Merge pull request #314174 from craigshoemaker/learn/sre-agent-pr6030-connectors

SRE Agent: Connectors and knowledge sources from PR 6030 (split 1/2)

Author: v-dirichards

articles/sre-agent/add-web-page-knowledge.md

@@ -0,0 +1,83 @@
+---
+title: Add Web Page Knowledge Sources in Azure SRE Agent
+description: Learn how to add publicly accessible web pages as knowledge sources in Azure SRE Agent.
+ms.topic: concept-article
+ms.service: azure-sre-agent
+ms.date: 04/03/2026
+author: dm-chelupati
+ms.author: dchelupati
+ms.ai-usage: ai-assisted
+ms.custom: knowledge, web-page, URL, knowledge-base, external-resources
+---
+
+# Add web page knowledge sources in Azure SRE Agent
+
+Add any publicly accessible web page by URL. Your agent automatically fetches and indexes the content so it can reference external documentation, status pages, and wiki articles during investigations.
+
+> [!TIP]
+> - Add any publicly accessible web page by URL. Your agent automatically fetches and indexes the content.
+> - Reference external documentation, status pages, runbook sites, and wiki articles during investigations.
+> - One-step setup: provide a URL, name, and optional description.
+
+## The problem: external docs stay external
+
+Your team's knowledge isn't all in one place. Runbooks live on wiki sites. Vendor documentation is on external portals. Architecture diagrams and status pages are scattered across different URLs. When your agent investigates an issue, it can't reference these external resources - unless someone manually copies the content and uploads it as a file.
+
+That manual process is tedious and creates stale copies. The original page gets updated, but the uploaded file doesn't.
+
+## How web page knowledge works
+
+When you add a web page as a knowledge source, the agent fetches the page content and stores it for reference:
+
+1. You provide a URL, a name, and an optional description.
+1. The agent fetches the page content through an anonymous HTTP request.
+1. The page content is stored and indexed.
+1. Your agent can reference this content during conversations and investigations.
+
+The fetch happens when you add the URL. Content is stored as a point-in-time snapshot of the page.
+
+The agent fetches pages anonymously, without authentication credentials. Pages that require sign in, VPN access, or corporate SSO can't be indexed. To add content from protected pages, [upload it as a file](upload-knowledge-document.md) instead.
+
+## What gets indexed
+
+| Aspect | Behavior |
+|--------|----------|
+| **Content fetched** | Full page content from the single URL provided |
+| **Link following** | No. Only the specified URL is fetched, not linked pages |
+| **Authentication** | Anonymous. No credentials are sent with the request |
+| **Supported protocols** | HTTP and HTTPS |
+| **Fetch timeout** | 30 seconds |
+| **Refresh** | Manual. Delete and re-add the URL to get updated content |
+
+## When to use web page knowledge
+
+Web page knowledge sources work best for:
+
+- **Public documentation**: vendor docs, API references, cloud service guides
+- **Status pages**: service health dashboards, incident history pages
+- **Wiki articles**: publicly accessible knowledge base articles
+- **Architecture overviews**: publicly hosted architecture diagrams and design docs
+- **Runbook sites**: external runbook repositories accessible without authentication
+
+For internal or protected content that requires authentication, use [file uploads](upload-knowledge-document.md) instead.
+
+## Limitations
+
+| Limitation | Details |
+|------------|---------|
+| **No authentication** | Can't access pages behind authentication, VPN, or SSO |
+| **Single page only** | Doesn't crawl or follow links to other pages |
+| **Point-in-time snapshot** | Content isn't automatically refreshed when the source page changes |
+| **30-second timeout** | Pages that take longer than 30 seconds to load fail |
+| **URL format** | Must be an absolute HTTP or HTTPS URL |
+
+## Related content
+
+- [Connect knowledge](connect-knowledge.md)
+- [Upload knowledge documents](upload-knowledge-document.md)
+- [File attachments](file-attachments.md)
+
+## Next step
+
+> [!div class="nextstepaction"]
+> [Add a web page knowledge source](tutorial-upload-knowledge-document.md)

articles/sre-agent/add-web-page.md

@@ -0,0 +1,97 @@
+---
+title: "Tutorial: Add a Web Page Knowledge Source in Azure SRE Agent"
+description: Add a web page URL as a knowledge source so your agent can reference external documentation.
+ms.topic: tutorial
+ms.service: azure-sre-agent
+ms.date: 04/03/2026
+author: dm-chelupati
+ms.author: dchelupati
+ms.ai-usage: ai-assisted
+ms.custom: knowledge, web-page, URL, tutorial
+---
+
+# Tutorial: Add a web page knowledge source in Azure SRE Agent
+
+Add a public URL as a knowledge source that your agent references during investigations. You add the URL, verify it appears in the knowledge base, and confirm your agent can use the content.
+
+**Time**: ~5 minutes
+
+## Prerequisites
+
+- An Azure SRE Agent in **Running** state
+- **Write** permissions on the agent (AgentMemoryWrite)
+- A publicly accessible web page URL (any page that loads in a browser without authentication)
+
+## Step 1: Open Knowledge Sources
+
+1. Go to [sre.azure.com](https://sre.azure.com) and select your agent.
+1. In the left sidebar, select **Builder**.
+1. Select **Knowledge Sources**.
+
+You see the Knowledge Sources page with three action cards: **Add file**, **Add web page**, and **Add repository**.
+
+## Step 2: Open the Add Web Page dialog
+
+Select the **Add web page** card (the one with the globe icon).
+
+A dialog opens with three fields:
+
+- **Web page URL** (required): the URL to fetch
+- **Name** (required): a display name for this knowledge source
+- **Description** (optional): a brief description of what the page contains
+
+## Step 3: Enter the web page details
+
+1. **Web page URL**: Enter the full URL of the page you want to add. For example: `https://learn.microsoft.com/en-us/azure/azure-monitor/overview`
+1. **Name**: Enter a descriptive name, such as `Azure Monitor Overview`.
+1. **Description**: Optionally describe the content.
+
+> [!NOTE]
+> The URL must be an absolute URL (starting with `http://` or `https://`), publicly accessible, and reachable within 30 seconds.
+
+## Step 4: Add the web page
+
+Select **Add web page**.
+
+The agent fetches the page content. If successful, a notification confirms the web page was added and the dialog closes automatically.
+
+Common errors:
+
+| Error | Cause | Fix |
+|-------|-------|-----|
+| Invalid URL format | URL isn't absolute or not HTTP/HTTPS | Use a full URL starting with `https://` |
+| HTTP 403 | Page blocks automated requests | Try a different page, or upload the content as a file instead |
+| HTTP 404 | Page not found | Check the URL for typos |
+| Request timed out | Page took longer than 30 seconds | Try again, or upload the content as a file |
+| Empty content | Page requires JavaScript to render | Upload the content as a file instead |
+
+## Step 5: Verify the knowledge source
+
+After adding the web page, it appears in the Knowledge Sources list. Verify the following values:
+
+- **Name**: the display name you provided
+- **Type**: shows as **Web page**
+- **Status**: indicates whether the content was indexed
+
+## Step 6: Test with your agent
+
+1. Go to **Chats** in the left sidebar.
+1. Start a new conversation.
+1. Ask a question related to the web page content.
+
+Your agent should reference information from the web page in its response.
+
+## Updating web page content
+
+Web page knowledge sources are point-in-time snapshots. To refresh the content:
+
+1. Go to **Builder > Knowledge Sources**.
+1. Select the web page entry.
+1. Delete it.
+1. Re-add the URL by using the same steps.
+
+## Related content
+
+- [Upload knowledge documents](tutorial-upload-knowledge-document.md)
+- [Connect source code](connect-source-code.md)
+- [Connect knowledge](connect-knowledge.md)

articles/sre-agent/configuration-deletion.md

@@ -0,0 +1,67 @@
+---
+title: Remove Resources from Agent Scope in Azure SRE Agent
+description: Learn how to select and delete configured resources from your Azure SRE Agent scope.
+ms.topic: concept-article
+ms.service: azure-sre-agent
+ms.date: 04/03/2026
+author: dm-chelupati
+ms.author: dchelupati
+ms.ai-usage: ai-assisted
+ms.custom: delete, remove, configuration, scope, resources, cleanup
+---
+
+# Remove resources from agent scope in Azure SRE Agent
+
+Select and remove configured resources directly from the agent configuration overview without using the setup wizard. This process works for code repositories, log connectors, deployment connectors, Azure subscriptions, and resource groups.
+
+> [!TIP]
+> - Select and remove configured resources directly from the agent configuration overview
+> - When you remove subscriptions or resource groups, the agent automatically revokes its managed identity permissions
+> - No need to re-enter the full setup wizard to clean up stale resources
+
+## The problem
+
+As your infrastructure evolves, your agent's scope needs to evolve with it. Repositories get archived, connectors point to decommissioned services, and subscriptions shift between teams. Previously, removing a resource from your agent's monitoring scope meant re-entering the full setup wizard.
+
+## Prerequisites
+
+- An Azure SRE Agent with at least one configured resource (repository, connector, subscription, or resource group)
+- Contributor or Owner role on the agent resource
+
+## How removing resources works
+
+Each resource grid in the configuration overview includes checkboxes for selection and a **Delete** button that appears when you select one or more items.
+
+1. **Open the configuration overview.** From your agent's overview page, select **Expand** on the configuration status bar to see your configured resources organized by category.
+
+1. **Select items to remove.** Each resource row has a checkbox. Select individual items or use the header checkbox to select all items in a category.
+
+1. **Select Delete.** A **Delete** button with a trash icon appears next to the category header when you select items. A confirmation dialog titled **Remove from scope** appears, warning that permissions on those resources are revoked. Select **Remove** to confirm or **Cancel** to keep the resources.
+
+1. **Resources are removed immediately.** The grid refreshes and the deleted items disappear. For Azure subscriptions and resource groups, the agent also revokes its managed identity role assignments on those resources.
+
+### What you can remove
+
+| Resource type | What happens on removal |
+|--------------|------------------------|
+| Code repositories | Repository disconnects from the agent's knowledge graph |
+| Log connectors | Agent loses access to log querying tools for that connector |
+| Deployment connectors | Agent loses access to deployment history from that connector |
+| Azure subscriptions | Subscription removed from monitored scope; managed identity permissions revoked |
+| Resource groups | Resource group removed from monitored scope; managed identity permissions revoked |
+
+> [!WARNING]
+> Removal can't be undone. To restore a removed resource, re-add it through the setup wizard. You can't remove knowledge files from the configuration overview. Use the full setup wizard to manage them.
+
+## Before and after
+
+| Aspect | Before | After |
+|--------|--------|-------|
+| **Removing a resource** | Re-enter the full setup wizard | Select and delete from the overview |
+| **Stale connectors** | Visible but no way to remove without the wizard | Select, delete, done |
+| **Orphaned permissions** | Agent keeps permissions on removed subscriptions | Managed identity permissions automatically revoked |
+
+## Related content
+
+- [Favorites and Mine filter](favorites-mine-filter.md)
+- [Agent playground](agent-playground.md)

articles/sre-agent/connect-ado-repo-managed-identity.md

@@ -0,0 +1,104 @@
+---
+title: "Tutorial: Connect an ADO Repository with Managed Identity in Azure SRE Agent"
+description: Connect an Azure DevOps repository to your agent using managed identity authentication.
+ms.topic: tutorial
+ms.service: azure-sre-agent
+ms.date: 04/03/2026
+author: dm-chelupati
+ms.author: dchelupati
+ms.ai-usage: ai-assisted
+ms.custom: managed identity, azure devops, ado, repository, tutorial
+---
+
+# Tutorial: Connect an ADO repository with managed identity in Azure SRE Agent
+
+Connect an Azure DevOps repository to your agent using managed identity so you don't need to create or rotate PATs. Your agent uses its own Azure identity to access ADO repos for code-aware investigations.
+
+**Time**: ~10 minutes (including ADO admin setup)
+
+## Prerequisites
+
+- An Azure SRE Agent in **Running** state
+- A managed identity enabled on your agent (system-assigned or user-assigned)
+- An Azure DevOps organization with at least one repository
+- **SRE Agent Administrator** or **Standard User** role on the agent
+
+## Step 1: Grant the managed identity access to your ADO organization
+
+Before connecting from the agent portal, your managed identity must have access to the Azure DevOps organization.
+
+1. Go to your [Azure DevOps organization settings](https://dev.azure.com/) and select your organization.
+1. Go to **Organization settings** > **Users**.
+1. Select **Add users**.
+1. Search for your agent's managed identity by its service principal name or object ID.
+1. Set the access level to **Basic** (or higher).
+1. Add the identity to projects with **Code (Read)** permissions on the target repositories.
+
+**Checkpoint:** The managed identity appears in the ADO Users list with a Basic access level.
+
+## Step 2: Go to Knowledge sources
+
+1. Open your agent in the [Azure SRE Agent portal](https://sre.azure.com).
+1. In the left sidebar, expand **Builder**.
+1. Select **Knowledge sources**.
+
+**Checkpoint:** The Knowledge Sources page loads and shows any existing repository connections.
+
+## Step 3: Open the Add Repository dialog
+
+Select **Add repository**.
+
+**Checkpoint:** The Add repositories dialog opens and shows platform selection cards, such as GitHub and Azure DevOps.
+
+## Step 4: Select Azure DevOps with Managed Identity
+
+1. Select the **Azure DevOps** platform card.
+1. Under **Sign In Methods**, select **Managed Identity**.
+
+**Checkpoint:** The managed identity configuration form appears with an organization field and identity dropdown.
+
+## Step 5: Configure the managed identity connection
+
+1. Enter your Azure DevOps **Organization** name, which is the part after `dev.azure.com/` in your ADO URL.
+1. From the managed identity dropdown, select your identity:
+   - **System assigned**: uses the agent's built-in identity
+   - **User assigned**: select a specific identity attached to the agent
+1. Select **Connect**.
+
+**Checkpoint:** The button changes to **Connected** with a checkmark.
+
+> [!NOTE]
+> If the dropdown is empty, your agent might not have a managed identity enabled. Select the **Add identity** link below the dropdown to open the Azure portal Identity blade for your agent resource.
+
+## Step 6: Advance to repository selection
+
+Select **Next** to proceed to the repository selection step.
+
+**Checkpoint:** The dialog advances to show a project picker and repository grid.
+
+## Step 7: Select a project and add repositories
+
+1. From the **Azure DevOps Project** dropdown, select the project containing your repositories.
+1. Select **Add** to add a repository row.
+1. From the **Repository** dropdown, select a repository from the project.
+1. Enter a **Display name** for the repository.
+1. Optionally, enter a **Description**.
+1. Repeat for more repositories.
+1. Select **Save**.
+
+**Checkpoint:** Selected repositories appear in the Knowledge Sources page.
+
+## Troubleshooting
+
+| Problem | Cause | Fix |
+|---------|-------|-----|
+| Identity dropdown is empty | Agent has no managed identity enabled | Enable a system-assigned identity or attach a user-assigned identity in the Azure portal |
+| **Connect** button fails | Organization name is missing | Enter the ADO organization name before connecting |
+| Repos don't load after connecting | MI doesn't have access to the ADO organization | Add the MI service principal as a user in ADO Organization Settings > Users |
+| FIC connection fails | FederatedClientId and FederatedTenantId not both provided | Both fields are required when using FIC. Provide both or neither |
+
+## Related content
+
+- [Managed identity for ADO repos](managed-identity-ado-repos.md)
+- [Connect knowledge sources](connect-knowledge.md)
+- [Set up Azure DevOps connector](azure-devops-connector.md)