Merge pull request #191240 from MicrosoftDocs/main

Merge main to live, 4AM

Author: v-ccolin

.openpublishing.redirection.defender-for-cloud.json

@@ -60,6 +60,11 @@
             "redirect_url": "/azure/defender-for-cloud/os-coverage",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/defender-for-cloud/supported-machines-endpoint-solutions-clouds.md",
+            "redirect_url": "/articles/defender-for-cloud/supported-machines-endpoint-solutions-clouds-containers",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/security-center/security-center-just-in-time.md",
             "redirect_url": "/azure/defender-for-cloud/just-in-time-access-usage",
@@ -632,7 +637,7 @@
         },
         {
             "source_path_from_root": "/articles/security-center/supported-machines-endpoint-solutions-clouds.md",
-            "redirect_url": "/azure/defender-for-cloud/supported-machines-endpoint-solutions-clouds",
+            "redirect_url": "/azure/defender-for-cloud/supported-machines-endpoint-solutions-clouds-containers",
             "redirect_document_id": true
         },
         {

articles/active-directory/authentication/howto-sspr-windows.md

@@ -45,6 +45,7 @@ The following limitations apply to using SSPR from the Windows sign-in screen:
     - *BlockNonAdminUserInstall* is set to enabled or 1
     - *EnableLostMode* is set on the device
     - Explorer.exe is replaced with a custom shell
+    - Interactive logon: Require smart card is set to enabled or 1
 - The combination of the following specific three settings can cause this feature to not work.
     - Interactive logon: Do not require CTRL+ALT+DEL = Disabled
     - *DisableLockScreenAppNotifications* = 1 or Enabled

articles/active-directory/develop/developer-support-help-options.md

@@ -9,9 +9,8 @@ ms.service: active-directory
 ms.subservice: develop
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 10/28/2021
+ms.date: 03/09/2022
 ms.author: marsma
-ms.reviewer: jmprieur, saeeda
 ms.custom: has-adal-ref
 ---
 
@@ -85,3 +84,11 @@ If you need help with one of the Microsoft Authentication Libraries (MSAL), open
 - [Azure Active Directory Identity Blog](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/bg-p/Identity): Get news and information about Azure AD.
 
 - [Tech Community](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/bg-p/Identity/): Share your experiences, engage, and learn from experts.
+
+## Share your product ideas
+
+Have an idea for improving the for the Microsoft identity platform? Browse and vote for ideas submitted by others or submit your own:
+
+https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789
+
+

articles/active-directory/manage-apps/f5-big-ip-sap-erp-easy-button.md

@@ -259,7 +259,7 @@ Selected policies should either have an **Include** or **Exclude** option checke
 ![ Screenshot for CA policies](./media/f5-big-ip-easy-button-ldap/conditional-access-policy.png)
 
 >[!NOTE]
->The policy list is enumerated only once when first switching to this tab. A refresh button is available to manually force the wizard to query your tenant, but this button is displayed only when the application has been deployed.
+>The policy list is enumerated only once when first switching to this tab. A refresh button is available to manually force the wizard to query your tenant, but this button is displayed only when the application has been deployed. 
 
 ### Virtual Server Properties
 

articles/active-directory/manage-apps/media/f5-big-ip-easy-button-sap-erp/user-attributes-claims.png

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.topic: how-to
 ms.subservice: roles
 ms.workload: identity
-ms.date: 01/28/2022
+ms.date: 03/07/2022
 ms.author: rolyon
 ms.reviewer: anandy
 ms.custom: oldportal;it-pro;
@@ -18,7 +18,11 @@ ms.collection: M365-identity-device-management
 
 # Assign Azure AD roles with administrative unit scope
 
-In Azure Active Directory (Azure AD), for more granular administrative control, you can assign an Azure AD role with a scope that's limited to one or more administrative units.
+In Azure Active Directory (Azure AD), for more granular administrative control, you can assign an Azure AD role with a scope that's limited to one or more administrative units. When an Azure AD role is assigned at the scope of an administrative unit, role permissions apply only when managing members of the administrative unit itself, and do not apply to tenant-wide settings or configurations.
+
+For example, an administrator who is assigned the Groups Administrator role at the scope of an administrative unit can manage groups that are members of the administrative unit, but they cannot manage other groups in the tenant. They also cannot manage tenant-level settings related to groups, such as expiration or group naming policies.
+
+This article describes how to assign Azure AD roles with administrative unit scope.
 
 ## Prerequisites
 
@@ -37,17 +41,15 @@ The following Azure AD roles can be assigned with administrative unit scope:
 | Role | Description |
 | -----| ----------- |
 | [Authentication Administrator](permissions-reference.md#authentication-administrator) | Has access to view, set, and reset authentication method information for any non-admin user in the assigned administrative unit only. |
-| [Groups Administrator](permissions-reference.md#groups-administrator) | Can manage all aspects of groups and groups settings, such as naming and expiration policies, in the assigned administrative unit only. |
+| [Groups Administrator](permissions-reference.md#groups-administrator) | Can manage all aspects of groups in the assigned administrative unit only. |
 | [Helpdesk Administrator](permissions-reference.md#helpdesk-administrator) | Can reset passwords for non-administrators in the assigned administrative unit only. |
 | [License Administrator](permissions-reference.md#license-administrator) | Can assign, remove, and update license assignments within the administrative unit only. |
 | [Password Administrator](permissions-reference.md#password-administrator) | Can reset passwords for non-administrators within the assigned administrative unit only. |
-| [SharePoint Administrator](permissions-reference.md#sharepoint-administrator) * | Can manage all aspects of the SharePoint service. |
-| [Teams Administrator](permissions-reference.md#teams-administrator) * | Can manage the Microsoft Teams service. |
+| [SharePoint Administrator](permissions-reference.md#sharepoint-administrator) | Can manage Microsoft 365 groups in the assigned administrative unit only. For SharePoint sites associated with Microsoft 365 groups in an administrative unit, can also update site properties (site name, URL, and external sharing policy) using the Microsoft 365 admin center. Cannot use the SharePoint admin center or SharePoint APIs to manage sites. |
+| [Teams Administrator](permissions-reference.md#teams-administrator) | Can manage Microsoft 365 groups in the assigned administrative unit only.  Can manage team members in the Microsoft 365 admin center for teams associated with groups in the assigned administrative unit only.  Cannot use the Teams admin center. |
 | [Teams Devices Administrator](permissions-reference.md#teams-devices-administrator) | Can perform management related tasks on Teams certified devices. |
 | [User Administrator](permissions-reference.md#user-administrator) | Can manage all aspects of users and groups, including resetting passwords for limited admins within the assigned administrative unit only. |
 
-(*) The SharePoint Administrator and Teams Administrator roles can only be used for managing properties in the Microsoft 365 admin center. Teams admin center and SharePoint admin center currently do not support administrative unit-scoped administration.
-
 Certain role permissions apply only to non-administrator users when assigned with the scope of an administrative unit. In other words, administrative unit scoped [Helpdesk Administrators](permissions-reference.md#helpdesk-administrator) can reset passwords for users in the administrative unit only if those users do not have administrator roles. The following list of permissions are restricted when the target of an action is another administrator:
 
 -	Read and modify user authentication methods, or reset user passwords

articles/active-directory/roles/admin-units-assign-roles.md

@@ -162,7 +162,7 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 
 ### Create Sonarqube test user
 
-In this section, you create a user called B.Simon in Sonarqube. Work with [Sonarqube Client support team](https://www.sonarsource.com/support/) to add the users in the Sonarqube platform. Users must be created and activated before you use single sign-on. 
+In this section, you create a user called B.Simon in Sonarqube. Work with [Sonarqube Client support team](https://sonarsource.com/company/contact/) to add the users in the Sonarqube platform. Users must be created and activated before you use single sign-on. 
 
 ## Test SSO 
 

articles/active-directory/saas-apps/sonarqube-tutorial.md

@@ -342,6 +342,9 @@ In your Python code, you use these settings as environment variables with statem
 
 Having issues? Refer first to the [Troubleshooting guide](configure-language-python.md#troubleshooting), otherwise, [let us know](https://aka.ms/DjangoCLITutorialHelp).
 
+> [!NOTE]
+> If you want to try an alternative approach to connect your app to the Postgres database in Azure, see the [Service Connector version](../service-connector/tutorial-django-webapp-postgres-cli.md) of this tutorial. Service Connector is a new Azure service that is currently in public preview. [Section 4.2](../service-connector/tutorial-django-webapp-postgres-cli.md#42-configure-environment-variables-to-connect-the-database) of that tutorial introduces a simplified process for creating the connection.
+
 ### 4.3 Run Django database migrations
 
 Django database migrations ensure that the schema in the PostgreSQL on Azure database matches with those described in your code.
@@ -587,4 +590,4 @@ Learn how to map a custom DNS name to your app:
 Learn how App Service runs a Python app:
 
 > [!div class="nextstepaction"]
-> [Configure Python app](configure-language-python.md)
+> [Configure Python app](configure-language-python.md)

articles/app-service/tutorial-python-postgresql-app.md

@@ -124,6 +124,8 @@
       href: concept-feature-management.md
     - name: Event handling
       href: concept-app-configuration-event.md
+    - name: Soft delete
+      href: concept-soft-delete.md
     - name: Security
       items:
         - name: Encrypt using customer-managed keys
@@ -162,6 +164,8 @@
       href: howto-convert-to-the-new-spring-boot.md
     - name: Move a resource between Azure regions 
       href: howto-move-resource-between-regions.md
+    - name: Recover App Configuration stores (Preview)
+      href: howto-recover-deleted-stores-in-azure-app-configuration.md
 - name: Reference
   items:
     - name: Client libraries

articles/azure-app-configuration/TOC.yml

@@ -0,0 +1,56 @@
+---
+title: Soft Delete in Azure App Configuration
+description: Soft Delete in Azure App Configuration 
+author: muksvso
+ms.author: mubatra
+ms.service: azure-app-configuration
+ms.custom: devx-track-dotnet
+ms.topic: conceptual
+ms.date: 03/01/2022
+---
+
+# Soft delete
+
+Azure App Configuration's Soft delete feature allows recovery of your data such as key-values, feature flags, and revision history of a deleted store. It's automatically enabled for all stores in the standard tier. In this article, learn more about the soft delete feature and its functionality.
+
+Learn how to [recover Azure App Configuration stores](./howto-recover-deleted-stores-in-azure-app-configuration.md) using the soft delete feature.
+
+> [!NOTE]
+> When an App Configuration store is soft-deleted, services that are integrated with the store will be deleted. For example Azure RBAC roles assignments, managed identity, Event Grid subscriptions, and private endpoints. Recovering a soft-deleted App Configuration store will not restore these services. They will need to be recreated.
+
+## Scenarios
+
+The soft delete feature addresses the recovery of the deleted stores, whether the deletion was accidental or intentional. The soft delete feature will act as a safeguard in the following scenarios:
+
+* **Recovery of a deleted App Configuration store**: A deleted app configuration store could be recovered in the retention time period.
+
+* **Permanent deletion of App Configuration store**: This feature helps you to permanently delete an app configuration store.
+
+## Recover
+Recover is the operation to get the stores in a soft deleted state back to an active state where one can request the store for configuration and feature management.
+
+## Retention period
+A variable to specify the time period, in days, for which a soft deleted store will be retained. This value can only be set at the creation of store and once set, it can't be changed. Once the retention period elapses, the store will be permanently deleted automatically.
+
+## Purge
+Purge is the operation to permanently delete the stores in a soft deleted state, provided the store doesn't have purge-protection enabled. To recreate the App Configuration store with the same name as a deleted store, you need to purge the store first if it's not already past the retention period.
+
+## Purge protection
+With Purge protection enabled, soft deleted stores can't be purged in the retention period. If disabled, the soft deleted store can be purged before the retention period expires. Once purge protection is enabled on a store, it can't be disabled.
+
+## Permissions to recover or purge store
+
+A user has to have below permissions to recover or purge a soft-deleted app configuration store. The built-in Contributor and Owner roles already have the required permissions to recover and purge.
+
+- Permission to recover - `Microsoft.AppConfiguration/configurationStores/write`
+
+- Permission to purge - `Microsoft.AppConfiguration/configurationStores/action`
+
+## Billing implications
+
+There won't be any charges for the soft deleted stores. Once you recover a soft deleted store, the usual charges will start applying. Soft delete isn't available with free tier.
+
+## Next steps
+
+> [!div class="nextstepaction"]
+> [Recover Azure App Configuration stores](./howto-recover-deleted-stores-in-azure-app-configuration.md)