MicrosoftDocs · learn-build-service-prod · Aug 27, 2024 · Aug 5, 2024 · Aug 5, 2024 · Aug 6, 2024
diff --git a/data-explorer/kusto/management/managed-identity-policy.md b/data-explorer/kusto/management/managed-identity-policy.md
@@ -60,3 +60,4 @@ The following values specify authentication to a `usage` using the configured ma
 |`ExternalTable` | Authenticate to external tables using connection strings configured with a managed identity. |
 | `NativeIngestion` |  Authenticate to an SDK for native ingestion from an external source. |
 | `SandboxArtifacts`| Authenticate to external artifacts referenced in sandboxed plugins (e.g., Python) with a managed identity. This usage needs to be defined on the cluster level managed identity policy. |
+| `SqlRequest`| Authenticate to an external database using the *sql_request* or *cosmosdb_request* plugin with a managed identity. |
diff --git a/data-explorer/kusto/query/cosmosdb-plugin.md b/data-explorer/kusto/query/cosmosdb-plugin.md
@@ -44,7 +44,8 @@ To authorize to an Azure Cosmos DB SQL network endpoint, you need to specify the
 
 |Authentication method|Description|
 |--|--|
-|Azure Resource Manager resource ID (Recommended)|For secure authentication, we recommend specifying the `armResourceId` and optionally the `token` in the [options](#supported-options). The `armResourceId` identifies the Cosmos DB database account, and the `token` should be a valid Microsoft Entra bearer token for a principal with access permissions to the Cosmos DB database. If no `token` is provided, the Microsoft Entra token of the requesting principal will be used for authentication.|
+|Managed identity (Recommended)|Append `Authentication="Active Directory Managed Identity";User Id={object_id};` to the connection string. The request is made on behalf of a managed identity which must have the appropriate permissions to the database.<br/>To enable managed identity authentication, you must add the managed identity to your cluster and alter the managed identity policy. For more information, see [Managed Identity policy](/azure/data-explorer/kusto/management/managed-identity-policy). |
+|Azure Resource Manager resource ID |This authentication method requires specifying the `armResourceId` and optionally the `token` in the [options](#supported-options). The `armResourceId` identifies the Cosmos DB database account, and the `token` must be a valid Microsoft Entra bearer token for a principal with access permissions to the Cosmos DB database. If no `token` is provided, the Microsoft Entra token of the requesting principal will be used for authentication. |
 |Account key|You can add the account key directly to the *ConnectionString* argument. However, this approach is less secure as it involves including the secret in the query text, and is less resilient to future changes in the account key. To enhance security, hide the secret as an [obfuscated string literal](scalar-data-types/string.md#obfuscated-string-literals).|
 |Token|You can add a token value in the plugin [options](#supported-options). The token must belong to a principal with relevant permissions. To enhance security, hide the token as an [obfuscated string literal](scalar-data-types/string.md#obfuscated-string-literals).|
 

diff --git a/data-explorer/kusto/query/sql-request-plugin.md b/data-explorer/kusto/query/sql-request-plugin.md
@@ -42,7 +42,8 @@ SQL Server endpoint.
 
 |Authentication method|Syntax|How|Description|
 |--|--|--|
-|Microsoft Entra integrated|`Authentication="Active Directory Integrated"`|Add to the *ConnectionString* parameter.|This is the preferred authentication method. The user or application authenticates via Microsoft Entra ID to your cluster, and the same token is used to access the SQL Server network endpoint.<br/>The principal must have the appropriate permissions on the SQL resource to perform the requested action. For example, to read from the database the principal needs table SELECT permissions, and to write to an existing table the principal needs UPDATE and INSERT permissions. To write to a new table, CREATE permissions are also required.|
+|Microsoft Entra integrated|`Authentication="Active Directory Integrated"`|Add to the *ConnectionString* parameter.| The user or application authenticates via Microsoft Entra ID to your cluster, and the same token is used to access the SQL Server network endpoint.<br/>The principal must have the appropriate permissions on the SQL resource to perform the requested action. For example, to read from the database the principal needs table SELECT permissions, and to write to an existing table the principal needs UPDATE and INSERT permissions. To write to a new table, CREATE permissions are also required.|
+|Managed identity|`Authentication="Active Directory Managed Identity";User Id={object_id}`|Add to the *ConnectionString* parameter.| The request is executed on behalf of a managed identity. The managed identity must have the appropriate permissions on the SQL resource to perform the requested action.<br/>To enable managed identity authentication, you must add the managed identity to your cluster and alter the managed identity policy. For more information, see [Managed Identity policy](/azure/data-explorer/kusto/management/managed-identity-policy). | 
 |Username and password|`User ID=...; Password=...;`|Add to the *ConnectionString* parameter.|When possible, avoid this method as it may be less secure.|
 |Microsoft Entra access token|`dynamic({'token': h"eyJ0..."})`|Add in the *Options* parameter.|The access token is passed as `token` property in the *Options* argument of the plugin.|
 

diff --git a/data-explorer/kusto/toc.yml b/data-explorer/kusto/toc.yml
@@ -55,6 +55,31 @@ items:
     href: management/toc.yml
   - name: Develop
     items:
+      - name: API overview
+        href: api/index.md
+      - name: Client libraries
+        items:
+          - name: Client libraries
+            href: api/client-libraries.md
+          - name: Kusto Data library
+            items:
+              - name: Kusto Data overview
+                href: api/netfx/about-kusto-data.md
+                displayName: kusto.data, SDK
+              - name: Best practices for Kusto Data
+                href: api/netfx/kusto-data-best-practices.md
+                displayName: kusto.data, SDK
+              - name: ClientRequestProperties class
+                href: api/netfx/client-request-properties.md
+                displayName: request properties, CRP, kusto.data, SDK
+          - name: Kusto Ingest library
+            items:
+              - name: Kusto Ingest overview
+                href: api/netfx/about-kusto-ingest.md
+                displayName: kusto.ingest, SDK
+              - name: Best practices for Kusto Ingest
+                href: api/netfx/kusto-ingest-best-practices.md
+                displayName: kusto.ingest, SDK
       - name: Write code with SDKs
         items:
           - name: Set up your environment
@@ -67,5 +92,28 @@ items:
             href: api/get-started/app-management-commands.md
           - name: Queued ingestion
             href: api/get-started/app-queued-ingestion.md
+      - name: Connection strings
+        items:
+          - name: Connection strings overview
+            href: api/connection-strings/index.md
+          - name: Kusto connection strings
+            href: api/connection-strings/kusto.md
+          - name: Storage connection strings
+            href: api/connection-strings/storage-connection-strings.md
+          - name: SQL external table connection strings
+            href: api/connection-strings/sql-connection-strings.md
+          - name: Generate SAS token
+            href: api/connection-strings/generate-sas-token.md
+      - name: Integrate the query editor in your apps
+        items:
+          - name: Integration overview
+            displayName: monaco web UI
+            href: api/monaco/monaco-overview.md
+          - name: Embed the web UI in an IFrame
+            displayName: monaco web UI
+            href: api/monaco/host-web-ux-in-iframe.md
+          - name: Integrate the Monaco editor with Kusto query support
+            displayName: monaco monaco-kusto
+            href: api/monaco/monaco-kusto.md
       - name: APIs and SDKs
         href: api/toc.yml
diff --git a/data-explorer/managed-identities-overview.md b/data-explorer/managed-identities-overview.md
@@ -60,6 +60,8 @@ After assigning the managed identity to your cluster and configuring the relevan
 
 * **Ingest from storage**: Ingest data from files located in cloud storages into a target table using managed identity authentication. For more information, see [Ingest from storage](/kusto/management/data-ingestion/ingest-from-storage?view=azure-data-explorer&preserve-view=true).
 
+* **Sql request plugins**: Use a managed identity to authenticate to an external database when using the *sql_request* or *cosmosdb_request* plugins.
+
 ## Related content
 
 * [Configure managed identities for your cluster](configure-managed-identities-cluster.md)