Merge pull request #238292 from MicrosoftDocs/main

5/15 OOB Publish

Author: huypub

articles/active-directory/governance/TOC.yml

@@ -28,7 +28,7 @@
         href: identity-governance-applications-existing-users.md
       - name: Governing a nonprovisionable application's users - PowerShell
         href: identity-governance-applications-not-provisioned-users.md
-      - name: Provisioning accounts into SAP applications
+      - name: Manage access to SAP applications
         href: sap.md
     - name: Entitlement Management
       items:

articles/active-directory/governance/sap.md

@@ -55,10 +55,9 @@ Customers who have yet to transition from applications such as SAP ECC to SAP S/
 
 ## SSO, workflows, and separation of duties
 In addition to the native provisioning integrations that allow you to manage access to your SAP applications, Azure AD supports a rich set of integrations with SAP.   
-* SSO: Once you’ve setup provisioning for your SAP application, you’ll want to enable single sign-on for those applications. Azure AD can serve as the identity provider and server as the authentication authority for your SAP applications. Learn more about how you can [configure Azure AD as the corporate identity provider for your SAP applications](https://help.sap.com/docs/IDENTITY_AUTHENTICATION/6d6d63354d1242d185ab4830fc04feb1/058c7b14209f4f2d8de039da4330a1c1.html).   
-Custom workflows: When a new employee is hired in your organization, you may need to trigger a workflow within your SAP server. 
-* Using the [Entra Identity Governance Lifecycle Workflows](lifecycle-workflow-extensibility.md) in conjunction with the [SAP connector in Azure Logic apps](https://learn.microsoft.com/azure/logic-apps/logic-apps-using-sap-connector), you can trigger custom actions in SAP upon hiring a new employee.
-* Separation of duties: With separation of duties checks now available in preview in Azure AD [entitlement management](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/ensure-compliance-using-separation-of-duties-checks-in-access/ba-p/2466939), customers can now ensure that users don't take on excessive access rights.  Admins and access managers can prevent users from requesting additional access packages if they’re already assigned to other access packages or are a member of other groups that are incompatible with the requested access. Enterprises with critical regulatory requirements for SAP apps will have a single consistent view of access controls and enforce separation of duties checks across their financial and other business critical applications and Azure AD-integrated applications. With our [Pathlock](https://pathlock.com/), integration customers can leverage fine-grained separation of duties checks with access packages in Azure AD, and over time will help customers to address Sarbanes Oxley and other compliance requirements.
+* **SSO:** Once you’ve setup provisioning for your SAP application, you’ll want to enable single sign-on for those applications. Azure AD can serve as the identity provider and server as the authentication authority for your SAP applications. Learn more about how you can [configure Azure AD as the corporate identity provider for your SAP applications](https://help.sap.com/docs/IDENTITY_AUTHENTICATION/6d6d63354d1242d185ab4830fc04feb1/058c7b14209f4f2d8de039da4330a1c1.html).   
+* **Custom workflows:** When a new employee is hired in your organization, you may need to trigger a workflow within your SAP server. Using the [Entra Identity Governance Lifecycle Workflows](lifecycle-workflow-extensibility.md) in conjunction with the [SAP connector in Azure Logic apps](https://learn.microsoft.com/azure/logic-apps/logic-apps-using-sap-connector), you can trigger custom actions in SAP upon hiring a new employee.
+* **Separation of duties:** With separation of duties checks now available in preview in Azure AD [entitlement management](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/ensure-compliance-using-separation-of-duties-checks-in-access/ba-p/2466939), customers can now ensure that users don't take on excessive access rights.  Admins and access managers can prevent users from requesting additional access packages if they’re already assigned to other access packages or are a member of other groups that are incompatible with the requested access. Enterprises with critical regulatory requirements for SAP apps will have a single consistent view of access controls and enforce separation of duties checks across their financial and other business critical applications and Azure AD-integrated applications. With our [Pathlock](https://pathlock.com/), integration customers can leverage fine-grained separation of duties checks with access packages in Azure AD, and over time will help customers to address Sarbanes Oxley and other compliance requirements.
 
 ## Next steps
 

articles/azure-monitor/app/javascript-framework-extensions.md

@@ -30,7 +30,7 @@ Install the npm package:
 
 ```bash
 
-npm install @microsoft/applicationinsights-react-js @microsoft/applicationinsights-web --save
+npm install @microsoft/applicationinsights-angularplugin-js @microsoft/applicationinsights-web --save
 
 ```
 

articles/azure-netapp-files/azacsnap-introduction.md

@@ -42,16 +42,20 @@ Azure Application Consistent Snapshot tool (AzAcSnap) is a command-line tool tha
 
 AzAcSnap leverages the volume snapshot and replication functionalities in Azure NetApp Files and Azure Large Instance.  It provides the following benefits:
 
+- **Rapid backup snapshots independent of database size**
+  - AzAcSnap takes snapshot backups regardless of the size of the volumes or database by leveraging the snapshot technology of storage.  
+  - It takes snapshots in parallel across all the volumes thereby allowing multiple volumes to be part of the database storage.  
+  - Tests have shown a 100+TiB database stored across 16 volumes was able to be snapshot backup in less than 2 minutes.
 - **Application-consistent data protection**
-    AzAcSnap is a centralized solution for backing up critical database files. It ensures database consistency before performing a storage volume snapshot. As a result, it ensures that the storage volume snapshot can be used for database recovery.
+   - AzAcSnap can be deployed as a centralized or distributed solution for backing up critical database files. It ensures database consistency before performing a storage volume snapshot. As a result, it ensures that the storage volume snapshot can be used for database recovery.
 - **Database catalog management**
-    When you use AzAcSnap with SAP HANA, the records within the backup catalog are kept current with storage snapshots.  This capability allows a database administrator to see the backup activity.
+   - When you use AzAcSnap with SAP HANA, the records within the backup catalog are kept current with storage snapshots.  This capability allows a database administrator to see the backup activity.
 - **Ad hoc volume protection**
-    This capability is helpful for non-database volumes that don't need application quiescing before taking a storage snapshot.  Examples include SAP HANA log-backup volumes or SAPTRANS volumes.
+   - This capability is helpful for non-database volumes that don't need application quiescing before taking a storage snapshot.  Examples include SAP HANA log-backup volumes or SAPTRANS volumes.
 - **Cloning of storage volumes**
-    This capability provides space-efficient storage volume clones for development and test purposes.
+   - This capability provides space-efficient storage volume clones for development and test purposes.
 - **Support for disaster recovery**
-    AzAcSnap leverages storage volume replication to provide options for recovering replicated application-consistent snapshots at a remote site.
+    - AzAcSnap leverages storage volume replication to provide options for recovering replicated application-consistent snapshots at a remote site.
 
 AzAcSnap is a single binary.  It does not need additional agents or plug-ins to interact with the database or the storage (Azure NetApp Files via Azure Resource Manager, and Azure Large Instance via SSH).  AzAcSnap must be installed on a system that has connectivity to the database and the storage.  However, the flexibility of installation and configuration allows for either a single centralized installation (Azure NetApp Files only) or a fully distributed installation (Azure NetApp Files and Azure Large Instance) with copies installed on each database installation.
 

articles/cognitive-services/Speech-Service/how-to-custom-voice-create-voice.md

@@ -86,7 +86,7 @@ To create a custom neural voice in Speech Studio, follow these steps for one of
 1. Select **Next**.
 1. Optionally, you can add up to 10 custom speaking styles:
     1. Select **Add a custom style** and thoughtfully enter a custom style name of your choice. This name will be used by your application within the `style` element of [Speech Synthesis Markup Language (SSML)](speech-synthesis-markup-voice.md#speaking-styles-and-roles). You can also use the custom style name as SSML via the [Audio Content Creation](how-to-audio-content-creation.md) tool in [Speech Studio](https://speech.microsoft.com/portal/audiocontentcreation).
-    1. Select style samples as training data. It's recommended that the style samples are all from the same voice talent profile.
+    1. Select style samples as training data. The style samples should be all from the same voice talent profile.
 1. Select **Next**.
 1. Select a speaker file with the voice talent statement that corresponds to the speaker in your training data.
 1. Select **Next**.

articles/communication-services/concepts/advisor-overview.md

@@ -33,6 +33,7 @@ The following SDKs are supported for this feature, along with all their supporte
 * Phone Numbers
 * Management
 * Network Traversal
+* Call Automation
 
 ## Next steps
 

articles/dev-box/how-to-get-help.md

@@ -4,7 +4,7 @@ description: Learn how to choose the appropriate channel to get support for Micr
 author: RoseHJM
 ms.author: rosemalcolm
 ms.service: dev-box
-ms.topic: how-to 
+ms.topic: troubleshooting 
 ms.date: 04/25/2023
 ms.custom: template-how-to-pattern
 ---

articles/dev-box/toc.yml

@@ -55,8 +55,6 @@ items:
       href: how-to-create-dev-boxes-developer-portal.md
     - name: Configure Azure Diagnostic Logs
       href: how-to-configure-dev-box-azure-diagnostic-logs.md
-    - name: Get support for Microsoft Dev Box
-      href: how-to-get-help.md  
 - name: Reference
   items:
     - name: Azure CLI
@@ -71,8 +69,9 @@ items:
       href: https://azure.microsoft.com/roadmap/
     - name: Regional availability
       href: https://azure.microsoft.com/regions/services/
+    - name: Get support for Microsoft Dev Box
+      href: how-to-get-help.md  
     - name: Report a problem
       href: https://aka.ms/devbox/report
     - name: Suggest a feature
       href: https://aka.ms/devbox/suggest
-

articles/firewall-manager/overview.md

@@ -83,8 +83,8 @@ Azure Firewall Manager has the following known issues:
 |---------|---------|---------|
 |Traffic splitting|Microsoft 365 and Azure Public PaaS traffic splitting isn't currently supported. As such, selecting a third-party provider for V2I or B2I also sends all Azure Public PaaS and Microsoft 365 traffic via the partner service.|Investigating traffic splitting at the hub.
 |Base policies must be in same region as local policy|Create all your local policies in the same region as the base policy. You can still apply a policy that was created in one region on a secured hub from another region.|Investigating|
-|Filtering inter-hub traffic in secure virtual hub deployments|Secured Virtual Hub to Secured Virtual Hub communication filtering isn't yet supported. However, hub to hub communication still works if private traffic filtering via Azure Firewall isn't enabled.|Investigating|
-|Branch to branch traffic with private traffic filtering enabled|Branch to branch traffic isn't supported when private traffic filtering is enabled. |Investigating.<br><br>Don't secure private traffic if branch to branch connectivity is critical.|
+|Filtering inter-hub traffic in secure virtual hub deployments|Secured Virtual Hub to Secured Virtual Hub communication filtering is supported with the Routing Intent feature.|Enable Routing Intent on your Virtual WAN Hub by setting Inter-hub to **Enabled** in Azure Firewall Manager. See [Routing Intent documentation](../virtual-wan/how-to-routing-policies.md) for more information about this feature.|
+|Branch to branch traffic with private traffic filtering enabled|Branch to branch traffic can be inspected by Azure Firewall in secured hub scenarios if Routing Intent is enabled. |Enable Routing Intent on your Virtual WAN Hub by setting Inter-hub to **Enabled** in Azure Firewall Manager. See [Routing Intent documentation](../virtual-wan/how-to-routing-policies.md) for more information about this feature.|
 |All Secured Virtual Hubs sharing the same virtual WAN must be in the same resource group.|This behavior is aligned with Virtual WAN Hubs today.|Create multiple Virtual WANs to allow Secured Virtual Hubs to be created in different resource groups.|
 |Bulk IP address addition fails|The secure hub firewall goes into a failed state if you add multiple public IP addresses.|Add smaller public IP address increments. For example, add 10 at a time.|
 |DDoS Protection not supported with secured virtual hubs|DDoS Protection is not integrated with vWANs.|Investigating|

articles/firewall-manager/secure-cloud-network-powershell.md

@@ -99,13 +99,15 @@ Set-AzDiagnosticSetting -ResourceId $AzFW.Id -Enabled $True -Category AzureFirew
 
 ## Deploy Azure Firewall and configure custom routing
 
+> [!NOTE]
+> This is the configuration deployed when securing connectivity from the Azure Portal with Azure Firewall Manager when the "Inter-hub" setting is set to **disabled**. For instructions on how to configure routing using powershell when "Inter-hub" is set to **enabled**, see [Enabling routing intent](#routingintent).
+
 Now you have an Azure Firewall in the hub, but you still need to modify routing so the Virtual WAN sends the traffic from the virtual networks and from the branches through the firewall. You do this in two steps:
 
 1. Configure all virtual network connections (and branch connections if there were any) to propagate to the `None` Route Table. The effect of this configuration is that other virtual networks and branches won't learn their prefixes, and so has no routing to reach them.
 1. Now you can insert static routes in the `Default` Route Table (where all virtual networks and branches are associated by default), so that all traffic is sent to the Azure Firewall.
 
-> [!NOTE]
-> This is the configuration deployed when securing connectivity from the Azure Portal with Azure Firewall Manager
+
 
 Start with the first step, to configure your virtual network connections to propagate to the `None` Route Table:
 
@@ -134,6 +136,44 @@ $DefaultRT = Update-AzVHubRouteTable -Name "defaultRouteTable" -ResourceGroupNam
 > [!NOTE]
 > String "***all_traffic***" as value for parameter "-Name" in the New-AzVHubRoute command above has a special meaning: if you use this exact string, the configuration applied in this article will be properly reflected in the Azure Portal (Firewall Manager --> Virtual hubs --> [Your Hub] --> Security Configuration). If a different name will be used, the desired configuration will be applied, but will not be reflected in the Azure Portal.
 
+##  <a name="routingintent"></a> Enabling routing intent
+
+If you want to send inter-hub and inter-region traffic via Azure Firewall deployed in the Virtual WAN hub, you can instead enable the routing intent feature. For more information on routing intent, see [Routing Intent documentation](../virtual-wan/how-to-routing-policies.md).
+
+> [!NOTE]
+> This is the configuration deployed when securing connectivity from the Azure Portal with Azure Firewall Manager when the "Interhub" setting is set to **enabled**.
+
+```azurepowershell
+# Get the Azure Firewall resource ID
+$AzFWId = $(Get-AzVirtualHub -ResourceGroupName <thname> -name  $HubName).AzureFirewall.Id
+
+# Create routing policy and routing intent
+$policy1 = New-AzRoutingPolicy -Name "PrivateTraffic" -Destination @("PrivateTraffic") -NextHop $firewall.Id
+$policy2 = New-AzRoutingPolicy -Name "PublicTraffic" -Destination @("Internet") -NextHop $firewall.Id
+New-AzRoutingIntent -ResourceGroupName "<rgname>" -VirtualHubName "<hubname>" -Name "hubRoutingIntent" -RoutingPolicy @($policy1, $policy2)
+```
+
+If you are using non-RFC1918 prefixes in your Virtual WAN such as  40.0.0.0/24 in your Virtual Network or on-premises, add an additional route in the defaultRouteTable after routing intent configuration completes. Make sure you name this route as **private_traffic**. If the route is named otherwise, the desired configuration will apply but it will not be reflected in Azure Portal.
+
+```azurepowershell
+# Get the defaultRouteTable
+$defaultRouteTable = Get-AzVHubRouteTable -ResourceGroupName routingIntent-Demo -HubName wus_hub1 -Name defaultRouteTable
+
+# Get the routes automatically created by routing intent. If private routing policy is enabled, this is the route named _policy_PrivateTraffic. If internet routing policy is enabled, this is the route named _policy_InternetTraffic. 
+$privatepolicyroute = $defaultRouteTable.Routes[1]
+
+
+# Create new route named private_traffic for non-RFC1918 prefixes
+$private_traffic = New-AzVHubRoute -Name "private-traffic" -Destination @("30.0.0.0/24") -DestinationType "CIDR" -NextHop $AzFWId -NextHopType ResourceId
+
+# Create new routes for route table
+$newroutes = @($privatepolicyroute, $private_traffic)
+
+# Update route table
+Update-AzVHubRouteTable -ResourceGroupName <rgname> -ParentResourceName <hubname> -Name defaultRouteTable -Route $newroutes
+
+````
+ 
 ## Test connectivity
 
 Now you have a fully operational secure hub. To test connectivity, you need one virtual machine in each spoke virtual network connected to the hub: