Merge pull request #194219 from MicrosoftDocs/main

4/06 AM Publish

Author: huypub

.openpublishing.redirection.json

@@ -39008,6 +39008,11 @@
       "redirect_url": "/azure/cognitive-services/speech-service/text-to-speech-basics",
       "redirect_document_id": false
     },
+    {
+      "source_path_from_root": "/articles/cognitive-services/Speech-Service/speech-studio-role-based-access-control.md",
+      "redirect_url": "/azure/cognitive-services/speech-service/role-based-access-control",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/cognitive-services/Speech-Service/voice-first-virtual-assistants.md",
       "redirect_url": "/azure/cognitive-services/Speech-Service/voice-assistants",

articles/active-directory/develop/msal-authentication-flows.md

@@ -132,7 +132,7 @@ In the preceding diagram:
 
 ## Implicit grant
 
-The implicit grant has been replaced by the [authorization code flow with PCKE](scenario-spa-overview.md) as the preferred and more secure token grant flow for client-side single page-applications (SPAs). If you're building a SPA, use the authorization code flow with PKCE instead.
+The implicit grant has been replaced by the [authorization code flow with PKCE](scenario-spa-overview.md) as the preferred and more secure token grant flow for client-side single page-applications (SPAs). If you're building a SPA, use the authorization code flow with PKCE instead.
 
 Single-page web apps written in JavaScript (including frameworks like Angular, Vue.js, or React.js) are downloaded from the server and their code runs directly in the browser. Because their client-side code runs in the browser and not on a web server, they have different security characteristics than traditional server-side web applications. Prior to the availability of Proof Key for Code Exchange (PKCE) for the authorization code flow, the implicit grant flow was used by SPAs for improved responsiveness and efficiency in getting access tokens.
 

articles/active-directory/enterprise-users/domains-verify-custom-subdomain.md

@@ -10,7 +10,7 @@ ms.service: active-directory
 ms.subservice: enterprise-users
 ms.workload: identity
 ms.topic: how-to
-ms.date: 11/05/2021
+ms.date: 04/05/2022
 ms.author: curtand
 ms.reviewer: sumitp
 
@@ -40,7 +40,7 @@ Because subdomains inherit the authentication type of the root domain by default
 1. Use the following example to GET the domain. Because the domain isn't a root domain, it inherits the root domain authentication type. Your command and results might look as follows, using your own tenant ID:
 
    ```http
-   GET https://graph.windows.net/{tenant_id}/domains?api-version=1.6
+   GET https://graph.microsoft.com/v1.0/domains/foo.contoso.com/
    
    Return:
      {
@@ -66,9 +66,17 @@ Because subdomains inherit the authentication type of the root domain by default
 Use the following command to promote the subdomain:
 
 ```http
-POST https://graph.windows.net/{tenant_id}/domains/child.mydomain.com/promote?api-version=1.6
+POST https://graph.microsoft.com/v1.0/domains/foo.contoso.com/promote
 ```
 
+#### Promote command error conditions
+
+Scenario | Method | Code | Message
+-------- | ------ | ---- | -------
+Invoking API with a subdomain whose parent domain is unverified | POST | 400 | Unverified domains cannot be promoted. Please verify the domain before promotion.
+Invoking API with a federated verified subdomain with user references | POST | 400 | Promoting a subdomain with user references is not allowed. Please migrate the users to the current root domain before promotion of the subdomain.
+
+
 ### Change the subdomain authentication type
 
 1. Use the following command to change the subdomain authentication type:
@@ -80,7 +88,7 @@ POST https://graph.windows.net/{tenant_id}/domains/child.mydomain.com/promote?ap
 1. Verify via GET in Microsoft Graph API that subdomain authentication type is now managed:
 
    ```http
-   GET https://graph.windows.net/{{tenant_id} }/domains?api-version=1.6
+   GET https://graph.microsoft.com/v1.0/domains/foo.contoso.com/
    
    Return:
      {

articles/active-directory/manage-apps/grant-consent-single-user.md

@@ -31,8 +31,7 @@ When a user grants consent on his or her own behalf, the following events occur:
 
 To grant consent to an application on behalf of one user, you need:
 
-- A user account. If you don't already have one, you can [create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
-- A Global Administrator or Privileged Administrator role.
+- A user account with Global Administrator, Application Administrator, or Cloud Application Administrator
 
 ## Grant consent on behalf of a single user
 
@@ -48,16 +47,20 @@ For this example, we'll use [Microsoft Graph PowerShell](/graph/powershell/get-s
 # The app for which consent is being granted. In this example, we're granting access
 # to Microsoft Graph Explorer, an application published by Microsoft.
 $clientAppId = "de8bc8b5-d9f9-48b1-a8ad-b748da725064" # Microsoft Graph Explorer
+
 # The API to which access will be granted. Microsoft Graph Explorer makes API 
 # requests to the Microsoft Graph API, so we'll use that here.
 $resourceAppId = "00000003-0000-0000-c000-000000000000" # Microsoft Graph API
+
 # The permissions to grant. Here we're including "openid", "profile", "User.Read"
 # and "offline_access" (for basic sign-in), as well as "User.ReadBasic.All" (for 
 # reading other users' basic profile).
 $permissions = @("openid", "profile", "offline_access", "User.Read", "User.ReadBasic.All")
+
 # The user on behalf of whom access will be granted. The app will be able to access 
 # the API on behalf of this user.
 $userUpnOrId = "[email protected]"
+
 # Step 0. Connect to Microsoft Graph PowerShell. We need User.ReadBasic.All to get
 #    users' IDs, Application.ReadWrite.All to list and create service principals, 
 #    DelegatedPermissionGrant.ReadWrite.All to create delegated permission grants, 
@@ -66,12 +69,14 @@ $userUpnOrId = "[email protected]"
 Connect-MgGraph -Scopes ("User.ReadBasic.All Application.ReadWrite.All " `
                         + "DelegatedPermissionGrant.ReadWrite.All " `
                         + "AppRoleAssignment.ReadWrite.All")
+
 # Step 1. Check if a service principal exists for the client application. 
 #     If one does not exist, create it.
 $clientSp = Get-MgServicePrincipal -Filter "appId eq '$($clientAppId)'"
 if (-not $clientSp) {
    $clientSp = New-MgServicePrincipal -AppId $clientAppId
 }
+
 # Step 2. Create a delegated permission that grants the client app access to the
 #     API, on behalf of the user. (This example assumes that an existing delegated 
 #     permission grant does not already exist, in which case it would be necessary 
@@ -84,6 +89,7 @@ $grant = New-MgOauth2PermissionGrant -ResourceId $resourceSp.Id `
                                      -ClientId $clientSp.Id `
                                      -ConsentType "Principal" `
                                      -PrincipalId $user.Id
+
 # Step 3. Assign the app to the user. This ensures that the user can sign in if assignment
 #     is required, and ensures that the app shows up under the user's My Apps.
 if ($clientSp.AppRoles | ? { $_.AllowedMemberTypes -contains "User" }) {

articles/azure-functions/functions-premium-plan.md

@@ -178,7 +178,7 @@ See the complete regional availability of Functions on the [Azure web site](http
 |China East 2| 100 | 20 |
 |China North 2| 100 | 20 |
 |East Asia| 100 | 20 |
-|East US | 100 | 40 |
+|East US | 100 | 60 |
 |East US 2| 100 | 20 |
 |France Central| 100 | 20 |
 |Germany West Central| 100 | 20 |

articles/azure-government/documentation-government-overview-wwps.md

@@ -6,7 +6,7 @@ ms.author: stevevi
 ms.service: azure-government
 ms.topic: article
 recommendations: false
-ms.date: 03/07/2022
+ms.date: 04/06/2022
 ---
 
 # Azure for secure worldwide public sector cloud adoption
@@ -26,7 +26,7 @@ Listed below are some of the options available to you to safeguard your data in
 - While you can't control the precise network path for data in transit, data encryption in transit helps protect data from interception.
 - Azure is a 24x7 globally operated service; however, support and troubleshooting rarely require access to your data.
 - If you want extra control for support and troubleshooting scenarios, you can use Customer Lockbox for Azure to approve or deny access to your data.
-- Microsoft will notify you of any breach of your data (customer or personal) within 72 hours of incident declaration.
+- Microsoft will notify you of any breach of your data – customer or personal – within 72 hours of incident declaration.
 - You can monitor potential threats and respond to incidents on your own using Microsoft Defender for Cloud.
 
 Using Azure data protection technologies and intelligent edge capabilities from the Azure Stack portfolio of products, you can process confidential and secret data in secure isolated infrastructure within the public multi-tenant cloud or top secret data on premises and at the edge under your full operational control.
@@ -455,7 +455,7 @@ With innovative solutions such as [IoT Hub](https://azure.microsoft.com/services
 
 ### Precision Agriculture with Farm Beats
 
-Agriculture plays a vital role in most economies worldwide. In the US, over 70% of the rural households depend on agriculture as it contributes about 17% to the total GDP and provides employment to over 60% of the population. In project [Farm Beats](https://www.microsoft.com/research/project/farmbeats-iot-agriculture/), we gather numerous data from farms that we couldn’t get before, and then by applying AI and ML algorithms we're able to turn this data into actionable insights for farmers. We call this technique data-driven farming. What we mean by data-driven farming is the ability to map every farm and overlay it with data.  For example, what is the soil moisture level 15 cm below surface, what is the soil temperature 15 cm below surface, etc. These maps can then enable techniques, such as Precision Agriculture, which has been shown to improve yield, reduce costs, and benefit the environment. Despite the fact the Precision Agriculture as a technique was proposed more than 30 years ago, it hasn’t taken off. The biggest reason is the inability to capture numerous data from farms to accurately represent the conditions in the farm. Our goal as part of the Farm Beats project is to be able to accurately construct precision maps at a fraction of the cost.
+Agriculture plays a vital role in most economies worldwide. In the US, over 70% of the rural households depend on agriculture as it contributes about 17% to the total GDP and provides employment to over 60% of the population. In project [Farm Beats](https://www.microsoft.com/research/project/farmbeats-iot-agriculture/), we gather numerous data from farms that we couldn’t get before, and then by applying AI and ML algorithms we're able to turn this data into actionable insights for farmers. We call this technique data-driven farming. What we mean by data-driven farming is the ability to map every farm and overlay it with data.  For example, what is the soil moisture level 15 cm below surface, what is the soil temperature 15 cm below surface, and so on. These maps can then enable techniques, such as Precision Agriculture, which has been shown to improve yield, reduce costs, and benefit the environment. Despite the fact the Precision Agriculture as a technique was proposed more than 30 years ago, it hasn’t taken off. The biggest reason is the inability to capture numerous data from farms to accurately represent the conditions in the farm. Our goal as part of the Farm Beats project is to be able to accurately construct precision maps at a fraction of the cost.
 
 ### Unleashing the power of analytics with synthetic data
 
@@ -470,7 +470,7 @@ Synthetic data can exist in several forms, including text, audio, video, and hyb
 
 ### Knowledge mining
 
-The exponential growth of unstructured data gathering in recent years has created many analytical problems for government agencies. This problem intensifies when data sets come from diverse sources such as text, audio, video, imaging, etc. [Knowledge mining](/learn/modules/azure-artificial-intelligence/2-knowledge-mining) is the process of discovering useful knowledge from a collection of diverse data sources. This widely used data mining technique is a process that includes data preparation and selection, data cleansing, incorporation of prior knowledge on data sets, and interpretation of accurate solutions from the observed results. This process has proven to be useful for large volumes of data in different government agencies.
+The exponential growth of unstructured data gathering in recent years has created many analytical problems for government agencies. This problem intensifies when data sets come from diverse sources such as text, audio, video, imaging, and so on. [Knowledge mining](/learn/modules/azure-artificial-intelligence/2-knowledge-mining) is the process of discovering useful knowledge from a collection of diverse data sources. This widely used data mining technique is a process that includes data preparation and selection, data cleansing, incorporation of prior knowledge on data sets, and interpretation of accurate solutions from the observed results. This process has proven to be useful for large volumes of data in different government agencies.
 
 For instance, captured data from the field often includes documents, pamphlets, letters, spreadsheets, propaganda, videos, and audio files across many disparate structured and unstructured formats. Buried within the data are [actionable insights](https://www.youtube.com/watch?v=JFdF-Z7ypQo) that can enhance effective and timely response to crisis and drive decisions. The objective of knowledge mining is to enable decisions that are better, faster, and more humane by implementing proven commercial algorithm-based technologies.
 
@@ -501,7 +501,17 @@ When deploying applications that are subject to regulatory compliance obligation
 - Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) assessment report, including Azure Stack Hub control mapping to CCM domains and controls.
 - FedRAMP High System Security Plan (SSP) precompiled template to demonstrate how Azure Stack Hub addresses applicable controls, Customer Responsibility Matrix for the FedRAMP High baseline, and FedRAMP assessment report produced by an accredited third-party assessment organization (3PAO).
 
-**[Azure Blueprints](https://azure.microsoft.com/services/blueprints/)** is a service that helps automate compliance and cybersecurity risk management in cloud environments. For more information on Azure Blueprints, including production-ready blueprint solutions for ISO 27001, NIST SP 800-53, PCI DSS, HITRUST, and other standards, see the [Azure Blueprints guidance](../governance/blueprints/overview.md).
+**Azure Policy regulatory compliance built-in initiatives** map to compliance domains and controls in key standards, including:
+
+- [Australian Government ISM PROTECTED](../governance/policy/samples/australia-ism.md)
+- [Canada Federal PBMM](../governance/policy/samples/canada-federal-pbmm.md)
+- [ISO/IEC 27001](../governance/policy/samples/iso-27001.md)
+- [US Government FedRAMP High](../governance/policy/samples/fedramp-high.md)
+- And others
+
+For more regulatory compliance built-in initiatives, see [Azure Policy samples](../governance/policy/samples/index.md#regulatory-compliance).
+
+Regulatory compliance in Azure Policy provides built-in initiative definitions to view a list of the controls and compliance domains based on responsibility – customer, Microsoft, or shared. For Microsoft-responsible controls, we provide extra audit result details based on third-party attestations and our control implementation details to achieve that compliance. Each control is associated with one or more Azure Policy definitions. These policies may help you [assess compliance](../governance/policy/how-to/get-compliance-data.md) with the control; however, compliance in Azure Policy is only a partial view of your overall compliance status. Azure Policy helps to enforce organizational standards and assess compliance at scale. Through its compliance dashboard, it provides an aggregated view to evaluate the overall state of the environment, with the ability to drill down to more granular status.
 
 Azure compliance and certification resources are intended to help you address your own compliance obligations with various standards and regulations. You may have an established cloud adoption mandate in your country and the corresponding regulation to facilitate cloud onboarding. Or you may still operate traditional on-premises datacenters and are in the process of formulating your cloud adoption strategy. Azure’s extensive compliance portfolio can help you irrespective of your cloud adoption maturity level.
 
@@ -545,7 +555,7 @@ This section addresses common customer questions related to Azure public, privat
 
 ### Transparency and audit
 
-- **Audit documentation:** Does Microsoft make all audit documentation readily available to customers to download and examine? **Answer:** Yes, Microsoft makes independent third-party audit reports and other related documentation available for download under a non-disclosure agreement from the Azure portal. You'll need an existing Azure subscription or [free trial subscription](https://azure.microsoft.com/free/) to access the Microsoft Defender for Cloud [audit reports blade](https://portal.azure.com/#blade/Microsoft_Azure_Security/AuditReportsBlade). Additional compliance documentation is available from the Service Trust Portal (STP) [Audit Reports](https://servicetrust.microsoft.com/ViewPage/MSComplianceGuideV3) section. You must log in to access audit reports on the STP. For more information, see [Get started with the Microsoft Service Trust Portal](/microsoft-365/compliance/get-started-with-service-trust-portal).
+- **Audit documentation:** Does Microsoft make all audit documentation readily available to customers to download and examine? **Answer:** Yes, Microsoft makes independent third-party audit reports and other related documentation available for download under a non-disclosure agreement from the Azure portal. You'll need an existing Azure subscription or [free trial subscription](https://azure.microsoft.com/free/) to access the Microsoft Defender for Cloud [audit reports blade](https://portal.azure.com/#blade/Microsoft_Azure_Security/AuditReportsBlade). Extra compliance documentation is available from the Service Trust Portal (STP) [Audit Reports](https://servicetrust.microsoft.com/ViewPage/MSComplianceGuideV3) section. You must log in to access audit reports on the STP. For more information, see [Get started with the Microsoft Service Trust Portal](/microsoft-365/compliance/get-started-with-service-trust-portal).
 - **Process auditability:** Does Microsoft make its processes, data flow, and documentation available to customers or regulators for audit? **Answer:** Microsoft offers a Regulator Right to Examine, which is a program Microsoft implemented to provide regulators with direct right to examine Azure, including the ability to conduct an on-site examination, to meet with Microsoft personnel and Microsoft external auditors, and to access any related information, records, reports, and documents.
 - **Service documentation:** Can Microsoft provide in-depth documentation covering service architecture, software and hardware components, and data protocols? **Answer:** Yes, Microsoft provides extensive and in-depth Azure online documentation covering all these topics. For example, you can review documentation on Azure [products](../index.yml), [global infrastructure](https://azure.microsoft.com/global-infrastructure/), and [API reference](/rest/api/azure/).