Merge branch 'main' into clu_regions

MicrosoftDocs · Sep 26, 2023 · c830863 · c830863
2 parents 71bdaca + f32cbae
commit c830863
Show file tree

Hide file tree

Showing 483 changed files with 11,042 additions and 5,738 deletions.
diff --git a/.github/labeler.yml b/.github/labeler.yml
@@ -0,0 +1,4 @@
+PVA:
+- power-virtual-agents/**
+guidance:
+- power-virtual-agents/guidance/**
diff --git a/.github/workflows/label.yml b/.github/workflows/label.yml
@@ -0,0 +1,20 @@
+# This workflow will triage pull requests and apply a label based on the
+# paths that are modified in the pull request.
+#
+# To use this workflow, you will need to set up a .github/labeler.yml
+# file with configuration.  For more information, see:
+# https://github.com/actions/labeler
+
+name: Labeler
+on: [pull_request_target]
+
+jobs:
+  triage:
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/labeler@v4
+      with:
+        repo-token: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
@@ -1,5 +1,15 @@
 {
   "redirections": [
+    {
+      "source_path": "power-platform/developer/cli/reference/tests.md",
+      "redirect_url": "test",
+      "redirect_document_id": "false"
+    }, 
+    {
+      "source_path": "power-platform/developer/cli/reference/paportal.md",
+      "redirect_url": "powerpages",
+      "redirect_document_id": "false"
+    }, 
     {
       "source_path": "power-platform/alm/maintain-managed-solutions.md",
       "redirect_url": "/power-apps/maker/data-platform/update-solutions",
@@ -10,6 +20,11 @@
       "redirect_url": "managed-environment-usage-insights",
       "redirect_document_id": "false"
     },
+    {
+      "source_path": "power-platform/admin/set-up-sales-territories-organize-business-markets-geographical-area.md",
+      "redirect_url": "/dynamics365/sales/set-up-sales-territories",
+      "redirect_document_id": "false"
+    },
     {
       "source_path": "power-platform/guidance/automation-coe/automation-admin-gov.md",
       "redirect_url": "/power-automate/guidance/automation-coe/automation-admin-gov",
@@ -610,10 +625,25 @@
       "redirect_url": "/power-platform/admin/admin-documentation",
       "redirect_document_id": "false"
     },
+    {
+      "source_path": "power-platform/transparency-note-copilot-data-security-privacy.md",
+      "redirect_url": "/power-platform/faqs-copilot-data-security-privacy",
+      "redirect_document_id": "false"
+    },
+    {
+      "source_path": "power-platform/transparency-note-copilot-data-sharing.md",
+      "redirect_url": "/power-platform/faqs-copilot-data-sharing",
+      "redirect_document_id": "false"
+    },
+    {
+      "source_path": "power-platform/transparency-note-overview.md",
+      "redirect_url": "/power-platform/responsible-ai-overview",
+      "redirect_document_id": "false"
+    },
     {
       "source_path": "power-platform/admin/admin-powerapps-enterprise-deployment.md",
       "redirect_url": "https://aka.ms/powerappsadminwhitepaper",
       "redirect_document_id": "false"
     }
   ]
-}
+}
diff --git a/power-platform/TOC.yml b/power-platform/TOC.yml
@@ -17,13 +17,17 @@
           href: solution-templates/overview.md
         - name: International availability
           href: availability.md
+        - name: Enable copilots and generative AI features outside United States and Switzerland
+          href: admin/geographical-availability-copilot.md
         - name: Important changes (deprecations) coming
           href: important-changes-coming.md
         - name: Responsible AI
           items:
             - name: Overview
-              href: transparency-note-overview.md
-            - name: Transparency note for Copilot data security and privacy
-              href: transparency-note-copilot-data-security-privacy.md
-            - name: Transparency note for Copilot data sharing
-              href: transparency-note-copilot-data-sharing.md
+              href: responsible-ai-overview.md
+            - name: FAQ for Copilot data security and privacy
+              href: faqs-copilot-data-security-privacy.md
+            - name: FAQ for optional data sharing for Copilot
+              href: faqs-copilot-data-sharing.md
+            - name: FAQ for using Copilot to generate deployment notes in pipelines
+              href: alm/faqs-ai-deployment-notes-pipelines.md
diff --git a/power-platform/admin/TOC.yml b/power-platform/admin/TOC.yml
@@ -52,6 +52,8 @@
               href: get-help-support.md
             - name: Support overview
               href: support-overview.md
+            - name: View known issues (preview)
+              href: view-known-issues.md
             - name: Support environments and the consent process
               href: support-environment.md
             - name: Determine your organization ID and name
@@ -70,8 +72,10 @@
               href: pricing-billing-skus.md
             - name: About licensing and license management
               href: wp-license-management.md
-            - name: View license consumption (preview)
+            - name: View license consumption for Power Apps and Power Automate (preview)
               href: view-license-consumption-issues.md
+            - name: View license consumption for finance and operations apps (preview)
+              href: view-license-consumption-finops-apps.md
             - name: Manage licenses in your org
               href: signup-question-and-answer.md
             - name: Administer without a license
@@ -200,6 +204,8 @@
                   href: admin-settings.md
                 - name: Environment database settings
                   href: environment-database-settings.md
+                - name: Default environment routing (preview)
+                  href: default-environment-routing.md
                 - name: Product
                   items:
                     - name: Behavior
@@ -210,7 +216,7 @@
                       href: settings-features.md
                     - name: Enable languages
                       href: enable-languages.md
-                    - name: Privacy preferences
+                    - name: Manage privacy and security settings
                       href: settings-privacy-security.md
                     - name: Configure Dataverse search
                       href: configure-relevance-search-organization.md
@@ -256,6 +262,8 @@
                       href: create-team-template-add-entity-form.md
                     - name: Users
                       href: users-settings.md
+                    - name: Plug-in steps
+                      href: plug-ins.md
                 - name: Audit and logs
                   items:
                     - name: Audit log management
@@ -450,9 +458,9 @@
                   href: block-forwarded-email-from-power-automate.md
                 - name: Block cookie replay attacks
                   href: block-cookie-replay-attack.md
-                - name: IP firewall (preview)
+                - name: Configure IP firewall (preview)
                   href: ip-firewall.md
-                - name: Continuous access evaluation integration (preview)
+                - name: Continuous access evaluation (preview)
                   href: continuous-access-evaluation.md
                 - name: Configure environment security
                   items:
@@ -600,7 +608,7 @@
                   href: analytics-ui-flow.md
             - name: Reports
               items:
-                - name: Tenant-level analytics (preview)
+                - name: Tenant-level analytics
                   href: tenant-level-analytics.md
                 - name: Power Apps analytics
                   href: powerapps-analytics-reports.md
@@ -624,8 +632,12 @@
                   href: telemetry-events-model-driven-apps.md
                 - name: Telemetry events for Dataverse
                   href: telemetry-events-dataverse.md
-                - name: Set up export to Application Insights
+                - name: Export data to Application Insights
                   href: set-up-export-application-insights.md
+                - name: Set up Application Insights with Power Automate (preview)
+                  href: app-insights-cloud-flow.md
+                - name: Conversation diagnostics in Azure Application Insights (preview)
+                  href: conversation-diagnostics-application-insights.md
         - name: Storage
           items:
             - name: What's new for storage
@@ -698,6 +710,8 @@
                   href: programmability-tutorial-create-daily-capacity-report.md
                 - name: "Install an application to a target environment (preview)"
                   href: programmability-tutorial-install-application-environment.md
+                - name: "Tutorial: Allocate add-ons to environments (preview)"
+                  href: programmability-tutorial-allocate-capacity-addons.md
             - name: PowerShell
               items:
                 - name: Getting started
@@ -1001,6 +1015,17 @@
                   href: connect-onedrive-business.md
                 - name: Connect to Yammer
                   href: connect-yammer.md
+        - name: Unified admin experience for finance and operations apps (preview)
+          items:
+            - name: Overview
+              href: unified-experience/finance-operations-apps-overview.md
+              displayName: Overview of unified admin experience for finance and operations apps
+            - name: "Tutorial: Provision a new environment with an ERP-based template"
+              href: unified-experience/tutorial-deploy-new-environment-with-erp-template.md
+            - name: "Tutorial: Copy a Lifecycle Services environment to a unified environment"
+              href: unified-experience/tutorial-copy-lifecycle-services-environment-unified-environment.md
+            - name: "Admin trials for finance and operations apps"
+              href: unified-experience/admin-trials.md
         - name: Performance tuning and optimization
           items:
             - name: Overview
@@ -1072,8 +1097,6 @@
       items:
         - name: Overview
           href: about-ce-guide.md
-        - name: Sales territories
-          href: set-up-sales-territories-organize-business-markets-geographical-area.md
         - name: Define subjects to categorize cases, products, and articles
           href: define-subjects-categorize-cases-products-articles.md
         - name: Enhanced service level agreements

diff --git a/power-platform/admin/about-encryption.md b/power-platform/admin/about-encryption.md
@@ -1,18 +1,18 @@
 ---
-title: "About data encryption"
-description: "Learn about data encryption in Microsoft Dataverse." 
+title: About data encryption
+description: Learn about data encryption in Microsoft Dataverse. 
 author: paulliew
 ms.subservice: admin
 ms.author: paulliew
-ms.reviewer: jimholtz
+ms.reviewer: sericks
 contributors:
   - paulliew
   - denise-msft
 ms.custom: "admin-security"
 ms.service: power-platform
 ms.component: pa-admin
 ms.topic: overview
-ms.date: 08/24/2021
+ms.date: 07/17/2023
 search.audienceType: 
   - admin
 ---
@@ -30,20 +30,18 @@ Dynamics 365 uses heterogenous storage (Dataverse) to store the data. The data i
 - Azure Blob storage for binary data, such as images and documents
 - Azure Search for search indexing
 - Microsoft 365 Activity Log and Azure Cosmos DB for audit data
+- Azure Data Lake for analytics
 
 Dataverse databases are using SQL TDE (Transparent Data Encryption, compliant with FIPS 140-2) to provide real-time I/O encryption and decryption of the data and log files for data encryption at-rest. [Azure Storage Encryption](/azure/storage/common/storage-service-encryption) is used for data at rest stored in the Azure Blob Storage. These are encrypted and decrypted transparently using 256-bit AES encryption compliant with FIPS 140-2.
 
-By default, Microsoft stores and manages the database encryption key for your environments. As of now, given the heterogenous storage, the customer managed key feature is available only for the Azure SQL database that stores transactional data. The File/Document (blob storage) and Azure Data Lake encryption by customer managed key is in the roadmap for future releases. The manage keys feature in the Power Platform admin center gives administrators the ability to self-manage the database encryption key that is associated with the tenant. Given the heterogenous type of storage, Customer Managed Keys are limited to encrypt the Azure SQL Database storing transactional data only. File, Log and Search encryption will remain managed by Microsoft.
+By default, Microsoft stores and manages the database encryption key for your environments using a Microsoft-managed key. However, Power Platform provides a customer-managed encryption key (CMK) for added data protection control, where you can self-manage the database encryption key. The encryption key resides in your own Azure key vault, which allows you to rotate or swap the encryption key on demand. It also allows you to prevent Microsoft's access to your customer data when you revoke the key access to our services at any time.
 
 :::image type="content" source="media/encryption-data-at-rest.png" alt-text="Encryption of data at rest":::
 
-Administrators can provide their own encryption key using their own key generator hardware (HSM) or use our administrator tool to generate an encryption key. The key management feature supports both PFX and BYOK encryption files.
+Administrators can provide their own encryption key using their own key generator hardware (HSM) or use Azure Key Vault to generate an encryption key. The key management feature takes the complexity out of encryption key management by using Azure Key Vault to securely store encryption keys. Azure Key Vault helps safeguard cryptographic keys and secrets used by cloud applications and services. Encryption keys must meet the following Azure Key Vault requirements:
 
-The key management feature takes the complexity out of encryption key management by using Azure Key Vault to securely store encryption keys. Azure Key Vault helps safeguard cryptographic keys and secrets used by cloud applications and services. The key management feature doesn't require that you have an Azure Key Vault subscription and for most situations there is no need to access encryption keys used for Dynamics 365 (Dataverse) within the vault. Encryption keys must meet the following Azure Key Vault requirements:
-
-1. Key file format of PFX or BYOK,
-2. 2048-bit RSA or RSA-HSM key type, and
-3. PFX encryption key are password protected.
+- 2048-bit RSA 
+- [HSM BYOK](/azure/key-vault/keys/hsm-protected-keys)
 
 Administrators also can revert the encryption key back to a Microsoft managed key at any time.
 

diff --git a/power-platform/admin/about-microsoft-cloud-china.md b/power-platform/admin/about-microsoft-cloud-china.md
@@ -4,13 +4,16 @@ description: This article provides information about Microsoft Power Platform an
 author: sericks007
 ms.component: pa-admin
 ms.topic: conceptual
-ms.date: 03/23/2023
+ms.date: 09/25/2023
 ms.subservice: admin
 ms.author: sericks
 ms.contributors:
 - macarrer
 - pvayner
 - shailesn
+- ahothur
+contributors:
+- Akshay-Koushik-Hothur 
 ---
 # Power Platform and Dynamics 365 apps operated by 21Vianet in China
 
@@ -37,6 +40,12 @@ Microsoft strives to maintain functional parity across our localized datacenter
 
 To connect Dynamics 365 with your Exchange Online tenant in China and use server-side synchronization functionality, go to [Enable server-side synchronization functionality for Exchange Online in China](connect-exchange-online.md#enable-server-side-synchronization-functionality-for-exchange-online-in-china).
 
+## Telemetry for model-driven apps
+
+The following URL must be added to the allow list to ensure communication through firewalls and other security mechanisms for model-driven apps telemetry information:
+
+https://browser.pipe.aria.microsoft.com
+
 ## Expansion and transition to "China 3" datacenters
 
 Effective April 2023, current and future Business Applications customers who operate in China are poised to benefit greatly from the new Azure datacenters that are referred to as the Azure "China 3" Region. These cutting-edge datacenters provide enough capacity and robustness to sustain the ongoing expansion and demands of Business Applications in China. They also offer an opportunity to introduce capabilities and offerings that aren't currently available in the region. This development represents an exciting and promising advancement for the future of Business Applications in China.

diff --git a/power-platform/admin/add-users-to-environment.md b/power-platform/admin/add-users-to-environment.md
@@ -1,15 +1,15 @@
 ---
-title: "Add users to an environment automatically or manually"
-description: "Learn about adding users to an environment and how the process differs when it has a Dataverse database. Use security groups to restrict access or add specific users." 
-author: sericks007
+title: Add users to an environment automatically or manually
+description: Learn about adding users to an environment and how the process differs when it has a Dataverse database. Use security groups to restrict access or add specific users. 
+author: srpoduri 
 ms.subservice: admin
-ms.author: sericks
-ms.reviewer: jimholtz
+ms.author: sripod
+ms.reviewer: sericks
 ms.custom: "admin-security"
 
 ms.component: pa-admin
 ms.topic: conceptual
-ms.date: 08/17/2021
+ms.date: 07/21/2023
 search.audienceType: 
   - admin
 ---
@@ -27,11 +27,13 @@ When an environment is created with a Dataverse database or a Dataverse database
 
 - For a user to be successfully added to an environment that has a Dataverse database, the user must meet certain criteria. This same criteria applies to [enabling a user who is already present in an environment](create-users.md#enable-or-disable-user-accounts).  
 
-- Automatic user addition to an environment takes time, especially if your organization is large and access to the environment isn't restricted to any security group. As a best practice, we recommend that you restrict access to your environment to a specific set of users by [associating your environment to a security group](control-user-access.md). 
+- Automatic user addition to an environment takes time, especially if your organization is large and access to the environment isn't restricted to any security group. As a best practice, we recommend that you restrict access to your environment to a specific set of users by [associating your environment to a security group](control-user-access.md).
+
+- The system also supports just-in-time (JIT) user provisioning. In this scenario, when users access an environment URL, access requirements are checked at the time of sign-in and qualified users are added to the environment. 
 
 - In most cases, adding users to an environment only gives users access to the environment itself, not to any resources (apps and data) in the environment. You need to configure access to resources by [assigning security roles to users](database-security.md). Users with certain Dynamics 365 app licenses will be assigned some security roles by default that only give them read access to the environment's resources. Users who have been assigned service admin roles or the Global admin role, assigned through the Microsoft 365 admin center, will get the [System Administrator role](database-security.md#predefined-security-roles) by default. They will have admin privileges to the environment's resources when they get added to the environment. 
 
-- Because it can take a long time to automatically add users to an environment, you can use the following procedure to add specific users to the environment sooner. 
+- Because it can take a long time to automatically add users to an environment, you can use the following procedure to add specific users to the environment sooner.
 
 > [!TIP]
 > Check out the following video: [Adding users to Dataverse](https://www.microsoft.com/videoplayer/embed/RWJBra).

diff --git a/power-platform/admin/analytics-common-data-service.md b/power-platform/admin/analytics-common-data-service.md
@@ -1,13 +1,15 @@
 ---
 title: "View and download Dataverse analytics"
 description: "Access Dataverse analytics from the Power Platform admin center to view and download metrics such as active users, API calls, executions, and more."
-author: tjvass
+author: StephenRauchPM
 ms.topic: conceptual
 ms.date: 03/22/2022
 ms.subservice: admin
-ms.author: tjvass
+ms.author: stephenrauch
 ms.reviewer: sericks
+
 ---
+
 # Microsoft Dataverse analytics
 
 We've improved how you view metrics for your organization. You no longer need to install or update a solution. Instead, you can view Dataverse analytics right from the Microsoft Power Platform admin center to quickly view adoption and user metrics for your organization.