Merge pull request #222662 from MicrosoftDocs/main

Publish to live, Friday 4 AM PST 12/30

Author: Maggiemouse1

articles/active-directory/roles/permissions-reference.md

@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.workload: identity
 ms.subservice: roles
 ms.topic: reference
-ms.date: 11/04/2022
+ms.date: 12/29/2022
 ms.author: rolyon
 ms.reviewer: abhijeetsinha
 ms.custom: generated, it-pro, fasttrack-edit
@@ -632,6 +632,7 @@ Users with this role have the ability to manage Azure Active Directory Condition
 > | microsoft.directory/conditionalAccessPolicies/basic/update | Update basic properties for conditional access policies |
 > | microsoft.directory/conditionalAccessPolicies/owners/update | Update owners for conditional access policies |
 > | microsoft.directory/conditionalAccessPolicies/tenantDefault/update | Update the default tenant for conditional access policies |
+> | microsoft.directory/resourceNamespaces/resourceActions/authenticationContext/update | Update Conditional Access authentication context of Microsoft 365 role-based access control (RBAC) resource actions |
 
 ## Customer LockBox Access Approver
 
@@ -1005,6 +1006,7 @@ Users with this role have access to all administrative features in Azure Active
 > | microsoft.directory/crossTenantAccessPolicy/partners/tenantRestrictions/update | Update tenant restrictions of cross-tenant access policy for partners |
 > | microsoft.directory/privilegedIdentityManagement/allProperties/read | Read all resources in Privileged Identity Management |
 > | microsoft.directory/provisioningLogs/allProperties/read | Read all properties of provisioning logs |
+> | microsoft.directory/resourceNamespaces/resourceActions/authenticationContext/update | Update Conditional Access authentication context of Microsoft 365 role-based access control (RBAC) resource actions |
 > | microsoft.directory/roleAssignments/allProperties/allTasks | Create and delete role assignments, and read and update all role assignment properties |
 > | microsoft.directory/roleDefinitions/allProperties/allTasks | Create and delete role definitions, and read and update all properties |
 > | microsoft.directory/scopedRoleMemberships/allProperties/allTasks | Create and delete scopedRoleMemberships, and read and update all properties |
@@ -1043,9 +1045,13 @@ Users with this role have access to all administrative features in Azure Active
 > | microsoft.azure.supportTickets/allEntities/allTasks | Create and manage Azure support tickets |
 > | microsoft.cloudPC/allEntities/allProperties/allTasks | Manage all aspects of Windows 365 |
 > | microsoft.commerce.billing/allEntities/allProperties/allTasks | Manage all aspects of Office 365 billing |
+> | microsoft.commerce.billing/purchases/standard/read | Read purchase services in M365 Admin Center. |
 > | microsoft.dynamics365/allEntities/allTasks | Manage all aspects of Dynamics 365 |
 > | microsoft.edge/allEntities/allProperties/allTasks | Manage all aspects of Microsoft Edge |
 > | microsoft.flow/allEntities/allTasks | Manage all aspects of Microsoft Power Automate |
+> | microsoft.hardware.support/shippingAddress/allProperties/allTasks | Create, read, update, and delete shipping addresses for Microsoft hardware warranty claims, including shipping addresses created by others |
+> | microsoft.hardware.support/shippingStatus/allProperties/read | Read shipping status for open Microsoft hardware warranty claims |
+> | microsoft.hardware.support/warrantyClaims/allProperties/allTasks | Create and manage all aspects of Microsoft hardware warranty claims |
 > | microsoft.insights/allEntities/allProperties/allTasks | Manage all aspects of Insights app |
 > | microsoft.intune/allEntities/allTasks | Manage all aspects of Microsoft Intune |
 > | microsoft.office365.complianceManager/allEntities/allTasks | Manage all aspects of Office 365 Compliance Manager |
@@ -1159,7 +1165,11 @@ Users with this role **cannot** do the following:
 > | microsoft.directory/lifecycleWorkflows/workflows/allProperties/read | Read all properties of lifecycle workflows and tasks in Azure AD |
 > | microsoft.cloudPC/allEntities/allProperties/read | Read all aspects of Windows 365 |
 > | microsoft.commerce.billing/allEntities/allProperties/read | Read all resources of Office 365 billing |
+> | microsoft.commerce.billing/purchases/standard/read | Read purchase services in M365 Admin Center. |
 > | microsoft.edge/allEntities/allProperties/read | Read all aspects of Microsoft Edge |
+> | microsoft.hardware.support/shippingAddress/allProperties/read | Read shipping addresses for Microsoft hardware warranty claims, including existing shipping addresses created by others |
+> | microsoft.hardware.support/shippingStatus/allProperties/read | Read shipping status for open Microsoft hardware warranty claims |
+> | microsoft.hardware.support/warrantyClaims/allProperties/read | Read Microsoft hardware warranty claims |
 > | microsoft.insights/allEntities/allProperties/read | Read all aspects of Viva Insights |
 > | microsoft.office365.messageCenter/messages/read | Read messages in Message Center in the Microsoft 365 admin center, excluding security messages |
 > | microsoft.office365.messageCenter/securityMessages/read | Read security messages in Message Center in the Microsoft 365 admin center |
@@ -1548,6 +1558,9 @@ A warranty claim is a request to have the hardware repaired or replaced in accor
 > [!div class="mx-tableFixed"]
 > | Actions | Description |
 > | --- | --- |
+> | microsoft.hardware.support/shippingAddress/allProperties/allTasks | Create, read, update, and delete shipping addresses for Microsoft hardware warranty claims, including shipping addresses created by others |
+> | microsoft.hardware.support/shippingStatus/allProperties/read | Read shipping status for open Microsoft hardware warranty claims |
+> | microsoft.hardware.support/warrantyClaims/allProperties/allTasks | Create and manage all aspects of Microsoft hardware warranty claims |
 > | microsoft.office365.messageCenter/messages/read | Read messages in Message Center in the Microsoft 365 admin center, excluding security messages |
 > | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Microsoft 365 service requests |
 > | microsoft.office365.webPortal/allEntities/standard/read | Read basic properties on all resources in the Microsoft 365 admin center |
@@ -1567,8 +1580,12 @@ A warranty claim is a request to have the hardware repaired or replaced in accor
 > [!div class="mx-tableFixed"]
 > | Actions | Description |
 > | --- | --- |
+> | microsoft.hardware.support/shippingAddress/allProperties/read | Read shipping addresses for Microsoft hardware warranty claims, including existing shipping addresses created by others |
+> | microsoft.hardware.support/warrantyClaims/createAsOwner | Create Microsoft hardware warranty claims where creator is the owner |
 > | microsoft.office365.supportTickets/allEntities/allTasks | Create and manage Microsoft 365 service requests |
 > | microsoft.office365.webPortal/allEntities/standard/read | Read basic properties on all resources in the Microsoft 365 admin center |
+> | microsoft.hardware.support/shippingStatus/allProperties/read | Read shipping status for open Microsoft hardware warranty claims |
+> | microsoft.hardware.support/warrantyClaims/allProperties/read | Read Microsoft hardware warranty claims |
 
 ## Modern Commerce User
 
@@ -1628,7 +1645,7 @@ Assign the Organizational Messages Writer role to users who need to do the follo
 - Write, publish, and delete organizational messages using Microsoft 365 admin center or Microsoft Endpoint Manager
 - Manage organizational message delivery options using Microsoft 365 admin center or Microsoft Endpoint Manager
 - Read organizational message delivery results using Microsoft 365 admin center or Microsoft Endpoint Manager
-- View usage reports and most settings in the Microsoft 365 admin center, but can't make changes 
+- View usage reports and most settings in the Microsoft 365 admin center, but can't make changes
 
 > [!div class="mx-tableFixed"]
 > | Actions | Description |
@@ -2008,6 +2025,7 @@ Azure Advanced Threat Protection | Monitor and respond to suspicious security ac
 > | microsoft.directory/conditionalAccessPolicies/tenantDefault/update | Update the default tenant for conditional access policies |
 > | microsoft.directory/privilegedIdentityManagement/allProperties/read | Read all resources in Privileged Identity Management |
 > | microsoft.directory/provisioningLogs/allProperties/read | Read all properties of provisioning logs |
+> | microsoft.directory/resourceNamespaces/resourceActions/authenticationContext/update | Update Conditional Access authentication context of Microsoft 365 role-based access control (RBAC) resource actions |
 > | microsoft.directory/servicePrincipals/policies/update | Update policies of service principals |
 > | microsoft.directory/signInReports/allProperties/read | Read all properties on sign-in reports, including privileged properties |
 > | microsoft.azure.serviceHealth/allEntities/allTasks | Read and configure Azure Service Health |
@@ -2248,7 +2266,7 @@ Users with this role can manage [Teams-certified devices](https://www.microsoft.
 > | microsoft.office365.webPortal/allEntities/standard/read | Read basic properties on all resources in the Microsoft 365 admin center |
 > | microsoft.teams/devices/standard/read | Manage all aspects of Teams-certified devices including configuration policies |
 
- ## Tenant Creator
+## Tenant Creator
 
 Assign the Tenant Creator role to users who need to do the following tasks:
 -	Create both Azure Active Directory and Azure Active Directory B2C tenants even if the tenant creation toggle is turned off in the user settings
@@ -2259,7 +2277,7 @@ Assign the Tenant Creator role to users who need to do the following tasks:
 > | Actions | Description |
 > | --- | --- |
 > | microsoft.directory/tenantManagement/tenants/create | Create new tenants in Azure Active Directory |
-  
+
 ## Usage Summary Reports Reader
 
 Users with this role can access tenant level aggregated data and associated insights in Microsoft 365 admin center for Usage and Productivity Score but cannot access any user level details or insights. In Microsoft 365 admin center for the two reports, we differentiate between tenant level aggregated data and user level details. This role gives an extra layer of protection on individual user identifiable data, which was requested by both customers and legal teams.

articles/aks/media/operator-best-practices-bc-dr/traffic-manager-geographic-routing.png

@@ -50,19 +50,19 @@ When you deploy your application, add another step to your CI/CD pipeline to dep
 
 > **Best practice**
 >
-> Azure Traffic Manager can direct you to your closest AKS cluster and application instance. For the best performance and redundancy, direct all application traffic through Traffic Manager before it goes to your AKS cluster.
+> For the best performance and redundancy, direct all application traffic through Traffic Manager before it goes to your AKS cluster.
 
-If you have multiple AKS clusters in different regions, use Traffic Manager to control traffic flow to the applications running in each cluster. [Azure Traffic Manager](../traffic-manager/index.yml) is a DNS-based traffic load balancer that can distribute network traffic across regions. Use Traffic Manager to route users based on cluster response time or based on geography.
+If you have multiple AKS clusters in different regions, use Traffic Manager to control traffic flow to the applications running in each cluster. [Azure Traffic Manager](../traffic-manager/index.yml) is a DNS-based traffic load balancer that can distribute network traffic across regions. Use Traffic Manager to route users based on cluster response time or based on priority.
 
 ![AKS with Traffic Manager](media/operator-best-practices-bc-dr/aks-azure-traffic-manager.png)
 
 If you have a single AKS cluster, you typically connect to the service IP or DNS name of a given application. In a multi-cluster deployment, you should connect to a Traffic Manager DNS name that points to the services on each AKS cluster. Define these services by using Traffic Manager endpoints. Each endpoint is the *service load balancer IP*. Use this configuration to direct network traffic from the Traffic Manager endpoint in one region to the endpoint in a different region.
 
-![Geographic routing through Traffic Manager](media/operator-best-practices-bc-dr/traffic-manager-geographic-routing.png)
+Traffic Manager performs DNS lookups and returns your most appropriate endpoint. With priority routing you can enable a primary service endpoint and multiple backup endpoints in case the primary or one of the backup endpoints is unavailable.
 
-Traffic Manager performs DNS lookups and returns your most appropriate endpoint. Nested profiles can prioritize a primary location. For example, you should connect to their closest geographic region. If that region has a problem, Traffic Manager directs you to a secondary region. This approach ensures that you can connect to an application instance even if your closest geographic region is unavailable.
+![Priority routing through Traffic Manager](media/operator-best-practices-bc-dr/traffic-manager-priority-routing.png)
 
-For information on how to set up endpoints and routing, see [Configure the geographic traffic routing method by using Traffic Manager](../traffic-manager/traffic-manager-configure-geographic-routing-method.md).
+For information on how to set up endpoints and routing, see [Configure priority traffic routing method in Traffic Manager](../traffic-manager/traffic-manager-configure-priority-routing-method.md).
 
 ### Application routing with Azure Front Door Service
 

articles/aks/media/operator-best-practices-bc-dr/traffic-manager-priority-routing.png

@@ -151,7 +151,7 @@ var client = new MapsSearchClient(credential);
 SearchAddressResult searchResult = client.FuzzySearch( 
     "Starbucks", new FuzzySearchOptions 
     { 
-        Coordinates = new GeoPosition(-122.31, 47.61), 
+        Coordinates = new GeoPosition(-122.34255, 47.61010), 
         Language = SearchLanguage.EnglishUsa 
     }); 
 
@@ -160,8 +160,7 @@ SearchAddressResult searchResult = client.FuzzySearch(
 foreach (var result in searchResult.Results) 
 { 
     Console.WriteLine($""" 
-        * {result.PointOfInterest.Name} 
-          {result.Address.StreetNumber} {result.Address.StreetName} 
+        * {result.Address.StreetNumber} {result.Address.StreetName} 
           {result.Address.Municipality} {result.Address.CountryCode} {result.Address.PostalCode} 
           Coordinate: ({result.Position.Latitude:F4}, {result.Position.Longitude:F4}) 
         """); 
@@ -185,46 +184,36 @@ dotnet run
 You should see a list of Starbucks address and coordinate results:
 
 ```text
-* Starbucks 
-  1600, East Jefferson Street 
-  Seattle US 98122 
-  Coordinate: (47.6065, -122.3110) 
-* Starbucks 
-  800, 12th Avenue 
-  Seattle US 98122
-  Coordinate: (47.6093, -122.3165) 
-* Starbucks 
-  2201, East Madison Street 
-  Seattle US 98112 
-  Coordinate: (47.6180, -122.3036) 
-* Starbucks
-  101, Broadway East 
-  Seattle US 98102 
-  Coordinate: (47.6189, -122.3213) 
-* Starbucks 
-  2300, South Jackson Street 
-  Seattle US 98144 
-  Coordinate: (47.5995, -122.3020) 
-* Starbucks 
-  1600, East Olive Way 
-  Seattle US 98102 
-  Coordinate: (47.6195, -122.3251) 
-* Starbucks 
-  1730, Howell Street 
+* 1912 Pike Place 
+  Seattle US 98101 
+  Coordinate: 47.61016, -122.34248 
+* 2118 Westlake Avenue 
+  Seattle US 98121 
+  Coordinate: 47.61731, -122.33782 
+* 2601 Elliott Avenue 
+  Seattle US 98121 
+  Coordinate: 47.61426, -122.35261 
+* 1730 Howell Street 
   Seattle US 98101 
-  Coordinate: (47.6172, -122.3298) 
-* Starbucks 
-  505, 5Th Ave S 
+  Coordinate: 47.61716, -122.3298 
+* 220 1st Avenue South 
   Seattle US 98104 
-  Coordinate: (47.5977, -122.3285) 
-* Starbucks 
-  121, Lakeside Avenue South 
-  Seattle US 98122 
-  Coordinate: (47.6020, -122.2851) 
-* Starbucks Regional Office 
-  220, 1st Avenue South 
+  Coordinate: 47.60027, -122.3338 
+* 400 Occidental Avenue South 
+  Seattle US 98104 
+  Coordinate: 47.5991, -122.33278 
+* 1600 East Olive Way 
+  Seattle US 98102 
+  Coordinate: 47.61948, -122.32505 
+* 500 Mercer Street 
+  Seattle US 98109 
+  Coordinate: 47.62501, -122.34687 
+* 505 5Th Ave S 
   Seattle US 98104 
-  Coordinate: (47.6003, -122.3338) 
+  Coordinate: 47.59768, -122.32849 
+* 425 Queen Anne Avenue North 
+  Seattle US 98109 
+  Coordinate: 47.62301, -122.3571 
 ```
 
 ## Search an address