ai-code-review-evaluations
diff --git a/‎docs/sources/getting-started/build-first-dashboard.md‎
Lines changed: 2 additions & 2 deletions b/‎docs/sources/getting-started/build-first-dashboard.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎docs/sources/getting-started/get-started-grafana-prometheus.md‎
Lines changed: 4 additions & 4 deletions b/‎docs/sources/getting-started/get-started-grafana-prometheus.md‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎docs/sources/setup-grafana/configure-security/_index.md‎
Lines changed: 2 additions & 2 deletions b/‎docs/sources/setup-grafana/configure-security/_index.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎docs/sources/setup-grafana/configure-security/configure-authentication/_index.md‎
Lines changed: 4 additions & 4 deletions b/‎docs/sources/setup-grafana/configure-security/configure-authentication/_index.md‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎docs/sources/setup-grafana/configure-security/configure-authentication/auth-proxy/index.md‎
Lines changed: 10 additions & 10 deletions b/‎docs/sources/setup-grafana/configure-security/configure-authentication/auth-proxy/index.md‎
Lines changed: 10 additions & 10 deletions
diff --git a/‎docs/sources/setup-grafana/configure-security/configure-authentication/azuread/index.md‎
Lines changed: 27 additions & 25 deletions b/‎docs/sources/setup-grafana/configure-security/configure-authentication/azuread/index.md‎
Lines changed: 27 additions & 25 deletions
diff --git a/‎docs/sources/setup-grafana/configure-security/configure-authentication/enhanced-ldap/index.md‎
Lines changed: 6 additions & 4 deletions b/‎docs/sources/setup-grafana/configure-security/configure-authentication/enhanced-ldap/index.md‎
Lines changed: 6 additions & 4 deletions
@@ -16,9 +16,9 @@ weight: 200
 
 This topic helps you get started with Grafana and build your first dashboard using the built-in `Grafana` data source. To learn more about Grafana, refer to [Introduction to Grafana](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/introduction/).
 
-{{% admonition type="note" %}}
+{{< admonition type="note" >}}
 Grafana also offers a [free account with Grafana Cloud](/signup/cloud/connect-account?pg=gsdocs) to help getting started even easier and faster. You can install Grafana to self-host or get a free Grafana Cloud account.
-{{% /admonition %}}
+{{< /admonition >}}
 
 #### Install Grafana
 
 
@@ -49,9 +49,9 @@ Prometheus Node exporter is a widely used tool that exposes system metrics. For
 
 When you run Node exporter locally, navigate to `http://localhost:9100/metrics` to check that it is exporting metrics.
 
-{{% admonition type="note" %}}
+{{< admonition type="note" >}}
 The instructions in the referenced topic are intended for Linux users. You may have to alter the instructions slightly depending on your operating system. For example, if you are on Windows, use the [windows_exporter](https://github.com/prometheus-community/windows_exporter) instead.
-{{% /admonition %}}
+{{< /admonition >}}
 
 ## Install and configure Prometheus
 
@@ -115,9 +115,9 @@ remote_write:
     password: <Your Grafana.com API Key>
 ```
 
-{{% admonition type="note" %}}
+{{< admonition type="note" >}}
 To configure your Prometheus instance to work with Grafana locally instead of Grafana Cloud, install Grafana [here](/grafana/download) and follow the configuration steps listed [here](/docs/grafana/latest/datasources/prometheus/#configure-the-data-source).
-{{% /admonition %}}
+{{< /admonition >}}
 
 ## Troubleshooting
 
 
@@ -25,9 +25,9 @@ You can configure Grafana to only allow certain IP addresses or hostnames to be
 
 The request security configuration option allows users to limit requests from the Grafana server. It targets requests that are generated by users. For more information, refer to [Request security](configure-request-security/).
 
-{{% admonition type="note" %}}
+{{< admonition type="note" >}}
 Request security is available in Grafana Enterprise v7.4 and later versions.
-{{% /admonition %}}
+{{< /admonition >}}
 
 ## Firewall rules
 
 
@@ -160,9 +160,9 @@ oauth_allow_insecure_email_lookup = true
 
 You can also enable email lookup using the API:
 
-{{% admonition type="note" %}}
+{{< admonition type="note" >}}
 Available in [Grafana Enterprise](../../../introduction/grafana-enterprise/) and [Grafana Cloud](../../../introduction/grafana-cloud/) since Grafana v10.4.
-{{% /admonition %}}
+{{< /admonition >}}
 
 ```
 curl --request PUT \
@@ -226,9 +226,9 @@ a Grafana admin user, you can also do the same for any user from the Server Admi
 
 ### Protected roles
 
-{{% admonition type="note" %}}
+{{< admonition type="note" >}}
 Available in [Grafana Enterprise](../../../introduction/grafana-enterprise/) and [Grafana Cloud](../../../introduction/grafana-cloud/).
-{{% /admonition %}}
+{{< /admonition >}}
 
 By default, after you configure an authorization provider, Grafana will adopt existing users into the new authentication scheme. For example, if you have created a user with basic authentication having the login `[email protected]`, then set up SAML authentication where `[email protected]` is an account, the user's authentication type will be changed to SAML if they perform a SAML sign-in.
 
 
@@ -150,7 +150,7 @@ header_property = username
 auto_sign_up = true
 ```
 
-Launch the Grafana container, using our custom grafana.ini to replace `/etc/grafana/grafana.ini`. We don't expose
+Launch the Grafana container, using our custom `grafana.ini` to replace `/etc/grafana/grafana.ini`. We don't expose
 any ports for this container as it will only be connected to by our Apache container.
 
 ```bash
@@ -161,7 +161,7 @@ docker run -i -v $(pwd)/grafana.ini:/etc/grafana/grafana.ini --name grafana graf
 
 For this example we use the official Apache docker image available at [Docker Hub](https://hub.docker.com/_/httpd/)
 
-- Create a file `httpd.conf` with the following contents
+- Create a file named `httpd.conf` with the following contents
 
 ```bash
 ServerRoot "/usr/local/apache2"
@@ -216,25 +216,25 @@ ProxyPass / http://grafana:3000/
 ProxyPassReverse / http://grafana:3000/
 ```
 
-- Create a htpasswd file. We create a new user **anthony** with the password **password**
+- Create a `htpasswd` file. We create a new user **anthony** with the password **password**
 
   ```bash
   htpasswd -bc htpasswd anthony password
   ```
 
-- Launch the httpd container using our custom httpd.conf and our htpasswd file. The container will listen on port 80, and we create a link to the **grafana** container so that this container can resolve the hostname **grafana** to the Grafana container’s IP address.
+- Launch the Apache HTTP server container using our custom `httpd.conf` and our `htpasswd` file. The container will listen on port 80, and we create a link to the **grafana** container so that this container can resolve the hostname **grafana** to the Grafana container’s IP address.
 
   ```bash
   docker run -i -p 80:80 --link grafana:grafana -v $(pwd)/httpd.conf:/usr/local/apache2/conf/httpd.conf -v $(pwd)/htpasswd:/tmp/htpasswd httpd:2.4
   ```
 
 ### Use grafana.
 
-With our Grafana and Apache containers running, you can now connect to http://localhost/ and log in using the username/password we created in the htpasswd file.
+With our Grafana and Apache containers running, you can now connect to http://localhost/ and log in using the username and password we created in the `htpasswd` file.
 
-{{% admonition type="note" %}}
+{{< admonition type="note" >}}
 If the user is deleted from Grafana, the user will be not be able to login and resync until after the `sync_ttl` has expired.
-{{% /admonition %}}
+{{< /admonition >}}
 
 ### Team Sync (Enterprise only)
 
@@ -309,9 +309,9 @@ curl -H "X-WEBAUTH-USER: leonard" -H "X-WEBAUTH-GROUPS: lokiteamOnExternalSystem
 
 With this, the user `leonard` will be automatically placed into the Loki team as part of Grafana authentication.
 
-{{% admonition type="note" %}}
+{{< admonition type="note" >}}
 An empty `X-WEBAUTH-GROUPS` or the absence of a groups header will remove the user from all teams.
-{{% /admonition %}}
+{{< /admonition >}}
 
 [Learn more about Team Sync](../../configure-team-sync/)
 
@@ -321,5 +321,5 @@ With `enable_login_token` set to `true` Grafana will, after successful auth prox
 a login token and cookie. You only have to configure your auth proxy to provide headers for the /login route.
 Requests via other routes will be authenticated using the cookie.
 
-Use settings `login_maximum_inactive_lifetime_duration` and `login_maximum_lifetime_duration` under `[auth]` to control session
+Use the settings `login_maximum_inactive_lifetime_duration` and `login_maximum_lifetime_duration` under `[auth]` to control session
 lifetime.
@@ -21,9 +21,9 @@ weight: 800
 
 The Azure AD authentication allows you to use a Microsoft Entra ID (formerly known as Azure Active Directory) tenant as an identity provider for Grafana. You can use Entra ID application roles to assign users and groups to Grafana roles from the Azure Portal.
 
-{{% admonition type="note" %}}
+{{< admonition type="note" >}}
 If Users use the same email address in Microsoft Entra ID that they use with other authentication providers (such as Grafana.com), you need to do additional configuration to ensure that the users are matched correctly. Please refer to [Using the same email address to login with different identity providers](../#using-the-same-email-address-to-login-with-different-identity-providers) for more information.
-{{% /admonition %}}
+{{< /admonition >}}
 
 ## Create the Microsoft Entra ID application
 
@@ -37,7 +37,7 @@ To enable the Azure AD/Entra ID OAuth, register your application with Entra ID.
 
 1. Under **Redirect URI**, select the app type **Web**.
 
-1. Add the following redirect URLs `https://<grafana domain>/login/azuread` and `https://<grafana domain>` then click **Register**. The app's **Overview** page opens.
+1. Add the redirect URLs `https://<grafana domain>/login/azuread` and `https://<grafana domain>`, then click **Register**. The app's **Overview** page opens.
 
 1. Note the **Application ID**. This is the OAuth client ID.
 
@@ -94,9 +94,9 @@ To enable the Azure AD/Entra ID OAuth, register your application with Entra ID.
 1. Click **Users and Groups**.
 1. Click **Add user/group** to add a user or group to the Grafana roles.
 
-{{% admonition type="note" %}}
+{{< admonition type="note" >}}
 When assigning a group to a Grafana role, ensure that users are direct members of the group. Users in nested groups will not have access to Grafana due to limitations within Azure AD/Entra ID side. For more information, see [Microsoft Entra service limits and restrictions](https://learn.microsoft.com/en-us/entra/identity/users/directory-service-limits-restrictions).
-{{% /admonition %}}
+{{< /admonition >}}
 
 ### Configure application roles for Grafana in the Azure Portal
 
@@ -128,9 +128,9 @@ If you prefer to configure the application roles for Grafana in the manifest fil
 
 1. Add a Universally Unique Identifier to each role.
 
-{{% admonition type="note" %}}
+{{< admonition type="note" >}}
 Every role requires a [Universally Unique Identifier](https://en.wikipedia.org/wiki/Universally_unique_identifier) which you can generate on Linux with `uuidgen`, and on Windows through Microsoft PowerShell with `New-Guid`.
-{{% /admonition %}}
+{{< /admonition >}}
 
 1. Replace each "SOME_UNIQUE_ID" with the generated ID in the manifest file:
 
@@ -205,25 +205,25 @@ Ensure that you have followed the steps in [Create the Microsoft Entra ID applic
 
 ## Configure Azure AD authentication client using the Grafana UI
 
-{{% admonition type="note" %}}
+{{< admonition type="note" >}}
 Available in Public Preview in Grafana 10.4 behind the `ssoSettingsApi` feature toggle.
-{{% /admonition %}}
+{{< /admonition >}}
 
 As a Grafana Admin, you can configure your Azure AD/Entra ID OAuth client from within Grafana using the Grafana UI. To do this, navigate to the **Administration > Authentication > Azure AD** page and fill in the form. If you have a current configuration in the Grafana configuration file, the form will be pre-populated with those values. Otherwise the form will contain default values.
 
 After you have filled in the form, click **Save** to save the configuration. If the save was successful, Grafana will apply the new configurations.
 
 If you need to reset changes you made in the UI back to the default values, click **Reset**. After you have reset the changes, Grafana will apply the configuration from the Grafana configuration file (if there is any configuration) or the default values.
 
-{{% admonition type="note" %}}
+{{< admonition type="note" >}}
 If you run Grafana in high availability mode, configuration changes may not get applied to all Grafana instances immediately. You may need to wait a few minutes for the configuration to propagate to all Grafana instances.
-{{% /admonition %}}
+{{< /admonition >}}
 
 ## Configure Azure AD authentication client using the Terraform provider
 
-{{% admonition type="note" %}}
+{{< admonition type="note" >}}
 Available in Public Preview in Grafana 10.4 behind the `ssoSettingsApi` feature toggle. Supported in the Terraform provider since v2.12.0.
-{{% /admonition %}}
+{{< /admonition >}}
 
 ```terraform
 resource "grafana_sso_settings" "azuread_sso_settings" {
@@ -292,9 +292,9 @@ GF_AUTH_AZUREAD_MANAGED_IDENTITY_CLIENT_ID
 GF_AUTH_AZUREAD_FEDERATED_CREDENTIAL_AUDIENCE
 ```
 
-{{% admonition type="note" %}}
+{{< admonition type="note" >}}
 Verify that the Grafana [root_url](../../../configure-grafana/#root_url) is set in your Azure Application Redirect URLs.
-{{% /admonition %}}
+{{< /admonition >}}
 
 ### Configure refresh token
 
@@ -304,12 +304,14 @@ Grafana uses a refresh token to obtain a new access token without requiring the
 
 Refresh token fetching and access token expiration check is enabled by default for the AzureAD provider since Grafana v10.1.0. If you would like to disable access token expiration check then set the `use_refresh_token` configuration value to `false`.
 
-> **Note:** The `accessTokenExpirationCheck` feature toggle has been removed in Grafana v10.3.0 and the `use_refresh_token` configuration value will be used instead for configuring refresh token fetching and access token expiration check.
+{{< admonition type="note" >}}
+The `accessTokenExpirationCheck` feature toggle has been removed in Grafana v10.3.0 and the `use_refresh_token` configuration value will be used instead for configuring refresh token fetching and access token expiration check.
+{{< /admonition >}}
 
 ### Configure allowed tenants
 
 To limit access to authenticated users who are members of one or more tenants, set `allowed_organizations`
-to a comma- or space-separated list of tenant IDs. You can find tenant IDs on the Azure portal under **Microsoft Entra ID -> Overview**.
+to a _comma-_ or _space-separated_ list of tenant IDs. You can find tenant IDs on the Azure portal under **Microsoft Entra ID -> Overview**.
 
 Make sure to include the tenant IDs of all the federated Users' root directory if your Entra ID contains external identities.
 
@@ -324,7 +326,7 @@ allowed_organizations = 8bab1c86-8fba-33e5-2089-1d1c80ec267d
 Microsoft Entra ID groups can be used to limit user access to Grafana. For more information about managing groups in Entra ID, refer to [Manage Microsoft Entra groups and group membership](https://learn.microsoft.com/en-us/entra/fundamentals/how-to-manage-groups).
 
 To limit access to authenticated users who are members of one or more Entra ID groups, set `allowed_groups`
-to a **comma-** or **space-separated** list of group object IDs.
+to a _comma-_ or _space-separated_ list of group object IDs.
 
 1. To find object IDs for a specific group on the Azure portal, go to **Microsoft Entra ID > Manage > Groups**.
 
@@ -348,9 +350,9 @@ To configure group membership claims from the Azure Portal UI, complete the foll
 
 For more information, see [Configure groups optional claims](https://learn.microsoft.com/en-us/entra/identity-platform/optional-claims#configure-groups-optional-claims).
 
-{{% admonition type="note" %}}
+{{< admonition type="note" >}}
 If the user is a member of more than 200 groups, Entra ID does not emit the groups claim in the token and instead emits a group overage claim. To set up a group overage claim, see [Users with over 200 Group assignments](#users-with-over-200-group-assignments).
-{{% /admonition %}}
+{{< /admonition >}}
 
 #### Configure group membership claim in the manifest file
 
@@ -424,9 +426,9 @@ The Entra ID `App registration` must include the following API permissions for g
 
 Admin consent is required for the `GroupMember.Read.All` permission. To grant admin consent, navigate to **API permissions** in the **App registration** and select **Grant admin consent for [your-organization]**.
 
-{{% admonition type="note" %}}
+{{< admonition type="note" >}}
 You can make Grafana always get group information from the Microsoft Graph API by turning on the [`force_use_graph_api`](./#force-fetching-groups-from-microsoft-graph-api) setting in the configuration.
-{{% /admonition %}}
+{{< /admonition >}}
 
 #### Configure the required Graph API permissions
 
@@ -441,9 +443,9 @@ You can make Grafana always get group information from the Microsoft Graph API b
 1. In the **Select permissions** pane, under the **User** section, select **User.Read**.
 1. Click the **Add permissions** button at the bottom of the page.
 
-{{% admonition type="note" %}}
+{{< admonition type="note" >}}
 Admin consent may be required for this permission.
-{{% /admonition %}}
+{{< /admonition >}}
 
 ### Force fetching groups from Microsoft Graph API
 
@@ -463,7 +465,7 @@ You can disable this default role assignment by setting `role_attribute_strict =
 
 You can use the `org_mapping` configuration option to assign the user to multiple organizations and specify their role based on their Entra ID group membership. For more information, refer to [Org roles mapping example](#org-roles-mapping-example). If the org role mapping (`org_mapping`) is specified and Entra ID returns a valid role, then the user will get the highest of the two roles.
 
-**On every login** the user organization role will be reset to match Entra ID's application role and
+_On every login_ the user organization role will be reset to match Entra ID's application role and
 their organization membership will be reset to the default organization.
 
 #### Org roles mapping example
 
@@ -23,8 +23,10 @@ weight: 400
 
 The enhanced LDAP integration adds additional functionality on top of the [LDAP integration](../ldap/) available in the open source edition of Grafana.
 
-> **Note:** Available in [Grafana Enterprise](../../../../introduction/grafana-enterprise/) and [Grafana Cloud](/docs/grafana-cloud).
-> If you are a Grafana Cloud customer, please [open a support ticket in the Cloud Portal](/profile/org#support) to request this feature.
+{{< admonition type="note" >}}
+Available in [Grafana Enterprise](../../../../introduction/grafana-enterprise/) and [Grafana Cloud](/docs/grafana-cloud).
+If you are a Grafana Cloud customer, please [open a support ticket in the Cloud Portal](/profile/org#support) to request this feature.
+{{< /admonition >}}
 
 > To control user access with role-based permissions, refer to [role-based access control](../../../../administration/roles-and-permissions/access-control/).
 
@@ -51,7 +53,7 @@ With active LDAP synchronization, you can configure Grafana to actively sync use
 
 Users with updated role and team membership will need to refresh the page to get access to the new features.
 
-Removed users are automatically logged out and their account disabled. These accounts are displayed in the Server Admin > Users page with a `disabled` label. Disabled users keep their custom permissions on dashboards, folders, and data sources, so if you add them back in your LDAP database, they have access to the application with the same custom permissions as before.
+Removed users are automatically logged out and their account disabled. These accounts are displayed in the **Server Admin > Users** page with a `disabled` label. Disabled users keep their custom permissions on dashboards, folders, and data sources, so if you add them back in your LDAP database, they have access to the application with the same custom permissions as before.
 
 ```bash
 [auth.ldap]
@@ -74,7 +76,7 @@ active_sync_enabled = true # enabled by default
 
 Single bind configuration (as in the [Single bind example](../ldap/#single-bind-example)) is not supported with active LDAP synchronization because Grafana needs user information to perform LDAP searches.
 
-For the synchronization to work, the `servers.search_filter` and `servers.attributes.username` in the ldap.toml config file must match. By default, the `servers.attributes.username` is `cn`, so if you use another attribute as the search filter, you must also update the username attribute.
+For the synchronization to work, the `servers.search_filter` and `servers.attributes.username` in the `ldap.toml` configuration file must match. By default, the `servers.attributes.username` is `cn`, so if you use another attribute as the search filter, you must also update the username attribute.
 
 For example: