Updates from: 02/20/2021 04:16:59
Service Microsoft Docs article Related commit history on GitHub Change details
active-directory V2 Oauth2 Auth Code Flow https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/active-directory/develop/v2-oauth2-auth-code-flow.md
Previously updated : 01/11/2021 Last updated : 02/19/2021
client_id=6731de76-14a6-49ae-97bc-6eba6914391e
| `scope` | required | A space-separated list of [scopes](v2-permissions-and-consent.md) that you want the user to consent to. For the `/authorize` leg of the request, this can cover multiple resources, allowing your app to get consent for multiple web APIs you want to call. | | `response_mode` | recommended | Specifies the method that should be used to send the resulting token back to your app. Can be one of the following:<br/><br/>- `query`<br/>- `fragment`<br/>- `form_post`<br/><br/>`query` provides the code as a query string parameter on your redirect URI. If you're requesting an ID token using the implicit flow, you can't use `query` as specified in the [OpenID spec](https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#Combinations). If you're requesting just the code, you can use `query`, `fragment`, or `form_post`. `form_post` executes a POST containing the code to your redirect URI. | | `state` | recommended | A value included in the request that will also be returned in the token response. It can be a string of any content that you wish. A randomly generated unique value is typically used for [preventing cross-site request forgery attacks](https://tools.ietf.org/html/rfc6749#section-10.12). The value can also encode information about the user's state in the app before the authentication request occurred, such as the page or view they were on. |
-| `prompt` | optional | Indicates the type of user interaction that is required. The only valid values at this time are `login`, `none`, and `consent`.<br/><br/>- `prompt=login` will force the user to enter their credentials on that request, negating single-sign on.<br/>- `prompt=none` is the opposite - it will ensure that the user isn't presented with any interactive prompt whatsoever. If the request can't be completed silently via single-sign on, the Microsoft identity platform will return an `interaction_required` error.<br/>- `prompt=consent` will trigger the OAuth consent dialog after the user signs in, asking the user to grant permissions to the app.<br/>- `prompt=select_account` will interrupt single sign-on providing account selection experience listing all the accounts either in session or any remembered account or an option to choose to use a different account altogether.<br/> |
+| `prompt` | optional | Indicates the type of user interaction that is required. The only valid values at this time are `login`, `none`, `consent`, and `select_account`.<br/><br/>- `prompt=login` will force the user to enter their credentials on that request, negating single-sign on.<br/>- `prompt=none` is the opposite - it will ensure that the user isn't presented with any interactive prompt whatsoever. If the request can't be completed silently via single-sign on, the Microsoft identity platform will return an `interaction_required` error.<br/>- `prompt=consent` will trigger the OAuth consent dialog after the user signs in, asking the user to grant permissions to the app.<br/>- `prompt=select_account` will interrupt single sign-on providing account selection experience listing all the accounts either in session or any remembered account or an option to choose to use a different account altogether.<br/> |
| `login_hint` | optional | Can be used to pre-fill the username/email address field of the sign-in page for the user, if you know their username ahead of time. Often apps will use this parameter during re-authentication, having already extracted the username from a previous sign-in using the `preferred_username` claim. | | `domain_hint` | optional | If included, it will skip the email-based discovery process that user goes through on the sign-in page, leading to a slightly more streamlined user experience - for example, sending them to their federated identity provider. Often apps will use this parameter during re-authentication, by extracting the `tid` from a previous sign-in. If the `tid` claim value is `9188040d-6c67-4c5b-b112-36a304b66dad`, you should use `domain_hint=consumers`. Otherwise, use `domain_hint=organizations`. | | `code_challenge` | recommended / required | Used to secure authorization code grants via Proof Key for Code Exchange (PKCE). Required if `code_challenge_method` is included. For more information, see the [PKCE RFC](https://tools.ietf.org/html/rfc7636). This is now recommended for all application types - native apps, SPAs, and confidential clients like web apps. |
communication-services Calling Sdk Features https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/communication-services/concepts/voice-video-calling/calling-sdk-features.md
The following list presents the set of features which are currently available in
| | Promote a one-to-one call with two users into a group call with more than two users | ✔️ | ✔️ | ✔️ | | Join a group call after it has started | ✔️ | ✔️ | ✔️ | | Invite another VoIP participant to join an ongoing group call | ✔️ | ✔️ | ✔️
-| | Turn your video on/off | ✔️ | ✔️ | ✔️
+| Mid call control | Turn your video on/off | ✔️ | ✔️ | ✔️
| | Mute/Unmute mic | ✔️ | ✔️ | ✔️ | | Switch between cameras | ✔️ | ✔️ | ✔️ | | Local hold/un-hold | ✔️ | ✔️ | ✔️
The following list presents the set of features which are currently available in
| | Place a group call with PSTN participants | ✔️ | ✔️ | ✔️ | | Promote a one-to-one call with a PSTN participant into a group call | ✔️ | ✔️ | ✔️ | | Dial-out from a group call as a PSTN participant | ✔️ | ✔️ | ✔️
-| General | Test your mic, speaker, and camera with an audio testing service (available by calling 8:echo123) | ✔️ | ✔️ | ✔️
+| General | Test your mic, speaker, and camera with an audio testing service (available by calling 8:echo123) | ✔️ | ✔️ | ✔️
+| Device Management | Ask for permission to use audio and/or video | ✔️ | ✔️ | ✔️
+| | Get camera list | ✔️ | ✔️ | ✔️
+| | Set camera | ✔️ | ✔️ | ✔️
+| | Get selected camera | ✔️ | ✔️ | ✔️
+| | Get microphone list | ✔️ | ✔️ | ✔️
+| | Set microphone | ✔️ | ✔️ | ✔️
+| | Get selected microphone | ✔️ | ✔️ | ✔️
+| | Get speakers list | ✔️ | ✔️ | ✔️
+| | Set speaker | ✔️ | ✔️ | ✔️
+| | Get selected speaker | ✔️ | ✔️ | ✔️
+| Video Rendering | Render single video in many places (local camera or remote stream) | ✔️ | ✔️ | ✔️
+| | Set / update scaling mode | ✔️ | ✔️ | ✔️
+| | Render remote video stream | ✔️ | ✔️ | ✔️
++ ## JavaScript calling client library support by OS and browser
-The following table represents the set of supported browsers and versions which are currently available.
+The following table represents the set of supported browsers which are currently available. We support the most recent three versions of the browser unless otherwise indicated.
+
+| | Chrome | Safari* | Edge (Chromium) |
+| -- | -| | -- |
+| Andriod | ✔️ | ❌ | ❌ |
+| iOS | ❌ | ✔️**** | ❌ |
+| macOS*** | ✔️ | ✔️** | ❌ |
+| Windows*** | ✔️ | ❌ | ✔️ |
+| Ubuntu/Linux | ✔️ | ❌ | ❌ |
+
+*Safari versions 13.1+ are supported.
-| | Windows | macOS | Ubuntu | Linux | Android | iOS | iPad OS|
-| -- | - | -- | - | | | | -|
-| **Calling client library** | Chrome*, new Edge | Chrome*, Safari** | Chrome* | Chrome* | Chrome* | Safari** | Safari** |
+**Safari 14+/macOS 11+ needed for outgoing video support.
+***Outgoing screen sharing is supported only on desktop platforms (Windows, macOS, and Linux), regardless of the browser version, and is not supported on any mobile platform (Android, iOS, iPad, and tablets).
-*Note that the latest version of Chrome is supported in addition to the previous two releases.<br/>
+****An iOS app on Safari can't enumerate/select mic and speaker devices (for example, Bluetooth); this is a limitation of the OS, and there's always only one device.
-**Note that Safari versions 13.1+ are supported. Outgoing video for Safari macOS is not yet supported, but it is supported on iOS. Outgoing screen sharing is only supported on desktop iOS. 1:1 and group calls currently are not available on Safari.
## Calling client - browser security model
data-factory Tutorial Incremental Copy Overview https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/data-factory/tutorial-incremental-copy-overview.md
Last updated 01/22/2018
# Incrementally load data from a source data store to a destination data store In a data integration solution, incrementally (or delta) loading data after an initial full data load is a widely used scenario. The tutorials in this section show you different ways of loading data incrementally by using Azure Data Factory.
dms Tutorial Sql Server To Azure Sql https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/dms/tutorial-sql-server-to-azure-sql.md
You will learn how to:
[!INCLUDE [online-offline](../../includes/database-migration-service-offline-online.md)]
-This article describes an offline migration from SQL Server to a database in Azure SQL Database. For an online migration, see [Migrate SQL Server to Azure SQL Database online using DMS](tutorial-sql-server-azure-sql-online.md).
+This article describes an offline migration from SQL Server to a database in Azure SQL Database.
+
+In our continued effort to provide you with the best migration experience, we replaced SQL Server to Azure SQL Database online migration with robust and reliable offline (that is, onetime) migration. With this method, you might incur migration downtime during the database migration.
+
+Azure Database Migration Service provides estimated downtimes for the selected databases. If the downtimes don't fit within your constraints, we recommend that you consider migrating to Azure SQL Managed Instance, which provides online migration, to minimize your downtime and migration cutover time.
+
+If you still plan to migrate to Azure SQL Database and minimize migration downtime, please contact us at DMSfeedback@microsoft.com so that we can help optimize your migration approach to meet your migration downtimes.
## Prerequisites
firewall Logs And Metrics https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/firewall/logs-and-metrics.md
Metrics are lightweight and can support near real-time scenarios making them use
} } ```
+
+ > [!NOTE]
+ > When you receive a Deny response for HTTP requests under `default action`, you won't find the logs under the Log Analytics Workspace with standard protocol or port queries.
+ > The `Protocol` field will have a space in it and will match against `"HTTP "`, or you can filter using the `msg_s` field's content.
* **Network rule log**
The following metrics are available for Azure Firewall:
- To learn how to monitor Azure Firewall logs and metrics, see [Tutorial: Monitor Azure Firewall logs](./firewall-diagnostics.md). -- To learn more about metrics in Azure Monitor, see [Metrics in Azure Monitor](../azure-monitor/essentials/data-platform-metrics.md).
+- To learn more about metrics in Azure Monitor, see [Metrics in Azure Monitor](../azure-monitor/essentials/data-platform-metrics.md).
iot-edge Production Checklist https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/iot-edge/production-checklist.md
IoT Edge devices can be anything from a Raspberry Pi to a laptop to a virtual ma
* Install production certificates * Have a device management plan * Use Moby as the container engine
+ * Don't use the same device ID for more than one IoT Edge device
* **Helpful** * Choose upstream protocol
For more information, see [Update the IoT Edge runtime](how-to-update-iot-edge.m
A container engine is a prerequisite for any IoT Edge device. Only moby-engine is supported in production. Other container engines, like Docker, do work with IoT Edge and it's ok to use these engines for development. The moby-engine can be redistributed when used with Azure IoT Edge, and Microsoft provides servicing for this engine.
+### Don't use the same device ID for more than one IoT Edge device
+
+A device connection string can't be shared between two or more IoT Edge devices. IoT Edge devices that have the same device ID might appear to work properly, but sharing a device ID can lead to the following issues before the condition is detected and resolved:
+
+* Huge spike in module and device connects/disconnects
+* Huge spike in module device-to-cloud `get twin` operations
+* Duplication of module messages, depending on how the route is set up
+
+If these issues develop because of a shared device ID, you might see unexpected *message quota exhaustion* on the IoT Hub side and an increase in *data usage bill*, especially if you're using a cellular or satellite data connection. IoT Hub message quota exhaustion might stall the entire solution because IoT Hub stops accepting new messages until the quota is reset or the quota is increased.
+
+To check for this condition, you can monitor the frequency of connect/disconnects of modules and devices by using Azure diagnostics logs for IoT Hub.
+ ### Choose upstream protocol You can configure the protocol (which determines the port used) for upstream communication to IoT Hub for both the IoT Edge agent and the IoT Edge hub. The default protocol is AMQP, but you may want to change that depending on your network setup.
Once your IoT Edge device connects, be sure to continue configuring the Upstream
* Be consistent with upstream protocol * Set up host storage for system modules * Reduce memory space used by the IoT Edge hub
- * Do not use debug versions of module images
+ * Don't use debug versions of module images
### Be consistent with upstream protocol
The IoT Edge hub module stores messages temporarily if they cannot be delivered
The default value of the timeToLiveSecs parameter is 7200 seconds, which is two hours.
-### Do not use debug versions of module images
+### Don't use debug versions of module images
When moving from test scenarios to production scenarios, remember to remove debug configurations from deployment manifests. Check that none of the module images in the deployment manifests have the **\.debug** suffix. If you added create options to expose ports in the modules for debugging, remove those create options as well.
You can do so in the **createOptions** of each module. For example:
For the most efficient IoT Edge deployment scenario, consider integrating your production deployment into your testing and CI/CD pipelines. Azure IoT Edge supports multiple CI/CD platforms, including Azure DevOps. For more information, see [Continuous integration and continuous deployment to Azure IoT Edge](how-to-continuous-integration-continuous-deployment.md). +++ ## Next steps * Learn more about [IoT Edge automatic deployment](module-deployment-monitoring.md).
key-vault Quick Create Node https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/key-vault/secrets/quick-create-node.md
const { SecretClient } = require("@azure/keyvault-secrets");
In this quickstart, logged in user is used to authenticate to key vault, which is preferred method for local development. For applications deployed to Azure, managed identity should be assigned to App Service or Virtual Machine, for more information, see [Managed Identity Overview](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview).
-In below example, the name of your key vault is expanded to the key vault URI, in the format "https://\<your-key-vault-name\>.vault.azure.net". This example is using ['DefaultAzureCredential()'](https://docs.microsoft.com/javascript/api/@azure/identity/defaultazurecredential) class from [Azure Identity Library](https://docs.microsoft.com/javascript/api/overview/azure/identity-readme), which allows to use the same code across different environments with different options to provide identity. Fore more information about authenticating to key vault, see [Developer's Guide](https://docs.microsoft.com/azure/key-vault/general/developers-guide#authenticate-to-key-vault-in-code).
+In below example, the name of your key vault is expanded to the key vault URI, in the format "https://\<your-key-vault-name\>.vault.azure.net". This example is using ['DefaultAzureCredential()'](https://docs.microsoft.com/javascript/api/@azure/identity/defaultazurecredential) class from [Azure Identity Library](https://docs.microsoft.com/javascript/api/overview/azure/identity-readme), which allows to use the same code across different environments with different options to provide identity. For more information about authenticating to key vault, see [Developer's Guide](https://docs.microsoft.com/azure/key-vault/general/developers-guide#authenticate-to-key-vault-in-code).
Add the following code to 'main()' function
purview Concept Resource Sets https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/purview/concept-resource-sets.md
This article helps you understand how Azure Purview uses resource sets to map da
At-scale data processing systems typically store a single table on a disk as multiple files. This concept is represented in Azure Purview by using resource sets. A resource set is a single object in the catalog that represents a large number of assets in storage.
-For example, suppose your Spark cluster has persisted a DataFrame into an Azure DataL Lake Storage (ADLS) Gen2 data source. Although in Spark the table looks like a single logical resource, on the disk there are likely thousands of Parquet files, each of which represents a partition of the total DataFrame's contents. IoT data and web log data have the same challenge. Imagine you have a sensor that outputs log files several times a second. It won't take long until you have hundreds of thousands of log files from that single sensor.
+For example, suppose your Spark cluster has persisted a DataFrame into an Azure Data Lake Storage (ADLS) Gen2 data source. Although in Spark the table looks like a single logical resource, on the disk there are likely thousands of Parquet files, each of which represents a partition of the total DataFrame's contents. IoT data and web log data have the same challenge. Imagine you have a sensor that outputs log files several times a second. It won't take long until you have hundreds of thousands of log files from that single sensor.
To address the challenge of mapping large numbers of data assets to a single logical resource, Azure Purview uses resource sets.
virtual-machines Change Drive Letter https://github.com/MicrosoftDocs/azure-docs/commits/master/articles/virtual-machines/windows/change-drive-letter.md
First, you'll need to attach the data disk to the virtual machine. To do this us
6. In the **Virtual memory** section, select **Change**. 7. Select the **C** drive and then click **System managed size** and then click **Set**. 8. Select the **D** drive and then click **No paging file** and then click **Set**.
-9. Click Apply. You will get a warning that the computer needs to be restarted for the changes to take affect.
+9. Click Apply. You will get a warning that the computer needs to be restarted for the changes to take effect.
10. Restart the virtual machine. ## Change the drive letters
First, you'll need to attach the data disk to the virtual machine. To do this us
5. In the **Virtual memory** section, select **Change**. 6. Select the OS drive **C** and click **No paging file** and then click **Set**. 7. Select the temporary storage drive **T** and then click **System managed size** and then click **Set**.
-8. Click **Apply**. You will get a warning that the computer needs to be restarted for the changes to take affect.
+8. Click **Apply**. You will get a warning that the computer needs to be restarted for the changes to take effect.
9. Restart the virtual machine. ## Next steps