Merge pull request #9797 from MicrosoftDocs/main638355171846331239sync_temp

learn-build-service-prod[bot] · web-flow · commit 14f31d4d3607 · 2023-11-14T00:06:37.000Z
For protected branch, push strategy should use PR and merge to target branch method to work around git push error
diff --git a/bridge/articles/bridge-to-kubernetes-vs-code.md b/bridge/articles/bridge-to-kubernetes-vs-code.md
@@ -113,7 +113,7 @@ Select **Run** then **Stop Debugging** or press **Shift**+**F5** to stop the deb
 
 Bridge to Kubernetes can handle routing traffic and replicating environment variables without any additional configuration. If you need to download any files that are mounted to the container in your Kubernetes cluster, such as a ConfigMap file, you can create a `KubernetesLocalProcessConfig.yaml` to download those files to your development computer. For more information, see [Configure Bridge to Kubernetes][kubernetesLocalProcessConfig-yaml].
 
-If you're using an AKS cluster that uses managed identity, a security feature provided by Azure Active Directory, see [Use managed identity with Bridge to Kubernetes](managed-identity.md) for information about how to configure Bridge to Kubernetes for this scenario.
+If you're using an AKS cluster that uses managed identity, a security feature provided by Microsoft Entra ID, see [Use managed identity with Bridge to Kubernetes](managed-identity.md) for information about how to configure Bridge to Kubernetes for this scenario.
 
 ## Using logging and diagnostics
 
diff --git a/bridge/articles/managed-identity.md b/bridge/articles/managed-identity.md
@@ -3,14 +3,14 @@ title: "How to use managed identity with Bridge to Kubernetes"
 ms.technology: bridge
 ms.date: 08/11/2022
 ms.topic: "conceptual"
-description: "Learn how to use Azure Active Directory (Azure AD) managed identity in an AKS cluster with Bridge to Kubernetes"
+description: "Learn how to use Microsoft Entra managed identity in an AKS cluster with Bridge to Kubernetes"
 manager: jmartens
 author: ghogen
 ms.author: ghogen
 ---
 # Use managed identity with Bridge to Kubernetes
 
-If your AKS cluster uses [managed identity](/azure/active-directory/managed-identities-azure-resources/overview) security features to secure access to secrets and resources, Bridge to Kubernetes needs some special configuration to ensure it can work with these features. An Azure Active Directory (AD) token needs to be downloaded to the local machine to ensure that local execution and debugging is properly secured, and this requires some special configuration in Bridge to Kubernetes. This article shows how to configure Bridge to Kubernetes to work with services that use managed identity.
+If your AKS cluster uses [managed identity](/azure/active-directory/managed-identities-azure-resources/overview) security features to secure access to secrets and resources, Bridge to Kubernetes needs some special configuration to ensure it can work with these features. A Microsoft Entra token needs to be downloaded to the local machine to ensure that local execution and debugging is properly secured, and this requires some special configuration in Bridge to Kubernetes. This article shows how to configure Bridge to Kubernetes to work with services that use managed identity.
 
 ## How to configure your service to use managed identity
 
@@ -22,11 +22,13 @@ enableFeatures:
 ```
 
 > [!WARNING]
-> Be sure to only use managed identity for Bridge to Kubernetes when working with dev clusters, not production clusters, because the Azure AD token is fetched to the local machine, which presents a potential security risk.
+> Be sure to only use managed identity for Bridge to Kubernetes when working with dev clusters, not production clusters, because the Microsoft Entra token is fetched to the local machine, which presents a potential security risk.
 
 If you don't have a *KubernetesLocalConfig.yaml* file, you can create one; see [How to: Configure Bridge to Kubernetes](configure-bridge-to-kubernetes.md).
 
-## How to fetch the Azure Active Directory tokens
+<a name='how-to-fetch-the-azure-active-directory-tokens'></a>
+
+## How to fetch the Microsoft Entra tokens
 
 You must ensure that you are relying on either `Azure.Identity.DefaultAzureCredential` or `Azure.Identity.ManagedIdentityCredential` in code when fetching the token.
 
@@ -52,7 +54,7 @@ To learn how to access other Azure resources using managed identity, see the [Ne
 
 ## Receive Azure alerts when tokens are downloaded
 
-Whenever you use Bridge to Kubernetes on a service, the Azure AD token is downloaded to the local machine. You can enable Azure alerts to be notified when this occurs. For information, see [Enable Azure Defender](/azure/security-center/enable-azure-defender). Please be aware that there is a charge (after a 30-day trial period).
+Whenever you use Bridge to Kubernetes on a service, the Microsoft Entra token is downloaded to the local machine. You can enable Azure alerts to be notified when this occurs. For information, see [Enable Azure Defender](/azure/security-center/enable-azure-defender). Please be aware that there is a charge (after a 30-day trial period).
 
 ## Next steps
 
@@ -68,4 +70,4 @@ There are other tutorials in that section as well for using managed identity to
 
 ## See also
 
-[Azure Active Directory](/azure/active-directory/managed-identities-azure-resources/)
+[Microsoft Entra ID](/azure/active-directory/managed-identities-azure-resources/)
diff --git a/bridge/articles/toc.yml b/bridge/articles/toc.yml
@@ -22,7 +22,7 @@
     href: kubernetes-environment-variables.md
 - name: Configure Bridge to Kubernetes
   href: configure-bridge-to-kubernetes.md
-- name: Use Azure AD managed identities
+- name: Use Microsoft Entra managed identities
   href: managed-identity.md
 - name: Resources
   expanded: true
diff --git a/docs/containers/edit-and-refresh.md b/docs/containers/edit-and-refresh.md
@@ -5,7 +5,7 @@ ms.author: ghogen
 author: ghogen
 manager: jmartens
 ms.topic: how-to
-ms.date: 10/17/2023
+ms.date: 11/08/2023
 ms.technology: vs-container-tools
 ---
 # Debug apps in a local Docker container
@@ -157,12 +157,48 @@ The following procedure demonstrates how to add orchestration support to a .NET
    ![Screenshot of the code window for Program.cs in Visual Studio with a breakpoint set to the left of a code line that is highlighted in yellow.](media/edit-and-refresh/breakpoint-console.png)
    ::: moniker-end
 
+:::moniker range=">=vs-2022"
+## Authenticating to Azure services using the token proxy
+
+When you're using Azure services from a container, you can use [DefaultAzureCredential](/dotnet/api/azure.identity.defaultazurecredential) (with the [VisualStudioCredential](/dotnet/api/azure.identity.visualstudiocredential) enabled) to authenticate with Azure services with your Microsoft Entra account without any additional configuration in the container. To enable this, see [How to configure Visual Studio Container Tools](container-tools-configure.md). Also, you need to set up Azure authentication in Visual Studio by following the instructions at [Authenticate Visual Studio with Azure](/dotnet/azure/configure-visual-studio#authenticate-visual-studio-with-azure). The support for VisualStudioCredential in a container is available in Visual Studio version 17.6 and later.
+
+### Azure Functions
+
+If you're debugging an integrated Azure Functions project and using the token proxy in the container to handle authentication to Azure services, you need to copy the .NET runtime onto the container for the token proxy to run. If you're debugging an isolated Azure Functions project, it already has the .NET runtime, so there's no need for this extra step.
+
+To ensure the .NET runtime is available to the token proxy, add or modify the `debug` layer in the Dockerfile that copies the .NET runtime into the container image. For Linux containers, you can add the following code to the Dockerfile:
+
+```dockerfile
+# This layer is to support debugging, VS's Token Proxy requires the runtime to be installed in the container
+FROM mcr.microsoft.com/dotnet/runtime:8.0 AS runtime
+FROM base as debug
+COPY --from=runtime /usr/share/dotnet /usr/share/dotnet
+RUN ln -s /usr/share/dotnet/dotnet /usr/bin/dotnet
+```
+
+Also, in the Visual Studio project, you need to make some changes to specify this as the layer to use when debugging in Fast Mode. For an explanation of Fast Mode, see [Customize Docker containers in Visual Studio](container-build.md#debugging). For single container scenarios (not Docker Compose), set the MSBuild property `DockerfileFastModeStage` to `debug` in order to use that layer for debugging. For Docker Compose, modify the `docker-compose.vs.debug.yml` as follows:
+
+```yml
+# Set the stage to debug to use an image with the .NET runtime in it
+services:
+  functionappintegrated:
+    build:
+      target: debug
+```
+
+For a code sample of authentication with Azure Functions, including both integrated and isolated scenarios, see [VisualStudioCredentialExample](https://github.com/NCarlsonMSFT/VisualStudioCredentialExample).
+:::moniker-end
+
 ## Container reuse
 
-During the development cycle, Visual Studio rebuilds only your container images and the container itself when you change the Dockerfile. If you don't change the Dockerfile, Visual Studio reuses the container from an earlier run.
+When you use [Fast Mode](container-build.md#debugging), which Visual Studio normally uses for the Debug configuration, Visual Studio rebuilds only your container images and the container itself when you change the Dockerfile. If you don't change the Dockerfile, Visual Studio reuses the container from an earlier run.
 
 If you manually modified your container and want to restart with a clean container image, use the **Build** > **Clean** command in Visual Studio, and then build as normal.
 
+When you're not using Fast Mode, which is typical for the Release configuration, Visual Studio rebuilds the container each time the project is built.
+
+You can configure when Fast Mode is used; see [How to configure Visual Studio Container Tools](container-tools-configure.md).
+
 ## Troubleshoot
 
 Learn how to [troubleshoot Visual Studio Docker development](troubleshooting-docker-errors.md).
diff --git a/docs/debugger/index.yml b/docs/debugger/index.yml
@@ -30,6 +30,8 @@ landingContent:
             url: getting-started-with-the-debugger-cpp.md
           - text: Learn to debug Visual Basic
             url: ../get-started/visual-basic/tutorial-debugger.md?toc=%252fvisualstudio%252fdebugger%252ftoc.json
+          - text: Try AI-assisted debugging
+            url: debug-with-copilot.md  
           - text: Run Python code in the debugger >>
             url: ../python/tutorial-working-with-python-in-visual-studio-step-04-debugging.md
           - text: Debugging for absolute beginners
@@ -63,8 +65,6 @@ landingContent:
         links:
           - text: Debugger tips and tricks
             url: debugger-tips-and-tricks.md
-          - text: Debug with Copilot
-            url: debug-with-copilot.md
           - text: Write and debug running XAML code
             url: ../xaml-tools/xaml-hot-reload.md
           - text: Debug a live Azure app
