Document breaking Entra ID configuration change

cspell.json

@@ -40,6 +40,7 @@
         "distroless",
         "dockerfiles",
         "dylib",
+        "entra",
         "ESRP",
         "evented",
         "exfiltrate",

documentation/compatibility/9.0/README.md

@@ -0,0 +1,15 @@
+# Breaking Changes in 9.0
+
+If you are migrating your usage to `dotnet monitor` 9.0, the following changes might affect you. Changes are grouped together by areas within the tool.
+
+## Changes
+
+| Area | Title | Introduced |
+|--|--|--|
+| Configuration | [`TenantId` is now required when configuring Azure Active Directory authentication](#configuration-azure-active-directory-authentication) | RC 2 |
+
+## Details
+
+### Configuration: Azure Active Directory Authentication
+
+When using Azure Active Directory (Entra ID) for authentication, setting the `TenantId` option is now **required**. See [Azure Active Directory Authentication Configuration](../../configuration/azure-ad-authentication-configuration.md#configuration-options) for more details.

documentation/compatibility/README.md

@@ -2,3 +2,4 @@
 
 - [Breaking Changes in 7.0](./7.0/README.md)
 - [Breaking Changes in 8.0](./8.0/README.md)
+- [Breaking Changes in 9.0](./9.0/README.md)

documentation/configuration/azure-ad-authentication-configuration.md

@@ -6,15 +6,19 @@ Azure Active Directory authentication must be configured before `dotnet monitor`
 
 ## Configuration Options
 
+> [!NOTE]
+> Starting in 9.0 RC 2, the `TenantId` option is now **required**.
+
 | Name | Type | Required | Description |
 |---|---|---|---|
 | ClientId | string | true | The unique application (client) id assigned to the app registration in Azure Active Directory. |
 | RequiredRole | string | true | The role required to be able to authenticate. |
 | AppIdUri | uri | false | The App ID URI of the app registration. Defaults to `api://{ClientId}` if not specified. |
 | Instance | uri | false | Specifies the Azure cloud instance users are signing in from. Can be either the Azure public cloud or one of the national clouds. Defaults to the Azure public cloud (`https://login.microsoftonline.com`). |
-| TenantId | string | false | The tenant id of the Azure Active Directory tenant, or its tenant domain. Defaults to `organizations`. |
+| TenantId (9.0 RC 2+) | string | true | The tenant id of the Azure Active Directory tenant. |
+| TenantId | string | false | The tenant id of the Azure Active Directory tenant. Defaults to `organizations`. |
 
-A minimal configuration requires setting just the `ClientId` and `RequiredRole`.
+A minimal configuration requires setting just the `TenantId`, `ClientId`, and `RequiredRole`.
 
 ### Example Configuration
 
@@ -25,6 +29,7 @@ A minimal configuration requires setting just the `ClientId` and `RequiredRole`.
   {
       "Authentication": {
           "AzureAd": {
+            "TenantId": "6f565143-0d4c-4e44-a35b-974e4b2f78a0",
             "ClientId": "5eaf6ccc-e8c1-47c6-a68c-a6453172c655",
             "RequiredRole": "Application.Access"
           }
@@ -37,6 +42,7 @@ A minimal configuration requires setting just the `ClientId` and `RequiredRole`.
   <summary>Kubernetes ConfigMap</summary>
 
   ```yaml
+  Authentication__AzureAd__TenantId: "6f565143-0d4c-4e44-a35b-974e4b2f78a0"
   Authentication__AzureAd__ClientId: "5eaf6ccc-e8c1-47c6-a68c-a6453172c655"
   Authentication__AzureAd__RequiredRole: "Application.Access"
   ```
@@ -46,6 +52,8 @@ A minimal configuration requires setting just the `ClientId` and `RequiredRole`.
   <summary>Kubernetes Environment Variables</summary>
 
   ```yaml
+  - name: DotnetMonitor_Authentication__AzureAd__TenantId
+    value: "6f565143-0d4c-4e44-a35b-974e4b2f78a0"
   - name: DotnetMonitor_Authentication__AzureAd__ClientId
     value: "5eaf6ccc-e8c1-47c6-a68c-a6453172c655"
   - name: DotnetMonitor_Authentication__AzureAd__RequiredRole