Merge remote-tracking branch 'origin/main' into matp-2863997

Author: Mattp123

.openpublishing.redirection.json

@@ -1,5 +1,20 @@
 {
   "redirections": [
+    {
+      "source_path": "powerapps-docs/developer/data-platform/webapi/aad-group-team.md",
+      "redirect_url": "../aad-group-team",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "powerapps-docs/developer/data-platform/walkthrough-registering-configuring-simplespa-application-adal-js.md",
+      "redirect_url": "quick-start-register-configure-simplespa-application-msal-js",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "powerapps-docs/maker/data-platform/azure-synapse-link-copy-sql.md",
+      "redirect_url": "azure-synapse-link-pipelines",
+      "redirect_document_id": false
+    },
     {
       "source_path": "powerapps-docs/developer/data-platform/webapi/samples/cdswebapiservice.md",
       "redirect_url": "webapiservice",
@@ -7206,4 +7221,4 @@
       "redirect_document_id": "false"
     }
   ]
-}
+}

powerapps-docs/developer/data-platform/TOC.yml

@@ -24,6 +24,8 @@
       href: security-access-coding.md
     - name: Security roles and templates
       href: security-roles.md
+    - name: Active Directory group teams
+      href: aad-group-team.md
 - name: Work with data using code
   href: work-with-data.md
   items:
@@ -450,8 +452,8 @@
           href: walkthrough-register-app-azure-active-directory.md
         - name: "Tutorial: Create an ASP.NET Core Blazor WebAssembly App"
           href: walkthrough-blazor-webassembly-single-tenant.md
-        - name: "Tutorial: Register and configuring a SPA application with adal.js"
-          href: walkthrough-registering-configuring-simplespa-application-adal-js.md
+        - name: "Quick Start: Register and configure a SPA application with msal.js"
+          href: quick-start-register-configure-simplespa-application-msal-js.md
 - name: Transition apps to Dataverse ServiceClient
   href: sdk-client-transition.md
 - name: Best practices

powerapps-docs/developer/data-platform/webapi/aad-group-team.md renamed to powerapps-docs/developer/data-platform/aad-group-team.md

@@ -245,10 +245,10 @@ GET [Organization URI]/api/data/v9.0/RetrieveAadUserPrivileges(DirectoryObjectId
 
 If you have a non-interactive process where your service needs to check if the user has access rights to a record, you can make a [RetrievePrincipalAccess function](/dynamics365/customer-engagement/web-api/retrieveprincipalaccess) call on behalf of the user by specifying the `CallerID`.
 
-More information: [Impersonate another user](../impersonate-another-user.md)
+More information: [Impersonate another user](impersonate-another-user.md)
 
 ### See also
 
 [Manage app and resource access using Azure Active Directory groups](/azure/active-directory/fundamentals/active-directory-manage-groups)
 
-[!INCLUDE[footer-include](../../../includes/footer-banner.md)]
+[!INCLUDE[footer-include](../../includes/footer-banner.md)]

powerapps-docs/developer/data-platform/api-limits.md

@@ -1,14 +1,12 @@
 ---
 title: "Service protection API limits (Microsoft Dataverse) | Microsoft Docs" 
-description: "Understand the service protection limits for API requests." 
-ms.custom: ""
-ms.date: 03/22/2022
-ms.reviewer: "jdaly"
-ms.topic: "article"
-author: "divka78" 
+description: "Understand what a developer needs to do to manage service protection limits for API requests." 
+ms.date: 09/15/2022
+ms.reviewer: jdaly
+ms.topic: article
+author: divka78
 ms.subservice: dataverse-developer
-ms.author: "jdaly" 
-manager: "ryjones" 
+ms.author: dikamath 
 search.audienceType: 
   - developer
 search.app: 
@@ -251,61 +249,39 @@ If you are using the Web API with a client library, you may find that it support
 If you have written your own library, you can include behaviors to be similar to the one included in this sample code for a helper [WebAPIService class library (C#)](webapi/samples/webapiservice.md).
 
 ```csharp
-private async Task<HttpResponseMessage> SendAsync(
-    HttpRequestMessage request,
-    HttpCompletionOption httpCompletionOption = HttpCompletionOption.ResponseHeadersRead,
-    int retryCount = 0)
+/// <summary>
+/// Specifies the Retry policies
+/// </summary>
+/// <param name="config">Configuration data for the service</param>
+/// <returns></returns>
+static IAsyncPolicy<HttpResponseMessage> GetRetryPolicy(Config config)
 {
-    HttpResponseMessage response;
-    try
-    {
-        //The request is cloned so it can be sent again.
-        response = await httpClient.SendAsync(request.Clone(), httpCompletionOption);
-    }
-    catch (Exception)
-    {
-        throw;
-    }
-
-    if (!response.IsSuccessStatusCode)
-    {
-        if ((int)response.StatusCode != 429)
-        {
-            //Not a service protection limit error
-            throw ParseError(response);
-        }
-        else
-        {
-            // Give up re-trying if exceeding the maxRetries
-            if (++retryCount >= config.MaxRetries)
-            {
-                throw ParseError(response);
-            }
-
+    return HttpPolicyExtensions
+      .HandleTransientHttpError()
+      .OrResult(httpResponseMessage => httpResponseMessage.StatusCode == System.Net.HttpStatusCode.TooManyRequests)
+      .WaitAndRetryAsync(
+         retryCount: config.MaxRetries,
+         sleepDurationProvider: (count, response, context) =>
+         {
             int seconds;
-            //Try to use the Retry-After header value if it is returned.
-            if (response.Headers.Contains("Retry-After"))
+            HttpResponseHeaders headers = response.Result.Headers;
+
+            if (headers.Contains("Retry-After"))
             {
-                seconds = int.Parse(response.Headers.GetValues("Retry-After").FirstOrDefault());
+               seconds = int.Parse(headers.GetValues("Retry-After").FirstOrDefault());
             }
             else
             {
-                //Otherwise, use an exponential backoff strategy
-                seconds = (int)Math.Pow(2, retryCount);
+               seconds = (int)Math.Pow(2, count);
             }
-            await Task.Delay(TimeSpan.FromSeconds(seconds));
-
-            return await SendAsync(request, httpCompletionOption, retryCount);
-        }
-    }
-    else
-    {
-        return response;
-    }
+            return TimeSpan.FromSeconds(seconds);
+         },
+         onRetryAsync: (_, _, _, _) => { return Task.CompletedTask; }
+      );
 }
 ```
 
-You may also want to use [Polly](https://github.com/App-vNext/Polly), a .NET resilience and transient-fault-handling library that allows developers to express policies such as Retry, Circuit Breaker, Timeout, Bulkhead Isolation, and Fallback in a fluent and thread-safe manner.
+This example uses [Polly](https://github.com/App-vNext/Polly), a .NET resilience and transient-fault-handling library that allows developers to express policies such as Retry, Circuit Breaker, Timeout, Bulkhead Isolation, and Fallback in a fluent and thread-safe manner.
 
 ### HTTP Response headers
 
@@ -334,7 +310,7 @@ If you are using the Organization Service, we recommend that you use the <xref:M
 
 Since Xrm.Tooling.Connector version 9.0.2.16, it will automatically pause and re-send the request after the Retry-After duration period.
 
-If your application is currently using the low-level <xref:Microsoft.Xrm.Sdk.Client>.<xref:Microsoft.Xrm.Sdk.Client.OrganizationServiceProxy> or <xref:Microsoft.Xrm.Sdk.WebServiceClient>.<xref:Microsoft.Xrm.Sdk.WebServiceClient.OrganizationWebProxyClient> classes. You should be able to replace those with the CrmServiceClient class. The <xref:Microsoft.Xrm.Sdk.Client.OrganizationServiceProxy> is deprecated.
+If your application is currently using the low-level <xref:Microsoft.Xrm.Sdk.Client>.<xref:Microsoft.Xrm.Sdk.Client.OrganizationServiceProxy> or <xref:Microsoft.Xrm.Sdk.WebServiceClient>.<xref:Microsoft.Xrm.Sdk.WebServiceClient.OrganizationWebProxyClient> classes. You should be able to replace those with the CrmServiceClient  or ServiceClient class. The <xref:Microsoft.Xrm.Sdk.Client.OrganizationServiceProxy> is deprecated.
 
 More information:
 
@@ -345,7 +321,7 @@ More information:
 
 To achieve optimum throughput you should use multiple-threads. The Task Parallel Library (TPL) makes developers more productive by simplifying the process of adding parallelism and concurrency to applications.
 
-TPL can be used with <xref:Microsoft.Xrm.Tooling.Connector.CrmServiceClient> because CrmServiceClient includes a <xref:Microsoft.Xrm.Tooling.Connector.CrmServiceClient.Clone> method that allows for managing multiple instances of the client with TPL. For an example, see [Sample: Task Parallel Library with CrmServiceClient](xrm-tooling/sample-tpl-crmserviceclient.md).
+TPL can be used with either <xref:Microsoft.Xrm.Tooling.Connector.CrmServiceClient> or <xref:Microsoft.PowerPlatform.Dataverse.Client.ServiceClient> because both classes include a `Clone` method that allows for managing multiple instances of the client with TPL. For an example, see [Sample: Task Parallel Library with CrmServiceClient](xrm-tooling/sample-tpl-crmserviceclient.md).
 
 ## Frequently asked questions
 

powerapps-docs/developer/data-platform/authenticate-oauth.md

@@ -2,7 +2,7 @@
 title: "Use OAuth authentication with Microsoft Dataverse (Dataverse) | Microsoft Docs" # Intent and product brand in a unique string of 43-59 chars including spaces
 description: "Learn how to authenticate applications with Microsoft Dataverse using OAuth." # 115-145 characters including spaces. This abstract displays in the search result.
 ms.custom: has-adal-ref
-ms.date: 07/28/2022
+ms.date: 09/12/2022
 ms.reviewer: pehecke
 ms.topic: article
 author: ritesp # GitHub ID
@@ -61,10 +61,6 @@ For specific steps to do this, see [Walkthrough: Register an app with Azure Acti
 
 If your app will use Server-to-Server (S2S) authentication, this step is not required. That configuration requires a specific system user and the operations will be performed by that user account rather than any user that must be authenticated.
 
-### Enable Implicit Flow
-
-If you are configuring an app for a Single Page Application (SPA) you must edit the Manifest to set the `oauth2AllowImplicitFlow` value to `true`. More information: [Walkthrough: Registering and configuring a SPA application with adal.js](walkthrough-registering-configuring-simplespa-application-adal-js.md)
-
 ### Use Client Secrets & Certificates
 
 For server to server scenarios there will not be an interactive user account to authenticate. In these cases, you need to provide some means to confirm that the application is trusted. This is done using client secrets or certificates.
@@ -145,45 +141,58 @@ The following is an example of a custom class derived from <xref:System.Net.Http
 class OAuthMessageHandler : DelegatingHandler
 {
     private AuthenticationHeaderValue authHeader;
-
     public OAuthMessageHandler(string serviceUrl, string clientId, string redirectUrl, string username, string password,
             HttpMessageHandler innerHandler)
         : base(innerHandler)
     {
-
         string apiVersion = "9.2";
         string webApiUrl = $"{serviceUrl}/api/data/v{apiVersion}/";
-
-        //Build Microsoft.Identity.Client (MSAL) OAuth Token Request
         var authBuilder = PublicClientApplicationBuilder.Create(clientId)
                         .WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs)
                         .WithRedirectUri(redirectUrl)
                         .Build();
         var scope = serviceUrl + "//.default";
         string[] scopes = { scope };
-
-        AuthenticationResult authBuilderResult;
-        if (username != string.Empty && password != string.Empty)
+        // First try to get an authentication token from the cache using a hint.
+        AuthenticationResult authBuilderResult=null;
+        try
         {
-            //Make silent Microsoft.Identity.Client (MSAL) OAuth Token Request
-            var securePassword = new SecureString();
-            foreach (char ch in password) securePassword.AppendChar(ch);
-            authBuilderResult = authBuilder.AcquireTokenByUsernamePassword(scopes, username, securePassword)
-                        .ExecuteAsync().Result;
+            authBuilderResult = authBuilder.AcquireTokenSilent(scopes, username)
+               .ExecuteAsync().Result;
         }
-        else
+        catch (Exception ex)
         {
-            //Popup authentication dialog box to get token
-            authBuilderResult = authBuilder.AcquireTokenInteractive(scopes)
-                        .ExecuteAsync().Result;
+            System.Diagnostics.Debug.WriteLine(
+                $"Error acquiring auth token from cache:{System.Environment.NewLine}{ex}");
+            // Token cache request failed, so request a new token.
+            try
+            {
+                if (username != string.Empty && password != string.Empty)
+                {
+                    // Request a token based on username/password credentials.
+                    authBuilderResult = authBuilder.AcquireTokenByUsernamePassword(scopes, username, password)
+                                .ExecuteAsync().Result;
+                }
+                else
+                {
+                    // Prompt the user for credentials and get the token.
+                    authBuilderResult = authBuilder.AcquireTokenInteractive(scopes)
+                                .ExecuteAsync().Result;
+                }
+            }
+            catch (Exception msalex)
+            {
+                System.Diagnostics.Debug.WriteLine(
+                    $"Error acquiring auth token with user credentials:{System.Environment.NewLine}{msalex}");
+                throw;
+            }
         }
-
         //Note that an Azure AD access token has finite lifetime, default expiration is 60 minutes.
         authHeader = new AuthenticationHeaderValue("Bearer", authBuilderResult.AccessToken);
     }
 
     protected override Task<HttpResponseMessage> SendAsync(
-                HttpRequestMessage request, System.Threading.CancellationToken cancellationToken)
+              HttpRequestMessage request, System.Threading.CancellationToken cancellationToken)
     {
         request.Headers.Authorization = authHeader;
         return base.SendAsync(request, cancellationToken);

powerapps-docs/developer/data-platform/bypass-custom-business-logic.md

@@ -191,7 +191,7 @@ No. If a synchronous plug-in or real-time workflow in a Microsoft solution perfo
 
 ### Can I use this option for data operations I perform within a plug-in?
 
-Yes, But only when the plug-in is running in the context of a user who has the `prvByPassPlugins` privilege. For the Organization Service, set the optional `BypassCustomPluginExecution` parameter on the class derived from [OrganizationRequest Class](/dotnet/api/microsoft.xrm.sdk.organizationrequest). You cannot use the CrmServiceClient in a plug-in.
+Yes, But only when the plug-in is running in the context of a user who has the `prvByPassPlugins` privilege. For the Organization Service, set the optional `BypassCustomPluginExecution` parameter on the class derived from [OrganizationRequest Class](/dotnet/api/microsoft.xrm.sdk.organizationrequest). You cannot use the CrmServiceClient or ServiceClient classes in a plug-in.
 
 ### What about asychronous plug-in steps, asynchronous workflows and flows?
 

powerapps-docs/developer/data-platform/create-custom-api-with-code.md

@@ -101,7 +101,7 @@ OData-EntityId: [Organization URI]/api/data/v9.1/customapis(b532b299-4684-eb11-a
 
 ## Create a Custom API using the Organization Service
 
-This code uses the <xref:Microsoft.Xrm.Tooling.Connector.CrmServiceClient> with a early-bound programming style: More information: 
+This code uses the <xref:Microsoft.Xrm.Tooling.Connector.CrmServiceClient> with a early-bound programming style. You can also use <xref:Microsoft.PowerPlatform.Dataverse.Client.ServiceClient>. More information:
 
 - [Use CrmServiceClient constructors to connect to Dataverse](xrm-tooling/use-crmserviceclient-constructors-connect.md)
 - [Late-bound and Early-bound programming using the Organization service](org-service/early-bound-programming.md)
@@ -122,6 +122,7 @@ string conn = $@"
     LoginPrompt=Auto;
     RequireNewInstance = True";
 
+//var service = new ServiceClient(conn);
 var service = new CrmServiceClient(conn);
 
 //The plug-in type
@@ -180,10 +181,9 @@ Guid customAPIId = ((CreateResponse)service.Execute(createReq)).id;
 ### See also
 
 [Create and use Custom APIs](custom-api.md)<br/>
-[CustomAPI tables](custom-api-tables.md)<br/>
+[Custom API tables](custom-api-tables.md)<br/>
 [Create a Custom API using the plug-in registration tool](create-custom-api-prt.md)<br/>
 [Create a Custom API in Power Apps](create-custom-api-maker-portal.md)<br/>
 [Create a Custom API with solution files](create-custom-api-solution.md)<br/>
 
-
 [!INCLUDE[footer-include](../../includes/footer-banner.md)]

powerapps-docs/developer/data-platform/dataverse-sql-query.md

@@ -70,7 +70,7 @@ select name, fullname from account a inner join contact c on a.primarycontactid
 
 ![Another query using a JOIN.](media/ssms-join-query.PNG)
 
-### Power BI
+### Power BI (General Availability)
 
 You can use the **Analyze in Power BI** option (**Data** > **Tables** > **Analyze in Power BI**) in Power Apps (https://make.powerapps.com) to use the Dataverse connector to analyze data in Power BI Desktop. More information: [View table data in Power BI Desktop](/powerapps/maker/data-platform/view-entity-data-power-bi)
 
@@ -81,7 +81,7 @@ You can use the **Analyze in Power BI** option (**Data** > **Tables** > **Analyz
 
 Any operation that attempts to modify data (that is, INSERT, UPDATE) will not work with this read-only SQL data connection. For a detailed list of supported SQL operations on the Dataverse endpoint, see [How Dataverse SQL differs from Transact-SQL](how-dataverse-sql-differs-from-transact-sql.md).
 
-The following Dataverse datatypes are not supported with the SQL connection: `binary`, `image`, `sql_variant`, `varbinary`, `virtual`, `HierarchyId`, `managedproperty`, `file`, `xml`, `partylist`, `timestamp`, `choices`. In addition, tables types 'virtual' and 'audit' are not supported at this time. 
+The following Dataverse datatypes are not supported with the SQL connection: `binary`, `image`, `sql_variant`, `varbinary`, `virtual`, `HierarchyId`, `managedproperty`, `file`, `xml`, `partylist`, `timestamp`, `choices`. In addition, tables types 'virtual' and 'audit' are not supported at this time.
 
 > [!TIP]
 > `partylist` attributes can instead be queried by joining to the `activityparty` table as shown below.
@@ -181,8 +181,8 @@ This means the port has been blocked at the client.
 
 ### See also
 
+[Get started with virtual tables (entities)](./virtual-entities/get-started-ve.md)  
 [Use FetchXML to construct a query](dataverse-sql-query.md)  
 [Service Protection API Limits](api-limits.md)
 
-
 [!INCLUDE[footer-include](../../includes/footer-banner.md)]

powerapps-docs/developer/data-platform/how-dataverse-sql-differs-from-transact-sql.md

@@ -2,7 +2,7 @@
 title: "How Dataverse SQL Differs from Transact-SQL | Microsoft Docs" # Intent and product brand in a unique string of 43-59 chars including spaces
 description: "Learn what subset of the Transact-SQL language is supported by the Dataverse SQL endpoint." # 115-145 characters including spaces. This abstract displays in the search result.
 ms.custom: ""
-ms.date: 12/16/2020
+ms.date: 09/09/2022
 ms.reviewer: "pehecke"
 
 ms.topic: "article"
@@ -92,6 +92,7 @@ More information: [Transact-SQL statements](/sql/t-sql/statements/statements)
   - All WHERE conditions
   - All nested queries (SELECT, FROM, WHERE)
   - Union
+  - PIVOT and UNPIVOT
   - [GROUP BY](#select-group-by)/Having
 - General
   - IF THEN ELSE
@@ -106,7 +107,6 @@ More information: [Transact-SQL statements](/sql/t-sql/statements/statements)
 - DCL
 - Stored Procedure
 - DQL
-  - Pivot
   - DQL XML function
   - DQL JSON function
   - CUBE and ROLLUP