Add doc for MSAL-based Azure CLI

docs-ref-conceptual/TOC.yml

@@ -27,6 +27,9 @@
     displayName: core, extension, status, GA, public preview, experimental
   - name: Release notes
     href: release-notes-azure-cli.md?toc=%2fcli%2fazure%2ftoc.json&bc=%2fcli%2fazure%2fbreadcrumb%2ftoc.json
+  - name: MSAL-based Azure CLI
+    href: msal-based-azure-cli.md
+    displayName: msal, authentication, encryption
   - name: CLI Versioning
     href: cli-versioning-identifiers.md
     displayName: version, classic, 2.0, 1.0, xplat
@@ -44,9 +47,6 @@
     - name: Install - Linux
       href: install-azure-cli-linux.md
       displayName: install, script, unix, bsd, linux, lfs, wsl, slackware, ubuntu, debian, mint, opensuse, suse, sles, leap, tumbleweed, rhel, redhat, red hat, fedora
-    - name: Install - beta
-      href: install-azure-cli-beta.md
-      displayName: install, beta
   - name: Update
     href: update-azure-cli.md
     displayName: update, upgrade

docs-ref-conceptual/install-azure-cli-windows.md

@@ -33,14 +33,10 @@ When the installer asks if it can make changes to your computer, click the "Yes"
 
 ### Azure CLI current version
 
-Download and install the current release of the Azure CLI.  After the installation is complete, you will need to close and reopen any active Windows Command Prompt or PowerShell windows to use the Azure CLI.
+Download and install the latest release of the Azure CLI.  After the installation is complete, you will need to close and reopen any active Windows Command Prompt or PowerShell windows to use the Azure CLI.
 
 > [!div class="nextstepaction"]
-> [Current release of the Azure CLI](https://aka.ms/installazurecliwindows)
-
-### Azure CLI beta version
-
-The beta version of the Azure CLI supports all commands and will stay in sync with the current released version.  For installation instructions, see [Install Azure CLI beta version](install-azure-cli-beta.md). 
+> [Latest release of the Azure CLI](https://aka.ms/installazurecliwindows)
 
 # [Microsoft Installer (MSI) with Command](#tab/azure-powershell)
 

docs-ref-conceptual/msal-based-azure-cli.md

@@ -0,0 +1,36 @@
+---
+title: MSAL-based Azure CLI | Microsoft Docs
+description: Learn about the MSAL-based Azure CLI.
+author: dbradish-microsoft, jiasli
+ms.author: dbradish, jiasli
+manager: barbkess, yonzhan
+ms.date: 10/28/2021
+ms.topic: conceptual
+ms.service: azure-cli
+ms.devlang: azurecli
+ms.custom: devx-track-azurecli, seo-azure-cli
+keywords: msal, msal-based azure cli
+---
+
+# MSAL-based Azure CLI
+
+Starting from Azure CLI 2.30.0, Azure CLI uses [MSAL](https://github.com/AzureAD/microsoft-authentication-library-for-python) as the underlying authentication library, which internally uses AAD v2.0 authentication flow, provides more functionalities and increases security for token cache.
+
+> [!WARNING]
+> BREAKING CHANGES are introduced in Azure CLI 2.30.0. Carefully read below document prior to installation.
+
+## `accessTokens.json` deprecation
+
+Previous versions of Azure CLI save ADAL tokens to `~/.azure/accessToken.json`. Now Azure CLI uses MSAL and no longer generates `accessTokens.json`. Any existing workflow depending on `accessTokens.json` will stop working.
+
+The MSAL token cache and service principal entries will be saved as encrypted files on Windows, and plaintext files on Linux and MacOS for now.
+
+Below are several alternatives you may consider:
+
+### Calling `az account get-access-token`
+
+You can manually call [`az account get-access-token`](account#az_account_get_access_token) in a terminal or use subprocess to call it from another programming language. By default, the returned access token is for Azure Resource Manager (ARM) and the default subscription/tenant shown in `az account show`.
+
+### Using `AzureCliCredential`
+
+`AzureCliCredential` is a credential type in all existing language SDKs. It internally uses subprocess to call `az account get-access-token` to get an access token for the current logged-in account.