Merge pull request #262133 from MicrosoftDocs/main

1/2/2023 AM Publish

Author: Taojunshen

articles/azure-cache-for-redis/cache-how-to-import-export-data.md

@@ -131,6 +131,7 @@ This section contains frequently asked questions about the Import/Export feature
 - [I got an error when exporting my data to Azure Blob Storage. What happened?](#i-got-an-error-when-exporting-my-data-to-azure-blob-storage-what-happened)
 - [How to export if I have firewall enabled on my storage account?](#how-to-export-if-i-have-firewall-enabled-on-my-storage-account)
 - [Can I import or export data from a storage account in a different subscription than my cache?](#can-i-import-or-export-data-from-a-storage-account-in-a-different-subscription-than-my-cache)
+- [Which permissions need to be granted to the storage account container shared access signature (SAS) token to allow export?](#which-permissions-need-to-be-granted-to-the-storage-account-container-shared-access-signature-sas-token-to-allow-export)
 
 ### Which tiers support Import/Export?
 
@@ -222,6 +223,16 @@ More information here - [Managed identity for storage accounts - Azure Cache for
 
 In the _Premium_ tier, you can import and export data from a storage account in a different subscription than your cache, but you must use [managed identity](cache-managed-identity.md) as the authentication method. You will need to select the chosen subscription holding the storage account when configuring the import or export.
 
+### Which permissions need to be granted to the storage account container shared access signature (SAS) token to allow export?
+In order for export to an Azure storage account to work sucessfully, the [shared access signature (SAS) token](../storage/common/storage-sas-overview.md) must have the following permissions:
+- `read`
+- `add`
+- `create`
+- `write`
+- `delete`
+- `tag`
+- `move`
+
 ## Next steps
 
 Learn more about Azure Cache for Redis features.

articles/azure-functions/storage-considerations.md

@@ -182,7 +182,7 @@ You can mount existing Azure Files shares to your Linux function apps. By mounti
 
 In this command, `share-name` is the name of the existing Azure Files share, and `custom-id` can be any string that uniquely defines the share when mounted to the function app. Also, `mount-path` is the path from which the share is accessed in your function app. `mount-path` must be in the format `/dir-name`, and it can't start with `/home`.
 
-For a complete example, see the scripts in [Create a Python function app and mount a Azure Files share](scripts/functions-cli-mount-files-storage-linux.md). 
+For a complete example, see the scripts in [Create a Python function app and mount an Azure Files share](scripts/functions-cli-mount-files-storage-linux.md). 
 
 # [Azure PowerShell](#tab/azure-powershell)
 

articles/azure-monitor/app/worker-service.md

@@ -33,7 +33,7 @@ You must have a valid Application Insights connection string. This string is req
 
     ```xml
         <ItemGroup>
-            <PackageReference Include="Microsoft.ApplicationInsights.WorkerService" Version="2.13.1" />
+            <PackageReference Include="Microsoft.ApplicationInsights.WorkerService" Version="2.22.0" />
         </ItemGroup>
     ```
 

articles/azure-resource-manager/bicep/deployment-script-bicep.md

@@ -1,33 +1,32 @@
 ---
-title: Access private virtual network | Microsoft Docs
-description: Access private virtual network from Bicep deployment script.
+title: Access a private virtual network from a Bicep deployment script
+description: Learn how to run and test Bicep deployment scripts in private networks.
 ms.custom: devx-track-bicep
 ms.topic: conceptual
 ms.date: 12/13/2023
 ---
 
-# Access private virtual network
+# Access a private virtual network from a Bicep deployment script
 
-With Microsoft.Resources/deploymentScripts version `2023-08-01`, you can run deployment scripts in private networks with some additional configurations.
+With `Microsoft.Resources/deploymentScripts` version `2023-08-01`, you can run deployment scripts in private networks with some additional configurations:
 
 - Create a user-assigned managed identity, and specify it in the `identity` property. To assign the identity, see [Identity](./deployment-script-develop.md#identity).
-- Create a storage account in the private network, and specify the deployment script to use the existing storage account. To specify an existing storage account, see [Use existing storage account](./deployment-script-develop.md#use-existing-storage-account). Some additional configuration is required for the storage account.
+- Create a storage account in the private network, and specify the deployment script to use the existing storage account. For more information, see [Use an existing storage account](./deployment-script-develop.md#use-an-existing-storage-account). Some additional configuration is required for the storage account:
 
     1. Open the storage account in the [Azure portal](https://portal.azure.com).
-    1. From the left menu, select **Access Control (IAM)**, and then select the **Role assignments** tab.
-    1. Add the `Storage File Data Privileged Contributor` role to the user-assignment managed identity.
-    1. From the left menu, under **Security + networking**, select **Networking**, and then select **Firewalls and virtual networks**.
+    1. On the left menu, select **Access Control (IAM)**, and then select the **Role assignments** tab.
+    1. Add the **Storage File Data Privileged Contributor** role to the user-assigned managed identity.
+    1. On the left menu, under **Security + networking**, select **Networking**, and then select **Firewalls and virtual networks**.
     1. Select **Enabled from selected virtual networks and IP addresses**.
-
-        :::image type="content" source="./media/deployment-script-vnet/bicep-deployment-script-access-vnet-config-storage.png" alt-text="Screenshot of configuring storage account for accessing private network.":::
-
-    1. Under **Virtual networks**, add a subnet. On the screenshot, the subnet is called *dspvnVnet*.
+    1. Under **Virtual networks**, add a subnet. In the following screenshot, the subnet is called *dspvnVnet*.
     1. Under **Exceptions**, select **Allow Azure services on the trusted services list to access this storage account**.
 
+    :::image type="content" source="./media/deployment-script-vnet/bicep-deployment-script-access-vnet-config-storage.png" alt-text="Screenshot of selections for configuring a storage account for accessing a private network.":::
+
 The following Bicep file shows how to configure the environment for running a deployment script:
 
 ```bicep
-@maxLength(10) // required max length since the storage account has a max of 26 chars
+@maxLength(10) // Required maximum length, because the storage account has a maximum of 26 characters
 param prefix string
 param location string = resourceGroup().location
 param userAssignedIdentityName string = '${prefix}Identity'
@@ -101,7 +100,7 @@ resource userAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@
 }
 
 resource storageFileDataPrivilegedContributor 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = {
-  name: '69566ab7-960f-475b-8e7c-b3118f30c6bd' // Storage File Data Priveleged Contributor
+  name: '69566ab7-960f-475b-8e7c-b3118f30c6bd' // Storage File Data Privileged Contributor
   scope: tenant()
 }
 
@@ -174,7 +173,7 @@ resource dsTest 'Microsoft.Resources/deploymentScripts@2023-08-01' = {
 
 ## Next steps
 
-In this article, you learned how to access private virtual network. To learn more:
+In this article, you learned how to access a private virtual network. To learn more:
 
 > [!div class="nextstepaction"]
 > [Use deployment scripts in Bicep](./deployment-script-bicep.md)

articles/azure-resource-manager/bicep/deployment-script-develop.md

@@ -256,7 +256,7 @@ param serviceConfig ServiceConfig = { type: 'bar', value: true }
 output config object = serviceConfig
 ```
 
-The parameter value is validated based on the discriminated property value.  In the preceeding example, if the *serviceConfig* parameter value is of type *foo*, it undergoes validation using the *FooConfig*type. Likewise, if the parameter value is of type *bar*, validation is performed using the *BarConfig* type, and this pattern continues for other types as well.
+The parameter value is validated based on the discriminated property value.  In the preceding example, if the *serviceConfig* parameter value is of type *foo*, it undergoes validation using the *FooConfig*type. Likewise, if the parameter value is of type *bar*, validation is performed using the *BarConfig* type, and this pattern continues for other types as well.
 
 ## Import types between Bicep files (Preview)
 

articles/azure-resource-manager/bicep/deployment-script-vnet.md

@@ -537,9 +537,9 @@ In the following tables, the term alphanumeric refers to:
 > [!div class="mx-tableFixed"]
 > | Entity | Scope | Length | Valid Characters |
 > | --- | --- | --- | --- |
-> | workspaces | resource group | 3-33 | Alphanumerics and hyphens |
+> | workspaces | resource group | 3-33 | Alphanumerics, hyphens, and underscores. |
 > | workspaces / computes | workspace | 3-24 for compute instance<br>3-32 for AML compute<br>2-16 for other compute types | Alphanumerics and hyphens. |
-> | workspaces / datastores | workspace | Maximum 255 characters for datastore name| Datastore name consists only of lowercase letters, digits, and underscores |
+> | workspaces / datastores | workspace | Maximum 255 characters for datastore name| Datastore name consists only of lowercase letters, digits, and underscores. |
 
 ## Microsoft.ManagedIdentity
 

articles/azure-resource-manager/bicep/user-defined-data-types.md

@@ -59,7 +59,7 @@ resource myPolicyDoc 'Microsoft.App/managedEnvironments/daprComponents/resilienc
             maxIntervalInMilliseconds: 10000
           }
       } 
-    }, 
+    } 
     inboundPolicy: {
       timeoutPolicy: {
         responseTimeoutInSeconds: 15
@@ -208,7 +208,7 @@ properties: {
     timeoutPolicy: {
         responseTimeoutInSeconds: 15
     }
-  },
+  }
   inbound: {
     timeoutPolicy: {
         responseTimeoutInSeconds: 15
@@ -236,7 +236,7 @@ properties: {
           maxIntervalInMilliseconds: 10000
         }
     }
-  },
+  }
   inbound: {
     httpRetryPolicy: {
         maxRetries: 5

articles/azure-resource-manager/management/resource-name-rules.md

@@ -163,7 +163,7 @@ View the container logs to confirm the IP address is the same as the public IP a
 
 ```azurecli
 az container logs \
-  --sed 's/$RESOURCE_GROUP_NAME/$resourceGroup/g'
+  --resource-group $resourceGroup \
   --name testegress 
 ```