Merge pull request #276174 from MicrosoftDocs/repo_sync_working_branch

Taojunshen · web-flow · commit 22572b0afe13 · 2024-05-24T01:00:37.000+08:00
Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)
diff --git a/articles/ai-services/openai/assistants-reference-runs.md b/articles/ai-services/openai/assistants-reference-runs.md
@@ -457,7 +457,7 @@ When a run has the status: "requires_action" and required_action.type is submit_
 
 |Name | Type | Required | Description |
 |---  |---   |---       |--- |
-| `tool_outputs | array | Required | A list of tools for which the outputs are being submitted. |
+| `tool_outputs` | array | Required | A list of tools for which the outputs are being submitted. |
 
 ### Returns
 
diff --git a/articles/aks/intro-aks-automatic.md b/articles/aks/intro-aks-automatic.md
@@ -54,14 +54,14 @@ Node management is automatically handled without the need for manual node pool c
 
 ### Security and policies
 
-Cluster authentication and authorization use [Azure Role-based Access Control (RBAC) for Kubernetes authorization][azure-rbac-for-k8s-auth] and applications can use features like [workload identity with Microsoft Entra Workload ID][workload-identity] and [OpenID Connect (OIDC) cluster issuer][oidc-issuer] to have secure communication with Azure services. [Deployment safeguards][deployment-safeguards] enforce Kubernetes best practices through Azure Policy controls and the built-in [image cleaner][image-cleaner] removes stale and vulnerable images, enhancing image security.
+Cluster authentication and authorization use [Azure Role-based Access Control (RBAC) for Kubernetes authorization][azure-rbac-for-k8s-auth] and applications can use features like [workload identity with Microsoft Entra Workload ID][workload-identity] and [OpenID Connect (OIDC) cluster issuer][oidc-issuer] to have secure communication with Azure services. [Deployment safeguards][deployment-safeguards] enforce Kubernetes best practices through Azure Policy controls and the built-in [image cleaner][image-cleaner] removes unused images with vulnerabilities, enhancing image security.
 
 | Option                    | AKS Automatic   	| AKS Standard  	|
 |---	                    |---	            |---	            |
 | Cluster authentication and authorization	        | **Pre-configured:** [Azure RBAC for Kubernetes authorization][azure-rbac-for-k8s-auth] for managing cluster authentication and authorization using Azure role-based access control.  | **Default:** Local accounts. <br/> **Optional:** <ul><li>[Azure RBAC for Kubernetes authorization][azure-rbac-for-k8s-auth]</li><li>[Kubernetes RBAC with Microsoft Entra integration][k8s-rbac-with-entra]</li></ul> |
 | Cluster security	        | **Pre-configured:** [API server virtual network integration][api-server-vnet-integration] enables network communication between the API server and the cluster nodes over a private network without requiring a private link or tunnel. | **Optional:** [API server virtual network integration][api-server-vnet-integration] enables network communication between the API server and the cluster nodes over a private network without requiring a private link or tunnel.|
 | Application security	        | **Pre-configured:** <ul><li>[Workload identity with Microsoft Entra Workload ID][workload-identity]</li><li>[OpenID Connect (OIDC) cluster issuer][oidc-issuer]</li></ul> | **Optional:** <ul><li>[Workload identity with Microsoft Entra Workload ID][workload-identity]</li><li>[OpenID Connect (OIDC) cluster issuer][oidc-issuer]</li></ul> |
-| Image security	        | **Pre-configured:** [Image cleaner][image-cleaner] to remove stale and vulnerable images. | **Optional:** [Image cleaner][image-cleaner] to remove stale and vulnerable images. |
+| Image security	        | **Pre-configured:** [Image cleaner][image-cleaner] to remove unused images with vulnerabilities. | **Optional:** [Image cleaner][image-cleaner] to remove unused images with vulnerabilities. |
 | Policy enforcement	        | **Pre-configured:** [Deployment safeguards][deployment-safeguards] that enforce Kubernetes best practices in your AKS cluster through Azure Policy controls. | **Optional:** [Deployment safeguards][deployment-safeguards] enforce Kubernetes best practices in your AKS cluster through Azure Policy controls. |
 
 ### Networking
@@ -72,7 +72,7 @@ AKS Automatic clusters use [managed Virtual Network powered by Azure CNI Overlay
 |---	                    |---	            |---	            |
 | Virtual network	        | **Pre-configured:** [Managed Virtual Network using Azure CNI Overlay powered by Cilium][azure-cni-powered-by-cilium] combines the robust control plane of Azure CNI with the data plane of Cilium to provide high-performance networking and security. | **Default:** [Managed Virtual Network with kubenet][kubenet] <br/> **Optional:** <ul><li>[Azure CNI][azure-cni]</li><li>[Azure CNI Overlay][azure-cni-overlay]</li><li>[Azure CNI Overlay powered by Cilium][azure-cni-powered-by-cilium]</li><li>[Bring your own CNI][use-byo-cni]</li></ul> |
 | Ingress	        | **Pre-configured:** [Managed NGINX using the application routing add-on][app-routing] with integrations for Azure DNS  and Azure Key Vault. <br/> **Optional:** <ul><li>[Azure Service Mesh (Istio)][istio-deploy-ingress] ingress gateway</li><li>Bring your own ingress or gateway.</li></ul> | **Optional:** <ul><li>[Managed NGINX using the application routing add-on][app-routing] with integrations for Azure DNS  and Azure Key Vault.</li><li>[Azure Service Mesh (Istio)][istio-deploy-ingress] ingress gateway</li><li>Bring your own ingress or gateway.</li></ul> |
-| Egress	        | **Pre-configured:** [AKS managed NAT gateway][managed-nat-gateway] for a scalable outbound connection flows| **Default:** <ul><li>[Azure Load Balancer][egress-load-balancer]</li><li>[User-assigned NAT gateway][managed-nat-gateway]</li><li>[AKS managed NAT gateway][userassigned-nat-gateway]</li></ul> |
+| Egress	        | **Pre-configured:** [AKS managed NAT gateway][managed-nat-gateway] for a scalable outbound connection flows| **Default:** [Azure Load Balancer][egress-load-balancer] <br/> **Optional:** <ul><li>[User-assigned NAT gateway][managed-nat-gateway]</li><li>[AKS managed NAT gateway][userassigned-nat-gateway]</li></ul> |
 | Service mesh	        | **Optional:** <ul><li>[Azure Service Mesh (Istio)][istio-mesh]</li><li>Bring your own service mesh.</li></ul> | **Optional:** <ul><li>[Azure Service Mesh (Istio)][istio-mesh]</li><li>Bring your own service mesh.</li></ul> |
 
 ## Next steps
@@ -120,4 +120,4 @@ To learn more about AKS Automatic, follow the quickstart to create a cluster.
 [container-insights]: ../azure-monitor/containers/container-insights-overview.md
 [uptime-sla]: free-standard-pricing-tiers.md#uptime-sla-terms-and-conditions
 [long-term-support]: long-term-support.md
-[quickstart-aks-automatic]: ./learn/quick-kubernetes-automatic-deploy.md
+[quickstart-aks-automatic]: ./learn/quick-kubernetes-automatic-deploy.md
diff --git a/articles/aks/use-kms-etcd-encryption.md b/articles/aks/use-kms-etcd-encryption.md
@@ -16,7 +16,7 @@ This article shows you how to turn on encryption at rest for your Azure Kubernet
 * Provide encryption at rest for secrets that are stored in etcd.
 * Rotate the keys in a key vault.
 
-For more information on using KMS, see [Encrypting Secret Data at Rest](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/).
+For more information on using KMS, see [Using a KMS provider for data encryption](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/).
 
 ## Prerequisites
 
diff --git a/articles/azure-monitor/app/release-and-work-item-insights.md b/articles/azure-monitor/app/release-and-work-item-insights.md
@@ -224,12 +224,19 @@ You can use the `CreateReleaseAnnotation` PowerShell script to create annotation
     $annotation = ConvertTo-Json $annotation -Compress
     $annotation = Convert-UnicodeToEscapeHex -JsonString $annotation  
  
-    $body = $annotation -replace '(\\+)"', '$1$1"' -replace "`"", "`"`""
-
-    az rest --method put --uri "$($aiResourceId)/Annotations?api-version=2015-05-01" --body "$($body) "
-
-    # Use the following command for Linux Azure DevOps Hosts or other PowerShell scenarios
-    # Invoke-AzRestMethod -Path "$aiResourceId/Annotations?api-version=2015-05-01" -Method PUT -Payload $body
+    $accessToken = (az account get-access-token | ConvertFrom-Json).accessToken
+    $headers = @{
+        "Authorization" = "Bearer $accessToken"
+        "Accept"        = "application/json"
+        "Content-Type"  = "application/json"
+    }
+    $params = @{
+        Headers = $headers
+        Method  = "Put"
+        Uri     = "https://management.azure.com$($aiResourceId)/Annotations?api-version=2015-05-01"
+        Body    = $annotation
+    }
+    Invoke-RestMethod @params
     ```
 
     > [!NOTE]
diff --git a/articles/governance/management-groups/overview.md b/articles/governance/management-groups/overview.md
@@ -14,7 +14,7 @@ above subscriptions. You organize subscriptions into management groups; the gove
 cascade by inheritance to all associated subscriptions.
 
 Management groups give you enterprise-grade management at scale, no matter what type of subscriptions you might have.
-However, all subscriptions within a single management group must trust the same Azure Active Directory (Azure AD) tenant.
+However, all subscriptions within a single management group must trust the same Entra ID tenant.
 
 For example, you can apply policies to a management group that limits the regions available for virtual machine (VM) creation. This policy would be applied to all nested management groups, subscriptions, and resources and allow VM creation only in authorized regions.
 
@@ -56,15 +56,15 @@ subscriptions.
 Each directory is given a single top-level management group called the **root** management group. The
 root management group is built into the hierarchy to have all management groups and subscriptions
 fold up to it. This root management group allows for global policies and Azure role assignments to
-be applied at the directory level. The [Azure AD Global Administrator needs to elevate
+be applied at the directory level. The [Entra ID Global Administrator needs to elevate
 themselves](../../role-based-access-control/elevate-access-global-admin.md) to the User Access
 Administrator role of this root group initially. After elevating access, the administrator can
 assign any Azure role to other directory users or groups to manage the hierarchy. As an administrator,
 you can assign your account as the owner of the root management group.
 
 ### Important facts about the root management group
 
-- By default, the root management group's display name is **Tenant root group** and operates itself as a management group. The ID is the same value as the Azure Active Directory (Azure AD) tenant ID.
+- By default, the root management group's display name is **Tenant root group** and operates itself as a management group. The ID is the same value as the Entra ID tenant ID.
 - To change the display name, your account must be assigned the **Owner** or **Contributor** role on the
   root management group. See
   [Change the name of a management group](manage.md#change-the-name-of-a-management-group) to update
@@ -78,7 +78,7 @@ you can assign your account as the owner of the root management group.
   that root management group.
   - Everyone who has access to a subscription can see the context of where that subscription is in
     the hierarchy.
-  - No one is given default access to the root management group. Azure AD Global Administrators are
+  - No one is given default access to the root management group. Entra ID Global Administrators are
     the only users that can elevate themselves to gain access. Once they have access to the root
     management group, the global administrators can assign any Azure role to other users to manage
     it.
@@ -98,7 +98,7 @@ The reason for this process is to make sure there's only one management group hi
 directory. The single hierarchy within the directory allows administrative customers to apply global
 access and policies that other customers within the directory can't bypass. Anything assigned on the
 root will apply to the entire hierarchy, which includes all management groups, subscriptions,
-resource groups, and resources within that Azure AD tenant.
+resource groups, and resources within that Entra ID tenant.
 
 ## Management group access
 
diff --git a/articles/oracle/oracle-db/database-overview.md b/articles/oracle/oracle-db/database-overview.md
@@ -6,7 +6,7 @@ ms.service: oracle-on-azure
 ms.collection: linux
 ms.topic: article
 ms.date: 12/12/2023
-ms.custom: engagement-fy23
+ms.custom: engagement-fy23, references_regions
 ms.author: jacobjaygbay
 ---
 
@@ -49,6 +49,12 @@ Oracle Database@Azure is available in the following locations. Oracle Database@A
 |------------|
 |Germany West Central (Frankfurt)|
 
+### France
+
+|Azure region|
+|------------|
+|France Central (Paris)|
+
 ### United Kingdom
 
 |Azure region|
diff --git a/articles/synapse-analytics/spark/synapse-file-mount-api.md b/articles/synapse-analytics/spark/synapse-file-mount-api.md
