Merge pull request #202633 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: huypub

articles/active-directory/devices/howto-vm-sign-in-azure-ad-windows.md

@@ -164,7 +164,7 @@ Now that you've created the VM, you need to configure Azure RBAC policy to deter
 - **Virtual Machine User Login**: Users with this role assigned can log in to an Azure virtual machine with regular user privileges.
 
 > [!NOTE]
-> To allow a user to log in to the VM over RDP, you must assign either the Virtual Machine Administrator Login or Virtual Machine User Login role. An Azure user with the Owner or Contributor roles assigned for a VM do not automatically have privileges to log in to the VM over RDP. This is to provide audited separation between the set of people who control virtual machines versus the set of people who can access virtual machines.
+> To allow a user to log in to the VM over RDP, you must assign either the Virtual Machine Administrator Login or Virtual Machine User Login role to the Resource Group containing the VM and its associated Virtual Network, Network Interface, Public IP Address or Load Balancer resources. An Azure user with the Owner or Contributor roles assigned for a VM do not automatically have privileges to log in to the VM over RDP. This is to provide audited separation between the set of people who control virtual machines versus the set of people who can access virtual machines.
 
 There are multiple ways you can configure role assignments for VM:
 
@@ -178,6 +178,8 @@ There are multiple ways you can configure role assignments for VM:
 
 To configure role assignments for your Azure AD enabled Windows Server 2019 Datacenter VMs:
 
+1. Select the **Resource Group** containing the VM and its associated Virtual Network, Network Interface, Public IP Address or Load Balancer resource.
+
 1. Select **Access control (IAM)**.
 
 1. Select **Add** > **Add role assignment** to open the Add role assignment page.
@@ -197,12 +199,12 @@ The following example uses [az role assignment create](/cli/azure/role/assignmen
 
 ```AzureCLI
 $username=$(az account show --query user.name --output tsv)
-$vm=$(az vm show --resource-group myResourceGroup --name myVM --query id -o tsv)
+$rg=$(az group show --resource-group myResourceGroup --query id -o tsv)
 
 az role assignment create \
     --role "Virtual Machine Administrator Login" \
     --assignee $username \
-    --scope $vm
+    --scope $rg
 ```
 
 > [!NOTE]

articles/azure-arc/kubernetes/tutorial-akv-secrets-provider.md

@@ -244,16 +244,19 @@ You should see output similar to the example below.
 
 Next, specify the Azure Key Vault to use with your connected cluster. If you don't already have one, create a new Key Vault by using the following commands. Keep in mind that the name of your Key Vault must be globally unique.
 
-```azurecli
-az keyvault create -n $AZUREKEYVAULT_NAME -g $AKV_RESOURCE_GROUP -l $AZUREKEYVAULT_LOCATION
 
-Next, set the following environment variables:
+Set the following environment variables:
 
 ```azurecli-interactive
 export AKV_RESOURCE_GROUP=<resource-group-name>
 export AZUREKEYVAULT_NAME=<AKV-name>
 export AZUREKEYVAULT_LOCATION=<AKV-location>
 ```
+Next, run the following command
+
+```azurecli
+az keyvault create -n $AZUREKEYVAULT_NAME -g $AKV_RESOURCE_GROUP -l $AZUREKEYVAULT_LOCATION
+```
 
 Azure Key Vault can store keys, secrets, and certificates. For this example, you can set a plain text secret called `DemoSecret` by using the following command:
 
@@ -293,7 +296,7 @@ Currently, the Secrets Store CSI Driver on Arc-enabled clusters can be accessed
    apiVersion: secrets-store.csi.x-k8s.io/v1
    kind: SecretProviderClass
    metadata:
-   name: akvprovider-demo
+     name: akvprovider-demo
    spec:
      provider: azure
      parameters:
@@ -412,4 +415,4 @@ For more information about resolving common issues, see the open source troubles
 ## Next steps
 
 - Want to try things out? Get started quickly with an [Azure Arc Jumpstart scenario](https://aka.ms/arc-jumpstart-akv-secrets-provider) using Cluster API.
-- Learn more about [Azure Key Vault](../../key-vault/general/overview.md).
+- Learn more about [Azure Key Vault](../../key-vault/general/overview.md).

articles/cognitive-services/language-service/conversational-language-understanding/concepts/data-formats.md

@@ -116,7 +116,7 @@ CLU offers the option to upload your utterance directly to the project rather th
         "intent": "{intent}",
         "entities": [
             {
-                "entityName": "{entity}",
+                "category": "{entity}",
                 "offset": 19,
                 "length": 10
             }
@@ -129,12 +129,12 @@ CLU offers the option to upload your utterance directly to the project rather th
         "intent": "{intent}",
         "entities": [
             {
-                "entityName": "{entity}",
+                "category": "{entity}",
                 "offset": 20,
                 "length": 10
             },
             {
-                "entityName": "{entity}",
+                "category": "{entity}",
                 "offset": 31,
                 "length": 5
             }

articles/cognitive-services/language-service/question-answering/tutorials/active-learning.md

@@ -53,6 +53,9 @@ Once the import of the test file is complete, active learning suggestions can be
 > [!div class="mx-imgBorder"]
 > [ ![Screenshot with review suggestions page displayed.]( ../media/active-learning/review-suggestions.png) ]( ../media/active-learning/review-suggestions.png#lightbox)
 
+> [!NOTE]
+> Active learning suggestions are not real time. There is an approximate delay of 30 minutes before the suggestions can show on this pane. This delay is to ensure that we balance the high cost involved for real time updates to the index and service performance.
+
 We can now either accept these suggestions or reject them using the options on the menu bar to **Accept all suggestions** or **Reject all suggestions**.
 
 Alternatively, to accept or reject individual suggestions, select the checkmark (accept) symbol or trash can (reject) symbol that appears next to individual questions in the **Review suggestions** page.

articles/communication-services/how-tos/calling-sdk/includes/dominant-speaker/dominant-speaker-web.md

@@ -33,7 +33,7 @@ const dominantSpeakersChangedHandler = () => {
     // Get the most up to date list of dominant speakers
     let dominantSpeakers = callDominantSpeakersApi.dominantSpeakers;
 };
-callDominantSpeakersApi.api(Features.CallDominantSpeakers).on('dominantSpeakersChanged', dominantSpeakersChangedHandler);
+callDominantSpeakersApi.on('dominantSpeakersChanged', dominantSpeakersChangedHandler);
 ``` 
 #### Handle the Dominant Speaker's video streams
 

articles/web-application-firewall/ag/application-gateway-waf-configuration.md

@@ -72,7 +72,7 @@ Exclusions can be configured to apply to a specific set of WAF rules, to ruleset
 
 ### Per-rule exclusions
 
-You can configure an exclusion for a specific rule, group of rules, or rule set. You must specify the rule or rules that the exclusion applies to. You also need to specify the request attribute that should be excluded from the WAF evaluation.
+You can configure an exclusion for a specific rule, group of rules, or rule set. You must specify the rule or rules that the exclusion applies to. You also need to specify the request attribute that should be excluded from the WAF evaluation. To exclude a complete group of rules, only provide the `ruleGroupName` parameter, the `rules` parameter is only useful when you want to limit the exclusion to specific rules of a group.
 
 Per-rule exclusions are available when you use the OWASP (CRS) ruleset version 3.2 or later.
 
@@ -168,6 +168,14 @@ resource wafPolicy 'Microsoft.Network/ApplicationGatewayWebApplicationFirewallPo
               ruleGroups: [
                 {
                   ruleGroupName: 'REQUEST-942-APPLICATION-ATTACK-SQLI'
+                  rules: [
+                    {
+                      ruleId: '942150'
+                    }
+                    {
+                      ruleId: '942410'
+                    }
+                  ]
                 }
               ]
             }
@@ -206,7 +214,15 @@ resource wafPolicy 'Microsoft.Network/ApplicationGatewayWebApplicationFirewallPo
               "ruleSetVersion": "3.2",
               "ruleGroups": [
                 {
-                  "ruleGroupName": "REQUEST-942-APPLICATION-ATTACK-SQLI"
+                  "ruleGroupName": "REQUEST-942-APPLICATION-ATTACK-SQLI",
+                  "rules": [
+                    {
+                      "ruleId": "942150"
+                    },
+                    {
+                      "ruleId": "942410"
+                    }
+                  ]
                 }
               ]
             }