Merge branch 'master' into test-studio-canvas-app

Author: tapanm-MSFT

powerapps-docs/developer/common-data-service/best-practices/TOC.yml

@@ -28,6 +28,8 @@
         href: business-logic/set-timeout-for-external-calls-from-plug-ins.md
       - name: Use InvalidPluginExecutionException in plug-ins and workflow activities
         href: business-logic/use-invalidpluginexecutionexception-plugin-workflow-activities.md
+      - name: Verify certification dependencies for plug-ins making outbound calls
+        href: business-logic/verify-certification-dependencies.md
   - name: Work with data using code
     href: work-with-data/index.md
     items:

powerapps-docs/developer/common-data-service/best-practices/business-logic/index.md

@@ -27,7 +27,7 @@ This list below contains all of the guidance and best practices regarding the pl
 
 |Best Practice  |Description  |
 |---------|---------|
-|[Avoid usage of batch request types in plug-ins and workflow activities](avoid-batch-requests-plugin.md)     |You shouldn't use ExecuteMultipleRequest or ExecuteTransactionRequest message request classes within the context of a plug-in or workflow activity.         |
+|[Avoid usage of batch request types in plug-ins and workflow activities](avoid-batch-requests-plugin.md)|You shouldn't use ExecuteMultipleRequest or ExecuteTransactionRequest message request classes within the context of a plug-in or workflow activity.|
 |[Develop IPlugin implementations as stateless](develop-iplugin-implementations-stateless.md)     |Members of classes that implement IPlugin are exposed to potential thread-safety issues which could lead to data inconsistency or performance problems.         |
 |[Do not duplicate plug-in step registration](do-not-duplicate-plugin-step-registration.md)     |Duplicate plug-in step registration will cause the plug-in to fire multiple times on the same message/event.         |
 |[Do not use parallel execution within plug-ins and workflow activities](do-not-use-parallel-execution-in-plug-ins.md)|Multi or parallel threading within plug-ins or custom workflow activities is not supported.|
@@ -39,6 +39,7 @@ This list below contains all of the guidance and best practices regarding the pl
 |[Set KeepAlive to false when interacting with external hosts in a plug-in](set-keepalive-false-interacting-external-hosts-plugin.md)     |KeepAlive property set to true in the HTTP request header or not explicitly defined as false can cause increased execution times of plug-ins.         |
 |[Set Timeout when making external calls in a plug-in](set-timeout-for-external-calls-from-plug-ins.md)     |Limit the time period that external calls will expect a response within plug-ins.|   
 |[Use InvalidPluginExecutionException in plug-ins and workflow activities](use-invalidpluginexecutionexception-plugin-workflow-activities.md)     |Use InvalidPluginExecutionException when raising errors within the context of a plug-in or workflow activity.         |
+|[Verify certification dependencies for plug-ins making outbound calls](verify-certification-dependencies.md)|Ensure that any certificates that your code depends on for outbound calls has a valid chain of certificates.|
 
 ### See Also
 

powerapps-docs/developer/common-data-service/best-practices/business-logic/verify-certification-dependencies.md

@@ -0,0 +1,63 @@
+---
+title: "Verify certification dependencies for plug-ins making outbound calls | MicrosoftDocs"
+description: "Ensure that any certificates that your code depends on for outbound calls has a valid chain of certificates."
+services: ''
+suite: powerapps
+documentationcenter: na
+author: JimDaly
+manager: ryjones
+editor: ''
+tags: ''
+ms.service: powerapps
+ms.devlang: na
+ms.topic: article
+ms.tgt_pltfrm: na
+ms.workload: na
+ms.date: 01/08/2020
+ms.author: jdaly
+search.audienceType: 
+  - developer
+search.app: 
+  - PowerApps
+  - D365CE
+---
+# Verify certification dependencies for plug-ins making outbound calls
+
+**Category**: Maintainability, Supportability
+
+**Impact potential**: High
+
+<a name='symptoms'></a>
+
+## Symptoms
+
+You may get this error when your plug-in makes an https call to an external resource:
+
+`WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.`
+
+
+<a name='guidance'></a>
+
+## Guidance
+
+You should verify that the site you want to connect with has a valid chain of certificates. Use one of the online test tools such as [Qualys SSL Labs SSL Server Test](https://www.ssllabs.com/ssltest/analyze.html) to verify that the site provides a valid chain of certificates.
+
+
+<a name='additional'></a>
+
+## Additional information
+
+You may encounter this when connecting to a new endpoint for the first time or when something about the certificate has changed.
+
+When the code in your plug-in running in the sandbox attempts to connect to an external endpoint using https, the CDS Sandbox will start SSL/TLS negotiation. The endpoint presents a certificate to use for encryption. If the certificate has one or more intermediate certificates it must present the entire chain to successfully complete SSL/TLS negotiation. If the complete chain is not presented SSL/TLS communication cannot be established. 
+
+
+
+
+<a name='seealso'></a>
+
+### See also
+
+[Write a plug-in](../../write-plug-in.md) <br /> 
+[Set KeepAlive to false when interacting with external hosts in a plug-in](set-keepalive-false-interacting-external-hosts-plugin.md)<br /> 
+[Set Timeout when making external calls in a plug-in](set-timeout-for-external-calls-from-plug-ins.md)

powerapps-docs/developer/common-data-service/data-export-service.md

@@ -17,14 +17,14 @@ search.app:
 ---
 # Data export service
 
-Data Export is an add-on service made available as a Common Data Service solution that adds the ability to replicate Common Data Service data to a Microsoft Azure SQL Database store in a customer-owned Microsoft Azure subscription. The supported target destinations are Microsoft Azure SQL Database and Microsoft Azure SQL Server on Microsoft Azure virtual machines. Data Export intelligently synchronizes the entire Dynamics 365 schema and data initially and thereafter synchronizes on a continuous basis as changes occur (delta changes) in the Dynamics 365 (online) system.  
+Data Export is an add-on service made available as a Common Data Service solution that adds the ability to replicate Common Data Service data to a Microsoft Azure SQL Database store in a customer-owned Microsoft Azure subscription. The supported target destinations are Microsoft Azure SQL Database and Microsoft Azure SQL Server on Microsoft Azure virtual machines. Data Export intelligently synchronizes the entire Common Data Service schema and data initially and thereafter synchronizes on a continuous basis as changes occur (delta changes) in Common Data Service.  
 
- The Data Export service provides an interface for managing configuration and ongoing administration of this service from within Common Data Service.  For more information, see [Data Export](https://technet.microsoft.com/library/a70feedc-12b9-4a2d-baf0-f489cdcc177d). This topic explains the corresponding programmatic interface and issues for this service.  
+The Data Export service provides an interface for managing configuration and ongoing administration of this service from within Common Data Service.  For more information, see [Replicate data to Azure SQL Database](https://docs.microsoft.com/power-platform/admin/replicate-data-microsoft-azure-sql-database). This topic explains the corresponding programmatic interface and issues for this service.  
 
 ## Prerequisites for using the Data Export Service  
- Because this service requires access to an external Microsoft Azure SQL Database from Common Data Service,   a number of prerequisites must be satisfied before you can successfully access this service. The following perquisites are more fully explained from an administrator's perspective in the section [Prerequisites for using Data Export Service](https://technet.microsoft.com/library/mt744592.aspx).  
+ Because this service requires access to an external Microsoft Azure SQL Database from Common Data Service, a number of prerequisites must be satisfied before you can successfully access this service. The following perquisites are more fully explained from an administrator's perspective in the section [Prerequisites for using Data Export Service](/power-platform/admin/replicate-data-microsoft-azure-sql-database#prerequisites-for-using-).  
 
- Your Common Data Service service must be configured so that:  
+ Your Common Data Service environment must be configured so that:  
 
 - The entities that will be exported are enabled with change tracking. For more information, see [Use change tracking to synchronize data with external systems](use-change-tracking-synchronize-data-external-systems.md).  
 

powerapps-docs/developer/common-data-service/webapi/perform-conditional-operations-using-web-api.md

@@ -2,7 +2,7 @@
 title: "Perform conditional operations using the Web API (Common Data Service)| Microsoft Docs"
 description: "Read how to create conditions that decide whether and how to perform certain operations using the Web API"
 ms.custom: ""
-ms.date: 08/31/2019
+ms.date: 01/08/2020
 ms.service: powerapps
 ms.suite: ""
 ms.tgt_pltfrm: ""
@@ -38,8 +38,6 @@ Common Data Service generates a weakly validating `@odata.etag` property for eve
 ## If-Match and If-None-Match headers
 
 Use [If-Match](https://tools.ietf.org/html/rfc7232#section-3.1) and [If-None-Match](https://tools.ietf.org/html/rfc7232#section-3.2) headers with ETag values to check whether the current version of a resource matches the one last retrieved, matches any previous version or matches no version.  These comparisons form the basis of conditional operation support. Common Data Service provides ETags to support conditional retrievals, optimistic concurrency, and limited upsert operations.
- 
-Queries which expand collection-valued navigation properties may return cached data for those properties that doesn’t reflect recent changes. It is recommended to use `If-None-Match` header with value `null` to override browser caching. See [HTTP Headers](compose-http-requests-handle-errors.md#bkmk_headers) for more details. Use `If-None-Match` header with a specific ETag value to ensure that only changed data is returned.
 
 > [!WARNING]
 > Client code should not give any meaning to the specific value of an ETag, nor to any apparent relationship between ETags beyond equality or inequality. For example, an ETag value for a more recent version of a resource is not guaranteed to be greater than the ETag value for an earlier version. Also, the algorithm used to generate new ETag values may change without notice between releases of a service.  
@@ -48,16 +46,9 @@ Queries which expand collection-valued navigation properties may return cached d
 
 ## Conditional retrievals
 
-Etags enable you to optimize record retrievals whenever you access the same record multiple times. If you have previously retrieved a record, you can pass the ETag value with the `If-None-Match` header to request data to be retrieved only if it has changed since the last time it was retrieved. If the data has changed, the request returns an HTTP status of 200 (OK) with the latest data in the body of the request. If the data hasn’t changed, the HTTP status code 304 (Not Modified) is returned to indicate that the entity hasn’t been modified. The following example message pair returns data for an account entity with the `accountid` equal to `00000000-0000-0000-0000-000000000001` when the data hasn’t changed since it was last retrieved.  
-
-> [!NOTE]
-> Conditional retrieval works only for entities that have optimistic concurrency enabled. Check if an entity has optimistic concurrency enabled using the Web API request shown below. Entities that have optimistic concurrency enabled will have <xref href="Microsoft.Xrm.Sdk.Metadata.EntityMetadata.IsOptimisticConcurrencyEnabled?text=EntityMetadata.IsOptimisticConcurrencyEnabled" /> property set to `true`.
+Etags enable you to optimize record retrievals whenever you access the same record multiple times. If you have previously retrieved a record, you can pass the ETag value with the `If-None-Match` header to request data to be retrieved only if it has changed since the last time it was retrieved. If the data has changed, the request returns an HTTP status of `200 (OK)` with the latest data in the body of the request. If the data hasn’t changed, the HTTP status code `304 (Not Modified)` is returned to indicate that the entity hasn’t been modified. 
 
-> ```HTTP
-> GET [Organization URI]/api/data/v9.0/EntityDefinitions(LogicalName='<Entity Logical Name>')?$select=IsOptimisticConcurrencyEnabled
-> ```
-<!-- TODO:
-> For more information about optimistic concurrency, see [Reduce potential data loss using optimistic concurrency](../org-service/reduce-potential-data-loss-using-optimistic-concurrency.md).   -->
+The following example message pair returns data for an account entity with the `accountid` equal to `00000000-0000-0000-0000-000000000001` when the data hasn’t changed since it was last retrieved when the Etag value was `W/"468026"`
 
  **Request**  
 ```http  
@@ -74,6 +65,20 @@ HTTP/1.1 304 Not Modified
 Content-Type: application/json; odata.metadata=minimal  
 OData-Version: 4.0  
 ```  
+
+The following sections describe limitations to using conditional retrievals.
+
+### Entity must have optimistic concurrency enabled
+
+Check if an entity has optimistic concurrency enabled using the Web API request shown below. Entities that have optimistic concurrency enabled will have <xref href="Microsoft.Xrm.Sdk.Metadata.EntityMetadata.IsOptimisticConcurrencyEnabled?text=EntityMetadata.IsOptimisticConcurrencyEnabled" /> property set to `true`.
+
+```http
+GET [Organization URI]/api/data/v9.0/EntityDefinitions(LogicalName='<Entity Logical Name>')?$select=IsOptimisticConcurrencyEnabled
+```
+
+### Query must not include $expand
+
+The Etag can only detect if the single record that is being retrieved has changed. When you use `$expand` in your query, additional records may be returned and it is not possible to detect whether or not any of those records have changed. If the query includes `$expand` it will never return `304 Not Modified`.
 
 <a name="bkmk_limitUpsertOperations"></a>
 

powerapps-docs/developer/common-data-service/webapi/retrieve-related-entities-query.md

@@ -2,7 +2,7 @@
 title: "Retrieve related entity records with a query (Common Data Service)| Microsoft Docs"
 description: "ead how you can retrieve related entity records by expanding the navigation properties."
 ms.custom: ""
-ms.date: 07/15/2019
+ms.date: 01/08/2020
 ms.service: powerapps
 ms.suite: ""
 ms.tgt_pltfrm: ""
@@ -31,7 +31,9 @@ Use the `$expand` system query option in the navigation properties to control wh
 If you include only the name of the navigation property, you’ll receive all the properties for related records. You can limit the properties returned for related records using the `$select` system query option in parentheses after the navigation property name. Use this for both single-valued and collection-valued navigation properties.  
 
 > [!NOTE]
->  To retrieve related entities for an entity instance, see [Retrieve related entities for an entity by expanding navigation properties](retrieve-entity-using-web-api.md#bkmk_expandRelated).  
+>  - To retrieve related entities for an entity instance, see [Retrieve related entities for an entity by expanding navigation properties](retrieve-entity-using-web-api.md#bkmk_expandRelated). 
+> - Queries which expand collection-valued navigation properties may return cached data for those properties that doesn’t reflect recent changes. It is recommended to use `If-None-Match` header with value `null` to override browser caching. See [HTTP Headers](compose-http-requests-handle-errors.md#bkmk_headers) for more details.
+> 
 
 <a bkmk="bkmk_retrieverelatedentityexpandsinglenavprop"></a>
 

powerapps-docs/maker/common-data-service/create-and-use-dataflows.md

@@ -67,6 +67,8 @@ and manage them from that environment. In addition, individuals who want to get
 data from your dataflow must have access to the environment in which you created
 it.
 
+> [!NOTE]
+> Creating dataflows is currently not available with Power Apps Community Plan licenses.
 
 1.  Sign in to Power Apps, and verify which environment you're in, find the environment switcher near the right side of the command bar.
 

powerapps-docs/maker/common-data-service/use-solution-explorer.md

@@ -87,7 +87,7 @@ In Power Apps, you can view the classic solution explorer by selecting **Solutio
 
 The following limitations apply to the use of canvas apps, flows, and custom connectors in solutions. 
 
-- Canvas app triggered flows are not available in solutions.
+- Canvas app button triggered flows are currently not supported in solutions. Create the app and flow outside of a solution, and export the .msapp file to migrate canvas apps with an embedded button triggered flow. 
 - If a canvas app is packaged in a managed solution, it can't be edited and re-published in the target environment. Use unmanaged solutions if the apps require editing in the target environment. 
 - Connections require authentication and consent, which requires an interactive user session and therefore cannot be transported via solutions. After importing your solution, play the app to authenticate connections. You can also create the connections in the target enviornment prior to importing the solution. 
 -	Canvas apps shared as co-owner to an Azure Active Directory (AAD) security group can't be added to solutions. Unshare the app before adding it to a solution.

powerapps-docs/maker/dev-community-plan.md

@@ -61,6 +61,7 @@ With the individual environment, you get the following functionality:
 | Create and run applications on the Common Data Service |Yes |
 | Model your data in the Common Data Service |Yes |
 | Create a database in the Common Data Service |Yes |
+| Create and use dataflows |No |
 | **Management** | |
 | Add co-workers as environment makers and admins |No |
 | Add co-workers to the database roles |No |

powerapps-docs/maker/portals/add-web-resource.md

@@ -2,13 +2,13 @@
 title: "Add azure storage web resource to a form | MicrosoftDocs"
 description: "Steps to add azure storage web resource to a form to enable uploading attachments to Azure Storage."
 author: sbmjais
-manager: shujoshi
+manager: kvivek
 ms.service: powerapps
 ms.topic: conceptual
 ms.custom: 
-ms.date: 11/11/2019
+ms.date: 01/07/2020
 ms.author: shjais
-ms.reviewer:
+ms.reviewer: tapanm
 ---
 
 # Add the Azure Storage web resource to a form
@@ -62,7 +62,7 @@ The paper-clip icon has been replaced with a cloud icon to denote that this file
 
 > [!Note]
 > You must add cross-origin resource sharing (CORS) rule on your Azure Storage account as follows, otherwise you will see the regular attachment icon rather than the cloud icon.
-> - **Allowed origins**: Specify your ___domain. For example, `http://contoso.crm.dynamics.com`.
+> - **Allowed origins**: Specify your ___domain. For example, `https://contoso.crm.dynamics.com`.
 > - **Allowed verbs**: GET, PUT, DELETE, HEAD, POST
 > - **Allowed headers**: Specify the request headers that the origin ___domain may specify on the CORS request. For example, x-ms-meta-data\*, x-ms-meta-target\*. For this scenario, you must specify *, otherwise the web resource will not render properly.
 > - **Exposed headers**: Specify the response headers that may be sent in the response to the CORS request and exposed by the browser to the request issuer. For example, x-ms-meta-\*.