Merge pull request #235772 from MicrosoftDocs/main

4/25 AM Publish

Author: huypub

.openpublishing.redirection.healthcare-apis.json

@@ -550,33 +550,61 @@
           "redirect_document_id": false
       },
       {   "source_path_from_root": "/articles/healthcare-apis/iot/deploy-iot-connector-in-azure.md",
-          "redirect_url": "/azure/healthcare-apis/iot/deploy-new-choose",
+          "redirect_url": "/azure/healthcare-apis/iot/deploy-choose-method",
           "redirect_document_id": false
       },
       {   "source_path_from_root": "/articles/healthcare-apis/iot/deploy-02-new-button.md",
-          "redirect_url": "/azure/healthcare-apis/iot/deploy-new-button",
+          "redirect_url": "/azure/healthcare-apis/iot/deploy-choose-method",
           "redirect_document_id": false
       },
       {   "source_path_from_root": "/articles/healthcare-apis/iot/deploy-03-new-manual.md",
-          "redirect_url": "/azure/healthcare-apis/iot/deploy-new-manual",
+          "redirect_url": "/azure/healthcare-apis/iot/deploy-choose-method",
           "redirect_document_id": false
       },
       {   "source_path_from_root": "/articles/healthcare-apis/iot/deploy-05-new-config.md",
-          "redirect_url": "/azure/healthcare-apis/iot/deploy-new-config",
+          "redirect_url": "/azure/healthcare-apis/iot/deploy-choose-method",
           "redirect_document_id": false
       },
       {   "source_path_from_root": "/articles/healthcare-apis/iot/deploy-06-new-deploy.md",
-          "redirect_url": "/azure/healthcare-apis/iot/deploy-new-deploy",
+          "redirect_url": "/azure/healthcare-apis/iot/deploy-choose-method",
           "redirect_document_id": false
       },
       {   "source_path_from_root": "/articles/healthcare-apis/iot/deploy-08-new-ps-cli.md",
-          "redirect_url": "/azure/healthcare-apis/iot/deploy-new-powershell-cli",
+          "redirect_url": "/azure/healthcare-apis/iot/deploy-json-powershell-cli",
+          "redirect_document_id": false
+      },
+      {   "source_path_from_root": "/articles/healthcare-apis/iot/deploy-new-arm.md",
+          "redirect_url": "/azure/healthcare-apis/iot/deploy-arm-template",
           "redirect_document_id": false
       },
       {   "source_path_from_root": "/articles/healthcare-apis/iot/deploy-new-bicep-ps-cli.md",
-          "redirect_url": "/azure/healthcare-apis/iot/deploy-new-bicep-powershell-cli",
+          "redirect_url": "/azure/healthcare-apis/iot/deploy-bicep-powershell-cli",
           "redirect_document_id": false
-      }, 
+      },
+      {   "source_path_from_root": "/articles/healthcare-apis/iot/deploy-new-bicep-powershell-cli.md",
+          "redirect_url": "/azure/healthcare-apis/iot/deploy-bicep-powershell-cli",
+          "redirect_document_id": false
+      },
+      {   "source_path_from_root": "/articles/healthcare-apis/iot/deploy-new-choose.md",
+          "redirect_url": "/azure/healthcare-apis/iot/deploy-choose-method",
+          "redirect_document_id": false
+      },
+      {   "source_path_from_root": "/articles/healthcare-apis/iot/deploy-new-powershell-cli.md",
+          "redirect_url": "/azure/healthcare-apis/iot/deploy-json-powershell-cli",
+          "redirect_document_id": false
+      },
+      {   "source_path_from_root": "/articles/healthcare-apis/iot/deploy-new-config.md",
+          "redirect_url": "/azure/healthcare-apis/iot/deploy-manual-config",
+          "redirect_document_id": false
+      },
+      {   "source_path_from_root": "/articles/healthcare-apis/iot/deploy-new-deploy.md",
+          "redirect_url": "/azure/healthcare-apis/iot/deploy-manual-post",
+          "redirect_document_id": false
+      },
+      {   "source_path_from_root": "/articles/healthcare-apis/iot/deploy-new-manual.md",
+          "redirect_url": "/azure/healthcare-apis/iot/deploy-manual-prerequisites",
+          "redirect_document_id": false
+      },
       {   "source_path_from_root": "/articles/healthcare-apis/iot/iot-connector-overview.md",
           "redirect_url": "/azure/healthcare-apis/iot/overview",
           "redirect_document_id": false

articles/active-directory/app-provisioning/application-provisioning-log-analytics.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-provisioning
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 10/06/2022
+ms.date: 04/25/2023
 ms.author: kenwith
 ms.reviewer: arvinh
 ---
@@ -19,7 +19,7 @@ Provisioning integrates with Azure Monitor logs and Log Analytics. With Azure mo
 
 ## Enabling provisioning logs
 
-You should already be familiar with Azure monitoring and Log Analytics. If not, jump over to learn about them and then come back to learn about application provisioning logs. To learn more about Azure monitoring, see [Azure Monitor overview](../../azure-monitor/overview.md). To learn more about Azure Monitor logs and Log Analytics, see [Overview of log queries in Azure Monitor](../../azure-monitor/logs/log-query-overview.md).
+You should already be familiar with Azure monitoring and Log Analytics. If not, jump over to learn about them, and then come back to learn about application provisioning logs. To learn more about Azure monitoring, see [Azure Monitor overview](../../azure-monitor/overview.md). To learn more about Azure Monitor logs and Log Analytics, see [Overview of log queries in Azure Monitor](../../azure-monitor/logs/log-query-overview.md).
 
 Once you've configured Azure monitoring, you can enable logs for application provisioning. The option is located on the **Diagnostics settings** page.
 
@@ -44,7 +44,7 @@ The underlying data stream that Provisioning sends log viewers is almost identic
 
 Azure Monitor workbooks provide a flexible canvas for data analysis. They also provide for the creation of rich visual reports within the Azure portal. To learn more, see [Azure Monitor Workbooks overview](../../azure-monitor/visualize/workbooks-overview.md).
 
-Application provisioning comes with a set of pre-built workbooks. You can find them on the Workbooks page. To view the data, you'll need to ensure that all the filters (timeRange, jobID, appName) are populated. You'll also need to make sure you've provisioned an app, otherwise there won't be any data in the logs.
+Application provisioning comes with a set of prebuilt workbooks. You can find them on the Workbooks page. To view the data, ensure that all the filters (timeRange, jobID, appName) are populated. Also confirm the app was provisioned, otherwise there isn't any data in the logs.
 
 :::image type="content" source="media/application-provisioning-log-analytics/workbooks.png" alt-text="Application provisioning workbooks" lightbox="media/application-provisioning-log-analytics/workbooks.png":::
 
@@ -108,7 +108,7 @@ Alert when there's a spike in disables or deletes.
 
 ## Community contributions
 
-We're taking an open source and community-based approach to application provisioning queries and dashboards. If you've built a query, alert, or workbook that you think others would find useful, be sure to publish it to the [AzureMonitorCommunity GitHub repo](https://github.com/microsoft/AzureMonitorCommunity). Then shoot us an email with a link. We'll review and publish it to the service so others can benefit too. You can contact us at [email protected].
+We're taking an open source and community-based approach to application provisioning queries and dashboards. Build a query, alert, or workbook that you think is useful to others, then publish it to the [AzureMonitorCommunity GitHub repo](https://github.com/microsoft/AzureMonitorCommunity). Shoot us an email with a link. We review and publish queries and dashboards to the service so others benefit too. Contact us at [email protected].
 
 ## Next steps
 

articles/active-directory/authentication/concept-fido2-hardware-vendor.md

@@ -53,7 +53,7 @@ The following table lists partners who are Microsoft-compatible FIDO2 security k
 | Nymi                      | ![y]              | ![n]| ![y]| ![n]| ![n]           | https://www.nymi.com/nymi-band                                                                      | 
 | Octatco                   | ![y]              | ![y]| ![n]| ![n]| ![n]           | https://octatco.com/                                                                                |
 | OneSpan Inc.              | ![n]              | ![y]| ![n]| ![y]| ![n]           | https://www.onespan.com/products/fido                                                               |
-| Swissbit                  | ![n]              | ![y]| ![y]| ![n]| ![n]           | https://www.swissbit.com/en/products/ishield-fido2/                                                 |
+| Swissbit                  | ![n]              | ![y]| ![y]| ![n]| ![n]           | https://www.swissbit.com/en/products/ishield-key/                                                 |
 | Thales Group              | ![n]              | ![y]| ![y]| ![n]| ![y]           | https://cpl.thalesgroup.com/access-management/authenticators/fido-devices                           |
 | Thetis                    | ![y]              | ![y]| ![y]| ![y]| ![n]           | https://thetis.io/collections/fido2                                                                 |
 | Token2 Switzerland        | ![y]              | ![y]| ![y]| ![n]| ![n]           | https://www.token2.swiss/shop/product/token2-t2f2-alu-fido2-u2f-and-totp-security-key               |

articles/active-directory/hybrid/migrate-from-federation-to-cloud-authentication.md

@@ -94,7 +94,7 @@ Modern authentication clients (Office 2016 and Office 2013, iOS, and Android app
 
 To plan for rollback, use the [documented current federation settings](#document-current-federation-settings) and check the [federation design and deployment documentation](/windows-server/identity/ad-fs/deployment/windows-server-2012-r2-ad-fs-deployment-guide). 
 
-The rollback process should include converting managed domains to federated domains by using the [Convert-MSOLDomainToFederated](/powershell/module/microsoft.graph.identity.directorymanagement/new-mgdomainfederationconfiguration?view=graph-powershell-1.0&preserve-view=true) cmdlet. If necessary, configuring extra claims rules.
+The rollback process should include converting managed domains to federated domains by using the [New-MgDomainFederationConfiguration](/powershell/module/microsoft.graph.identity.directorymanagement/new-mgdomainfederationconfiguration?view=graph-powershell-1.0&preserve-view=true) cmdlet. If necessary, configuring extra claims rules.
 
 ## Migration considerations 
 

articles/active-directory/manage-apps/configure-password-single-sign-on-non-gallery-applications.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.subservice: app-mgmt
 ms.topic: conceptual
 ms.workload: identity
-ms.date: 09/22/2021
+ms.date: 04/25/2023
 ms.author: jomondi
 ms.reviewer: alamaral
 # Customer intent: As an IT admin, I need to know how to implement password-based single sign-on in Azure Active Directory.
@@ -29,8 +29,8 @@ The configuration page for password-based SSO is simple. It includes only the UR
 ## Prerequisites
 
 To configure password-based SSO in your Azure AD tenant, you need:
--	An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F)
--	One of the following roles: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal.
+-	An Azure account with an active subscription. If you don't already have one, you can [create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F)
+-	Global Administrator, or owner of the service principal.
 -	An application that supports password-based SSO.
 
 ## Configure password-based single sign-on

articles/active-directory/standards/index.yml

@@ -34,6 +34,8 @@ landingContent:
             url: configure-azure-active-directory-for-cmmc-compliance.md
           - text: Configure Azure Active Directory for HIPAA compliance
             url: hipaa-configure-azure-active-directory-for-compliance.md
+          - text: Configure Azure Active Directory for PCI-DSS compliance
+            url: azure-ad-pci-dss-guidance.md
 
   # Card 
   - title: Understand NIST AALs
@@ -113,3 +115,26 @@ landingContent:
           - text: Configure other safeguards
             url: hipaa-other-controls.md
 
+  # Card
+  - title: Achieve PCI-DSS compliance
+    linkLists:
+      - linkListType: how-to-guide
+        links:
+          - text: Meet PCI-DSS Requirement 1
+            url: pci-requirement-1.md
+          - text: Meet PCI-DSS Requirement 2
+            url: pci-requirement-2.md
+          - text: Meet PCI-DSS Requirement 5
+            url: pci-requirement-5.md  
+          - text: Meet PCI-DSS Requirement 6
+            url: pci-requirement-6.md
+          - text: Meet PCI-DSS Requirement 7
+            url: pci-requirement-7.md
+          - text: Meet PCI-DSS Requirement 8
+            url: pci-requirement-8.md 
+          - text: Meet PCI-DSS Requirement 10
+            url: pci-requirement-10.md
+          - text: Meet PCI-DSS Requirement 11
+            url: pci-requirement-11.md
+          - text: Meet Azure Active Directory PCI-DSS MFA supplemental requirements
+            url: azure-ad-pci-dss-mfa.md

articles/advisor/advisor-reference-cost-recommendations.md

@@ -316,6 +316,18 @@ Apache Spark for Azure Synapse Analytics pool's Autoscale feature automatically
 
 Learn more about [Synapse workspace - EnableSynapseSparkComputeAutoScaleGuidance (Consider enabling autoscale feature on spark compute.)](https://aka.ms/EnableSynapseSparkComputeAutoScaleGuidance).
 
+## Web
+
+### Right-size underutilized App Service plans
+
+We've analyzed the usage patterns of your app service plan over the past 7 days and identified low CPU usage. While certain scenarios can result in low utilization by design, you can often save money by choosing a less expensive SKU while retaining the same features.
+
+> [!NOTE]
+> - Currently, this recommendation only works for App Service plans running on Windows on a SKU that allows you to downscale to less expensive tiers without losing any features, like from P3v2 to P2v2 or from P2v2 to P1v2. 
+> - CPU bursts that last only a few minutes might not be correctly detected. Please perform a careful analysis in your App Service plan metrics blade before downscaling your SKU.
+
+Learn more about [App Service plans](../app-service/overview-hosting-plans.md).
+
 ## Azure Monitor
 
 For Azure Monitor cost optimization suggestions, please see [Optimize costs in Azure Monitor](../azure-monitor/best-practices-cost.md).

articles/api-management/mitigate-owasp-api-threats.md

@@ -15,7 +15,7 @@ The Open Web Application Security Project ([OWASP](https://owasp.org/about/)) Fo
 The OWASP [API Security Project](https://owasp.org/www-project-api-security/) focuses on strategies and solutions to understand and mitigate the unique *vulnerabilities and security risks of APIs*. In this article, we'll discuss recommendations to use Azure API Management to mitigate the top 10 API threats identified by OWASP.
 
 > [!NOTE]
-> In addition to following the recommendations in this article, you can enable Defender for APIs (preview), a capability of [Microsoft Defender for Cloud](/azure/defender-for-cloud/defender-for-cloud-introduction), for API security insights, recommendations, and threat detection. [Learn more about using Defender for APIs with API Management](protect-with-defender-for-apis.md)
+> In addition to following the recommendations in this article, you can enable [Defender for APIs](/azure/defender-for-cloud/defender-for-apis-introduction) (preview), a capability of [Microsoft Defender for Cloud](/azure/defender-for-cloud/defender-for-cloud-introduction), for API security insights, recommendations, and threat detection. [Learn more about using Defender for APIs with API Management](protect-with-defender-for-apis.md)
 
 ## Broken object level authorization 
 
@@ -317,4 +317,4 @@ Learn more about:
 * [Security baseline for API Management](/security/benchmark/azure/baselines/api-management-security-baseline)
 * [Security controls by Azure policy](security-controls-policy.md)
 * [Landing zone accelerator for API Management](/azure/cloud-adoption-framework/scenarios/app-platform/api-management/landing-zone-accelerator)
-* [Microsoft Defender for Cloud](/azure/defender-for-cloud/defender-for-cloud-introduction)
+* [Microsoft Defender for Cloud](/azure/defender-for-cloud/defender-for-cloud-introduction)

articles/azure-arc/servers/azcmagent-check.md

@@ -0,0 +1,60 @@
+---
+title: azcmagent check CLI reference
+description: Syntax for the azcmagent check command line tool
+ms.topic: reference
+ms.date: 04/20/2023
+---
+
+# azcmagent check
+
+Run a series of network connectivity checks to see if the agent can successfully communicate with required network endpoints. The command outputs a table showing connectivity test results for each required endpoint, including whether the agent used a private endpoint and/or proxy server.
+
+## Usage
+
+```
+azcmagent check [flags]
+```
+
+## Examples
+
+Check connectivity with the agent's currently configured cloud and region.
+
+```
+azcmagent check
+```
+
+Check connectivity with the East US region using public endpoints.
+
+```
+azcmagent check --location "eastus"
+```
+
+Check connectivity with the Central India region using private endpoints.
+
+```
+azcmagent check --location "centralindia" --enable-pls-check
+```
+
+## Flags
+
+`--cloud`
+
+Specifies the Azure cloud instance. Must be used with the `--location` flag. If the machine is already connected to Azure Arc, the default value is the cloud to which the agent is already connected. Otherwise, the default value is "AzureCloud".
+
+Supported values:
+
+* AzureCloud (public regions)
+* AzureUSGovernment (Azure US Government regions)
+* AzureChinaCloud (Azure China regions)
+
+`-l`, `--location`
+
+The Azure region to check connectivity with. If the machine is already connected to Azure Arc, the current region is selected as the default.
+
+Sample value: westeurope
+
+`-p`, `--enable-pls-check`
+
+Checks if supported Azure Arc endpoints resolve to private IP addresses. This flag should be used when you intend to connect the server to Azure using an Azure Arc private link scope.
+
+[!INCLUDE [common-flags](includes/azcmagent-common-flags.md)]