 
+KustoTrustedEndpoints.set_override_matcher(
+    lambda h: True, 
+    KustoTrustedEndpoints.KustoEndpointContext)
+
+```

data-explorer/kusto/api/get-started/app-hello-kusto.md

@@ -4,7 +4,6 @@ description: Learn how to create your first app to print Hello Kusto using Kusto
 ms.reviewer: yogilad
 ms.topic: how-to
 ms.date: 11/28/2024
-monikerRange: "azure-data-explorer"
 ms.custom: sfi-ropc-nochange
 #customer intent: To learn about creating a simple app that prints Hello Kusto using Kusto client libraries.
 ---
@@ -275,7 +274,7 @@ In your preferred IDE or text editor, create a project or file named *hello kust
     ---
 
     > [!NOTE]
-    > The query output is returned in the response as an object that contains one or more tables, comprised of one more more rows and columns.
+    > The query output is returned in the response as an object that contains one or more tables, comprised of one or more rows and columns.
     > The format of the object depends on the client library language.
     >
     > The *print kusto* query returns a single table with one row and column.

data-explorer/kusto/api/get-started/app-managed-streaming-ingest.md

@@ -4,7 +4,6 @@ description: Learn how to create an app to ingest data from a file or in-memory
 ms.reviewer: yogilad
 ms.topic: how-to
 ms.date: 02/03/2025
-monikerRange: "azure-data-explorer"
 zone_pivot_groups: ingest-api
 
 

data-explorer/kusto/api/get-started/app-management-commands.md

@@ -3,11 +3,11 @@ title: Create an app to run management commands
 description: Learn how to create an app to run management commands using Kusto client libraries.
 ms.reviewer: yogilad
 ms.topic: how-to
-ms.date: 08/11/2024
-monikerRange: "azure-data-explorer"
+ms.date: 11/16/2025
 ms.custom: sfi-ropc-nochange
 #customer intent: To learn about creating an app to run management commands using Kusto client libraries.
 ---
+
 # Create an app to run management commands
 
 > [!INCLUDE [applies](../../includes/applies-to-version/applies.md)] [!INCLUDE [fabric](../../includes/applies-to-version/fabric.md)] [!INCLUDE [azure-data-explorer](../../includes/applies-to-version/azure-data-explorer.md)]

data-explorer/kusto/api/get-started/app-queued-ingestion.md

@@ -3,8 +3,7 @@ title: Create an app to get data using queued ingestion
 description: Learn how to create an app to get data using queued ingestion of the Kusto client libraries.
 ms.reviewer: yogilad
 ms.topic: how-to
-ms.date: 08/24/2025
-monikerRange: "azure-data-explorer"
+ms.date: 11/16/2025
 zone_pivot_groups: ingest-api
 ms.custom: sfi-ropc-nochange
 

data-explorer/kusto/management/query-acceleration-policy.md

@@ -36,8 +36,8 @@ To enable query acceleration in the Fabric UI, see [Query acceleration over OneL
 
 ## Known issues
 
-* Data in the external delta table that's optimized with the [OPTIMIZE](/azure/databricks/sql/language-manual/delta-optimize) function needs to be reaccelearted.
-* If you run frequent MERGE/UPDATE/DELETE operations in delta, the underlying parquet files may be rewritten with changes and Kusto skips accelerating such files, causing retrieval during query time.
+* Data in the external delta table that's optimized with the [OPTIMIZE](/azure/databricks/sql/language-manual/delta-optimize) function will need to be reaccelerated.
+* Frequent MERGE/UPDATE/DELETE operations in delta may result in reacceleration of the updated files. If you run these operations frequently where most of the files in the delta table are touched, this can be equivalent of reacceleration of the entire table.
 * The system assumes that all artifacts under the delta table directory have the same access level to the selected users. Different files having different access permissions under the delta table directory might result with unexpected behavior.
 
 ## Commands for query acceleration