Merge branch 'main' into nov-hdi-freshness

Author: sreekzz

articles/backup/backup-client-automation.md

@@ -139,7 +139,7 @@ $CredsFilename = Get-AzRecoveryServicesVaultSettingsFile -Backup -Vault $Vault1
 In the latest Az module of PowerShell, because of underlying platform limitations, downloading the vault credentials requires a self-signed certificate. The following example shows how to provide a self-signed certificate and download the vault credentials.
 
 ```powershell
-$dt = $(Get-Date).ToString("M-d-yyyy")
+
 $cert = New-SelfSignedCertificate -CertStoreLocation Cert:\CurrentUser\My -FriendlyName 'test-vaultcredentials' -subject "Windows Azure Tools" -KeyExportPolicy Exportable -NotAfter $(Get-Date).AddHours(48) -NotBefore $(Get-Date).AddHours(-24) -KeyProtection None -KeyUsage None -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2") -Provider "Microsoft Enhanced Cryptographic Provider v1.0"
 $certficate = [convert]::ToBase64String($cert.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Pfx))
 $CredsFilename = Get-AzRecoveryServicesVaultSettingsFile -Backup -Vault $Vault -Path $CredsPath -Certificate $certficate

articles/expressroute/metro.md

@@ -5,7 +5,7 @@ services: expressroute
 author: duongau
 ms.service: azure-expressroute
 ms.topic: conceptual
-ms.date: 06/03/2024
+ms.date: 11/24/2024
 ms.author: duau
 ms.custom: references_regions, ai-usage
 ---
@@ -40,9 +40,9 @@ The following diagram allows for a comparison between the standard ExpressRoute
 
 | Metro location | Peering locations | Location address | Zone | Local Azure Region | ER Direct | Service Provider |
 |--|--|--|--|--|--|--|
-| Amsterdam Metro | Amsterdam<br>Amsterdam2 | Equinix AM5<br>Digital Realty AMS8 | 1 | West Europe | &check; | Colt<sup>1</sup><br>Console Connect<sup>1</sup><br>Digital Realty<br>Equinix<br>euNetworks<br><br>Megaport<br> |
-| Singapore Metro | Singapore<br>Singapore2 | Equinix SG1<br>Global Switch Tai Seng | 2 | Southeast Asia | &check; | Console Connect<sup>1</sup><br>Equinix<br>Megaport |
-| Zurich Metro | Zurich<br>Zurich2 | Digital Realty ZUR2<br>Equinix ZH5 | 1 | Switzerland North | &check; | Colt<sup>1</sup><br>Digital Realty |
+| Amsterdam Metro | Amsterdam<br>Amsterdam2 | Equinix AM5<br>Digital Realty AMS8 | 1 | West Europe | &check; | Colt<br>Digital Realty<br>Equinix<br>euNetworks<br><br>Megaport<br> |
+| Singapore Metro | Singapore<br>Singapore2 | Equinix SG1<br>Global Switch Tai Seng | 2 | Southeast Asia | &check; | Colt<br>Equinix<br>Megaport |
+| Zurich Metro | Zurich<br>Zurich2 | Digital Realty ZUR2<br>Equinix ZH5 | 1 | Switzerland North | &check; | Colt<br>Digital Realty |
 
 <sup>1<sup> These service providers will be available in the future.
 

articles/hdinsight/configure-azure-blob-storage.md

@@ -82,7 +82,22 @@ Same thing can be achieved via ARM request if that is how you want to create HDI
 
     } 
     ```  
-     
+
+## MSI based Script Action using primary Azure Blob Storage storage 
+
+Previously while adding the primary storage as Azure Blob Storage storage in the Azure HDInsight cluster, you can't provide MSI for authentication. 
+Also to access a script action that isn't accessible anonymously, you need to mention the SAS Key in the script action parameters, so the Azure HDInsight Cluster can access the script for execution.
+
+Now, you can add Azure Blob Storage storage in Azure HDInsight cluster as a primary storage using MSI. 
+
+Hence there's no need to provide the SAS key in the script action parameters, while adding the script action, if the script uploaded to the  primary Azure Blob Storage storage account. 
+
+The script is downloaded and implemented. This will work even if the script isn't publicly accessible. 
+
+The new feature specifically supports scripts that aren't publicly accessible but don't require a SAS key or token. This provides an additional layer of security for scripts that need to be kept private. 
+
+The conventional script action in which is anonymously accessible or if a SAS key is passed along with the script URI, still works without any changes. For more information, see [Customize Azure HDInsight clusters by using script actions](./hdinsight-hadoop-customize-cluster-linux.md)     
+
 ## Next steps
 
 * [Use Azure Data Lake Storage Gen2 with Azure HDInsight clusters](./hdinsight-managed-identities.md)

articles/sentinel/resource-context-rbac.md

@@ -12,7 +12,7 @@ ms.author: cwatson
 
 # Manage access to Microsoft Sentinel data by resource
 
-Typically, users who have access to a Log Analytics workspace enabled for Microsoft Sentinel also have access to all the workspace data, including security content. Administrators can use [Azure roles](roles.md) to configure access to specific features in Microsoft Sentinel, depending on the access requirements in their team.
+Access to a workspace is managed by using Azure RBAC. Typically, users who have access to a Log Analytics workspace enabled for Microsoft Sentinel also have access to all the workspace data, including security content. Administrators can use [Azure roles](roles.md) to configure access to specific features in Microsoft Sentinel, depending on the access requirements in their team.
 
 However, you may have some users who need to access only specific data in your workspace, but shouldn't have access to the entire Microsoft Sentinel environment. For example, you may want to provide a non-security operations (non-SOC) team with access to the Windows event data for the servers they own.
 
@@ -154,6 +154,10 @@ The following list describes scenarios where other solutions for data access may
 
 
 
-## Next steps
+## Related content
 
-For more information, see [Permissions in Microsoft Sentinel](roles.md).
+For more information, see:
+
+- [Permissions in Microsoft Sentinel](roles.md)
+- [Manage access to Log Analytics workspaces](/azure/azure-monitor/logs/manage-access)
+- [What is Azure role-based access control (Azure RBAC)?](/azure/role-based-access-control/overview)

articles/virtual-network-manager/concept-event-logs.md

@@ -100,11 +100,11 @@ This category emits one log per connectivity configuration change per virtual ne
 | time | Datetime when the event was logged. |
 | resourceId | Resource ID of the network manager. |
 | location | Location of the virtual network resource. |
-| operationName | Operation that resulted in the virtual network being added or removed. Always the Microsoft.Network/networkManagers/connectivityConfigurations/write operation. |
+| operationName | Operation that resulted in the virtual network being added or removed. |
 | category | Category of this log. Always ConnectivityConfigurationChange. |
 | resultType | Indicates successful or failed operation. |
 | correlationId | GUID that can help relate or debug logs. |
-| level | Always Info. |
+| level | Info or Warning. |
 | properties | Collection of properties of the log. |
 
 Within the `properties` attribute are several nested attributes:
@@ -115,6 +115,9 @@ Within the `properties` attribute are several nested attributes:
 | TargetResourceIds | Resource ID of the virtual network that experienced a change in connectivity configuration application. |
 | Message | A static message stating if the connectivity configuration change was successful or unsuccessful. |
 
+> [!NOTE]
+> Connectivity configuration allows virtual networks with overlapping IP spaces within the same connected group, but communication to an overlapped IP address is dropped. In addition, when a connected group’s VNet is peered with an external VNet (a VNet not in the connected group) that has overlapping address spaces, these overlapping address spaces become inaccessible within the connected group. Traffic from the peered VNet to the overlapping address spaces is routed to the external VNet, while traffic from other VNets in the connected group to the overlapping address spaces is dropped. Logs will show a "Warning" level, with the `TargetResourceIds` field indicating the IDs of VNets with overlapping address spaces and a `message` indicating that either complete or partial address spaces are inaccessible due to overlapping addresses.
+
 Within the `AppliedConnectivityConfigurations` attribute are several nested attributes:
 
 | AppliedConnectivityConfigurations attributes | Description |