Merge branch 'main' into tapanm-MSFT-patch-11

Author: mduelae

powerapps-docs/developer/component-framework/reference/utility/hasentityprivilege.md

@@ -3,7 +3,7 @@ title: hasEntityPrivilege (Power Apps component framework API reference) | Micro
 description: Returns if the user has privilege for specific table.
 ms.author: hemantg
 author: HemantGaur
-ms.date: 05/27/2022
+ms.date: 06/25/2024
 ms.reviewer: jdaly
 ms.topic: reference
 ms.subservice: pcf
@@ -35,6 +35,15 @@ Model-driven apps
 
 **Type**: `boolean`
 
+## Remarks
+
+This function might return false if the table metadata isn't locally cached. To ensure the table metadata is available in the local cache, call and await on [getEntityMetadata](getentitymetadata.md) before calling `hasEntityPrivilege`.
+
+```TypeScript
+await context.utils.getEntityMetadata(entityTypeName);
+context.utils.hasEntityPrivilege(entityTypeName, privilegeType, privilegeDepth);
+```
+
 ### Related articles
 
 [Utility](../utility.md)<br/>

powerapps-docs/developer/test-engine/overview.md

@@ -19,7 +19,7 @@ contributors:
 
 Power Apps Test Engine is a component within the Power Platform CLI (PAC CLI) used for testing standalone canvas apps in Power Apps. You must [Install Microsoft Power Platform CLI](/power-platform/developer/cli/introduction#install-microsoft-power-platform-cli) to use the Test Engine.
 
-[!INCLUDE [preview-note](../../../shared/preview-includes/preview-note.md)]
+[!INCLUDE [preview-note](../../../shared/preview-includes/preview-note-pp.md)]
 
 ## Benefits
 

powerapps-docs/maker/canvas-apps/controls/modern-controls/new-stream-video-control.md

@@ -5,7 +5,7 @@ author: yogeshgupta698
 
 ms.topic: reference
 ms.component: canvas
-ms.date: 4/2/2024
+ms.date: 6/25/2024
 ms.subservice: canvas-maker
 ms.author: yogupt
 
@@ -56,9 +56,14 @@ To add a Steam video in your canvas app, follow these steps to get the embed URL
 
 **Height** - The distance between a control's top and bottom edges. 
 
+## Mobile support for stream control
+Stream control is now also supported on mobile. To comply with Apple's privacy policies, iOS users must follow these steps to enable cross-site tracking on Power Apps:
+
+1. On iOS, select **Settings** > go to **Power Apps**.
+1. Set the toggle for **Allow Cross-Website Tracking** to **On**.
+
 ## Limitations
 
-1. Currently only browser support is available. Mobile app support is coming soon.
 1. Control properties such as auto start, auto play, and start from are coming soon.
-1. We don't recommend adding more than four videos on a single canvas app screen because it can cause performance issues.
-1. The last played state isn't preserved for videos within galleries.
+1. Don't add more than four videos on a single canvas app screen because it can cause performance issues.
+3. The last played state isn't preserved for a video that's in a gallery.

shared/responsible-ai-faqs-includes/copilot-data-security-privacy.md

@@ -1,8 +1,13 @@
 ---
 author: sericks007
 ms.author: sericks
-ms.date: 06/04/2024
+ms.date: 06/24/2024
 ms.topic: include
+ms.contributors:
+- ywanjari
+- deepabansal
+- traliil
+- mikebc
 ---
 
 <!--Any changes to this article must be reviewed by RAI Champ Leads and CELA-->
@@ -79,6 +84,9 @@ Hate and fairness-related harms refer to any content that uses pejorative or dis
 
 [Jailbreak attacks](/azure/ai-services/openai/whats-new#responsible-ai) are user prompts that are designed to provoke the generative AI model into behaving in ways it was trained not to or breaking the rules it's been told to follow. Services across Dynamics 365 and Power Platform are required to protect against prompt injections. [Learn more about jailbreak attacks and how to use Azure AI Content Safety to detect them](/azure/ai-services/content-safety/concepts/jailbreak-detection).
 
+## Does Copilot block indirect prompt injections (indirect attacks)?
+Indirect attacks, also referred to as _indirect prompt attacks_ or _cross-___domain prompt injection attacks_, are a potential vulnerability where third parties place malicious instructions inside of documents that the generative AI system can access and process. Services across Dynamics 365 and Power Platform are required to protect against indirect prompt injections. [Learn more about indirect attacks and how to use Azure AI Content Safety to detect them](/azure/ai-services/content-safety/concepts/jailbreak-detection).
+
 ## How does Microsoft test and validate Copilot quality, including prompt injection protection and grounded responses? 
 
 Every new Copilot product and language model iteration must pass an internal responsible AI review before it can be launched. Before release, we use a process called "red teaming" (in which a team simulates an enemy attack, finding and exploiting weaknesses to help the organization improve its defenses) to assess potential risks in harmful content, jailbreak scenarios, and grounded responses. After release, we use automated testing and manual and automated evaluation tools to assess the quality of Copilot responses.