Merge pull request #203838 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: huypub

articles/active-directory-b2c/partner-akamai.md

@@ -48,7 +48,7 @@ Akamai WAF integration includes the following components:
 
 - **Azure AD B2C Tenant** – The authorization server, responsible for verifying the user’s credentials using the custom policies defined in the tenant.  It's also known as the identity provider.
 
-- [**Azure Front Door**](../frontdoor/front-door-overview.md) – Responsible for enabling custom domains for Azure B2C tenant. All traffic from Cloudflare WAF will be routed to Azure Front Door before arriving at Azure AD B2C tenant.
+- [**Azure Front Door**](../frontdoor/front-door-overview.md) – Responsible for enabling custom domains for Azure B2C tenant. All traffic from Akamai WAF will be routed to Azure Front Door before arriving at Azure AD B2C tenant.
 
 - [**Akamai WAF**](https://www.akamai.com/us/en/resources/waf.jsp) – The web application firewall, which manages all traffic that is sent to the authorization server.
 

articles/active-directory/develop/scenario-web-api-call-api-app-configuration.md

@@ -41,17 +41,16 @@ In the following example, the `GraphBeta` section specifies these settings.
   "AzureAd": {
     "Instance": "https://login.microsoftonline.com/",
     "ClientId": "[Client_id-of-web-api-eg-2ec40e65-ba09-4853-bcde-bcb60029e596]",
-    "TenantId": "common"
-
-   // To call an API
-   "ClientSecret": "[Copy the client secret added to the app from the Azure portal]",
-   "ClientCertificates": [
-  ]
- },
- "GraphBeta": {
+    "TenantId": "common",
+    
+    // To call an API
+    "ClientSecret": "[Copy the client secret added to the app from the Azure portal]",
+    "ClientCertificates": []
+  },
+  "GraphBeta": {
     "BaseUrl": "https://graph.microsoft.com/beta",
     "Scopes": "user.read"
-    }
+  }
 }
 ```
 
@@ -62,16 +61,16 @@ Instead of a client secret, you can provide a client certificate. The following
   "AzureAd": {
     "Instance": "https://login.microsoftonline.com/",
     "ClientId": "[Client_id-of-web-api-eg-2ec40e65-ba09-4853-bcde-bcb60029e596]",
-    "TenantId": "common"
-
-   // To call an API
-   "ClientCertificates": [
+    "TenantId": "common",
+    
+    // To call an API
+    "ClientCertificates": [
       {
         "SourceType": "KeyVault",
         "KeyVaultUrl": "https://msidentitywebsamples.vault.azure.net",
         "KeyVaultCertificateName": "MicrosoftIdentitySamplesCert"
       }
-   ]
+    ]
   },
   "GraphBeta": {
     "BaseUrl": "https://graph.microsoft.com/beta",
@@ -91,17 +90,17 @@ using Microsoft.Identity.Web;
 
 public class Startup
 {
-  // ...
-  public void ConfigureServices(IServiceCollection services)
-  {
-  // ...
-  services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
-          .AddMicrosoftIdentityWebApi(Configuration, Configuration.GetSection("AzureAd"))
-            .EnableTokenAcquisitionToCallDownstreamApi()
-            .AddInMemoryTokenCaches();
-   // ...
-  }
-  // ...
+    // ...
+    public void ConfigureServices(IServiceCollection services)
+    {
+        // ...
+        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+                .AddMicrosoftIdentityWebApi(Configuration, Configuration.GetSection("AzureAd"))
+                .EnableTokenAcquisitionToCallDownstreamApi()
+                .AddInMemoryTokenCaches();
+        // ...
+    }
+    // ...
 }
 ```
 
@@ -119,18 +118,18 @@ using Microsoft.Identity.Web;
 
 public class Startup
 {
-  // ...
-  public void ConfigureServices(IServiceCollection services)
-  {
-  // ...
-  services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
-          .AddMicrosoftIdentityWebApi(Configuration, Configuration.GetSection("AzureAd"))
-            .EnableTokenAcquisitionToCallDownstreamApi()
-               .AddMicrosoftGraph(Configuration.GetSection("GraphBeta"))
-            .AddInMemoryTokenCaches();
-   // ...
-  }
-  // ...
+    // ...
+    public void ConfigureServices(IServiceCollection services)
+    {
+        // ...
+        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+                .AddMicrosoftIdentityWebApi(Configuration, Configuration.GetSection("AzureAd"))
+                .EnableTokenAcquisitionToCallDownstreamApi()
+                .AddMicrosoftGraph(Configuration.GetSection("GraphBeta"))
+                .AddInMemoryTokenCaches();
+        // ...
+    }
+    // ...
 }
 ```
 
@@ -143,18 +142,18 @@ using Microsoft.Identity.Web;
 
 public class Startup
 {
-  // ...
-  public void ConfigureServices(IServiceCollection services)
-  {
-  // ...
-  services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
-          .AddMicrosoftIdentityWebApi(Configuration, "AzureAd")
-            .EnableTokenAcquisitionToCallDownstreamApi()
-               .AddDownstreamWebApi("MyApi", Configuration.GetSection("GraphBeta"))
-            .AddInMemoryTokenCaches();
-   // ...
-  }
-  // ...
+    // ...
+    public void ConfigureServices(IServiceCollection services)
+    {
+        // ...
+        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+                .AddMicrosoftIdentityWebApi(Configuration, "AzureAd")
+                .EnableTokenAcquisitionToCallDownstreamApi()
+                .AddDownstreamWebApi("MyApi", Configuration.GetSection("GraphBeta"))
+                .AddInMemoryTokenCaches();
+        // ...
+    }
+    // ...
 }
 ```
 

articles/active-directory/reports-monitoring/howto-integrate-activity-logs-with-log-analytics.md

@@ -82,7 +82,7 @@ If you want to know for how long the activity data is stored in a Premium tenant
     * To send audit logs to the Log Analytics workspace, select the **AuditLogs** check box. 
     * To send sign-in logs to the Log Analytics workspace, select the **SignInLogs** check box.
     * To send non-interactive user sign-in logs to the Log Analytics workspace, select the **NonInteractiveUserSignInLogs** check box.
-    * To send service principle sign-in logs to the Log Analytics workspace, select the **ServicePrincipleSignInLogs** check box.
+    * To send service principal sign-in logs to the Log Analytics workspace, select the **ServicePrincipalSignInLogs** check box.
     * To send managed identity sign-in logs to the Log Analytics workspace, select the **ManagedIdentitySignInLogs** check box.
     * To send provisioning logs to the Log Analytics workspace, select the **ProvisioningLogs** check box.
     * To send Active Directory Federation Services (ADFS) sign-in logs to the Log Analytics workspace, select **ADFSSignInLogs**.

articles/api-management/howto-protect-backend-frontend-azure-ad-b2c.md

@@ -167,7 +167,7 @@ Open the Azure AD B2C blade in the portal and do the following steps.
    ```
 
    > [!TIP]
-   > The c# script function code you just pasted simply logs a line to the functions logs, and returns the text "Hello World" with some dynamic data (the date and time).
+   > The C# script function code you just pasted simply logs a line to the functions logs, and returns the text "Hello World" with some dynamic data (the date and time).
 
 1. Select “Integration” from the left-hand blade, then click the http (req) link inside the 'Trigger' box.
 1. From the 'Selected HTTP methods' dropdown, uncheck the http POST method, leaving only GET selected, then click Save.

articles/attestation/overview.md

@@ -12,7 +12,7 @@ ms.custom: references_regions
 ---
 # Microsoft Azure Attestation 
 
-Microsoft Azure Attestation is a unified solution for remotely verifying the trustworthiness of a platform and integrity of the binaries running inside it. The service supports attestation of the platforms backed by Trusted Platform Modules (TPMs) alongside the ability to attest to the state of Trusted Execution Environments (TEEs) such as [Intel® Software Guard Extensions](https://www.intel.com/content/www/us/en/architecture-and-technology/software-guard-extensions.html) (SGX) enclaves, [Virtualization-based Security](/windows-hardware/design/device-experiences/oem-vbs) (VBS) enclaves, [Trusted Platform Modules (TPMs)](/windows/security/information-protection/tpm/trusted-platform-module-overview),  [Trusted launch for Azure VMs](../virtual-machines/trusted-launch.md) and [Azure confidential VMs](../confidential-computing/confidential-vm-overview.md). 
+Microsoft Azure Attestation is a unified solution for remotely verifying the trustworthiness of a platform and integrity of the binaries running inside it. The service supports attestation of the platforms backed by Trusted Platform Modules (TPMs) alongside the ability to attest to the state of Trusted Execution Environments (TEEs) such as [Intel® Software Guard Extensions](https://www.intel.com/content/www/us/en/architecture-and-technology/software-guard-extensions.html) (SGX) enclaves, [Virtualization-based Security](/windows-hardware/design/device-experiences/oem-vbs) (VBS) enclaves, [Trusted Platform Modules (TPMs)](/windows/security/information-protection/tpm/trusted-platform-module-overview),  [Trusted launch for Azure VMs](../virtual-machines/trusted-launch.md) and [Azure confidential VMs](../confidential-computing/confidential-vm-overview.md).
 
 Attestation is a process for demonstrating that software binaries were properly instantiated on a trusted platform. Remote relying parties can then gain confidence that only such intended software is running on trusted hardware. Azure Attestation is a unified customer-facing service and framework for attestation.
 
@@ -26,11 +26,11 @@ Azure Attestation provides comprehensive attestation services for multiple envir
 
 ### SGX enclave attestation
 
-[Intel® Software Guard Extensions](https://www.intel.com/content/www/us/en/architecture-and-technology/software-guard-extensions.html) (SGX) refers to hardware-grade isolation, which is supported on certain Intel CPUs models. SGX enables code to run in sanitized compartments known as SGX enclaves. Access and memory permissions are then managed by hardware to ensure a minimal attack surface with proper isolation.
+[Intel® Software Guard Extensions](https://www.intel.com/content/www/us/en/architecture-and-technology/software-guard-extensions.html) (SGX) refers to hardware-grade isolation, which is supported on certain Intel CPU models. SGX enables code to run in sanitized compartments known as SGX enclaves. Access and memory permissions are then managed by hardware to ensure a minimal attack surface with proper isolation.
 
 Client applications can be designed to take advantage of SGX enclaves by delegating security-sensitive tasks to take place inside those enclaves. Such applications can then make use of Azure Attestation to routinely establish trust in the enclave and its ability to access sensitive data.
 
-Intel® Xeon® Scalable processors only support [ECDSA-based attestation solutions](https://software.intel.com/content/www/us/en/develop/topics/software-guard-extensions/attestation-services.html#Elliptic%20Curve%20Digital%20Signature%20Algorithm%20(ECDSA)%20Attestation) for remotely attesting SGX enclaves. Utilizing ECDSA based attestation model, Azure Attestation supports validation of Intel® Xeon® E3 processors and Intel® Xeon® Scalable processor-based server platforms. 
+Intel® Xeon® Scalable processors only support [ECDSA-based attestation solutions](https://software.intel.com/content/www/us/en/develop/topics/software-guard-extensions/attestation-services.html#Elliptic%20Curve%20Digital%20Signature%20Algorithm%20(ECDSA)%20Attestation) for remotely attesting SGX enclaves. Utilizing ECDSA based attestation model, Azure Attestation supports validation of Intel® Xeon® E3 processors and Intel® Xeon® Scalable processor-based server platforms.
 
 > [!NOTE]
 > To perform attestation of Intel® Xeon® Scalable processor-based server platforms using Azure Attestation, users are expected to install [Azure DCAP version 1.10.0](https://github.com/microsoft/Azure-DCAP-Client) or higher.
@@ -42,7 +42,7 @@ OE standardizes specific requirements for verification of an enclave evidence. T
 
 ### TPM attestation 
 
-[Trusted Platform Modules (TPM)](/windows/security/information-protection/tpm/trusted-platform-module-overview) based attestation is critical to provide proof of a platforms’ state. TPM acts as the root of trust and the security coprocessor to provide cryptographic validity to the measurements(evidence). Devices with a TPM, can rely on attestation to prove that boot integrity is not compromised along with using the claims to detect feature states enablement’s during boot. 
+[Trusted Platform Modules (TPM)](/windows/security/information-protection/tpm/trusted-platform-module-overview) based attestation is critical to provide proof of a platform's state. A TPM acts as the root of trust and the security coprocessor to provide cryptographic validity to the measurements (evidence). Devices with a TPM can rely on attestation to prove that boot integrity is not compromised and use the claims to detect feature state enablement during boot. 
 
 Client applications can be designed to take advantage of TPM attestation by delegating security-sensitive tasks to only take place after a platform has been validated to be secure. Such applications can then make use of Azure Attestation to routinely establish trust in the platform and its ability to access sensitive data.
 
@@ -52,7 +52,7 @@ Azure [Confidential VM](../confidential-computing/confidential-vm-overview.md) (
 
 ### Trusted Launch attestation 
 
-Azure customers can [prevent bootkit and rootkit infections](https://www.youtube.com/watch?v=CQqu_rTSi0Q) by enabling [Trusted launch](../virtual-machines/trusted-launch.md)) for their virtual machines (VMs). When the VM is Secure Boot and vTPM enabled with guest attestation extension installed, vTPM measurements get submitted to Azure Attestation periodically for monitoring of boot integrity. An attestation failure indicates potential malware, which is surfaced to customers via Microsoft Defender for Cloud, through Alerts and Recommendations. 
+Azure customers can [prevent bootkit and rootkit infections](https://www.youtube.com/watch?v=CQqu_rTSi0Q) by enabling [trusted launch](../virtual-machines/trusted-launch.md) for their virtual machines (VMs). When the VM is Secure Boot and vTPM enabled with guest attestation extension installed, vTPM measurements get submitted to Azure Attestation periodically for monitoring boot integrity. An attestation failure indicates potential malware, which is surfaced to customers via Microsoft Defender for Cloud, through Alerts and Recommendations.
 
 ## Azure Attestation runs in a TEE
 

articles/azure-maps/clustering-point-data-web-sdk.md

@@ -46,7 +46,7 @@ The `DataSource` class provides the following methods related to clustering as w
 |--------|-------------|-------------|
 | getClusterChildren(clusterId: number) | Promise<Array<Feature<Geometry, any> \| Shape>> | Retrieves the children of the given cluster on the next zoom level. These children may be a combination of shapes and subclusters. The subclusters will be features with properties matching ClusteredProperties. |
 | getClusterExpansionZoom(clusterId: number) | Promise<number> | Calculates a zoom level at which the cluster will start expanding or break apart. |
-| getClusterLeaves(clusterId: number, limit: number, offset: number) | Promise<Array<Feature<Geometry, any> \| Shape>> | Retrieves all points in a cluster. Set the `limit` to return a subset of the points, and use the `offset` to page through the points. |
+| getClusterLeaves(clusterId: number, limit: number, offset: number) | Promise<Array<Feature<Geometry, any> \| Shape>> | Retrieves the points in a cluster. By default the first 10 points are returned. To page through the points, use `limit` to specify the number of points to return, and `offset` to step through the index of points. To return all points, set `limit` to `Infinity` and don't set `offset`. |
 
 ## Display clusters using a bubble layer
 
@@ -149,4 +149,4 @@ See code examples to add functionality to your app:
 > [Add a symbol layer](map-add-pin.md)
 
 > [!div class="nextstepaction"]
-> [Add a heat map layer](map-add-heat-map-layer.md)
+> [Add a heat map layer](map-add-heat-map-layer.md)

articles/azure-monitor/best-practices-cost.md

@@ -29,7 +29,7 @@ See [Azure Monitor Logs pricing details](logs/cost-logs.md) for details on commi
 ### Optimize workspace configuration
 As your monitoring environment becomes more complex, you will need to consider whether to create additional Log Analytics workspaces. This may be as you place resources in additional regions or as you implement additional services that use workspaces such as Azure Sentinel and Microsoft Defender for Cloud.
 
-There can be cost implications with your workspace design, most notably when you combine different services such as operational data from Azure Monitor and security data from . See [Workspaces with Microsoft Sentinel](logs/cost-logs.md#workspaces-with-microsoft-sentinel) and [Workspaces with Microsoft Defender for Cloud](logs/cost-logs.md#workspaces-with-microsoft-defender-for-cloud) for a description of these implications and guidance on determining the most cost-effective solution for your environment.
+There can be cost implications with your workspace design, most notably when you combine different services such as operational data from Azure Monitor and security data from Microsoft Sentinel. See [Workspaces with Microsoft Sentinel](logs/cost-logs.md#workspaces-with-microsoft-sentinel) and [Workspaces with Microsoft Defender for Cloud](logs/cost-logs.md#workspaces-with-microsoft-defender-for-cloud) for a description of these implications and guidance on determining the most cost-effective solution for your environment.
 
 ## Configure tables in each workspace
 Except for  [tables that don't incur charges](logs/cost-logs.md#data-size-calculation), all data in a Log Analytics workspace is billed at the same rate by default. You may be collecting data though that you query infrequently or that you need to archive for compliance but rarely access. You can significantly reduce your costs by configuring Basic Logs and by optimizing your data retention and archiving.

articles/azure-resource-manager/bicep/bicep-functions-deployment.md

@@ -26,7 +26,7 @@ This function returns the object that is passed during deployment. The propertie
 * deploying a local Bicep file.
 * deploying to a resource group or deploying to one of the other scopes ([Azure subscription](deploy-to-subscription.md), [management group](deploy-to-management-group.md), or [tenant](deploy-to-tenant.md)).
 
-When deploying a local Bicep file to a resource group: the function returns the following format:
+When deploying a local Bicep file to a resource group, the function returns the following format:
 
 ```json
 {
@@ -48,7 +48,7 @@ When deploying a local Bicep file to a resource group: the function returns the
 }
 ```
 
-When you deploy to an Azure subscription, management group, or tenant, the return object includes a `location` property. The location property is included when deploying a local Bicep file. The format is:
+When you deploy to an Azure subscription, management group, or tenant, the return object includes a `location` property. The `location` property is not included when deploying a local Bicep file. The format is:
 
 ```json
 {

articles/cloud-services/cloud-services-dotnet-install-dotnet.md

@@ -94,9 +94,9 @@ You can use startup tasks to perform operations before a role starts. Installing
    REM ***** To install .NET 4.7 set the variable netfx to "NDP47" ***** 
    REM ***** To install .NET 4.7.1 set the variable netfx to "NDP471" ***** https://go.microsoft.com/fwlink/?LinkId=852095
    REM ***** To install .NET 4.7.2 set the variable netfx to "NDP472" ***** https://go.microsoft.com/fwlink/?LinkId=863262
-   set netfx="NDP472"
    REM ***** To install .NET 4.8 set the variable netfx to "NDP48" ***** https://dotnet.microsoft.com/download/thank-you/net48
-      
+   set netfx="NDP48"
+         
    REM ***** Set script start timestamp *****
    set timehour=%time:~0,2%
    set timestamp=%date:~-4,4%%date:~-10,2%%date:~-7,2%-%timehour: =0%%time:~3,2%
@@ -110,6 +110,7 @@ You can use startup tasks to perform operations before a role starts. Installing
    set TEMP=%PathToNETFXInstall%
 
    REM ***** Setup .NET filenames and registry keys *****
+   if %netfx%=="NDP48" goto NDP48
    if %netfx%=="NDP472" goto NDP472
    if %netfx%=="NDP471" goto NDP471
    if %netfx%=="NDP47" goto NDP47
@@ -148,7 +149,12 @@ You can use startup tasks to perform operations before a role starts. Installing
 
    :NDP472
    set "netfxinstallfile=NDP472-KB4054531-Web.exe"
-   set netfxregkey="0x70BF6"
+   set netfxregkey="0x70BF0"
+   goto logtimestamp
+
+   :NDP48
+   set "netfxinstallfile=NDP48-Web.exe"
+   set netfxregkey="0x80EA8"
    goto logtimestamp
 
    :logtimestamp