Merge pull request #256606 from MicrosoftDocs/repo_sync_working_branch

Taojunshen · web-flow · commit 0448b9c501ee · 2023-10-31T00:52:51.000+08:00
Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)
diff --git a/articles/azure-monitor/app/azure-ad-authentication.md b/articles/azure-monitor/app/azure-ad-authentication.md
@@ -11,35 +11,33 @@ ms.reviewer: rijolly
 
 Application Insights now supports [Microsoft Entra authentication](../../active-directory/authentication/overview-authentication.md). By using Microsoft Entra ID, you can ensure that only authenticated telemetry is ingested in your Application Insights resources.
 
-Using various authentication systems can be cumbersome and risky because it's difficult to manage credentials at scale. You can now choose to [opt out of local authentication](#disable-local-authentication) to ensure only telemetry exclusively authenticated by using [managed identities](../../active-directory/managed-identities-azure-resources/overview.md) and [Microsoft Entra ID](../../active-directory/fundamentals/active-directory-whatis.md) is ingested in your resource. This feature is a step to enhance the security and reliability of the telemetry used to make critical operational ([alerting](../alerts/alerts-overview.md#what-are-azure-monitor-alerts)and [autoscale](../autoscale/autoscale-overview.md#overview-of-autoscale-in-azure)) and business decisions.
+Using various authentication systems can be cumbersome and risky because it's difficult to manage credentials at scale. You can now choose to [opt out of local authentication](#disable-local-authentication) to ensure only telemetry exclusively authenticated by using [managed identities](../../active-directory/managed-identities-azure-resources/overview.md) and [Microsoft Entra ID](../../active-directory/fundamentals/active-directory-whatis.md) is ingested in your resource. This feature is a step to enhance the security and reliability of the telemetry used to make critical operational ([alerting](../alerts/alerts-overview.md#what-are-azure-monitor-alerts) and [autoscaling](../autoscale/autoscale-overview.md#overview-of-autoscale-in-azure)) and business decisions.
 
 > [!NOTE]
-> Note
-> This document covers data ingestion into Application Insights using Microsoft Entra ID. authentication. For information on querying data within Application Insights, see [Query Application Insights using Microsoft Entra authentication](./app-insights-azure-ad-api.md).
+> This document covers data ingestion into Application Insights using Microsoft Entra ID-based authentication. For information on querying data within Application Insights, see [Query Application Insights using Microsoft Entra authentication](./app-insights-azure-ad-api.md).
 
 ## Prerequisites
-> 
 
-The following prerequisites enable Microsoft Entra authenticated ingestion. You need to:
+The following preliminary steps are required to enable Microsoft Entra authenticated ingestion. You need to:
 
 - Be in the public cloud.
-- Have familiarity with:
-    - [Managed identity](../../active-directory/managed-identities-azure-resources/overview.md).
-    - [Service principal](../../active-directory/develop/howto-create-service-principal-portal.md).
-    - [Assigning Azure roles](../../role-based-access-control/role-assignments-portal.md).
+- Be familiar with:
+  - [Managed identity](../../active-directory/managed-identities-azure-resources/overview.md).
+  - [Service principal](../../active-directory/develop/howto-create-service-principal-portal.md).
+  - [Assigning Azure roles](../../role-based-access-control/role-assignments-portal.md).
 - Have an Owner role to the resource group to grant access by using [Azure built-in roles](../../role-based-access-control/built-in-roles.md).
 - Understand the [unsupported scenarios](#unsupported-scenarios).
 
 ## Unsupported scenarios
 
 The following SDKs and features are unsupported for use with Microsoft Entra authenticated ingestion:
 
-- [Application Insights Java 2.x SDK](deprecated-java-2x.md#monitor-dependencies-caught-exceptions-and-method-execution-times-in-java-web-apps).<br>
+- [Application Insights Java 2.x SDK](deprecated-java-2x.md#monitor-dependencies-caught-exceptions-and-method-execution-times-in-java-web-apps).<br />
  Microsoft Entra authentication is only available for Application Insights Java Agent greater than or equal to 3.2.0.
 - [ApplicationInsights JavaScript web SDK](javascript.md).
 - [Application Insights OpenCensus Python SDK](/previous-versions/azure/azure-monitor/app/opencensus-python) with Python version 3.4 and 3.5.
 - [Certificate/secret-based Microsoft Entra ID](../../active-directory/authentication/active-directory-certificate-based-authentication-get-started.md) isn't recommended for production. Use managed identities instead.
-- On-by-default codeless monitoring (for languages) for Azure App Service, Azure Virtual Machines/Azure Virtual Machine Scale Sets, and Azure Functions.
+- On-by-default [autoinstrumentation/codeless monitoring](codeless-overview.md) (for languages) for Azure App Service, Azure Virtual Machines/Azure Virtual Machine Scale Sets, and Azure Functions.
 - [Availability tests](availability-overview.md).
 - [Profiler](profiler-overview.md).
 
@@ -75,10 +73,10 @@ Application Insights .NET SDK supports the credential classes provided by [Azure
 
 - We recommend `DefaultAzureCredential` for local development.
 - We recommend `ManagedIdentityCredential` for system-assigned and user-assigned managed identities.
-    - For system-assigned, use the default constructor without parameters.
-    - For user-assigned, provide the client ID to the constructor.
+  - For system-assigned, use the default constructor without parameters.
+  - For user-assigned, provide the client ID to the constructor.
 - We recommend `ClientSecretCredential` for service principals.
-    - Provide the tenant ID, client ID, and client secret to the constructor.
+  - Provide the tenant ID, client ID, and client secret to the constructor.
 
 The following example shows how to manually create and configure `TelemetryConfiguration` by using .NET:
 
@@ -150,7 +148,7 @@ appInsights.defaultClient.config.aadTokenCredential = credential;
 1. Add the JSON configuration to the *ApplicationInsights.json* configuration file depending on the authentication you're using. We recommend using managed identities.
 
 > [!NOTE]
->  For more information about migrating from the 2.X SDK to the 3.X Java agent, see [Upgrading from Application Insights Java 2.x SDK](java-standalone-upgrade-from-2x.md).
+> For more information about migrating from the `2.X` SDK to the `3.X` Java agent, see [Upgrading from Application Insights Java 2.x SDK](java-standalone-upgrade-from-2x.md).
 
 #### System-assigned managed identity
 
@@ -180,6 +178,7 @@ The following example shows how to configure the Java agent to use user-assigned
   } 
 } 
 ```
+
 :::image type="content" source="media/azure-ad-authentication/user-assigned-managed-identity.png" alt-text="Screenshot that shows user-assigned managed identity." lightbox="media/azure-ad-authentication/user-assigned-managed-identity.png":::
 
 #### Client secret
@@ -198,6 +197,7 @@ The following example shows how to configure the Java agent to use a service pri
   } 
 } 
 ```
+
 :::image type="content" source="media/azure-ad-authentication/client-secret-tenant-id.png" alt-text="Screenshot that shows the client secret with the tenant ID and the client ID." lightbox="media/azure-ad-authentication/client-secret-tenant-id.png":::
 
 :::image type="content" source="media/azure-ad-authentication/client-secret-cs.png" alt-text="Screenshot that shows the Client secrets section with the client secret." lightbox="media/azure-ad-authentication/client-secret-cs.png":::
@@ -206,17 +206,17 @@ The following example shows how to configure the Java agent to use a service pri
 
 The `APPLICATIONINSIGHTS_AUTHENTICATION_STRING` environment variable lets Application Insights authenticate to Microsoft Entra ID and send telemetry.
 
-   - For system-assigned identity:
+- For system-assigned identity:
 
-       | App setting    | Value    |
-       | -------------- |--------- |
-       | APPLICATIONINSIGHTS_AUTHENTICATION_STRING         | `Authorization=AAD`    |
+| App setting    | Value    |
+| -------------- |--------- |
+| APPLICATIONINSIGHTS_AUTHENTICATION_STRING         | `Authorization=AAD`    |
 
-   - For user-assigned identity:
+- For user-assigned identity:
 
-       | App setting   | Value    |
-       | ------------- | -------- |
-       | APPLICATIONINSIGHTS_AUTHENTICATION_STRING         | `Authorization=AAD;ClientId={Client id of the User-Assigned Identity}`    |
+| App setting   | Value    |
+| ------------- | -------- |
+| APPLICATIONINSIGHTS_AUTHENTICATION_STRING         | `Authorization=AAD;ClientId={Client id of the User-Assigned Identity}`    |
 
 Set the `APPLICATIONINSIGHTS_AUTHENTICATION_STRING` environment variable using this string.
 
@@ -242,7 +242,7 @@ is included starting with beta version [opencensus-ext-azure 1.1b0](https://pypi
 
 Construct the appropriate [credentials](/python/api/overview/azure/identity-readme#credentials) and pass them into the constructor of the Azure Monitor exporter. Make sure your connection string is set up with the instrumentation key and ingestion endpoint of your resource.
 
-The `OpenCensus`` Azure Monitor exporters support these authentication types. We recommend using managed identities in production environments.
+The `OpenCensus` Azure Monitor exporters support these authentication types. We recommend using managed identities in production environments.
 
 #### System-assigned managed identity
 
@@ -300,6 +300,7 @@ tracer = Tracer(
 )
 ...
 ```
+
 ---
 
 ## Disable local authentication
@@ -444,7 +445,7 @@ When developing a custom client to obtain an access token from Microsoft Entra I
 
 If you're using sovereign clouds, you can find the audience information in the connection string as well. The connection string follows this structure:
 
-_InstrumentationKey={profile.InstrumentationKey};IngestionEndpoint={ingestionEndpoint};LiveEndpoint={liveDiagnosticsEndpoint};AADAudience={aadAudience}_
+*InstrumentationKey={profile.InstrumentationKey};IngestionEndpoint={ingestionEndpoint};LiveEndpoint={liveDiagnosticsEndpoint};AADAudience={aadAudience}*
 
 The audience parameter, AADAudience, may vary depending on your specific environment.
 
@@ -486,7 +487,7 @@ Next, you should review the Application Insights resource's access control. The
 The Application Insights .NET SDK emits error logs by using the event source. To learn more about collecting event source logs, see [Troubleshooting no data - collect logs with PerfView](asp-net-troubleshoot-no-data.md#PerfView).
 
 If the SDK fails to get a token, the exception message is logged as
-`Failed to get AAD Token. Error message: `.
+`Failed to get AAD Token. Error message:`.
 
 ### [Node.js](#tab/nodejs)
 
@@ -531,6 +532,7 @@ If the following WARN message is seen in the log file `WARN c.m.a.TelemetryChann
 If you're using Fiddler, you might see the response header `HTTP/1.1 403 Forbidden - provided credentials do not grant the access to ingest the telemetry into the component`.
 
 The root cause might be one of the following reasons:
+
 - You've created the resource with a system-assigned managed identity or associated a user-assigned identity with it. However, you might have forgotten to add the Monitoring Metrics Publisher role to the resource (if using SAMI) or the user-assigned identity (if using UAMI).
 - You've provided the right credentials to get the access tokens, but the credentials don't belong to the right Application Insights resource. Make sure you see your resource (VM or app service) or user-assigned identity with Monitoring Metrics Publisher roles in your Application Insights resource.
 
@@ -567,8 +569,9 @@ You're probably missing a credential or your credential is set to `None`, but yo
 This error usually occurs when the provided credentials don't grant access to ingest telemetry for the Application Insights resource. Make sure your Application Insights resource has the correct role assignments.
 
 ---
+
 ## Next steps
 
-* [Monitor your telemetry in the portal](overview-dashboard.md)
-* [Diagnose with Live Metrics Stream](live-stream.md)
-* [Query Application Insights using Microsoft Entra authentication](./app-insights-azure-ad-api.md)
+- [Monitor your telemetry in the portal](overview-dashboard.md)
+- [Diagnose with Live Metrics Stream](live-stream.md)
+- [Query Application Insights using Microsoft Entra authentication](./app-insights-azure-ad-api.md)
diff --git a/articles/azure-monitor/app/opentelemetry-configuration.md b/articles/azure-monitor/app/opentelemetry-configuration.md
@@ -762,7 +762,7 @@ For more information about Java, see the [Java supplemental documentation](java-
     ```sh
         npm install @opentelemetry/api
         npm install @opentelemetry/exporter-trace-otlp-http
-        npm install @opentelemetry/@opentelemetry/sdk-trace-base
+        npm install @opentelemetry/sdk-trace-base
         npm install @opentelemetry/sdk-trace-node
     ```
 
diff --git a/articles/azure-monitor/logs/api/cross-workspace-queries.md b/articles/azure-monitor/logs/api/cross-workspace-queries.md
@@ -21,6 +21,9 @@ For either implicit or explicit cross-workspace queries, you need to specify the
  - Workspace ID - GUID string
  - Azure Resource ID - string with format /subscriptions/\<subscriptionId\>/resourceGroups/\<resourceGroup\>/providers/  microsoft.operationalinsights/workspaces/\<workspaceName\>
 
+> [!NOTE]
+> We strongly recommend identifying a workspace by its unique Workspace ID or Azure Resource ID because they remove ambiguity and are more performant.
+
 ## Implicit cross workspace queries
 
 For implicit syntax, specify the workspaces that you want to include in your query scope. The API performs a single query over each application provided in your list. The syntax for a cross-workspace POST is:
diff --git a/articles/cosmos-db/emulator.md b/articles/cosmos-db/emulator.md
@@ -56,4 +56,4 @@ In some cases, you may wish to manually import the TLS/SS certificate from the e
 ## Next step
 
 > [!div class="nextstepaction"]
-> [Get started using the Azure Comsos DB emulator for development](how-to-develop-emulator.md)
+> [Get started using the Azure Cosmos DB emulator for development](how-to-develop-emulator.md)
diff --git a/articles/iot-edge/configure-device.md b/articles/iot-edge/configure-device.md
@@ -345,9 +345,9 @@ username = "username"
 password = "password"
 
 [agent.env]
-"RuntimeLogLevel" = "debug"
-"UpstreamProtocol" = "AmqpWs"
-"storageFolder" = "/iotedge/storage"
+RuntimeLogLevel = "debug"
+UpstreamProtocol = "AmqpWs"
+storageFolder = "/iotedge/storage"
 ```
 
 ## Daemon management and workload API endpoints
diff --git a/articles/mysql/flexible-server/concepts-data-out-replication.md b/articles/mysql/flexible-server/concepts-data-out-replication.md
@@ -14,7 +14,7 @@ ms.topic: conceptual
 
 [!INCLUDE[applies-to-mysql-flexible-server](../includes/applies-to-mysql-flexible-server.md)]
 
-Data-out replication allows you to synchronize data out of a Azure Database for MySQL flexible server to another MySQL server using MySQL native replication. The MySQL server (replica) can be on-premises, in virtual machines, or a database service hosted by other cloud providers. While [Data-in replication](concepts-data-in-replication.md) helps to move data into an Azure Database for MySQL flexible server (replica), Data-out replication would allow you to transfer data out of an Azure Database for MySQL flexible server (Primary). With Data-out replication, the binary log (binlog) is made community consumable allowing the an Azure Database for MySQL flexible server to act as a Primary server for the external replicas. To learn more about binlog replication, see the [MySQL binlog replication overview](https://dev.mysql.com/doc/refman/5.7/en/binlog-replication-configuration-overview.html).
+Data-out replication allows you to synchronize data out of an Azure Database for MySQL flexible server to another MySQL server using MySQL native replication. The MySQL server (replica) can be on-premises, in virtual machines, or a database service hosted by other cloud providers. While [Data-in replication](concepts-data-in-replication.md) helps to move data into an Azure Database for MySQL flexible server (replica), Data-out replication would allow you to transfer data out of an Azure Database for MySQL flexible server (Primary). With Data-out replication, the binary log (binlog) is made community consumable allowing the an Azure Database for MySQL flexible server to act as a Primary server for the external replicas. To learn more about binlog replication, see the [MySQL binlog replication overview](https://dev.mysql.com/doc/refman/5.7/en/binlog-replication-configuration-overview.html).
 
 > [!NOTE]  
 > Data-out replication is not supported on Azure Database for MySQL - Flexible Server, which has Azure authentication configured.
diff --git a/articles/mysql/flexible-server/sample-scripts-azure-cli.md b/articles/mysql/flexible-server/sample-scripts-azure-cli.md
@@ -19,7 +19,7 @@ The following table includes links to sample Azure CLI scripts for Azure Databas
 | Sample link | Description  |
 |---|---|
 |**Create and connect to a server**||
-| [Create a server and enable public access connectivity](scripts/sample-cli-create-connect-public-access.md) | Creates a Azure Database for MySQL - Flexible Server, configures a server-level firewall rule (public access connectivity method) and connects to the server. |
+| [Create a server and enable public access connectivity](scripts/sample-cli-create-connect-public-access.md) | Creates an Azure Database for MySQL - Flexible Server, configures a server-level firewall rule (public access connectivity method) and connects to the server. |
 | [Create a server and enable private access connectivity (VNet Integration)](scripts/sample-cli-create-connect-private-access.md) | Creates an Azure Database for MySQL - Flexible Server in a VNet (private access connectivity method) and connects to the server through a VM within the VNet. |
 |**Monitor and scale**||
 | [Monitor metrics and scale a server](scripts/sample-cli-monitor-and-scale.md) | Monitors and scales a single Azure Database for MySQL - Flexible server up or down to allow for changing performance needs. |
diff --git a/articles/mysql/single-server/how-to-configure-private-link-cli.md b/articles/mysql/single-server/how-to-configure-private-link-cli.md
@@ -72,7 +72,7 @@ az vm create \
 
 ## Create an Azure Database for MySQL server
 
-Create a Azure Database for MySQL with the az mysql server create command. Remember that the name of your MySQL Server must be unique across Azure, so replace the placeholder value in brackets with your own unique value:
+Create an Azure Database for MySQL with the az mysql server create command. Remember that the name of your MySQL Server must be unique across Azure, so replace the placeholder value in brackets with your own unique value:
 
 ```azurecli-interactive
 # Create a server in the resource group 
