Merge pull request #215914 from MicrosoftDocs/repo_sync_working_branch

huypub · web-flow · commit 09227f7c50be · 2022-10-26T09:46:39.000-07:00
Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)
diff --git a/articles/active-directory/conditional-access/concept-conditional-access-cloud-apps.md b/articles/active-directory/conditional-access/concept-conditional-access-cloud-apps.md
@@ -79,9 +79,9 @@ The Office 365 suite makes it possible to target these services all at once. We
 
 Targeting this group of applications helps to avoid issues that may arise because of inconsistent policies and dependencies. For example: The Exchange Online app is tied to traditional Exchange Online data like mail, calendar, and contact information. Related metadata may be exposed through different resources like search. To ensure that all metadata is protected by as intended, administrators should assign policies to the Office 365 app.
 
-Administrators can exclude the entire Office 365 suite or specific Office 365 client apps from the Conditional Access policy.
+Administrators can exclude the entire Office 365 suite or specific Office 365 cloud apps from the Conditional Access policy.
 
-The following key applications are included in the Office 365 client app:
+The following key applications are affected by the Office 365 cloud app:
 
 - Exchange Online
 - Microsoft 365 Search Service
diff --git a/articles/azure-monitor/media/partners/zenduty.png b/articles/azure-monitor/media/partners/zenduty.png
diff --git a/articles/azure-monitor/partners.md b/articles/azure-monitor/partners.md
@@ -137,7 +137,7 @@ Grafana is an open-source application that enables you to visualize metric data
 
 ## InfluxData
 
-![InfluxData logo.](./media/partners/Influxdata.png)
+![InfluxData logo.](./media/partners/influxdata.png)
 
 InfluxData is the creator of InfluxDB, the open-source time series database. Its technology is purpose built to handle the massive volumes of time-stamped data produced by Internet of Things (IoT) devices, applications, networks, containers, and computers. 
 
@@ -362,7 +362,7 @@ For more information, see the [SquaredUp website](https://squaredup.com/).
 
 ## Sumo Logic
 
-![Sumo Logic logo.](./media/partners/SumoLogic.png)
+![Sumo Logic logo.](./media/partners/sumologic.png)
 
 Sumo Logic is a secure, cloud-native analytics service for machine data. It delivers real-time, continuous intelligence from structured, semistructured, and unstructured data across the entire application lifecycle and stack. 
 
@@ -372,14 +372,24 @@ For more information, see the [Sumo Logic documentation](https://www.sumologic.c
 
 ## Turbonomic
 
-![Turbonomic logo.](./media/partners/Turbonomic.png)
+![Turbonomic logo.](./media/partners/turbonomic.png)
 
 Turbonomic delivers workload automation for hybrid clouds by simultaneously optimizing performance, cost, and compliance in real time. Turbonomic helps organizations be elastic in their Azure estate by continuously optimizing the estate. Applications constantly get the resources they require to deliver their SLA, and nothing more, across compute, storage, and network for the IaaS and PaaS layer. 
 
 Organizations can simulate migrations, properly scale workloads, and retire datacenter resources to responsibly migrate to Azure on time and within budget, while assuring both performance and compliance. Turbonomic is API driven and runs as an agentless VM in Azure and on-premises.
 
 For more information, see the [Turbonomic introduction](https://turbonomic.com/).
 
+## Zenduty
+
+![Zenduty logo.](./media/partners/zenduty.png)
+
+Zenduty is a novel collaborative incident management platform that provides end-to-end incident alerting, on-call management, and response orchestration, which gives teams greater control and automation over the incident management lifecycle. Zenduty is ideal for always-on services, helping teams orchestrate incident response for creating better user experiences and brand value and centralizing all incoming alerts through predefined notification rules to ensure that the right people are notified at the right time.
+
+Zenduty provides your NOC, SRE, and application engineers with detailed context around the Azure Monitor alert along with playbooks and a complete incident command framework to triage, remediate, and resolve incidents with speed.
+
+For more information, see the [Zenduty documentation](https://docs.zenduty.com/docs/microsoftazure).
+
 ## Partner tools with Event Hubs integration
 
 If you use Azure Monitor to route monitoring data to an event hub, you can easily integrate with some external SIEM and monitoring tools. The following partners are known to have integration with the Event Hubs service. 
diff --git a/articles/cost-management-billing/microsoft-customer-agreement/manage-tenants.md b/articles/cost-management-billing/microsoft-customer-agreement/manage-tenants.md
@@ -21,25 +21,26 @@ A tenant is a digital representation of your organization and is primarily assoc
 
 Each tenant is distinct and separate from other tenants, yet you can allow guest users from other tenants to access your tenant to track your costs and manage billing.
 
+## What's an associated tenant? 
+An associated tenant is a tenant that is linked to your primary billing tenant’s billing account. You can move Microsoft 365 subscriptions to these tenants. You can also assign billing account roles to users in associated billing tenants. Read more about associated tenants [Manage billing across multiple tenants using associated billing tenants](../manage/manage-billing-across-tenants.md). 
+
 ## How tenants and subscriptions relate to billing account
 
 You use your Microsoft Customer Agreement (billing account) to track costs and manage billing. Each billing account has at least one billing profile. The billing profile allows you to manage your invoice and payment method. Each billing profile includes one invoice section, by default. You can create more invoice sections to group, track, and manage costs at a more granular level if needed.
 
-- Your billing account is associated with a single tenant. It means only users who are part of the tenant can access your billing account.
-- When you create a new Azure subscription for your billing account, it's always created in your billing account tenant. However, you can move subscriptions to other tenants. You can also link existing subscriptions from other tenants to your billing account. It allows you to centrally manage billing through one tenant while keeping resources and subscriptions in other tenants based on your needs.
+- Your billing account is associated with a single, primary tenant. Users who are part of the primary tenant or who are part of associated tenants can access your billing account if they have the appropriate billing role assigned. 
+- When you create a new Azure subscription for your billing account, it's created in your tenant or one of the other tenants you have access to. You can choose the tenant while creating the subscription.  
+- You can move subscriptions to other tenants. You can also link existing subscriptions from other tenants to your billing account. This flexibility allows you to centrally manage billing through one tenant while keeping resources and subscriptions in other tenants based on your needs. 
 
-The following diagram shows how billing account and subscriptions are linked to tenants. The Contoso MCA billing account is associated with Tenant 1 while Contoso PAYG account is associated with Tenant 2. Let's assume Contoso wants to pay for their PAYG subscription through their MCA billing account, they can use a billing ownership transfer to link the subscription to their MCA billing account. The subscription and its resources will still be associated with Tenant 2, but they're paid for using the MCA billing account.
+The following diagram shows how billing account and subscriptions are linked to tenants. Let's assume Contoso would like to streamline their billing management through an MCA. The Contoso MCA billing account is in Tenant 1 while Contoso PAYG account is in Tenant 2. They can use a billing ownership transfer to link the subscription to their MCA billing account. The subscription and its resources will still be associated with Tenant 2, but they're paid for using the MCA billing account.
 
 :::image type="content" source="./media/manage-tenants/billing-hierarchy-example.png" alt-text="Diagram showing an example billing hierarchy." border="false" lightbox="./media/manage-tenants/billing-hierarchy-example.png":::
 
 ## Manage subscriptions under multiple tenants in a single Microsoft Customer Agreement
 
-Billing owners can create subscriptions when they have the [appropriate permissions](../manage/understand-mca-roles.md#subscription-billing-roles-and-tasks) to the billing account. By default, any new subscriptions created under the Microsoft Customer Agreement are in the Microsoft Customer Agreement tenant.
+Billing owners can create subscriptions when they have the [appropriate permissions](../manage/understand-mca-roles.md#subscription-billing-roles-and-tasks) to the billing account. By default, any new subscriptions created under the Microsoft Customer Agreement are in the current user’s tenant. Different tenants can be selected from the list of tenants to which the user has access to create subscriptions. 
 
 - You can link subscriptions from other tenants to your Microsoft Customer Agreement billing account. Taking billing ownership of a subscription only changes the invoicing arrangement. It doesn't affect the service tenant or Azure RBAC roles.
-- To change the subscription owner in the service tenant, you must transfer the [subscription to a different Azure Active Directory directory](../../role-based-access-control/transfer-subscription.md).
-
-An MCA billing account is managed by a single tenant/directory. The billing account only controls billing for the subscriptions in its tenant. However, you can use a billing ownership transfer to link a subscription to a billing account in a different tenant.
 
 ### Billing ownership transfer
 
@@ -56,6 +57,13 @@ Billing ownership transfer doesn’t affect:
 - Resources
 - Azure RBAC permissions
 
+## Assign roles to users to your Microsoft Customer Agreement 
+
+There are three ways users with billing owner access can assign roles to users to MCA 
+
+- Assign billing roles to users in the primary tenant 
+- Assign billing roles to external users (outside of your primary tenant) if they are part of an associated tenant 
+- If tenants are not associated, [create guest users in primary tenant and assign roles](#add-guest-users-to-your-microsoft-customer-agreement-tenant). 
 
 ## Add guest users to your Microsoft Customer Agreement tenant
 
diff --git a/articles/key-vault/secrets/multiline-secrets.md b/articles/key-vault/secrets/multiline-secrets.md
@@ -39,12 +39,14 @@ You can then view the stored secret using the Azure CLI [az keyvault secret show
 az keyvault secret show --name "MultilineSecret" --vault-name "<your-unique-keyvault-name>" --query "value"
 ```
 
-The secret will be returned with newlines embedded:
+The secret will be returned with `\n` in place of newline:
 
 ```bash
 "This is\nmy multi-line\nsecret"
 ```
 
+The `\n` above is a `\` and `n` character, not the newline character. Quotes `"` are included in the string.
+
 ## Set the secret using Azure Powershell
 
 With Azure PowerShell, you must first read in the file using the [Get-Content](/powershell/module/microsoft.powershell.management/get-content) cmdlet, then convert it to a secure string using [ConvertTo-SecureString](/powershell/module/microsoft.powershell.security/convertto-securestring). 
@@ -66,12 +68,14 @@ You can then view the stored secret using the Azure CLI [az keyvault secret show
 az keyvault secret show --name "MultilineSecret" --vault-name "<your-unique-keyvault-name>" --query "value"
 ```
 
-The secret will be returned with newlines embedded:
+The secret will be returned with `\n` in place of newline:
 
 ```bash
 "This is\nmy multi-line\nsecret"
 ```
 
+The `\n` above is a `\` and `n` character, not the newline character. Quotes `"` are included in the string.
+
 ## Next steps
 
 - Read an [Overview of Azure Key Vault](../general/overview.md)
diff --git a/articles/postgresql/flexible-server/how-to-configure-sign-in-azure-ad-authentication.md b/articles/postgresql/flexible-server/how-to-configure-sign-in-azure-ad-authentication.md
@@ -40,7 +40,7 @@ Connect-AzureAD -TenantId <customer tenant id>
 ```powershell
 New-AzureADServicePrincipal -AppId 5657e26c-cc92-45d9-bc47-9da6cfdb4ed9
 ```
-This command will grant Azure Database for PostgreSQL Flexible Server Service Principal read access to customer tenant to request Graph API tokens for Azure AD validation tasks. AppID (5657e26c-cc92-45d9-bc47-9da6cfdb4ed) in the above command is the AppID for Azure Database for PostgreSQL Flexible Server Service.
+This command will grant Azure Database for PostgreSQL Flexible Server Service Principal read access to customer tenant to request Graph API tokens for Azure AD validation tasks. AppID (5657e26c-cc92-45d9-bc47-9da6cfdb4ed9) in the above command is the AppID for Azure Database for PostgreSQL Flexible Server Service.
 
 ### Step 3: Networking Requirements
 
