Merge pull request #176368 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to master to sync with https://github.com/MicrosoftDocs/azure-docs (branch master)

Author: huypub

articles/active-directory/fundamentals/security-operations-privileged-accounts.md

@@ -138,7 +138,8 @@ You can monitor privileged account sign-in events in the Azure AD Sign-in logs.
 | Discover privileged accounts not registered for MFA. | High | Azure AD Graph API| Query for IsMFARegistered eq false for administrator accounts. [List credentialUserRegistrationDetails - Microsoft Graph beta](/graph/api/reportroot-list-credentialuserregistrationdetails?view=graph-rest-beta&preserve-view=true&tabs=http) | Audit and investigate to determine if intentional or an oversight. |
 | Account lockout | High | Azure AD Sign-ins log | Status = Failure<br>-and-<br>error code = 50053 | Define a baseline threshold, and then monitor and adjust to suite your organizational behaviors and limit false alerts from being generated. |
 | Account disabled/blocked for sign-ins | Low | Azure AD Sign-ins log | Status = Failure<br>-and-<br>Target = user UPN<br>-and-<br>error code = 50057 | This could indicate someone is trying to gain access to an account once they have left an organization. Although the account is blocked, it's still important to log and alert on this activity. |
-| MFA fraud alert/block | High | Azure AD Sign-ins log/Azure Log Anaylitics | Succeeded = false<br>-and-<br>Result detail = MFA denied<br>-and-<br>Target = user | Privileged user has indicated they haven't instigated the MFA prompt and could indicate an attacker has the password for the account. |
+| MFA fraud alert/block | High | Azure AD Sign-ins log/Azure Log Anaylitics | Sign-ins>Authentication details Result details = MFA denied, Fraud Code Entered | Privileged user has indicated they haven't instigated the MFA prompt and could indicate an attacker has the password for the account. |
+| MFA fraud alert/block | High | Azure AD Audit Log log/Azure Log Anaylitics | Activity Type = Fraud Reported - user is blocked for MFA or Fraud reported - no action taken (based on tenant level settings for fraud report) | Privileged user has indicated they haven't instigated the MFA prompt and could indicate an attacker has the password for the account. |
 | Privileged account sign-ins outside of expected controls. |  | Azure AD Sign-ins log | Status = failure<br>UserPricipalName = \<Admin account\><br>Location = \<unapproved location\><br>IP Address = \<unapproved IP\><br>Device Info= \<unapproved Browser, Operating System\> | Monitor and alert on any entries that you have defined as unapproved. |
 | Outside of normal sign in times | High | Azure AD Sign-ins log | Status =success<br>-and-<br>Location =<br>-and-<br>Time = outside of working hours | Monitor and alert if sign-ins occur outside of expected times. It is important to find the normal working pattern for each privileged account and to alert if there are unplanned changes outside of normal working times. Sign-ins outside of normal working hours could indicate compromise or possible insider threats. | 
 | Identity protection risk | High | Identity Protection logs | Risk state = at risk<br>-and-<br>Risk level = low/medium/high<br>-and-<br>Activity = Unfamiliar sign-in/TOR, etc. | This indicates there is some abnormality detected with the sign in for the account and should be alerted on. | 
@@ -263,4 +264,4 @@ See these security operations guide articles:
 [Security operations for devices](security-operations-devices.md)
 
 
-[Security operations for infrastructure](security-operations-infrastructure.md)
+[Security operations for infrastructure](security-operations-infrastructure.md)

articles/databox-online/azure-stack-edge-gpu-deploy-prep.md

@@ -67,7 +67,7 @@ Before you begin, make sure that:
 - You have owner or contributor access at resource group level for the Azure Stack Edge Pro, IoT Hub, and Azure Storage resources.
 
     - To create any Azure Stack Edge resource, you should have permissions as a contributor (or higher) scoped at resource group level. 
-    - You also need to make sure that the `Microsoft.DataBoxEdge` and `MicrosoftKeyVault` resource providers are registered. To create any IoT Hub resource, `Microsoft.Devices` provider should be registered. 
+    - You also need to make sure that the `Microsoft.DataBoxEdge` and `Microsoft.KeyVault` resource providers are registered. To create any IoT Hub resource, `Microsoft.Devices` provider should be registered. 
         - To register a resource provider, in the Azure portal, go to **Home > Subscriptions > Your-subscription > Resource providers**. 
         - Search for the specific resource provider, for example, `Microsoft.DataBoxEdge`, and register the resource provider. 
     - To create a Storage account resource, again you need contributor or higher access scoped at the resource group level. Azure Storage is by default a registered resource provider.

articles/mariadb/howto-redirection.md

@@ -17,6 +17,9 @@ Sign in to the [Azure portal](https://portal.azure.com). Create an Azure Databas
 
 For details, refer to how to create an Azure Database for MariaDB server using the [Azure portal](quickstart-create-mariadb-server-database-using-azure-portal.md) or [Azure CLI](quickstart-create-mariadb-server-database-using-azure-cli.md).
 
+> [!IMPORTANT]
+> Redirection is currently not supported with [Private Link for Azure Database for MariaDB](concepts-data-access-security-private-link.md).
+
 ## Enable redirection
 
 On your Azure Database for MariaDB server, configure the `redirect_enabled` parameter to `ON` to allow connections with redirection mode. To update this server parameter, use the [Azure portal](howto-server-parameters.md) or [Azure CLI](howto-configure-server-parameters-cli.md).

articles/mysql/flexible-server/how-to-restore-server-cli.md

@@ -61,10 +61,10 @@ az mysql flexible-server restore --restore-time
 Restore a server from this ```2021-03-03T13:10:00Z``` backup snapshot.
 
 ```azurecli
-az mysql server restore \
+az mysql flexible-server restore \
 --name mydemoserver-restored \
 --resource-group myresourcegroup \
---restore-point-in-time "2021-03-03T13:10:00Z" \
+--restore-time "2021-03-03T13:10:00Z" \
 --source-server mydemoserver
 ```
 Time taken to restore will depend on the size of the data stored in the server.

articles/virtual-machines/workloads/oracle/oracle-design.md

@@ -6,7 +6,7 @@ ms.service: virtual-machines
 ms.subservice: oracle
 ms.collection: linux
 ms.topic: article
-ms.date: 12/17/2020
+ms.date: 10/15/2021
 ms.author: kegorman
 ms.reviewer: tigorman
 
@@ -196,12 +196,13 @@ Unlike a file system or application, for a database, the recommendation for host
 
 **Recommendations**
 
-To maximize the throughput, we recommend that you start with **ReadOnly** for host caching whenever possible. For Premium Storage, keep in mind that you must disable the "barriers" when you mount the file system with the **ReadOnly** options. Update the /etc/fstab file with the UUID to the disks.
+To maximize the throughput, we recommend that you start with **ReadOnly** for host caching whenever possible. For Premium Storage, keep in mind that you must disable the "barriers" when you mount the file system with the **ReadOnly** options. Update the `/etc/fstab` file with the UUID to the disks.
 
 ![Screenshot of the managed disk page that shows the ReadOnly and None options.](./media/oracle-design/premium_disk02.png)
 
-- For OS disks, use default **Read/Write** caching and use premium SSD for Oracle workload VMs.  Also ensure that the volume used for swap is also on premium SSD.
-- For all DATAFILES, use **ReadOnly** for caching. ReadOnly caching is only available for premium managed disk, P30 and above.  There is a limit of a 4095GiB volume that can be used with ReadOnly caching.  Any allocation larger will disable host caching by default.
+- For **OS disks**, use **premium SSD with Read/Write host caching**.
+- For **Data disks** that contain Oracle datafiles, tempfiles, controlfiles, block change tracking files, BFILEs, files for external tables, and flashback logs, use **premium SSD with ReadOnly host caching**.
+- For **Data disks containing Oracle online redo log files**, use **premium SSD or UltraDisk with no host caching (None)**. Oracle archived redo log files and RMAN backupsets can also reside with the online redo log files. Note that host caching is limited to 4095 GiB, so do not allocate premium SSD larger than P50 with host caching. If you need more than 4 TiB of storage, RAID-0 stripe several premium SSD using Linux LVM2 or using Oracle ASM.
 
 If workloads vary greatly between the day and evening and the IO workload can support it, P1-P20 Premium SSD with bursting may provide the performance required during night-time batch loads or limited IO demands.