Add doc for MSAL-based Azure CLI

docs-ref-conceptual/TOC.yml

@@ -27,6 +27,9 @@
     displayName: core, extension, status, GA, public preview, experimental
   - name: Release notes
     href: release-notes-azure-cli.md?toc=%2fcli%2fazure%2ftoc.json&bc=%2fcli%2fazure%2fbreadcrumb%2ftoc.json
+  - name: MSAL-based Azure CLI
+    href: msal-based-azure-cli.md
+    displayName: msal, authentication, encryption
   - name: CLI Versioning
     href: cli-versioning-identifiers.md
     displayName: version, classic, 2.0, 1.0, xplat
@@ -44,9 +47,6 @@
     - name: Install - Linux
       href: install-azure-cli-linux.md
       displayName: install, script, unix, bsd, linux, lfs, wsl, slackware, ubuntu, debian, mint, opensuse, suse, sles, leap, tumbleweed, rhel, redhat, red hat, fedora
-    - name: Install - beta
-      href: install-azure-cli-beta.md
-      displayName: install, beta
   - name: Update
     href: update-azure-cli.md
     displayName: update, upgrade

docs-ref-conceptual/install-azure-cli-windows.md

@@ -33,14 +33,10 @@ When the installer asks if it can make changes to your computer, click the "Yes"
 
 ### Azure CLI current version
 
-Download and install the current release of the Azure CLI.  After the installation is complete, you will need to close and reopen any active Windows Command Prompt or PowerShell windows to use the Azure CLI.
+Download and install the latest release of the Azure CLI.  After the installation is complete, you will need to close and reopen any active Windows Command Prompt or PowerShell windows to use the Azure CLI.
 
 > [!div class="nextstepaction"]
-> [Current release of the Azure CLI](https://aka.ms/installazurecliwindows)
-
-### Azure CLI beta version
-
-The beta version of the Azure CLI supports all commands and will stay in sync with the current released version.  For installation instructions, see [Install Azure CLI beta version](install-azure-cli-beta.md). 
+> [Latest release of the Azure CLI](https://aka.ms/installazurecliwindows)
 
 # [Microsoft Installer (MSI) with Command](#tab/azure-powershell)
 

docs-ref-conceptual/install-azure-cli.md

@@ -27,7 +27,6 @@ The Azure CLI is available to install in Windows, macOS and Linux environments.
   * [Install with dnf on RHEL, Fedora, or CentOS](/cli/azure/install-azure-cli-linux?pivots=yum)
   * [Install with zypper on openSUSE or SLE](/cli/azure/install-azure-cli-linux?pivots=zypper)
   * [Install from script](install-azure-cli-linux.md)
-* [Install beta version (all environments)](install-azure-cli-beta.md)
 * [Run in Docker container](run-azure-cli-docker.md)
 * [Run in Azure Cloud Shell](/azure/cloud-shell/quickstart)
 

docs-ref-conceptual/msal-based-azure-cli.md

@@ -0,0 +1,36 @@
+---
+title: MSAL-based Azure CLI | Microsoft Docs
+description: Learn about the MSAL-based Azure CLI.
+author: dbradish-microsoft
+ms.author: dbradish
+manager: barbkess
+ms.date: 10/28/2021
+ms.topic: conceptual
+ms.service: azure-cli
+ms.devlang: azurecli
+ms.custom: devx-track-azurecli, seo-azure-cli
+keywords: msal, msal-based azure cli
+---
+
+# MSAL-based Azure CLI
+
+Starting from Azure CLI 2.30.0, Azure CLI uses [MSAL](https://github.com/AzureAD/microsoft-authentication-library-for-python) as the underlying authentication library, which internally uses AAD v2.0 authentication flow, provides more functionalities and increases security for token cache.
+
+> [!WARNING]
+> BREAKING CHANGES are introduced in Azure CLI 2.30.0. Carefully read below document prior to installation.
+
+## `accessTokens.json` deprecation
+
+Previous versions of Azure CLI save ADAL tokens to `~/.azure/accessToken.json`. Now Azure CLI uses MSAL and no longer generates `accessTokens.json`. Any existing workflow depending on `accessTokens.json` will stop working.
+
+The MSAL token cache and service principal entries will be saved as encrypted files on Windows, and plaintext files on Linux and MacOS for now.
+
+Below are several alternatives you may consider:
+
+### Calling `az account get-access-token`
+
+You can manually call [`az account get-access-token`](/cli/azure/account#az_account_get_access_token) in a terminal or use subprocess to call it from another programming language. By default, the returned access token is for Azure Resource Manager (ARM) and the default subscription/tenant shown in `az account show`.
+
+### Using `AzureCliCredential`
+
+`AzureCliCredential` is a credential type in all existing language SDKs. It internally uses subprocess to call `az account get-access-token` to get an access token for the current logged-in account.

docs-ref-conceptual/release-notes-azure-cli.md

@@ -14,8 +14,6 @@ keywords: azure cli updates, azure cli notes, azure cli versions
 
 # Azure CLI release notes
 
-# [Current release notes](#tab/azure-cli)
-
 ## October 21, 2021
 
 Version 2.29.1
@@ -1993,7 +1991,7 @@ Version 2.14.0
 
 * Add List-SKUS Command, Table Transformers, Local Context for Postgres, MySQL, Mariadb Single Server
 * [BREAKING CHANGE] Parameter name updates. Improvements to Management Plane for MySQL and PostgreSQL
-* `az postgres|mariadb|mysql server create` : Update create experience for Postgres, MySQL and MariaDB - new fields in the output , Introduce new values for `--public` parameter in create command (all,<IP>,<IPRange>,0.0.0.0)
+* `az postgres|mariadb|mysql server create` : Update create experience for Postgres, MySQL and MariaDB - new fields in the output , Introduce new values for `--public` parameter in create command (all,\<IP\>,\<IPRange\>,0.0.0.0)
 
 ### SignalR
 
@@ -8363,31 +8361,3 @@ You can report issues with nightly preview builds in the following ways:
 - Report issues in our [github issues list](https://github.com/azure/azure-cli/issues/)
 - Contact the product team at [azfeedback@microsoft.com](mailto:azfeedback@microsoft.com)
 - Provide feedback from the command line with the `az feedback` command
-
-# [Beta release notes](#tab/azure-cli-beta)
-
-## February 8, 2021
-
-> [!NOTE]
->
->  BREAKING CHANGES are introduced in this release.  Carefully read all release notes prior to installation.
->
-> The beta version does not guarantee product level quality so it should not be used in your production environment.
-
-* Azure CLI beta internally replaces [ADAL](https://github.com/AzureAD/azure-activedirectory-library-for-python) with [Azure Identity](https://github.com/Azure/azure-sdk-for-python/tree/master/sdk/identity/azure-identity) and [MSAL](https://github.com/AzureAD/microsoft-authentication-library-for-python). Existing ADAL token cache (`~/.azure/accessToken.json`) will be migrated to MSAL encrypted token cache automatically when any command requiring a credential is executed.
-
-* There are several changes to `az login`.  (Run `az login --help` for more details.)
-  * [BREAKING CHANGE] `~/.azure/accessToken.json` will no longer be created after a successful login. To get an access token, use [`az account get-access-token`](/cli/azure/account#az_account_get_access_token) instead.
-  * [BREAKING CHANGE] `--use-cert-sn-issuer` argument is not supported.
-  * After logging in with a managed identity, all `clientId`, `objectId` and `resourceId` will be shown.
-  * Fix #13188: `az login` with managed identity indicating system assigned when the identity is user assigned.
-
-* [BREAKING CHANGE] Skip SSL verification via environment `ADAL_PYTHON_SSL_NO_VERIFY` has been removed. See [work behind a proxy](/cli/azure/use-cli-effectively#work-behind-a-proxy) for trusting a self-signed root certificate.
-
-The beta version of the Azure CLI supports all commands and will stay in sync with the current released version.  
-
-For installation instructions, see [Install Azure CLI beta version](install-azure-cli-beta.md). 
-
-If you find issues in the beta release, the Azure CLI engineering team welcomes your comments on [GitHub](https://github.com/Azure/azure-cli/issues/new/choose).
-
----