Merge pull request #201078 from MicrosoftDocs/repo_sync_working_branch

jdmartinez36 · web-flow · commit 09fb72952f6f · 2022-06-09T16:11:13.000-06:00
Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)
diff --git a/articles/active-directory/authentication/howto-mfa-nps-extension-errors.md b/articles/active-directory/authentication/howto-mfa-nps-extension-errors.md
@@ -109,7 +109,7 @@ To collect debug logs for support diagnostics, use the following steps on the NP
 
    ```
    Mkdir c:\NPS
-   Cd NPS
+   Cd c:\NPS
    netsh trace start Scenario=NetConnection capture=yes tracefile=c:\NPS\nettrace.etl
    logman create trace "NPSExtension" -ow -o c:\NPS\NPSExtension.etl -p {7237ED00-E119-430B-AB0F-C63360C8EE81} 0xffffffffffffffff 0xff -nb 16 16 -bs 1024 -mode Circular -f bincirc -max 4096 -ets
    logman update trace "NPSExtension" -p {EC2E6D3A-C958-4C76-8EA4-0262520886FF} 0xffffffffffffffff 0xff -ets
diff --git a/articles/azure-app-configuration/howto-integrate-azure-managed-service-identity.md b/articles/azure-app-configuration/howto-integrate-azure-managed-service-identity.md
@@ -181,7 +181,7 @@ The following steps describe how to assign the App Configuration Data Reader rol
     >           options.Connect(new Uri(settings["AppConfig:Endpoint"]), new ManagedIdentityCredential("<your_clientId>"))
     >        });
     >```
-    >As explained in the [Managed Identities for Azure resources FAQs](../active-directory/managed-identities-azure-resources/known-issues.md), there is a default way to resolve which managed identity is used. In this case, the Azure Identity library enforces you to specify the desired identity to avoid posible runtime issues in the future (for instance, if a new user-assigned managed identity is added or if the system-assigned managed identity is enabled). So, you will need to specify the clientId even if only one user-assigned managed identity is defined, and there is no system-assigned managed identity.
+    >As explained in the [Managed Identities for Azure resources FAQs](../active-directory/managed-identities-azure-resources/known-issues.md), there is a default way to resolve which managed identity is used. In this case, the Azure Identity library enforces you to specify the desired identity to avoid possible runtime issues in the future (for instance, if a new user-assigned managed identity is added or if the system-assigned managed identity is enabled). So, you will need to specify the clientId even if only one user-assigned managed identity is defined, and there is no system-assigned managed identity.
 
 :::zone-end
 
@@ -224,4 +224,4 @@ In addition to App Service, many other Azure services support managed identities
 In this tutorial, you added an Azure managed identity to streamline access to App Configuration and improve credential management for your app. To learn more about how to use App Configuration, continue to the Azure CLI samples.
 
 > [!div class="nextstepaction"]
-> [CLI samples](./cli-samples.md)
+> [CLI samples](./cli-samples.md)
diff --git a/articles/cost-management-billing/manage/consumption-api-overview.md b/articles/cost-management-billing/manage/consumption-api-overview.md
@@ -12,7 +12,7 @@ ms.author: banders
 
 # Azure consumption API overview
 
-The Azure Consumption APIs give you programmatic access to cost and usage data for your Azure resources. These APIs currently only support Enterprise Enrollments and Web Direct Subscriptions (with a few exceptions). The APIs are continually updated to support other types of Azure subscriptions.
+The Azure Consumption APIs give you programmatic access to cost and usage data for your Azure resources. These APIs currently only support Enterprise Enrollments, Web Direct Subscriptions (with a few exceptions), and CSP Azure plan subscriptions. The APIs are continually updated to support other types of Azure subscriptions.
 
 Azure Consumption APIs provide access to:
 - Enterprise and Web Direct Customers
diff --git a/articles/key-vault/general/rbac-guide.md b/articles/key-vault/general/rbac-guide.md
@@ -247,35 +247,35 @@ For full details, see [Assign Azure roles using Azure PowerShell](../../role-bas
 
 1. Validate adding new secret without "Key Vault Secrets Officer" role on key vault level.
 
-Go to key vault Access control (IAM) tab and remove "Key Vault Secrets Officer" role assignment for this resource.
+   1. Go to key vault Access control (IAM) tab and remove "Key Vault Secrets Officer" role assignment for this resource.
 
-![Remove assignment - key vault](../media/rbac/image-9.png)
+      ![Remove assignment - key vault](../media/rbac/image-9.png)
 
-Navigate to previously created secret. You can see all secret properties.
+   1. Navigate to previously created secret. You can see all secret properties.
 
-![Secret view with access](../media/rbac/image-10.png)
+      ![Secret view with access](../media/rbac/image-10.png)
 
-Create new secret ( Secrets \> +Generate/Import) should show below error:
+   1. Create new secret ( Secrets \> +Generate/Import) should show below error:
 
-   ![Create new secret](../media/rbac/image-11.png)
+      ![Create new secret](../media/rbac/image-11.png)
 
-2.  Validate secret editing without "Key Vault Secret Officer" role on secret level.
+1. Validate secret editing without "Key Vault Secret Officer" role on secret level.
 
--   Go to previously created secret Access Control (IAM) tab
+   1. Go to previously created secret Access Control (IAM) tab
     and remove "Key Vault Secrets Officer" role assignment for
     this resource.
 
--   Navigate to previously created secret. You can see secret properties.
+   1. Navigate to previously created secret. You can see secret properties.
 
-   ![Secret view without access](../media/rbac/image-12.png)
+      ![Secret view without access](../media/rbac/image-12.png)
 
-3. Validate secrets read without reader role on key vault level.
+1. Validate secrets read without reader role on key vault level.
 
--   Go to key vault resource group Access control (IAM) tab and remove "Key Vault Reader" role assignment.
+   1. Go to key vault resource group Access control (IAM) tab and remove "Key Vault Reader" role assignment.
 
--   Navigating to key vault's Secrets tab should show below error:
+   1. Navigating to key vault's Secrets tab should show below error:
 
-   ![Secret tab - error](../media/rbac/image-13.png)
+      ![Secret tab - error](../media/rbac/image-13.png)
 
 ### Creating custom roles 
 
diff --git a/articles/logic-apps/logic-apps-workflow-actions-triggers.md b/articles/logic-apps/logic-apps-workflow-actions-triggers.md
@@ -1900,7 +1900,6 @@ The Logic Apps engine checks access to the trigger you want to call, so make sur
 | <*trigger-name*> | String | The name for the trigger in the nested logic app you want to call | 
 | <*Azure-subscription-ID*> | String | The Azure subscription ID for the nested logic app |
 | <*Azure-resource-group*> | String | The Azure resource group name for the nested logic app |
-| <*nested-logic-app-name*> | String | The name for the logic app you want to call |
 ||||
 
 *Optional*
diff --git a/articles/sentinel/sentinel-solutions-catalog.md b/articles/sentinel/sentinel-solutions-catalog.md
@@ -24,7 +24,7 @@ For more information, see [Centrally discover and deploy Microsoft Sentinel out-
 
 |Name    |Includes  |Categories |Supported by  |
 |---------|---------|---------|---------|
-|**Apache Log4j Vulnerability Detection** | Analytics rules, hunting queries | Application, Security - Threat Protection, Security - Vulnerability Management | Microsoft|
+|**Apache Log4j Vulnerability Detection** | Analytics rules, hunting queries, workbooks, playbooks | Application, Security - Threat Protection, Security - Vulnerability Management | Microsoft|
 |**Cybersecurity Maturity Model Certification (CMMC)** | [Analytics rules, workbook, playbook](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-s-new-cybersecurity-maturity-model-certification-cmmc/ba-p/2111184) | Compliance | Microsoft|
 | **IoT/OT Threat Monitoring with Defender for IoT** | [Analytics rules, playbooks, workbook](iot-solution.md) | Internet of Things (IoT), Security - Threat Protection | Microsoft |
 |**Maturity Model for Event Log Management M2131** | [Analytics rules, hunting queries, playbooks, workbook](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/modernize-log-management-with-the-maturity-model-for-event-log/ba-p/3072842) | Compliance | Microsoft|
diff --git a/articles/virtual-machines/linux/using-cloud-init.md b/articles/virtual-machines/linux/using-cloud-init.md
@@ -163,8 +163,21 @@ Once the VM has been provisioned, cloud-init will run through all the modules an
 > [!NOTE]
 > Not every module failure results in a fatal cloud-init overall configuration failure. For example, using the `runcmd` module, if the script fails, cloud-init will still report provisioning succeeded because the runcmd module executed.
 
-For more details of cloud-init logging, refer to the [cloud-init documentation](https://cloudinit.readthedocs.io/en/latest/topics/logging.html) 
+For more details of cloud-init logging, refer to the [cloud-init documentation](https://cloudinit.readthedocs.io/en/latest/topics/logging.html)
 
+## Telemetry
+cloud-init collects usage data and sends it to Microsoft to help improve our products and services. Telemetry is only collected during the provisioning process (first boot of the VM). The data collected helps us investigate provisioning failures and monitor performance and reliability. Data collected does not include any personally identifiable information. Read our [privacy statement](https://go.microsoft.com/fwlink/?LinkId=521839) to learn more. Some examples of telemetry being collected are (this is not an exhaustive list): OS-related information (cloud-init version, distro version, kernel version), performance metrics of essential VM provisioning actions (time to obtain DHCP lease, time to retrieve metadata necessary to configure the VM, etc.), cloud-init log, and dmesg log.
+
+Telemetry collection is currently enabled for a majority of our marketplace images that use cloud-init. It is enabled by specifying KVP telemetry reporter for cloud-init. In a majority of Azure marketplace images, this configuration can be found in the file /etc/cloud/cloud.cfg.d/10-azure-kvp.cfg. Removing this file during image preparation will disable telemetry collection for any VM created from this image. 
+
+Sample content of 10-azure-kvp.cfg
+```
+reporting:
+  logging:
+    type: log
+  telemetry:
+    type: hyperv
+```
 ## Next steps
 
 [Troubleshoot issues with cloud-init](cloud-init-troubleshooting.md).
diff --git a/includes/api-management-service-limits.md b/includes/api-management-service-limits.md
@@ -36,7 +36,7 @@ ms.custom: Include file
 | Maximum number of [schemas](../articles/api-management/validation-policies.md#schemas-for-content-validation)<sup>10</sup> | 100 |
 | Maximum size of request or response body in [validate-content policy](../articles/api-management/validation-policies.md#validate-content)<sup>10</sup> | 100 KB |
 | Maximum number of self-hosted gateways<sup>11</sup> | 25 |
-| Maximum number of active WebSocket connections per unit | 200 |
+| Maximum number of active WebSocket connections per unit | 100 |
 | Maximum number of tags supported by an API Management resource|15|
 
 <sup>1</sup> Scaling limits depend on the pricing tier. For details on the pricing tiers and their scaling limits, see [API Management pricing](https://azure.microsoft.com/pricing/details/api-management/).<br/>
