Merge pull request #276694 from MicrosoftDocs/main

Merge main to live, 4 AM

Author: v-ccolin

articles/api-management/api-management-howto-deploy-multi-region.md

@@ -164,7 +164,7 @@ This section provides considerations for multi-region deployments when the API M
 * Configure each regional network independently. The [connectivity requirements](virtual-network-reference.md) such as required network security group rules for a virtual network in an added region are generally the same as those for a network in the primary region.
 * Virtual networks in the different regions don't need to be peered.
 > [!IMPORTANT]
-> When configured in internal VNet mode, each regional gateway must also have outbound connectivity on port 1443 to the Azure SQL database configured for your API Management instance, which is only in the *primary* region. Ensure that you allow connectivity to the FQDN or IP address of this Azure SQL database in any routes or firewall rules you configure for networks in your secondary regions; the Azure SQL service tag can't be used in this scenario. To find the Azure SQL database name in the primary region, go to the **Network** > **Network status** page of your API Management instance in the portal. 
+> When configured in internal VNet mode, each regional gateway must also have outbound connectivity on port 1433 to the Azure SQL database configured for your API Management instance, which is only in the *primary* region. Ensure that you allow connectivity to the FQDN or IP address of this Azure SQL database in any routes or firewall rules you configure for networks in your secondary regions; the Azure SQL service tag can't be used in this scenario. To find the Azure SQL database name in the primary region, go to the **Network** > **Network status** page of your API Management instance in the portal. 
 
 ### IP addresses
 

articles/azure-monitor/logs/api/access-api.md

@@ -1,7 +1,7 @@
 ---
 title: API access and authentication
 description: Learn how to authenticate and access the Azure Monitor Log Analytics API.
-ms.date: 11/28/2022
+ms.date: 05/30/2024
 author: guywi-ms
 ms.author: guywild
 ms.topic: article

articles/azure-monitor/logs/api/register-app-for-token.md

@@ -1,7 +1,7 @@
 ---
 title: Register an App to request authorization tokens and work with APIs
 description: How to register an app and assign a role so it can access request a token and work with APIs
-ms.date: 01/04/2023
+ms.date: 05/30/2024
 author: guywi-ms
 ms.author: guywild
 ms.topic: article

articles/azure-monitor/logs/search-jobs.md

@@ -2,18 +2,23 @@
 title: Run search jobs in Azure Monitor
 description: Search jobs are asynchronous log queries in Azure Monitor that make results available as a table for further analytics.
 ms.topic: conceptual
-ms.date: 10/01/2022
-ms.custom: references_regions 
+ms.date: 05/30/2024
+ms.custom: references_regions
+author: guywi-ms
+ms.author: guywild
+ms.reviewer: adi.biran
 # Customer intent: As a data scientist or workspace administrator, I want an efficient way to search through large volumes of data in a table, including archived and basic logs.
 ---
 
 # Run search jobs in Azure Monitor
 
 Search jobs are asynchronous queries that fetch records into a new search table within your workspace for further analytics. The search job uses parallel processing and can run for hours across large datasets. This article describes how to create a search job and how to query its resulting data.
 
-## Permissions
+## Permissions required
 
-To run a search job, you need `Microsoft.OperationalInsights/workspaces/tables/write` and `Microsoft.OperationalInsights/workspaces/searchJobs/write` permissions to the Log Analytics workspace, for example, as provided by the [Log Analytics Contributor built-in role](../logs/manage-access.md#built-in-roles).
+| Action | Permissions required |
+|:-------|:---------------------|
+|Run a search job| `Microsoft.OperationalInsights/workspaces/tables/write` and `Microsoft.OperationalInsights/workspaces/searchJobs/write` permissions to the Log Analytics workspace, for example, as provided by the [Log Analytics Contributor built-in role](../logs/manage-access.md#built-in-roles).|
 
 ## When to use search jobs
 

articles/azure-monitor/logs/workspace-design.md

@@ -2,8 +2,7 @@
 title: Design a Log Analytics workspace architecture
 description: The article describes the considerations and recommendations for customers preparing to deploy a workspace in Azure Monitor.
 ms.topic: conceptual
-ms.date: 04/05/2023
-
+ms.date: 05/30/2024
 ---
 
 # Design a Log Analytics workspace architecture
@@ -15,7 +14,7 @@ A single [Log Analytics workspace](log-analytics-workspace-overview.md) might be
 
 Here's a video about the fundamentals of Azure Monitor Logs and best practices and design considerations for designing your Azure Monitor Logs deployment:
 
-> [!VIDEO https://www.youtube.com/embed/pqUvZqoQV4o]
+> [!VIDEO https://www.youtube.com/embed/7RBp9j0P_Ao?cc_load_policy=1&cc_lang_pref=auto]
 
 ## Design strategy
 Your design should always start with a single workspace to reduce the complexity of managing multiple workspaces and in querying data from them. There are no performance limitations from the amount of data in your workspace. Multiple services and data sources can send data to the same workspace. As you identify criteria to create more workspaces, your design should use the fewest number that will match your requirements.

articles/backup/backup-azure-dataprotection-use-rest-api-backup-blobs.md

@@ -1,8 +1,8 @@
 ---
 title: Back up blobs in a storage account using Azure Data Protection REST API.
 description: In this article, learn how to configure, initiate, and manage backup operations of blobs using REST API.
-ms.topic: conceptual
-ms.date: 10/31/2022
+ms.topic: how-to
+ms.date: 05/30/2024
 ms.assetid: 7c244b94-d736-40a8-b94d-c72077080bbe
 ms.service: backup
 ms.custom: engagement-fy23
@@ -12,52 +12,47 @@ ms.author: v-abhmallick
 
 # Back up blobs in a storage account using Azure Data Protection via REST API
 
-Azure Backup enables you to easily configure operational backup for protecting block blobs in your storage accounts.
+Azure Backup enables you to easily configure backup for protecting block blobs in your storage accounts.
 
-This article describes how to configure backups for blobs in a storage account via REST API. Backup of blobs is configured at the storage account level. So, all blobs in the storage account are protected with operational backup.
-
-In this article, you'll learn about:
-
-> [!div class="checklist"]
-> - Prerequisites
-> - Configure backup
+This article describes how to configure backups for blobs in a storage account via REST API. Backup of blobs is configured at the storage account level. You can now perform [operational](blob-backup-overview.md?tabs=operational-backup) and [vaulted](blob-backup-overview.md?tabs=vaulted-backup) backups to protect block blobs in your storage accounts using Azure Backup.
 
 For information on the Azure blob region availability, supported scenarios and limitations, see the [support matrix](blob-backup-support-matrix.md).
 
 ## Prerequisites
 
+Before you back up blobs in a storage account using REST API, ensure that you:
+
 - [Create a Backup vault](backup-azure-dataprotection-use-rest-api-create-update-backup-vault.md)
 - [Create a blob backup policy](backup-azure-dataprotection-use-rest-api-create-update-blob-policy.md)
 
 ## Configure backup
 
 Once you create the vault and policy, you need to consider two critical points to protect all Azure Blobs within a storage account.
 
-### Key entities
-
-#### Storage account that contains the blobs for protection
+- Key entities
+- Permissions
 
-Fetch the Azure Resource Manager ID of the storage account which contains the blobs to be protected. This serves as the identifier of the storage account.
+### Key entities
 
-For example, we'll use a storage account named *msblobbackup*, under the resource group *RG-BlobBackup*, in a different subscription and in *west US*.
+- **Storage account containing the blobs to be protected**: Fetch the Azure Resource Manager ID of the storage account which contains the blobs to be protected. This serves as the identifier of the storage account.
 
-```http
-"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx/resourcegroups/RG-BlobBackup/providers/Microsoft.Storage/storageAccounts/msblobbackup"
-```
+  For example, we'll use a storage account named *msblobbackup*, under the resource group *RG-BlobBackup*, in a different subscription and in *west US*.
 
-#### Backup vault
+  ```http
+  "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx/resourcegroups/RG-BlobBackup/providers/Microsoft.Storage/storageAccounts/msblobbackup"
+  ```
 
-The Backup vault requires permissions on the storage account to enable backups on blobs present within the storage account. The system-assigned managed identity of the vault is used for assigning the permissions.
+- **Backup vault**: The Backup vault requires permissions on the storage account to enable backups on blobs present within the storage account. The system-assigned managed identity of the vault is used for assigning the permissions.
 
-For example, we'll use a backup vault called *testBkpVault* in *West US* region under *TestBkpVaultRG* resource group.
+  For example, we'll use a backup vault called *testBkpVault* in *West US* region under *TestBkpVaultRG* resource group.
 
 ### Assign permissions
 
-You need to assign a few permissions via Azure role-based access control (Azure RBAC) to vault (represented by vault Managed Service Identity) and the relevant storage account. You can do these via Azure portal, PowerShell, or REST API. Learn more about all [related permissions](blob-backup-configure-manage.md#grant-permissions-to-the-backup-vault-on-storage-accounts).
+You need to assign a few permissions via Azure role-based access control (Azure RBAC) to the created vault (represented by vault Managed Service Identity) and the relevant storage account. You can do these via Azure portal, PowerShell, or REST API. Learn more about all [related permissions](blob-backup-configure-manage.md#grant-permissions-to-the-backup-vault-on-storage-accounts).
 
-### Prepare the request to configure backup
+### Prepare the request to configure blob backup
 
-Once you set the relevant permissions to the vault and storage account, and configure the vault and policy, prepare the request to configure backup.
+Once the relevant permissions to the vault and storage account are set, and the vault and policy configuration are done, prepare the request to configure backup.
 
 The following is the request body to configure backup for all blobs within a storage account. The Azure Resource Manager ID (ARM ID) of the storage account and its details are mentioned in the *datasourceinfo* section and the policy information is present in the *policyinfo* section.
 
@@ -80,6 +75,44 @@ The following is the request body to configure backup for all blobs within a sto
   }
 }
 ```
+To configure backup with vaulted backup (preview) enabled, refer the below request body.
+
+```json
+{backupInstanceDataSourceType is Microsoft.Storage/storageAccounts/blobServices
+backupInstanceResourceType is Microsoft.Storage/storageAccounts
+{
+    "id": null,
+    "name": "{{backupInstanceName}}",
+    "type": "Microsoft.DataProtection/backupvaults/backupInstances",
+    "properties": {
+        "objectType": "BackupInstance",
+        "dataSourceInfo": {
+            "objectType": "Datasource",
+            "resourceID": "/subscriptions/{{backupInstanceSubscriptionId}}/resourceGroups/{{backupInstanceresourcegroup}}/providers/{{backupInstanceResourceType}}/{{backupInstanceName}}",
+            "resourceName": "{{backupInstanceName}}",
+            "resourceType": "{{backupInstanceResourceType}}",
+            "resourceUri": "/subscriptions/{{backupInstanceSubscriptionId}}/resourceGroups/{{backupInstanceRG}}/providers/{{backupInstanceResourceType}}/{{backupInstanceName}}",
+            "resourceLocation": "{{location}}",
+            "datasourceType": "{{backupInstanceDataSourceType}}"
+        },
+        "policyInfo": {
+            "policyId": "/subscriptions/{{subscription}}/resourceGroups/{{resourceGroup}}/providers/{{backupVaultRP}}/{{vaultName}}/backupPolicies/{{policyName}}",
+            "name": "{{policyName}}",
+            "policyVersion": "3.2",
+            "policyParameters": {
+                "dataStoreParametersList": [
+                ],
+                "backupDatasourceParametersList" : [
+                    {
+                        "objectType": "BlobBackupDatasourceParameters",
+                        "containersList": ["container1", "container2", "container3", "container4", "container5"]
+                    }
+                ]
+            }
+        }
+    }
+}
+```
 
 ### Validate the request to configure backup
 
@@ -97,7 +130,7 @@ For example, this translates to:
 POST https://management.azure.com/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/TestBkpVaultRG/providers/Microsoft.DataProtection/backupVaults/testBkpVault/validateForBackup?api-version=2021-01-01
 ```
 
-The [request body](#prepare-the-request-to-configure-backup) that you prepared earlier is used to give the details of the storage account to be protected.
+The [request body](#prepare-the-request-to-configure-blob-backup) that you prepared earlier is used to give the details of the storage account to be protected.
 
 #### Example request body
 
@@ -120,6 +153,40 @@ The [request body](#prepare-the-request-to-configure-backup) that you prepared e
   }
 }
 ```
+#### Example request body for vaulted backup (preview)
+
+```json
+{
+    "objectType": "ValidateForBackupRequest",
+    "backupInstance": {
+        "objectType": "BackupInstance",
+        "dataSourceInfo": {
+            "objectType": "Datasource",
+            "resourceID": "/subscriptions/{{backupInstanceSubscriptionId}}/resourceGroups/{{backupInstanceRG}}/providers/{{backupInstanceResourceType}}/{{backupInstanceName}}",
+            "resourceName": "{{backupInstanceName}}",
+            "resourceType": "{{backupInstanceResourceType}}",
+            "resourceUri": "/subscriptions/{{backupInstanceSubscriptionId}}/resourceGroups/{{backupInstanceRG}}/providers/{{backupInstanceResourceType}}/{{backupInstanceName}}",
+            "resourceLocation": "{{location}}",
+            "datasourceType": "{{backupInstanceDataSourceType}}"
+        },
+        "policyInfo": {
+            "policyId": "/subscriptions/{{subscription}}/resourceGroups/{{resourceGroup}}/providers/{{backupVaultRP}}/{{vaultName}}/backupPolicies/{{policyName}}",
+            "name": "{{policyName}}",
+            "policyVersion": "3.2",
+            "policyParameters": {
+                "dataStoreParametersList": [
+                ] ,
+                "backupDatasourceParametersList" : [
+                    {
+                        "objectType": "BlobBackupDatasourceParameters",
+                        "containersList": ["container1", "container2", "container3", "container4", "container5"]
+                    }
+                ]
+            }
+        }
+    }
+}
+```
 
 #### Responses for validate backup request
 

articles/backup/backup-azure-dataprotection-use-rest-api-create-update-blob-policy.md

@@ -2,7 +2,7 @@
 title: Create Azure Backup policies for blobs using data protection REST API
 description: In this article, you'll learn how to create and manage backup policies for blobs using REST API.
 ms.topic: how-to
-ms.date: 10/28/2022
+ms.date: 05/30/2024
 ms.assetid: 472d6a4f-7914-454b-b8e4-062e8b556de3
 ms.service: backup
 ms.custom: engagement-fy23
@@ -12,6 +12,8 @@ ms.author: v-abhmallick
 
 # Create Azure Data Protection backup policies for blobs using REST API
 
+This article describes how to create Azure Data Protection backup policies for Azure Blobs using REST API.
+
 Azure Backup policy typically governs the retention and schedule of your backups. As operational backup for blobs is continuous in nature, you don't need a schedule to perform backups. The policy is essentially needed to specify the retention period. You can reuse the backup policy to configure backup for multiple storage accounts to a vault.
 
 > [!IMPORTANT]
@@ -60,7 +62,7 @@ The following request body defines a backup policy for blob backups.
 The policy says:
 
 - Retention period is 30 days.
-- Datastore is 'operational store' since the backups are local and no data is stored in the Backup vault.
+- Datastore is 'operational store'.
 
 ```json
 {
@@ -92,6 +94,92 @@ The policy says:
 }
 ```
 
+To configure a backup policy with the vaulted backup (preview), use the following JSON script:
+
+```json
+{
+  "id": "/subscriptions/495944b2-66b7-4173-8824-77043bb269be/resourceGroups/Blob-Backup/providers/Microsoft.DataProtection/BackupVaults/yavovaultecy01/backupPolicies/TestPolicy",
+  "name": "TestPolicy",
+  "type": "Microsoft.DataProtection/BackupVaults/backupPolicies",
+  "properties": {
+    "policyRules": [
+      {
+        "name": "Default",
+        "objectType": "AzureRetentionRule",
+        "isDefault": true,
+        "lifecycles": [
+          {
+            "deleteAfter": {
+              "duration": "P30D",
+              "objectType": "AbsoluteDeleteOption"
+            },
+            "sourceDataStore": {
+              "dataStoreType": "OperationalStore",
+              "objectType": "DataStoreInfoBase"
+            },
+            "targetDataStoreCopySettings": []
+          }
+        ]
+      },
+      {
+        "name": "Default",
+        "objectType": "AzureRetentionRule",
+        "isDefault": true,
+        "lifecycles": [
+          {
+            "deleteAfter": {
+              "duration": "P7D",
+              "objectType": "AbsoluteDeleteOption"
+            },
+            "sourceDataStore": {
+              "dataStoreType": "VaultStore",
+              "objectType": "DataStoreInfoBase"
+            },
+            "targetDataStoreCopySettings": []
+          }
+        ]
+      },
+      {
+        "name": "BackupDaily",
+        "objectType": "AzureBackupRule",
+        "backupParameters": {
+          "backupType": "Discrete",
+          "objectType": "AzureBackupParams"
+        },
+        "dataStore": {
+          "dataStoreType": "VaultStore",
+          "objectType": "DataStoreInfoBase"
+        },
+        "trigger": {
+          "schedule": {
+            "timeZone": "UTC",
+            "repeatingTimeIntervals": [
+              "R/2024-05-08T14:00:00+00:00/P1D"
+            ]
+          },
+          "taggingCriteria": [
+            {
+              "isDefault": true,
+              "taggingPriority": 99,
+              "tagInfo": {
+                "id": "Default_",
+                "tagName": "Default"
+              }
+            }
+          ],
+          "objectType": "ScheduleBasedTriggerContext"
+        }
+      }
+    ],
+    "datasourceTypes": [
+      "Microsoft.Storage/storageAccounts/blobServices"
+    ],
+    "objectType": "BackupPolicy",
+    "name": "TestPolicy"
+  }
+} 
+```
+
 > [!IMPORTANT]
 > The supported time formats is *DateTime* only. They don't support *Time* format alone.