Merge remote-tracking branch 'origin/main' into dsierman-patch-3

Author: Mattp123

.openpublishing.redirection.json

@@ -8724,6 +8724,11 @@
       "source_path": "powerapps-docs/maker/portals/create-common-problems.md",
       "redirect_url": "/power-pages/getting-started/create-manage",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "powerapps-docs/maker/canvas-apps/working-with-dynamic-schema.md",
+      "redirect_url": "/power-apps/maker/canvas-apps/untyped-and-dynamic-objects#converting-formulas-that-return-untyped-objects-that-previously-returned-boolean",
+      "redirect_document_id": false
     }
   ]
 }

powerapps-docs/developer/data-platform/authenticate-oauth.md

@@ -2,7 +2,7 @@
 title: "Use OAuth authentication with Microsoft Dataverse (Dataverse) | Microsoft Docs" # Intent and product brand in a unique string of 43-59 chars including spaces
 description: "Learn how to authenticate applications with Microsoft Dataverse using OAuth." # 115-145 characters including spaces. This abstract displays in the search result.
 ms.custom: has-adal-ref
-ms.date: 09/12/2022
+ms.date: 10/16/2023
 ms.reviewer: pehecke
 ms.topic: article
 author: ritesp # GitHub ID
@@ -16,11 +16,11 @@ contributors:
 
 # Use OAuth authentication with Microsoft Dataverse
 
-[OAuth 2.0](https://oauth.net/2/) is the industry-standard protocol for authorization. After application users provide credentials to authenticate, OAuth determines whether they are authorized to access the resources.
+[OAuth 2.0](https://oauth.net/2/) is the industry-standard protocol for authorization. After application users provide credentials to authenticate, OAuth determines whether they're authorized to access the resources.
 
 Client applications must support the use of OAuth to access data using the Web API. OAuth enables two-factor authentication (2FA) or certificate-based authentication for server-to-server application scenarios.
 
-OAuth requires an identity provider for authentication. For Dataverse, the identity provider is Azure Active Directory (AAD). To authenticate with AAD using a Microsoft work or school account, use the [Microsoft Authentication Library](/azure/active-directory/develop/msal-overview#languages-and-frameworks) (MSAL).
+OAuth requires an identity provider for authentication. For Dataverse, the identity provider is Azure Active Directory (AD). To authenticate with AD using a Microsoft work or school account, use the [Microsoft Authentication Library](/azure/active-directory/develop/msal-overview#languages-and-frameworks) (MSAL).
 
 > [!NOTE]
 > This topic will introduce common concepts related to connecting to Dataverse using OAuth with authentication libraries. This content will focus on how a developer can connect to Dataverse but not on the inner workings of OAuth or the libraries. For complete information related to authentication see the Azure Active Directory documentation. [What is authentication?](/azure/active-directory/develop/authentication-scenarios) is a good place to start.
@@ -29,38 +29,38 @@ OAuth requires an identity provider for authentication. For Dataverse, the ident
 
 ## App Registration
 
-When you connect using OAuth you must first register an application in your Azure AD tenant. How you should register your app depends on the type of app you want to make.
+When you connect using OAuth, you must first register an application in your Azure AD tenant. How you should register your app depends on the type of app you want to make.
 
-In all cases, start with basic steps to register an app described in the AAD topic: [Quickstart: Register an application with the Microsoft identity platform](/azure/active-directory/develop/quickstart-register-app). For Dataverse specific instructions see [Walkthrough: Register an app with Azure Active Directory > Create an application registration](walkthrough-register-app-azure-active-directory.md#create-an-application-registration).
+In all cases, start with basic steps to register an app described in the AD article: [Quickstart: Register an application with the Microsoft identity platform](/azure/active-directory/develop/quickstart-register-app). For Dataverse specific instructions see [Walkthrough: Register an app with Azure Active Directory > Create an application registration](walkthrough-register-app-azure-active-directory.md#create-an-application-registration).
 
-The decisions you will need to make in this step mostly depend on the Application Type choice (see below).
+The decisions you need to make in this step mostly depend on the Application Type choice (see below).
 
 ### Types of app registration
 
-When you register an app with Azure AD one of the decisions you must make is the application type. There are two types of applications you can register:
+When you register an app with Azure AD one of the decisions, you must make is the application type. There are two types of applications you can register:
 
 | Application type | Description|
 |------------------|------------|
 | Web app /API | **Web client**<br />A type of [client application](/azure/active-directory/develop/developer-glossary#client-application) that executes all code on a web server.<br /><br />**User-agent-based client**<br />A type of [client application](/azure/active-directory/develop/developer-glossary#client-application) that downloads code from a web server and executes within a user-agent (for instance, a web browser), such as a Single Page Application (SPA). |
 |Native|A type of [client application](/azure/active-directory/develop/developer-glossary#client-application) that is installed natively on a device. |
 
-When you select **Web app /API** you must provide a **Sign-On URL** which is the URL where Azure AD will send the authentication response, including a token if authentication was successful. While you develop an app, this is usually set to `https://localhost/appname:[port]` so you can develop and debug your app locally. When you publish your app, you need to change this value to the published URL of the app.
+When you select **Web app /API** you must provide a **Sign-On URL** which is the URL where Azure AD sends the authentication response, including a token if authentication was successful. While you develop an app, this URL is usually set to `https://localhost/appname:[port]` so you can develop and debug your app locally. When you publish your app, you need to change this value to the published URL of the app.
 
-When you select **Native**, you must provide a Redirect URI. This is a unique identifier to which Azure AD will redirect the user-agent in an OAuth 2.0 request. This is typically a value formatted like so: `app://<guid>`.
+When you select **Native**, you must provide a Redirect URI. This URL is a unique identifier to which Azure AD will redirect the user-agent in an OAuth 2.0 request. This URL is typically a value formatted like so: `app://<guid>`.
 
 ### Giving access to Dataverse
 
-If your app will be a client which allows the authenticated user to perform operations, you must configure the application to have the Access Dynamics 365 as organization users delegated permission.
+If your app is a client that allows the authenticated user to perform operations, you must configure the application to have the Access Dynamics 365 as organization users delegated permission.
 
-For specific steps to do this, see [Walkthrough: Register an app with Azure Active Directory > Apply Permissions](walkthrough-register-app-azure-active-directory.md).
+For specific steps to set permissions, see [Walkthrough: Register an app with Azure Active Directory > Apply Permissions](walkthrough-register-app-azure-active-directory.md).
 
 <!-- TODO Verify this -->
 
-If your app will use Server-to-Server (S2S) authentication, this step is not required. That configuration requires a specific system user and the operations will be performed by that user account rather than any user that must be authenticated.
+If your app uses Server-to-Server (S2S) authentication, this step isn't required. That configuration requires a specific system user and the operations are performed by that user account rather than any user that must be authenticated.
 
 ### Use Client Secrets & Certificates
 
-For server to server scenarios there will not be an interactive user account to authenticate. In these cases, you need to provide some means to confirm that the application is trusted. This is done using client secrets or certificates.
+For server-to-server scenarios there won't be an interactive user account to authenticate. In these cases, you need to provide some means to confirm that the application is trusted. This is done using client secrets or certificates.
 
 For apps that are registered with the **Web app /API** application type, you can configure secrets. These are set using the **Keys** area under **API Access** in the **Settings** for the app registration.
 
@@ -85,12 +85,14 @@ Dataverse SDK for .NET includes client classes [CrmServiceClient](xref:Microsoft
 
 ## Use the AccessToken with your requests
 
-The point of using the authentication libraries is to get an access token that you can include with your requests.
-This only requires a few lines of code, and just a few more lines to configure an [HttpClient](xref:System.Net.Http.HttpClient) to execute a request.
+The point of using the authentication libraries is to get an access token that you can include with your requests. Getting the token only requires a few lines of code, and just a few more lines to configure an [HttpClient](xref:System.Net.Http.HttpClient) to execute a request.
+
+> [!IMPORTANT]
+> As demonstrated in the sample code of this article, use a "\<environment-url>/user_impersonation" scope for a public client. For a confidential client, use a scope of "\<environment-url>/.default".
 
 ### Simple example
 
-The following is the minimum amount of code needed to execute a single Web API request, but it is not the recommended approach. Note that this code uses the MSAL library and is taken from the [QuickStart](https://github.com/microsoft/PowerApps-Samples/tree/master/dataverse/webapi/C%23/QuickStart) sample.
+The following is the minimum amount of code needed to execute a single Web API request, but it isn't the recommended approach. Note that this code uses the MSAL library and is taken from the [QuickStart](https://github.com/microsoft/PowerApps-Samples/tree/master/dataverse/webapi/C%23/QuickStart) sample.
 
 ```csharp
 string resource = "https://contoso.api.crm.dynamics.com";
@@ -102,7 +104,7 @@ var authBuilder = PublicClientApplicationBuilder.Create(clientId)
     .WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs)
     .WithRedirectUri(redirectUri)
     .Build();
-var scope = resource + "/.default";
+var scope = resource + "/user_impersonation";
 string[] scopes = { scope };
 
 AuthenticationResult token =
@@ -148,7 +150,7 @@ class OAuthMessageHandler : DelegatingHandler
                         .WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs)
                         .WithRedirectUri(redirectUrl)
                         .Build();
-        var scope = serviceUrl + "//.default";
+        var scope = serviceUrl + "/user_impersonation";
         string[] scopes = { scope };
         // First try to get an authentication token from the cache using a hint.
         AuthenticationResult authBuilderResult=null;

powerapps-docs/developer/data-platform/data-export-service.md

@@ -117,7 +117,7 @@ var authBuilder = PublicClientApplicationBuilder.Create(AppId)
     .WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs)
     .WithRedirectUri(redirectUri)
     .Build();
-var scope = resource + "/.default";
+var scope = resource + "/user_impersonation";
 string[] scopes = { scope };
 
 // Use interactive username and password prompt

powerapps-docs/developer/data-platform/dependent-assembly-plugins.md

@@ -1,7 +1,7 @@
 ---
 title: Dependent Assembly plug-ins (preview)
 description: Learn how to include more assemblies that your plug-in assembly can depend on.
-ms.date: 08/08/2023
+ms.date: 10/12/2023
 ms.reviewer: jdaly
 ms.topic: article
 author: divkamath
@@ -44,7 +44,7 @@ If you have questions or issues with this feature, you can contact technical sup
 The following limitations apply to dependent assembly plug-ins.
 
 - [Workflow extensions](workflow/workflow-extensions.md), also known as *workflow assemblies*, *workflow activities* or *custom workflow activities* aren't supported.
-- Plug-ins for virtual table data providers aren't supported.
+- Plug-ins for virtual table data providers aren't supported. Importing a solution into an environment will fail if the solution contains plug-ins (with dependent assemblies) that are registered on virtual entities.
 - On-premises environments aren't supported.
 - Unmanaged code isn't supported. You can't include references to unmanaged resources.
 

powerapps-docs/developer/data-platform/email-activity-entities.md

@@ -1,7 +1,7 @@
 ---
 title: "Email activity tables (Microsoft Dataverse) | Microsoft Docs" # Intent and product brand in a unique string of 43-59 chars including spaces
 description: "The email activity in lets you track and manage email communications with customers." # 115-145 characters including spaces. This abstract displays in the search result.
-ms.date: 06/08/2023
+ms.date: 10/10/2023
 ms.reviewer: pehecke
 ms.topic: article
 author: DanaMartens # GitHub ID
@@ -113,7 +113,7 @@ Email descriptions (body of the email) have up to this point been stored in the
 
 ### Transition period
 
-The data migration from Dataverse relation store to Azure Blob storage for all customers is expected to start in May 2023. This data migration will take place as a background process. The initial data movement for existing customers is expected to last for about 6 to 12 weeks, and possibly even longer depending on the size of the data. After the initial data movement, any remaining migration is a continuous process. All email descriptions older than 12 months will be moved into Azure Blob storage automatically. Newer emails will not be moved until they become 12 months old.
+The data migration from Dataverse relation store to Azure Blob storage for all customers is expected to start in May 2023. This data migration will take place as a background process (job). The initial data movement for existing customers is expected to last for about 6 to 12 weeks, and possibly even longer depending on the size of the data. After the initial data movement, any remaining migration is a continuous process. All email descriptions older than 12 months will be moved into Azure Blob storage automatically. Newer emails will not be moved until they become 12 months old. The email description migration job runs periodically - about once every 30-60 days per tenant.
 
 This data migration will be transparent to you with the exception that you will see a reduction in the size of the [ActivityPointer](reference/entities/activitypointer.md) table after the migration process is fully completed. In Power Platform admin center within the **Capacity** report, a new email line item will be available in **File usage**. The end result is an increase in the overall File storage consumption and reduction in the database storage consumed.
 

powerapps-docs/developer/data-platform/register-plug-in.md

@@ -92,7 +92,7 @@ When you register a step, there are several registration options available to yo
 |**Message**|PRT auto-completes available message names in the system. More information: [Use messages with the SDK for .NET](org-service/use-messages.md)|
 |**Primary Entity**|PRT auto-completes valid tables that apply to the selected message. These messages have a `Target` parameter that accepts an <xref:Microsoft.Xrm.Sdk.Entity> or <xref:Microsoft.Xrm.Sdk.EntityReference> type. If valid tables apply, you should set this field value when you want to limit the number of times the plug-in is called. <br />If you leave it blank for core table messages like `Update`, `Delete`, `Retrieve`, and `RetrieveMultiple` or any message that can be applied with the message the plug-in will be invoked for all the tables that support this message.|
 |**Secondary Entity**|This field remains for backward compatibility for deprecated messages that accepted an array of <xref:Microsoft.Xrm.Sdk.EntityReference> as the `Target` parameter. This field is typically not used anymore.|
-|**Filtering Attributes**|With the `Update` or `OnExternalUpdated` message, when you set the **Primary Entity**, filtering columns limits the execution of the plug-in to cases where the selected columns are included in the update. Setting this field is a best practice for performance. |
+|**Filtering Attributes**|With the `Update` or `OnExternalUpdated` message, when you set the **Primary Entity**, filtering columns limits the execution of the plug-in to cases where the selected columns are included in the update. Setting this field is a best practice for performance. Don't include the primary key of the entity in the filtering attributes. The primary key is always included in update operations, so doing this will negate all other filtered attributes. | 
 |**Event Handler**|This field value will be populated based on the name of the assembly and the plug-in class. |
 |**Step Name**|The name of the step. A value is pre-populated based on the configuration of the step, but this value can be overridden.|
 |**Run in User's Context**|Provides options for applying impersonation for the step. The default value is **Calling User**. If the calling user doesn't have privileges to perform operations in the step, you may need to set this field value to a user who has these privileges. More information: [Set user impersonation for a step](#set-user-impersonation-for-a-step) |

powerapps-docs/developer/data-platform/webapi/quick-start-console-app-csharp.md

@@ -100,7 +100,7 @@ Follow these next steps to add code for the main program.
                               .WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs)
                               .WithRedirectUri(redirectUri)
                               .Build();
-               var scope = resource + "/.default";
+               var scope = resource + "/user_impersonation";
                string[] scopes = { scope };
 
                AuthenticationResult token =

powerapps-docs/limits-and-config.md

@@ -103,6 +103,7 @@ This list identifies all services to which Power Apps communicates and their usa
 | localhost | http | Power Apps Mobile|
 | 127.0.0.1 | http <br><br>You may need to explicitly list the port (5040 and up) for localhost/127.0.0.1.| Power Apps Mobile|
 | ecs.office.com | https | Retrieve feature flags for Power Apps |
+| augloop.office.com<br>\*.augloop.office.com | ws | Power Apps Studio Copilot |
 | config.edge.skype.com | https | Retrieve feature flags for Power Apps (backup)|
 | api.powerplatform.com<br>\*.api.powerplatform.com | https | Required for Power Platform API connectivity used internally by Microsoft products, and Power Platform [programmability and extensibility](/power-platform/admin/programmability-extensibility-overview).|
 | *.sharepointonline.com| https | Retrieve assets for presenting the header that appears at the top of app playing experiences |