Merge branch 'main' of https://github.com/MicrosoftDocs/azure-docs-pr into nat-tb-azure-services

Author: asudbring

articles/active-directory/roles/permissions-reference.md

@@ -1948,7 +1948,7 @@ Users with this role can manage alerts and have global read-only access on secur
 | [Office 365 Security & Compliance Center](https://support.office.com/article/About-Office-365-admin-roles-da585eea-f576-4f55-a1e0-87090b6aaa9d) | All permissions of the Security Reader role<br>View, investigate, and respond to security alerts |
 | [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/prepare-deployment) | All permissions of the Security Reader role<br>View, investigate, and respond to security alerts |
 | [Intune](/intune/role-based-access-control) | All permissions of the Security Reader role |
-| [Cloud App Security](/cloud-app-security/manage-admins) | All permissions of the Security Reader role |
+| [Microsoft Defender for Cloud Apps](/cloud-app-security/manage-admins) | All permissions of the Security Reader role<br>View, investigate, and respond to security alerts |
 | [Microsoft 365 service health](/microsoft-365/enterprise/view-service-health) | View the health of Microsoft 365 services |
 
 > [!div class="mx-tableFixed"]
@@ -1980,7 +1980,7 @@ Identity Protection Center | Read all security reports and settings information
 [Office 365 Security & Compliance Center](https://support.office.com/article/About-Office-365-admin-roles-da585eea-f576-4f55-a1e0-87090b6aaa9d) | View security policies<br>View and investigate security threats<br>View reports
 [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/prepare-deployment) | View and investigate alerts. When you turn on role-based access control in Microsoft Defender for Endpoint, users with read-only permissions such as the Azure AD Security Reader role lose access until they are assigned to a Microsoft Defender for Endpoint role.
 [Intune](/intune/role-based-access-control) | Views user, device, enrollment, configuration, and application information. Cannot make changes to Intune.
-[Cloud App Security](/cloud-app-security/manage-admins) | Has read permissions and can manage alerts
+[Microsoft Defender for Cloud Apps](/cloud-app-security/manage-admins) | Has read permissions.
 [Microsoft 365 service health](/office365/enterprise/view-service-health) | View the health of Microsoft 365 services
 
 > [!div class="mx-tableFixed"]

articles/app-service/security-controls-policy.md

@@ -1,7 +1,7 @@
 ---
 title: Azure Policy Regulatory Compliance controls for Azure App Service
 description: Lists Azure Policy Regulatory Compliance controls available for Azure App Service. These built-in policy definitions provide common approaches to managing the compliance of your Azure resources.
-ms.date: 08/17/2022
+ms.date: 08/29/2022
 ms.topic: sample
 ms.service: app-service
 ms.custom: subject-policy-compliancecontrols
@@ -21,6 +21,19 @@ compliant with the specific standard.
 
 ## Release notes
 
+### August 2022
+- **App Service apps should only be accessible over HTTPS**
+  - Update scope of policy to remove slots
+    - Creation of "App Service app slots should only be accessible over HTTPS" to monitor slots
+  - Add "Deny" effect
+  - Creation of "Configure App Service apps to only be accessible over HTTPS" for enforcement of policy
+- **App Service app slots should only be accessible over HTTPS**
+  - New policy created
+- **Configure App Service apps to only be accessible over HTTPS**
+  - New policy created
+- **Configure App Service app slots to only be accessible over HTTPS**
+  - New policy created
+
 ### July 2022
 
 - Deprecation of the following policies:

articles/azure-app-configuration/TOC.yml

@@ -165,15 +165,15 @@
       href: howto-leverage-json-content-type.md
     - name: Use Event Grid for data change notifications
       href: howto-app-configuration-event.md
-    - name: Backup configuration store automatically
+    - name: Back up configuration stores automatically
       href: howto-backup-config-store.md
     - name: Use managed identities to access App Configuration
       href: howto-integrate-azure-managed-service-identity.md
     - name: Update to the New Spring Boot Library
       href: howto-convert-to-the-new-spring-boot.md
     - name: Move a resource between Azure regions 
       href: howto-move-resource-between-regions.md
-    - name: Recover App Configuration stores
+    - name: Recover or purge deleted App Configuration stores
       href: howto-recover-deleted-stores-in-azure-app-configuration.md
     - name: Enable geo-replication (Preview)
       href: howto-geo-replication.md

articles/azure-app-configuration/concept-app-configuration-event.md

@@ -3,52 +3,55 @@ title: Reacting to Azure App Configuration key-value events
 description: Use Azure Event Grid to subscribe to App Configuration events, which allow applications to react to changes in key-values without the need for complicated code.
 services: azure-app-configuration,event-grid 
 author: jimmyca
-
+ms.custom: devdivchpfy22
 ms.author: jimmyca
-ms.date: 02/20/2020
+ms.date: 08/30/2022
 ms.topic: article
 ms.service: azure-app-configuration
 
 ---
 
 # Reacting to Azure App Configuration events
 
-Azure App Configuration events enable applications to react to changes in key-values. This is done without the need for complicated code or expensive and inefficient polling services. Instead, events are pushed through [Azure Event Grid](https://azure.microsoft.com/services/event-grid/) to subscribers such as [Azure Functions](https://azure.microsoft.com/services/functions/), [Azure Logic Apps](https://azure.microsoft.com/services/logic-apps/), or even to your own custom http listener. Critically, you only pay for what you use.
+Azure App Configuration events enable applications to react to changes in key-values. This is done without the need for complicated code or expensive and inefficient polling services. Instead, events are pushed through [Azure Event Grid](https://azure.microsoft.com/services/event-grid/) to subscribers, such as [Azure Functions](https://azure.microsoft.com/services/functions/), [Azure Logic Apps](https://azure.microsoft.com/services/logic-apps/), or even to your own custom HTTP listener. Critically, you only pay for what you use.
 
-Azure App Configuration events are sent to the Azure Event Grid, which provides reliable delivery services to your applications through rich retry policies and dead-letter delivery. To learn more, see [Event Grid message delivery and retry](../event-grid/delivery-and-retry.md).
+Azure App Configuration events are sent to the Azure Event Grid, which provides reliable delivery services to your applications through rich retry policies and dead-letter delivery. For more information, see [Event Grid message delivery and retry](../event-grid/delivery-and-retry.md).
 
 Common App Configuration event scenarios include refreshing application configuration, triggering deployments, or any configuration-oriented workflow. When changes are infrequent, but your scenario requires immediate responsiveness, event-based architecture can be especially efficient.
 
-Take a look at [Use Event Grid for data change notifications](./howto-app-configuration-event.md) for a quick example. 
+Take a look at [Use Event Grid for data change notifications](./howto-app-configuration-event.md) for a quick example.
 
-![Event Grid Model](./media/event-grid-functional-model.png)
+:::image type="content" source="./media/event-grid-functional-model.png" alt-text="Diagram that shows Event Grid Model.":::
 
 ## Available Azure App Configuration events
-Event grid uses [event subscriptions](../event-grid/concepts.md#event-subscriptions) to route event messages to subscribers. Azure App Configuration event subscriptions can include two types of events:  
+
+Event Grid uses [event subscriptions](../event-grid/concepts.md#event-subscriptions) to route event messages to subscribers. Azure App Configuration event subscriptions can include two types of events:  
 
 > |Event Name|Description|
 > |----------|-----------|
-> |`Microsoft.AppConfiguration.KeyValueModified`|Fired when a key-value is created or replaced|
-> |`Microsoft.AppConfiguration.KeyValueDeleted`|Fired when a key-value is deleted|
+> |`Microsoft.AppConfiguration.KeyValueModified`|Fired when a key-value is created or replaced.|
+> |`Microsoft.AppConfiguration.KeyValueDeleted`|Fired when a key-value is deleted.|
 
 ## Event schema
-Azure App Configuration events contain all the information you need to respond to changes in your data. You can identify an App Configuration event because the eventType property starts with "Microsoft.AppConfiguration". Additional information about the usage of Event Grid event properties is documented in [Event Grid event schema](../event-grid/event-schema.md).  
+
+Azure App Configuration events contain all the information you need to respond to changes in your data. You can identify an App Configuration event because the `eventType` property starts with `Microsoft.AppConfiguration`. Additional information about the usage of Event Grid event properties is documented in the [Event Grid event schema](../event-grid/event-schema.md).  
 
 > |Property|Type|Description|
 > |-------------------|------------------------|-----------------------------------------------------------------------|
-> |topic|string|Full Azure Resource Manager id of the App Configuration that emits the event.|
-> |subject|string|The URI of the key-value that is the subject of the event.|
-> |eventTime|string|The date/time that the event was generated, in ISO 8601 format.|
-> |eventType|string|"Microsoft.AppConfiguration.KeyValueModified" or "Microsoft.AppConfiguration.KeyValueDeleted".|
+> |topic|string|Full Azure Resource Manager ID of the App Configuration that emits the event.|
+> |subject|string|The URI of the key-value that's the subject of the event.|
+> |eventTime|string|The date/time that the event was generated in ISO 8601 format.|
+> |eventType|string|`Microsoft.AppConfiguration.KeyValueModified` or `Microsoft.AppConfiguration.KeyValueDeleted`.|
 > |Id|string|A unique identifier of this event.|
 > |dataVersion|string|The schema version of the data object.|
 > |metadataVersion|string|The schema version of top-level properties.|
-> |data|object|Collection of Azure App Configuration specific event data|
+> |data|object|Collection of Azure App Configuration specific event data.|
 > |data.key|string|The key of the key-value that was modified or deleted.|
 > |data.label|string|The label, if any, of the key-value that was modified or deleted.|
-> |data.etag|string|For `KeyValueModified` the etag of the new key-value. For `KeyValueDeleted` the etag of the key-value that was deleted.|
+> |data.etag|string|For `KeyValueModified`, the etag of the new key-value. For `KeyValueDeleted`, the etag of the key-value that was deleted.|
+
+Here's an example of a `KeyValueModified` event:
 
-Here is an example of a KeyValueModified event:
 ```json
 [{
   "id": "84e17ea4-66db-4b54-8050-df8f7763f87b",
@@ -70,18 +73,21 @@ Here is an example of a KeyValueModified event:
 For more information, see [Azure App Configuration events schema](../event-grid/event-schema-app-configuration.md).
 
 ## Practices for consuming events
+
 Applications that handle App Configuration events should follow these recommended practices:
 > [!div class="checklist"]
-> * Multiple subscriptions can be configured to route events to the same event handler, so do not assume events are from a particular source. Instead, check the topic of the message to ensure the App Configuration instance sending the event.
-> * Check the eventType and do not assume that all events you receive will be the types you expect.
-> * Use the etag fields to understand if your information about objects is still up-to-date.  
+> * Multiple subscriptions can be configured to route events to the same event handler, so don't assume events are from a particular source. Instead, check the topic of the message to ensure that the App Configuration instance is sending the event.
+> * Check the `eventType`, and don't assume that all events you receive will be the types you expect.
+> * Use the `etag` fields to understand if your information about objects is still up-to-date.  
 > * Use the sequencer fields to understand the order of events on any particular object.
 > * Use the subject field to access the key-value that was modified.
 
-
 ## Next steps
 
-Learn more about Event Grid and give Azure App Configuration events a try:
+To learn more about Event Grid and to give Azure App Configuration events a try, see:
+
+> [!div class="nextstepaction"]
+> [About Event Grid](../event-grid/overview.md)
 
-- [About Event Grid](../event-grid/overview.md)
-- [How to use Event Grid for data change notifications](./howto-app-configuration-event.md)
+> [!div class="nextstepaction"]
+> [How to use Event Grid for data change notifications](./howto-app-configuration-event.md)